From c99d7f48fd241907b9567585e99a14d2356993fe Mon Sep 17 00:00:00 2001
From: wborgeaud <williamborgeaud@gmail.com>
Date: Tue, 13 Jul 2021 09:44:35 +0200
Subject: [PATCH] Add Merkle tree test

---
 src/merkle_proofs.rs      | 59 ++++++++++++++++++++++++++++++++++
 src/recursive_verifier.rs | 66 +++++++++++++++++++--------------------
 2 files changed, 92 insertions(+), 33 deletions(-)

diff --git a/src/merkle_proofs.rs b/src/merkle_proofs.rs
index b098657c..002a0d5a 100644
--- a/src/merkle_proofs.rs
+++ b/src/merkle_proofs.rs
@@ -135,3 +135,62 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
         }
     }
 }
+
+#[cfg(test)]
+mod tests {
+    use anyhow::Result;
+    use rand::{thread_rng, Rng};
+
+    use super::*;
+    use crate::circuit_data::CircuitConfig;
+    use crate::field::crandall_field::CrandallField;
+    use crate::field::extension_field::quartic::QuarticCrandallField;
+    use crate::merkle_proofs::verify_merkle_proof;
+    use crate::merkle_tree::MerkleTree;
+    use crate::verifier::verify;
+    use crate::witness::PartialWitness;
+
+    fn random_data<F: Field>(n: usize, k: usize) -> Vec<Vec<F>> {
+        (0..n).map(|_| F::rand_vec(k)).collect()
+    }
+
+    #[test]
+    fn test_merkle_trees() -> Result<()> {
+        type F = CrandallField;
+        type FF = QuarticCrandallField;
+        let config = CircuitConfig::large_config();
+        let mut builder = CircuitBuilder::<F, 4>::new(config);
+        let mut pw = PartialWitness::new();
+
+        let log_n = 8;
+        let n = 1 << log_n;
+        let leaves = random_data::<F>(n, 7);
+        let tree = MerkleTree::new(leaves.clone(), false);
+        let i: usize = thread_rng().gen_range(0, n);
+        let proof = tree.prove(i);
+
+        let proof_t = MerkleProofTarget {
+            siblings: builder.add_virtual_hashes(proof.siblings.len()),
+        };
+        for i in 0..proof.siblings.len() {
+            pw.set_hash_target(proof_t.siblings[i], proof.siblings[i]);
+        }
+
+        let root_t = builder.add_virtual_hash();
+        pw.set_hash_target(root_t, tree.root);
+
+        let i_c = builder.constant(F::from_canonical_usize(i));
+
+        let data = builder.add_virtual_targets(tree.leaves[i].len());
+        for j in 0..data.len() {
+            pw.set_target(data[j], tree.leaves[i][j]);
+        }
+
+        builder.verify_merkle_proof(data, i_c, root_t, &proof_t);
+
+        let data = builder.build();
+        let proof = data.prove(pw);
+
+        verify(proof, &data.verifier_only, &data.common)
+    }
+}
diff --git a/src/recursive_verifier.rs b/src/recursive_verifier.rs
index 205ddb91..7a35c728 100644
--- a/src/recursive_verifier.rs
+++ b/src/recursive_verifier.rs
@@ -81,39 +81,39 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
             targets: Box::new(vanishing_polys_zeta[0].clone()),
         });
 
-        // let quotient_polys_zeta = &proof.openings.quotient_polys;
-        // let zeta_pow_deg = self.exp_u64_extension(zeta, 1 << inner_common_data.degree_bits as u64);
-        // let z_h_zeta = self.sub_extension(zeta_pow_deg, one);
-        // for (i, chunk) in quotient_polys_zeta
-        //     .chunks(inner_common_data.quotient_degree_factor)
-        //     .enumerate()
-        // {
-        //     let mut scale = ReducingFactorTarget::new(zeta_pow_deg);
-        //     let mut rhs = scale.reduce(chunk, self);
-        //     rhs = self.mul_extension(z_h_zeta, rhs);
-        //     dbg!(self.num_gates());
-        //     self.route_extension(vanishing_polys_zeta[i], rhs);
-        // }
-        //
-        // let evaluations = proof.openings.clone();
-        //
-        // let merkle_roots = &[
-        //     inner_verifier_data.constants_sigmas_root,
-        //     proof.wires_root,
-        //     proof.plonk_zs_root,
-        //     proof.quotient_polys_root,
-        // ];
-        //
-        // proof.opening_proof.verify(
-        //     zeta,
-        //     &evaluations,
-        //     merkle_roots,
-        //     &mut challenger,
-        //     inner_common_data,
-        //     self,
-        // );
-        // dbg!(self.num_gates());
-        // dbg!(self.generators.len());
+        let quotient_polys_zeta = &proof.openings.quotient_polys;
+        let zeta_pow_deg = self.exp_u64_extension(zeta, 1 << inner_common_data.degree_bits as u64);
+        let z_h_zeta = self.sub_extension(zeta_pow_deg, one);
+        for (i, chunk) in quotient_polys_zeta
+            .chunks(inner_common_data.quotient_degree_factor)
+            .enumerate()
+        {
+            let mut scale = ReducingFactorTarget::new(zeta_pow_deg);
+            let mut rhs = scale.reduce(chunk, self);
+            rhs = self.mul_extension(z_h_zeta, rhs);
+            dbg!(self.num_gates());
+            self.route_extension(vanishing_polys_zeta[i], rhs);
+        }
+
+        let evaluations = proof.openings.clone();
+
+        let merkle_roots = &[
+            inner_verifier_data.constants_sigmas_root,
+            proof.wires_root,
+            proof.plonk_zs_root,
+            proof.quotient_polys_root,
+        ];
+
+        proof.opening_proof.verify(
+            zeta,
+            &evaluations,
+            merkle_roots,
+            &mut challenger,
+            inner_common_data,
+            self,
+        );
+        dbg!(self.num_gates());
+        dbg!(self.generators.len());
     }
 }