From e73c1d77698d6bc0a651de77ddad5898bac7d1ea Mon Sep 17 00:00:00 2001
From: wborgeaud <williamborgeaud@gmail.com>
Date: Tue, 10 Aug 2021 15:53:27 +0200
Subject: [PATCH] Cleaning / Renaming

---
 src/fri/commitment.rs           | 21 +++++------
 src/fri/proof.rs                |  6 ++--
 src/fri/prover.rs               |  7 ++--
 src/fri/recursive_verifier.rs   | 27 +++++++-------
 src/fri/verifier.rs             | 31 ++++++++--------
 src/hash/merkle_proofs.rs       | 20 +++++------
 src/hash/merkle_tree.rs         |  9 +++--
 src/plonk/circuit_builder.rs    |  6 ++--
 src/plonk/circuit_data.rs       |  4 +--
 src/plonk/proof.rs              | 18 +++++-----
 src/plonk/prover.rs             | 12 +++----
 src/plonk/recursive_verifier.rs | 64 ++++++++++++++++-----------------
 src/plonk/verifier.rs           | 18 +++++-----
 13 files changed, 117 insertions(+), 126 deletions(-)

diff --git a/src/fri/commitment.rs b/src/fri/commitment.rs
index f986e808..5a64bb43 100644
--- a/src/fri/commitment.rs
+++ b/src/fri/commitment.rs
@@ -256,8 +256,7 @@ mod tests {
         let degree = 1 << degree_log;
 
         (0..k)
-            // .map(|_| PolynomialValues::new(F::rand_vec(degree)))
-            .map(|_| PolynomialValues::new((1..=degree).map(F::from_canonical_usize).collect()))
+            .map(|_| PolynomialValues::new(F::rand_vec(degree)))
             .collect()
     }
 
@@ -281,14 +280,13 @@ mod tests {
             proof_of_work_bits: 2,
             reduction_arity_bits: vec![2, 3, 1, 2],
             num_query_rounds: 3,
-            cap_height: 0,
+            cap_height: 1,
         };
         // We only care about `fri_config, num_constants`, and `num_routed_wires` here.
         let common_data = CommonCircuitData {
             config: CircuitConfig {
                 fri_config,
                 num_routed_wires: 6,
-                zero_knowledge: false,
                 ..CircuitConfig::large_config()
             },
             degree_bits,
@@ -306,7 +304,7 @@ mod tests {
                 PolynomialBatchCommitment::<F>::from_values(
                     gen_random_test_case(ks[i], degree_bits),
                     common_data.config.rate_bits,
-                    false,
+                    PlonkPolynomials::polynomials(i).blinding,
                     common_data.config.cap_height,
                     &mut TimingTree::default(),
                 )
@@ -314,7 +312,6 @@ mod tests {
             .collect::<Vec<_>>();
 
         let zeta = gen_random_point::<F, D>(degree_bits);
-        let zeta = F::Extension::MULTIPLICATIVE_GROUP_GENERATOR;
         let (proof, os) = PolynomialBatchCommitment::open_plonk::<D>(
             &[&lpcs[0], &lpcs[1], &lpcs[2], &lpcs[3]],
             zeta,
@@ -323,17 +320,17 @@ mod tests {
             &mut TimingTree::default(),
         );
 
-        let merkle_roots = &[
-            lpcs[0].merkle_tree.root.clone(),
-            lpcs[1].merkle_tree.root.clone(),
-            lpcs[2].merkle_tree.root.clone(),
-            lpcs[3].merkle_tree.root.clone(),
+        let merkle_caps = &[
+            lpcs[0].merkle_tree.cap.clone(),
+            lpcs[1].merkle_tree.cap.clone(),
+            lpcs[2].merkle_tree.cap.clone(),
+            lpcs[3].merkle_tree.cap.clone(),
         ];
 
