From b465bcd8be6de1ce125b838a2171580e0f57c1ba Mon Sep 17 00:00:00 2001 From: wborgeaud Date: Tue, 1 Jun 2021 11:17:54 +0200 Subject: [PATCH] Clippy + comments --- src/fri/verifier.rs | 2 - src/plonk_common.rs | 12 ------ src/polynomial/commitment.rs | 84 ++++++++++++------------------------ 3 files changed, 28 insertions(+), 70 deletions(-) diff --git a/src/fri/verifier.rs b/src/fri/verifier.rs index ef4cfba3..981db38a 100644 --- a/src/fri/verifier.rs +++ b/src/fri/verifier.rs @@ -7,7 +7,6 @@ use crate::merkle_proofs::verify_merkle_proof; use crate::plonk_challenger::Challenger; use crate::plonk_common::reduce_with_powers; use crate::polynomial::commitment::SALT_SIZE; -use crate::polynomial::polynomial::PolynomialCoeffs; use crate::proof::{FriInitialTreeProof, FriProof, FriQueryRound, Hash, OpeningSet}; use crate::util::{log2_strict, reverse_bits, reverse_index_bits_in_place}; use anyhow::{ensure, Result}; @@ -228,7 +227,6 @@ fn fri_combine_initial, const D: usize>( let denominator = (F::Extension::from_basefield(subgroup_x) - zeta) * (F::Extension::from_basefield(subgroup_x) - zeta_frob); e += cur_alpha * numerator / denominator; - cur_alpha = alpha.exp(poly_count); } e diff --git a/src/plonk_common.rs b/src/plonk_common.rs index ab28ce21..b620bb6f 100644 --- a/src/plonk_common.rs +++ b/src/plonk_common.rs @@ -82,18 +82,6 @@ pub(crate) fn reduce_with_powers(terms: &[F], alpha: F) -> F { sum } -pub(crate) fn reduce_polys_with_powers, const D: usize>( - polynomials: &[PolynomialCoeffs], - alpha: F::Extension, -) -> PolynomialCoeffs { - polynomials - .iter() - .rev() - .fold(PolynomialCoeffs::empty(), |acc, p| { - &(&acc * alpha) + &p.to_extension() - }) -} - pub(crate) fn reduce_with_powers_recursive( builder: &mut CircuitBuilder, terms: Vec, diff --git a/src/polynomial/commitment.rs b/src/polynomial/commitment.rs index a183f379..5fa6c091 100644 --- a/src/polynomial/commitment.rs +++ b/src/polynomial/commitment.rs @@ -8,9 +8,9 @@ use crate::field::lagrange::interpolant; use crate::fri::{prover::fri_proof, verifier::verify_fri_proof, FriConfig}; use crate::merkle_tree::MerkleTree; use crate::plonk_challenger::Challenger; -use crate::plonk_common::{reduce_polys_with_powers, reduce_with_powers}; +use crate::plonk_common::reduce_with_powers; use crate::polynomial::polynomial::PolynomialCoeffs; -use crate::proof::{FriInitialTreeProof, FriProof, Hash, OpeningSet}; +use crate::proof::{FriProof, Hash, OpeningSet}; use crate::timed; use crate::util::{log2_strict, reverse_index_bits_in_place, transpose}; @@ -76,6 +76,8 @@ impl ListPolynomialCommitment { &leaf[0..leaf.len() - if self.blinding { SALT_SIZE } else { 0 }] } + /// Takes the commitments to the constants - sigmas - wires - zs - quotient — polynomials, + /// and an opening point `zeta` and produces a batched opening proof + opening set. pub fn open_plonk( commitments: &[&Self; 5], zeta: F::Extension, @@ -86,6 +88,7 @@ impl ListPolynomialCommitment { where F: Extendable, { + debug_assert!(commitments.iter().all(|c| c.degree == 1 << degree_log)); let g = F::Extension::primitive_root_of_unity(degree_log); for &p in &[zeta, g * zeta] { assert_ne!( @@ -114,6 +117,7 @@ impl ListPolynomialCommitment { // Count the total number of polynomials accumulated into `final_poly`. let mut poly_count = 0; + // Polynomials opened at a single point. let composition_poly = if D == 1 { vec![0, 1, 2, 4] } else { @@ -135,7 +139,7 @@ impl ListPolynomialCommitment { ] } else { vec![&os.constants, &os.plonk_sigmas, &os.quotient_polys] - + } .iter() .flat_map(|v| v.iter()) .rev() @@ -145,6 +149,7 @@ impl ListPolynomialCommitment { final_poly = &final_poly + &("ient * cur_alpha); cur_alpha = alpha.exp(poly_count); + // Zs polynomials