From d882283761b69667e42f744395b1327e648b4e02 Mon Sep 17 00:00:00 2001 From: wborgeaud Date: Mon, 31 May 2021 18:19:44 +0200 Subject: [PATCH] Working with blindings --- src/fri/verifier.rs | 49 +++--------------------------------- src/polynomial/commitment.rs | 47 +++++++++++++--------------------- 2 files changed, 21 insertions(+), 75 deletions(-) diff --git a/src/fri/verifier.rs b/src/fri/verifier.rs index 12940174..acbea061 100644 --- a/src/fri/verifier.rs +++ b/src/fri/verifier.rs @@ -141,44 +141,6 @@ fn fri_verify_initial_proof( Ok(()) } -// fn fri_combine_initial, const D: usize>( -// proof: &FriInitialTreeProof, -// alpha: F::Extension, -// opening_set: &OpeningSet, -// zeta: F::Extension, -// subgroup_x: F, -// config: &FriConfig, -// ) -> F::Extension { -// let e = proof -// .evals_proofs -// .iter() -// .enumerate() -// .flat_map(|(i, (v, _))| &v[..v.len() - if config.blinding[i] { SALT_SIZE } else { 0 }]) -// .rev() -// .fold(F::Extension::ZERO, |acc, &e| alpha * acc + e.into()); -// let numerator = e - interpolant.eval(subgroup_x.into()); -// let denominator = points -// .iter() -// .map(|&(x, _)| F::Extension::from_basefield(subgroup_x) - x) -// .product(); -// let quotient = numerator / denominator; -// let quotient = if config.check_basefield[0] { -// let alpha_conj = alpha.frobenius(); -// let comp_conj = proof -// .evals_proofs -// .iter() -// .enumerate() -// .flat_map(|(i, (v, _))| &v[..v.len() - if config.blinding[i] { SALT_SIZE } else { 0 }]) -// .rev() -// .fold(F::Extension::ZERO, |acc, &e| alpha_conj * acc + e.into()); -// let numerator = comp_conj - points[0].1.frobenius(); -// let denominator = F::Extension::from_basefield(subgroup_x) - points[0].0.frobenius(); -// quotient + (numerator / denominator) * alpha.exp(proof.evals_proofs[0].0.len() as u64) -// } else { -// quotient -// }; -// quotient -// } fn fri_combine_initial, const D: usize>( proof: &FriInitialTreeProof, alpha: F::Extension, @@ -196,9 +158,10 @@ fn fri_combine_initial, const D: usize>( let ev = [0, 1, 4] .iter() - .map(|&i| &proof.evals_proofs[i]) - .enumerate() - .flat_map(|(j, (v, _))| &v[..v.len() - if config.blinding[j] { SALT_SIZE } else { 0 }]) + .flat_map(|&i| { + let v = &proof.evals_proofs[i].0; + &v[..v.len() - if config.blinding[i] { SALT_SIZE } else { 0 }] + }) .rev() .fold(F::Extension::ZERO, |acc, &e| { poly_count += 1; @@ -213,7 +176,6 @@ fn fri_combine_initial, const D: usize>( let denominator = F::Extension::from_basefield(subgroup_x) - zeta; e += cur_alpha * numerator / denominator; cur_alpha = alpha.exp(poly_count); - dbg!(e); let ev = proof.evals_proofs[3].0 [..proof.evals_proofs[3].0.len() - if config.blinding[3] { SALT_SIZE } else { 0 }] @@ -224,7 +186,6 @@ fn fri_combine_initial, const D: usize>( alpha * acc + e.into() }); let zeta_right = F::Extension::primitive_root_of_unity(degree_log) * zeta; - dbg!(degree_log); let zs_interpol = interpolant(&[ (zeta, reduce_with_powers(&os.plonk_zs, alpha)), (zeta_right, reduce_with_powers(&os.plonk_zs_right, alpha)), @@ -233,8 +194,6 @@ fn fri_combine_initial, const D: usize>( let denominator = (F::Extension::from_basefield(subgroup_x) - zeta) * (F::Extension::from_basefield(subgroup_x) - zeta_right); e += cur_alpha * numerator / denominator; - dbg!(e); - dbg!