         verify_fri_proof(
             &os,
             zeta,
-            merkle_roots,
+            merkle_caps,
             &proof,
             &mut Challenger::new(),
             &common_data,
diff --git a/src/fri/proof.rs b/src/fri/proof.rs
index d5ef1ec9..af5bacf0 100644
--- a/src/fri/proof.rs
+++ b/src/fri/proof.rs
@@ -77,8 +77,8 @@ pub struct FriQueryRoundTarget<const D: usize> {
 #[derive(Serialize, Deserialize, Clone, Debug)]
 #[serde(bound = "")]
 pub struct FriProof<F: Extendable<D>, const D: usize> {
-    /// A Merkle root for each reduced polynomial in the commit phase.
-    pub commit_phase_merkle_roots: Vec<MerkleCap<F>>,
+    /// A Merkle cap for each reduced polynomial in the commit phase.
+    pub commit_phase_merkle_caps: Vec<MerkleCap<F>>,
     /// Query rounds proofs
     pub query_round_proofs: Vec<FriQueryRound<F, D>>,
     /// The final polynomial in coefficient form.
@@ -88,7 +88,7 @@ pub struct FriProof<F: Extendable<D>, const D: usize> {
 }
 
 pub struct FriProofTarget<const D: usize> {
-    pub commit_phase_merkle_roots: Vec<MerkleCapTarget>,
+    pub commit_phase_merkle_caps: Vec<MerkleCapTarget>,
     pub query_round_proofs: Vec<FriQueryRoundTarget<D>>,
     pub final_poly: PolynomialCoeffsExtTarget<D>,
     pub pow_witness: Target,
diff --git a/src/fri/prover.rs b/src/fri/prover.rs
index 3d6d6e83..eaecac2d 100644
--- a/src/fri/prover.rs
+++ b/src/fri/prover.rs
@@ -53,7 +53,7 @@ pub fn fri_proof<F: Field + Extendable<D>, const D: usize>(
         fri_prover_query_rounds(initial_merkle_trees, &trees, challenger, n, config);
 
     FriProof {
-        commit_phase_merkle_roots: trees.iter().map(|t| t.root.clone()).collect(),
+        commit_phase_merkle_caps: trees.iter().map(|t| t.cap.clone()).collect(),
         query_round_proofs,
         final_poly: final_coeffs,
         pow_witness,
@@ -84,7 +84,7 @@ fn fri_committed_trees<F: Field + Extendable<D>, const D: usize>(
             false,
         );
 
-        challenger.observe_cap(&tree.root);
+        challenger.observe_cap(&tree.cap);
         trees.push(tree);
 
         let beta = challenger.get_extension_challenge();
@@ -155,8 +155,7 @@ fn fri_prover_query_round<F: Field + Extendable<D>, const D: usize>(
     for (i, tree) in trees.iter().enumerate() {
         let arity_bits = config.reduction_arity_bits[i];
         let arity = 1 << arity_bits;
-        let mut evals = unflatten(tree.get(x_index >> arity_bits));
-        // evals.remove(x_index & (arity - 1));
+        let evals = unflatten(tree.get(x_index >> arity_bits));
         let merkle_proof = tree.prove(x_index >> arity_bits);
 