are opened at `zeta` and `g*zeta`. let zs_composition_poly = commitments[3] .polynomials @@ -167,6 +172,9 @@ impl ListPolynomialCommitment { final_poly = &final_poly + &(&zs_quotient * cur_alpha); cur_alpha = alpha.exp(poly_count); + // If working in an extension field, need to check that wires are in the base field. + // Check this by opening the wires polynomials at `zeta` and `zeta.frobenius()` and using the fact that + // a polynomial `f` is over the base field iff `f(z).frobenius()=f(z.frobenius())` with high probability. if D > 1 { let wires_composition_poly = commitments[2].polynomials.iter().rev().fold( PolynomialCoeffs::empty(), @@ -238,7 +246,7 @@ impl ListPolynomialCommitment { &acc * &PolynomialCoeffs::new(vec![-x, F::Extension::ONE]) }); let numerator = poly - &interpolant; - let (mut quotient, rem) = numerator.div_rem(&denominator); + let (quotient, rem) = numerator.div_rem(&denominator); debug_assert!(rem.is_zero()); quotient.padded(quotient.degree_plus_one().next_power_of_two()) @@ -311,7 +319,7 @@ mod tests { point } - fn random_blindings() -> Vec { + fn gen_random_blindings() -> Vec { let mut rng = rand::thread_rng(); vec![ rng.gen_bool(0.5), @@ -330,7 +338,7 @@ mod tests { rate_bits: 2, reduction_arity_bits: vec![2, 3, 1, 2], num_query_rounds: 3, - blinding: random_blindings(), + blinding: gen_random_blindings(), }; let lpcs = (0..5) @@ -375,48 +383,6 @@ mod tests { ) } - // fn check_batch_polynomial_commitment_blinding, const D: usize>( - // ) -> Result<()> { - // let k0 = 10; - // let k1 = 3; - // let k2 = 7; - // let degree_log = 11; - // let num_points = 5; - // let fri_config = FriConfig { - // proof_of_work_bits: 2, - // rate_bits: 2, - // reduction_arity_bits: vec![2, 3, 1, 2], - // num_query_rounds: 3, - // blinding: vec![true, false, true], - // check_basefield: vec![true, false, true], - // }; - // let (polys0, _) = gen_random_test_case::(k0, degree_log, num_points); - // let (polys1, _) = gen_random_test_case::(k1, degree_log, num_points); - // let (polys2, points) = gen_random_test_case::(k2, degree_log, num_points); - // - // let lpc0 = ListPolynomialCommitment::new(polys0, fri_config.rate_bits, true); - // let lpc1 = ListPolynomialCommitment::new(polys1, fri_config.rate_bits, false); - // let lpc2 = ListPolynomialCommitment::new(polys2, fri_config.rate_bits, true); - // - // let (proof, evaluations) = ListPolynomialCommitment::batch_open::( - // &[&lpc0, &lpc1, &lpc2], - // &points, - // &fri_config, - // &mut Challenger::new(), - // ); - // proof.verify( - // &points, - // &evaluations, - // &[ - // lpc0.merkle_tree.root, - // lpc1.merkle_tree.root, - // lpc2.merkle_tree.root, - // ], - // &mut Challenger::new(), - // &fri_config, - // ) - // } - macro_rules! tests_commitments { ($F:ty, $D:expr) => { use super::*; @@ -425,24 +391,30 @@ mod tests { fn test_batch_polynomial_commitment() -> Result<()> { check_batch_polynomial_commitment::<$F, $D>() } - - // #[test] - // fn test_batch_polynomial_commitment_blinding() -> Result<()> { - // check_batch_polynomial_commitment_blinding::<$F, $D>() - // } }; } mod base { - tests_commitments!(crate::field::crandall_field::CrandallField, 1); + use super::*; + #[test] + fn test_batch_polynomial_commitment() -> Result<()> { + check_batch_polynomial_commitment::() + } } mod quadratic { - tests_commitments!(crate::field::crandall_field::CrandallField, 2); + use super::*; + #[test] + fn test_batch_polynomial_commitment() -> Result<()> { + check_batch_polynomial_commitment::() + } } mod quartic { use super::*; - tests_commitments!(crate::field::crandall_field::CrandallField, 4); + #[test] + fn test_batch_polynomial_commitment() -> Result<()> { + check_batch_polynomial_commitment::() + } } }