(cur_alpha); cur_alpha = alpha.exp(poly_count); if D > 1 { diff --git a/src/polynomial/commitment.rs b/src/polynomial/commitment.rs index 12ce3623..30f15265 100644 --- a/src/polynomial/commitment.rs +++ b/src/polynomial/commitment.rs @@ -315,7 +315,6 @@ impl ListPolynomialCommitment { F: Extendable, { let g = F::Extension::primitive_root_of_unity(degree_log); - dbg!(degree_log); for &p in &[zeta, g * zeta] { assert_ne!( p.exp(1 << degree_log as u64), @@ -336,7 +335,6 @@ impl ListPolynomialCommitment { challenger.observe_opening_set(&os); let alpha = challenger.get_extension_challenge(); - dbg!(alpha); let mut cur_alpha = F::Extension::ONE; // Final low-degree polynomial that goes into FRI. @@ -360,15 +358,6 @@ impl ListPolynomialCommitment { let quotient = Self::compute_quotient(&[zeta], &[composition_eval], &composition_poly); final_poly = &final_poly + &("ient * cur_alpha); - { - let lde_final_poly = final_poly.lde(config.rate_bits); - let lde_final_values = lde_final_poly - .clone() - .coset_fft(F::Extension::from_basefield( - F::MULTIPLICATIVE_GROUP_GENERATOR, - )); - dbg!(lde_final_values); - } cur_alpha = alpha.exp(poly_count); let zs_composition_poly = @@ -391,16 +380,6 @@ impl ListPolynomialCommitment { &zs_composition_poly, ); final_poly = &final_poly + &(&zs_quotient * cur_alpha); - { - let lde_final_poly = final_poly.lde(config.rate_bits); - let lde_final_values = lde_final_poly - .clone() - .coset_fft(F::Extension::from_basefield( - F::MULTIPLICATIVE_GROUP_GENERATOR, - )); - dbg!(lde_final_values); - dbg!(cur_alpha); - } cur_alpha = alpha.exp(poly_count); if D > 1 { @@ -425,7 +404,6 @@ impl ListPolynomialCommitment { final_poly = &final_poly + &(&wires_quotient * cur_alpha); } - dbg!(final_poly.coeffs.len()); let lde_final_poly = final_poly.lde(config.rate_bits); let lde_final_values = lde_final_poly .clone() @@ -470,7 +448,6 @@ impl ListPolynomialCommitment { .collect::>(); debug_assert!(pairs.iter().all(|&(x, e)| poly.eval(x) == e)); - dbg!(&pairs); let interpolant = interpolant(&pairs); let denominator = points.iter().fold(PolynomialCoeffs::one(), |acc, &x| { &acc * &PolynomialCoeffs::new(vec![-x, F::Extension::ONE]) @@ -501,7 +478,6 @@ impl, const D: usize> OpeningProof { challenger.observe_opening_set(os); let alpha = challenger.get_extension_challenge(); - dbg!(alpha); verify_fri_proof( log2_strict(self.quotient_degree), @@ -523,6 +499,7 @@ mod tests { use crate::field::crandall_field::CrandallField; use super::*; + use rand::Rng; use std::convert::TryInto; fn gen_random_test_case, const D: usize>( @@ -549,6 +526,17 @@ mod tests { point } + fn random_blindings() -> Vec { + let mut rng = rand::thread_rng(); + vec![ + rng.gen_bool(0.5), + rng.gen_bool(0.5), + rng.gen_bool(0.5), + rng.gen_bool(0.5), + rng.gen_bool(0.5), + ] + } + fn check_batch_polynomial_commitment, const D: usize>() -> Result<()> { let ks = [1, 2, 3, 5, 8]; let degree_log = 11; @@ -557,17 +545,16 @@ mod tests { rate_bits: 2, reduction_arity_bits: vec![2, 3, 1, 2], num_query_rounds: 3, - blinding: vec![false, false, false, false, false], + blinding: random_blindings(), check_basefield: vec![false, false, false], }; - let lpcs = ks - .iter() - .map(|&k| { + let lpcs = (0..5) + .map(|i| { ListPolynomialCommitment::::new( - gen_random_test_case(k, degree_log), + gen_random_test_case(ks[i], degree_log), fri_config.rate_bits, - false, + fri_config.blinding[i], ) }) .collect::>();