         query_steps.push(FriQueryStep {
diff --git a/src/fri/recursive_verifier.rs b/src/fri/recursive_verifier.rs
index cc3a1ddf..ff480d8c 100644
--- a/src/fri/recursive_verifier.rs
+++ b/src/fri/recursive_verifier.rs
@@ -83,7 +83,7 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
         os: &OpeningSetTarget<D>,
         // Point at which the PLONK polynomials are opened.
         zeta: ExtensionTarget<D>,
-        initial_merkle_roots: &[MerkleCapTarget],
+        initial_merkle_caps: &[MerkleCapTarget],
         proof: &FriProofTarget<D>,
         challenger: &mut RecursiveChallenger,
         common_data: &CommonCircuitData<F, D>,
@@ -108,10 +108,10 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
             self,
             "recover the random betas used in the FRI reductions.",
             proof
-                .commit_phase_merkle_roots
+                .commit_phase_merkle_caps
                 .iter()
-                .map(|root| {
-                    challenger.observe_cap(root);
+                .map(|cap| {
+                    challenger.observe_cap(cap);
                     challenger.get_extension_challenge(self)
                 })
                 .collect::<Vec<_>>()
@@ -160,7 +160,7 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
                     zeta,
                     alpha,
                     precomputed_reduced_evals,
-                    initial_merkle_roots,
+                    initial_merkle_caps,
                     proof,
                     challenger,
                     n,
@@ -176,13 +176,13 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
         &mut self,
         x_index_bits: &[Target],
         proof: &FriInitialTreeProofTarget,
-        initial_merkle_roots: &[MerkleCapTarget],
+        initial_merkle_caps: &[MerkleCapTarget],
         cap_index: Target,
     ) {
-        for (i, ((evals, merkle_proof), root)) in proof
+        for (i, ((evals, merkle_proof), cap)) in proof
             .evals_proofs
             .iter()
-            .zip(initial_merkle_roots)
+            .zip(initial_merkle_caps)
             .enumerate()
         {
             with_context!(
@@ -192,7 +192,7 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
                     evals.clone(),
                     x_index_bits,
                     cap_index,
-                    root,
+                    cap,
                     merkle_proof
                 )
             );
@@ -278,7 +278,7 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
         zeta: ExtensionTarget<D>,
         alpha: ExtensionTarget<D>,
         precomputed_reduced_evals: PrecomputedReducedEvalsTarget<D>,
-        initial_merkle_roots: &[MerkleCapTarget],
+        initial_merkle_caps: &[MerkleCapTarget],
         proof: &FriProofTarget<D>,
         challenger: &mut RecursiveChallenger,
         n: usize,
@@ -303,7 +303,7 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
             self.fri_verify_initial_proof(
                 &x_index_bits,
                 &round_proof.initial_trees_proof,
-                initial_merkle_roots,
+                initial_merkle_caps,
                 cap_index
             )
         );
@@ -349,12 +349,11 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
                     )
                 )
             };
-            let mut evals = round_proof.steps[i].evals.clone();
+            let evals = round_proof.steps[i].evals.clone();
             // Insert P(y) into the evaluation vector, since it wasn't included by the prover.
             let high_x_index_bits = x_index_bits.split_off(arity_bits);
             old_x_index_bits = x_index_bits;
             let low_x_index = self.le_sum(old_x_index_bits.iter());
-            // evals = self.insert(low_x_index, e_x, evals);
             self.random_access(low_x_index, e_x, evals.clone());
             with_context!(
                 self,
@@ -363,7 +362,7 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
                     flatten_target(&evals),
                     &high_x_index_bits,
                     cap_index,
-                    &proof.commit_phase_merkle_roots[i],
+                    &proof.commit_phase_merkle_caps[i],
                     &round_proof.steps[i].merkle_proof,
                 )
             );
diff --git a/src/fri/verifier.rs b/src/fri/verifier.rs
index a6e70220..f7f2da21 100644
--- a/src/fri/verifier.rs
+++ b/src/fri/verifier.rs
@@ -74,7 +74,7 @@ pub fn verify_fri_proof<F: Field + Extendable<D>, const D: usize>(
     os: &OpeningSet<F, D>,
     // Point at which the PLONK polynomials are opened.
     zeta: F::Extension,
-    initial_merkle_roots: &[MerkleCap<F>],
+    initial_merkle_caps: &[MerkleCap<F>],
     proof: &FriProof<F, D>,
     challenger: &mut Challenger<F>,
     common_data: &CommonCircuitData<F, D>,
@@ -96,10 +96,10 @@ pub fn verify_fri_proof<F: Field + Extendable<D>, const D: usize>(
 
     // Recover the random betas used in the FRI reductions.
     let betas = proof
-        .commit_phase_merkle_roots
+        .commit_phase_merkle_caps
         .iter()
-        .map(|root| {
-            challenger.observe_cap(root);
+        .map(|cap| {
+            challenger.observe_cap(cap);
             challenger.get_extension_challenge()
         })
         .collect::<Vec<_>>();
@@ -124,7 +124,7 @@ pub fn verify_fri_proof<F: Field + Extendable<D>, const D: usize>(
             zeta,
             alpha,
             precomputed_reduced_evals,
-            initial_merkle_roots,
+            initial_merkle_caps,
             &proof,
             challenger,
             n,
@@ -140,10 +140,10 @@ pub fn verify_fri_proof<F: Field + Extendable<D>, const D: usize>(
 fn fri_verify_initial_proof<F: Field>(
     x_index: usize,
     proof: &FriInitialTreeProof<F>,
-    initial_merkle_roots: &[MerkleCap<F>],
+    initial_merkle_caps: &[MerkleCap<F>],
 ) -> Result<()> {
-    for ((evals, merkle_proof), root) in proof.evals_proofs.iter().zip(initial_merkle_roots) {
-        verify_merkle_proof(evals.clone(), x_index, root, merkle_proof, false)?;
+    for ((evals, merkle_proof), cap) in proof.evals_proofs.iter().zip(initial_merkle_caps) {
+        verify_merkle_proof(evals.clone(), x_index, cap, merkle_proof, false)?;
     }
 
     Ok(())
@@ -246,7 +246,7 @@ fn fri_verifier_query_round<F: Field + Extendable<D>, const D: usize>(
     zeta: F::Extension,
     alpha: F::Extension,
     precomputed_reduced_evals: PrecomputedReducedEvals<F, D>,
-    initial_merkle_roots: &[MerkleCap<F>],
+    initial_merkle_caps: &[MerkleCap<F>],
     proof: &FriProof<F, D>,
     challenger: &mut Challenger<F>,
     n: usize,
@@ -261,7 +261,7 @@ fn fri_verifier_query_round<F: Field + Extendable<D>, const D: usize>(
     fri_verify_initial_proof(
         x_index,
         &round_proof.initial_trees_proof,
-        initial_merkle_roots,
+        initial_merkle_caps,
     )?;
     let mut old_x_index = 0;
     // `subgroup_x` is `subgroup[x_index]`, i.e., the actual field element in the domain.
@@ -293,18 +293,17 @@ fn fri_verifier_query_round<F: Field + Extendable<D>, const D: usize>(
                 betas[i - 1],
             )
         };
-        let mut evals = round_proof.steps[i].evals.clone();
-        // // Insert P(y) into the evaluation vector, since it wasn't included by the prover.
+        let evals = &round_proof.steps[i].evals;
+        // Insert P(y) into the evaluation vector, since it wasn't included by the prover.
         ensure!(evals[x_index & (arity - 1)] == e_x);
-        // evals.insert(x_index & (arity - 1), e_x);
         verify_merkle_proof(
-            flatten(&evals),
+            flatten(evals),
             x_index >> arity_bits,
-            &proof.commit_phase_merkle_roots[i],
+            &proof.commit_phase_merkle_caps[i],
             &round_proof.steps[i].merkle_proof,
             false,
         )?;
-        evaluations.push(evals);
+        evaluations.push(evals.to_vec());
 
         if i > 0 {
             // Update the point x to x^arity.
diff --git a/src/hash/merkle_proofs.rs b/src/hash/merkle_proofs.rs
index a8fdb8a4..76a791c8 100644
--- a/src/hash/merkle_proofs.rs
+++ b/src/hash/merkle_proofs.rs
@@ -28,7 +28,7 @@ pub struct MerkleProofTarget {
 }
 
 /// Verifies that the given leaf data is present at the given index in the Merkle tree with the
-/// given root.
+/// given cap.
 pub(crate) fn verify_merkle_proof<F: Field>(
     leaf_data: Vec<F>,
     leaf_index: usize,
@@ -61,12 +61,12 @@ pub(crate) fn verify_merkle_proof<F: Field>(
 
 impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
     /// Verifies that the given leaf data is present at the given index in the Merkle tree with the
-    /// given root. The index is given by it's little-endian bits.
+    /// given cap. The index is given by it's little-endian bits.
     pub(crate) fn verify_merkle_proof(
         &mut self,
         leaf_data: Vec<Target>,
         leaf_index_bits: &[Target],
-        merkle_root: &MerkleCapTarget,
+        merkle_cap: &MerkleCapTarget,
         proof: &MerkleProofTarget,
     ) {
         let zero = self.zero();
@@ -117,7 +117,7 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
             state_ext[i] = state.elements[i];
         }
         let state_ext = ExtensionTarget(state_ext);
-        let cap_ext = merkle_root
+        let cap_ext = merkle_cap
             .0
             .iter()
             .map(|h| {
@@ -129,7 +129,6 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
             })
             .collect();
         self.random_access(index, state_ext, cap_ext);
-        // self.named_assert_hashes_equal(state, merkle_root, "check Merkle root".into())
     }
 
     pub(crate) fn verify_merkle_proof_with_cap_index(
@@ -137,7 +136,7 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
         leaf_data: Vec<Target>,
         leaf_index_bits: &[Target],
         cap_index: Target,
-        merkle_root: &MerkleCapTarget,
+        merkle_cap: &MerkleCapTarget,
         proof: &MerkleProofTarget,
     ) {
         let zero = self.zero();
@@ -187,7 +186,7 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
             state_ext[i] = state.elements[i];
         }
         let state_ext = ExtensionTarget(state_ext);
-        let cap_ext = merkle_root
+        let cap_ext = merkle_cap
             .0
             .iter()
             .map(|h| {
@@ -199,7 +198,6 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
             })
             .collect();
         self.random_access(cap_index, state_ext, cap_ext);
-        // self.named_assert_hashes_equal(state, merkle_root, "check Merkle root".into())
     }
 
     pub(crate) fn assert_hashes_equal(&mut self, x: HashOutTarget, y: HashOutTarget) {
@@ -263,8 +261,8 @@ mod tests {
             pw.set_hash_target(proof_t.siblings[i], proof.siblings[i]);
         }
 
-        let root_t = builder.add_virtual_cap(cap_height);
-        pw.set_cap_target(&root_t, &tree.root);
+        let cap_t = builder.add_virtual_cap(cap_height);
+        pw.set_cap_target(&cap_t, &tree.cap);
 
         let i_c = builder.constant(F::from_canonical_usize(i));
         let i_bits = builder.split_le(i_c, log_n);
@@ -274,7 +272,7 @@ mod tests {
             pw.set_target(data[j], tree.leaves[i][j]);
         }
 
-        builder.verify_merkle_proof(data, &i_bits, &root_t, &proof_t);
+        builder.verify_merkle_proof(data, &i_bits, &cap_t, &proof_t);
 
         let data = builder.build();
         let proof = data.prove(pw)?;
diff --git a/src/hash/merkle_tree.rs b/src/hash/merkle_tree.rs
index 454d44f6..08e49c42 100644
--- a/src/hash/merkle_tree.rs
+++ b/src/hash/merkle_tree.rs
@@ -20,7 +20,7 @@ pub struct MerkleTree<F: Field> {
     pub layers: Vec<Vec<HashOut<F>>>,
 
     /// The Merkle cap.
-    pub root: MerkleCap<F>,
+    pub cap: MerkleCap<F>,
 
     /// If true, the indices are in bit-reversed form, so that the leaf at index `i`
     /// contains the leaf originally at index `reverse_bits(i)`.
@@ -50,7 +50,7 @@ impl<F: Field> MerkleTree<F> {
         Self {
             leaves,
             layers,
-            root: MerkleCap(cap),
+            cap: MerkleCap(cap),
             reverse_bits,
         }
     }
@@ -105,7 +105,7 @@ mod tests {
         let tree = MerkleTree::new(leaves.clone(), 1, reverse_bits);
         for i in 0..n {
             let proof = tree.prove(i);
-            verify_merkle_proof(leaves[i].clone(), i, &tree.root, &proof, reverse_bits)?;
+            verify_merkle_proof(leaves[i].clone(), i, &tree.cap, &proof, reverse_bits)?;
         }
         Ok(())
     }
@@ -118,8 +118,7 @@ mod tests {
         let n = 1 << log_n;
         let leaves = random_data::<F>(n, 7);
 
-        verify_all_leaves(leaves.clone(), n, false)?;
-        // verify_all_leaves(leaves, n, true)?;
+        verify_all_leaves(leaves, n, false)?;
 
         Ok(())
     }
diff --git a/src/plonk/circuit_builder.rs b/src/plonk/circuit_builder.rs
index 646de78d..823b9e8d 100644
--- a/src/plonk/circuit_builder.rs
+++ b/src/plonk/circuit_builder.rs
@@ -570,9 +570,9 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
             &mut timing,
         );
 
-        let constants_sigmas_root = constants_sigmas_commitment.merkle_tree.root.clone();
+        let constants_sigmas_cap = constants_sigmas_commitment.merkle_tree.cap.clone();
         let verifier_only = VerifierOnlyCircuitData {
-            constants_sigmas_root: constants_sigmas_root.clone(),
+            constants_sigmas_cap: constants_sigmas_cap.clone(),
         };
 
         let prover_only = ProverOnlyCircuitData {
@@ -603,7 +603,7 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
 
         // TODO: This should also include an encoding of gate constraints.
         let circuit_digest_parts = [
-            constants_sigmas_root
+            constants_sigmas_cap
                 .0
                 .into_iter()
                 .flat_map(|h| h.elements)
diff --git a/src/plonk/circuit_data.rs b/src/plonk/circuit_data.rs
index cb4541bc..7c3d3985 100644
--- a/src/plonk/circuit_data.rs
+++ b/src/plonk/circuit_data.rs
@@ -149,7 +149,7 @@ pub(crate) struct ProverOnlyCircuitData<F: Extendable<D>, const D: usize> {
 /// Circuit data required by the verifier, but not the prover.
 pub(crate) struct VerifierOnlyCircuitData<F: Field> {
     /// A commitment to each constant polynomial and each permutation polynomial.
-    pub(crate) constants_sigmas_root: MerkleCap<F>,
+    pub(crate) constants_sigmas_cap: MerkleCap<F>,
 }
 
 /// Circuit data required by both the prover and the verifier.
@@ -239,5 +239,5 @@ impl<F: Extendable<D>, const D: usize> CommonCircuitData<F, D> {
 /// dynamic, at least not without setting a maximum wire count and paying for the worst case.
 pub struct VerifierCircuitTarget {
     /// A commitment to each constant polynomial and each permutation polynomial.
-    pub(crate) constants_sigmas_root: MerkleCapTarget,
+    pub(crate) constants_sigmas_cap: MerkleCapTarget,
 }
diff --git a/src/plonk/proof.rs b/src/plonk/proof.rs
index 514f83f7..64bfc90f 100644
--- a/src/plonk/proof.rs
+++ b/src/plonk/proof.rs
@@ -13,12 +13,12 @@ use crate::plonk::circuit_data::CommonCircuitData;
 #[derive(Serialize, Deserialize, Clone, Debug)]
 #[serde(bound = "")]
 pub struct Proof<F: Extendable<D>, const D: usize> {
-    /// Merkle root of LDEs of wire values.
-    pub wires_root: MerkleCap<F>,
-    /// Merkle root of LDEs of Z, in the context of Plonk's permutation argument.
-    pub plonk_zs_partial_products_root: MerkleCap<F>,
-    /// Merkle root of LDEs of the quotient polynomial components.
-    pub quotient_polys_root: MerkleCap<F>,
+    /// Merkle cap of LDEs of wire values.
+    pub wires_cap: MerkleCap<F>,
+    /// Merkle cap of LDEs of Z, in the context of Plonk's permutation argument.
+    pub plonk_zs_partial_products_cap: MerkleCap<F>,
+    /// Merkle cap of LDEs of the quotient polynomial components.
+    pub quotient_polys_cap: MerkleCap<F>,
     /// Purported values of each polynomial at the challenge point.
     pub openings: OpeningSet<F, D>,
     /// A batch FRI argument for all openings.
@@ -33,9 +33,9 @@ pub struct ProofWithPublicInputs<F: Extendable<D>, const D: usize> {
 }
 
 pub struct ProofTarget<const D: usize> {
-    pub wires_root: MerkleCapTarget,
-    pub plonk_zs_partial_products_root: MerkleCapTarget,
-    pub quotient_polys_root: MerkleCapTarget,
+    pub wires_cap: MerkleCapTarget,
+    pub plonk_zs_partial_products_cap: MerkleCapTarget,
+    pub quotient_polys_cap: MerkleCapTarget,
     pub openings: OpeningSetTarget<D>,
     pub opening_proof: FriProofTarget<D>,
 }
diff --git a/src/plonk/prover.rs b/src/plonk/prover.rs
index 56484c8a..0d66daa8 100644
--- a/src/plonk/prover.rs
+++ b/src/plonk/prover.rs
@@ -96,7 +96,7 @@ pub(crate) fn prove<F: Extendable<D>, const D: usize>(
     challenger.observe_hash(&common_data.circuit_digest);
     challenger.observe_hash(&public_inputs_hash);
 
-    challenger.observe_cap(&wires_commitment.merkle_tree.root);
+    challenger.observe_cap(&wires_commitment.merkle_tree.cap);
     let betas = challenger.get_n_challenges(num_challenges);
     let gammas = challenger.get_n_challenges(num_challenges);
 
@@ -135,7 +135,7 @@ pub(crate) fn prove<F: Extendable<D>, const D: usize>(
         )
     );
 
-    challenger.observe_cap(&zs_partial_products_commitment.merkle_tree.root);
+    challenger.observe_cap(&zs_partial_products_commitment.merkle_tree.cap);
 
     let alphas = challenger.get_n_challenges(num_challenges);
 
@@ -184,7 +184,7 @@ pub(crate) fn prove<F: Extendable<D>, const D: usize>(
         )
     );
 
-    challenger.observe_cap(&quotient_polys_commitment.merkle_tree.root);
+    challenger.observe_cap(&quotient_polys_commitment.merkle_tree.cap);
 
     let zeta = challenger.get_extension_challenge();
 
@@ -208,9 +208,9 @@ pub(crate) fn prove<F: Extendable<D>, const D: usize>(
     timing.print();
 
     let proof = Proof {
-        wires_root: wires_commitment.merkle_tree.root,
-        plonk_zs_partial_products_root: zs_partial_products_commitment.merkle_tree.root,
-        quotient_polys_root: quotient_polys_commitment.merkle_tree.root,
+        wires_cap: wires_commitment.merkle_tree.cap,
+        plonk_zs_partial_products_cap: zs_partial_products_commitment.merkle_tree.cap,
+        quotient_polys_cap: quotient_polys_commitment.merkle_tree.cap,
         openings,
         opening_proof,
     };
diff --git a/src/plonk/recursive_verifier.rs b/src/plonk/recursive_verifier.rs
index fac0ba3a..3ab1cdec 100644
--- a/src/plonk/recursive_verifier.rs
+++ b/src/plonk/recursive_verifier.rs
@@ -44,14 +44,14 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
                 challenger.observe_hash(&digest);
                 challenger.observe_hash(&public_inputs_hash);
 
-                challenger.observe_cap(&proof.wires_root);
+                challenger.observe_cap(&proof.wires_cap);
                 let betas = challenger.get_n_challenges(self, num_challenges);
                 let gammas = challenger.get_n_challenges(self, num_challenges);
 
-                challenger.observe_cap(&proof.plonk_zs_partial_products_root);
+                challenger.observe_cap(&proof.plonk_zs_partial_products_cap);
                 let alphas = challenger.get_n_challenges(self, num_challenges);
 
-                challenger.observe_cap(&proof.quotient_polys_root);
+                challenger.observe_cap(&proof.quotient_polys_cap);
                 let zeta = challenger.get_extension_challenge(self);
 
                 (betas, gammas, alphas, zeta)
@@ -107,11 +107,11 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
             }
         });
 
-        let merkle_roots = &[
-            inner_verifier_data.constants_sigmas_root.clone(),
-            proof.wires_root,
-            proof.plonk_zs_partial_products_root,
-            proof.quotient_polys_root,
+        let merkle_caps = &[
+            inner_verifier_data.constants_sigmas_cap.clone(),
+            proof.wires_cap,
+            proof.plonk_zs_partial_products_cap,
+            proof.quotient_polys_cap,
         ];
 
         with_context!(
@@ -120,7 +120,7 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
             self.verify_fri_proof(
                 &proof.openings,
                 zeta,
-                merkle_roots,
+                merkle_caps,
                 &proof.opening_proof,
                 &mut challenger,
                 inner_common_data,
@@ -190,11 +190,11 @@ mod tests {
             public_inputs,
         } = proof_with_pis;
 
-        let wires_root = builder.add_virtual_cap(log2_strict(proof.wires_root.0.len()));
-        let plonk_zs_root =
-            builder.add_virtual_cap(log2_strict(proof.plonk_zs_partial_products_root.0.len()));
-        let quotient_polys_root =
-            builder.add_virtual_cap(log2_strict(proof.quotient_polys_root.0.len()));
+        let wires_cap = builder.add_virtual_cap(log2_strict(proof.wires_cap.0.len()));
+        let plonk_zs_cap =
+            builder.add_virtual_cap(log2_strict(proof.plonk_zs_partial_products_cap.0.len()));
+        let quotient_polys_cap =
+            builder.add_virtual_cap(log2_strict(proof.quotient_polys_cap.0.len()));
 
         let openings = OpeningSetTarget {
             constants: builder.add_virtual_extension_targets(proof.openings.constants.len()),
@@ -211,14 +211,14 @@ mod tests {
         let query_round_proofs = (0..proof.opening_proof.query_round_proofs.len())
             .map(|_| get_fri_query_round(proof, builder))
             .collect();
-        let commit_phase_merkle_roots = proof
+        let commit_phase_merkle_caps = proof
             .opening_proof
-            .commit_phase_merkle_roots
+            .commit_phase_merkle_caps
             .iter()
             .map(|r| builder.add_virtual_cap(log2_strict(r.0.len())))
             .collect();
         let opening_proof = FriProofTarget {
-            commit_phase_merkle_roots,
+            commit_phase_merkle_caps,
             query_round_proofs,
             final_poly: PolynomialCoeffsExtTarget(
                 builder.add_virtual_extension_targets(proof.opening_proof.final_poly.len()),
@@ -227,9 +227,9 @@ mod tests {
         };
 
         let proof = ProofTarget {
-            wires_root,
-            plonk_zs_partial_products_root: plonk_zs_root,
-            quotient_polys_root,
+            wires_cap,
+            plonk_zs_partial_products_cap: plonk_zs_cap,
+            quotient_polys_cap,
             openings,
             opening_proof,
         };
@@ -261,12 +261,12 @@ mod tests {
             pw.set_target(pi_t, pi);
         }
 
-        pw.set_cap_target(&pt.wires_root, &proof.wires_root);
+        pw.set_cap_target(&pt.wires_cap, &proof.wires_cap);
         pw.set_cap_target(
-            &pt.plonk_zs_partial_products_root,
-            &proof.plonk_zs_partial_products_root,
+            &pt.plonk_zs_partial_products_cap,
+            &proof.plonk_zs_partial_products_cap,
         );
-        pw.set_cap_target(&pt.quotient_polys_root, &proof.quotient_polys_root);
+        pw.set_cap_target(&pt.quotient_polys_cap, &proof.quotient_polys_cap);
 
         for (&t, &x) in pt.openings.wires.iter().zip(&proof.openings.wires) {
             pw.set_extension_target(t, x);
@@ -320,9 +320,9 @@ mod tests {
         }
 
         for (t, x) in fpt
-            .commit_phase_merkle_roots
+            .commit_phase_merkle_caps
             .iter()
-            .zip(&fri_proof.commit_phase_merkle_roots)
+            .zip(&fri_proof.commit_phase_merkle_caps)
         {
             pw.set_cap_target(t, x);
         }
@@ -405,9 +405,9 @@ mod tests {
         set_proof_target(&proof_with_pis, &pt, &mut pw);
 
         let inner_data = VerifierCircuitTarget {
-            constants_sigmas_root: builder.add_virtual_cap(config.cap_height),
+            constants_sigmas_cap: builder.add_virtual_cap(config.cap_height),
         };
-        pw.set_cap_target(&inner_data.constants_sigmas_root, &vd.constants_sigmas_root);
+        pw.set_cap_target(&inner_data.constants_sigmas_cap, &vd.constants_sigmas_cap);
 
         builder.add_recursive_verifier(pt, &config, &inner_data, &cd);
 
@@ -462,9 +462,9 @@ mod tests {
             set_proof_target(&proof_with_pis, &pt, &mut pw);
 
             let inner_data = VerifierCircuitTarget {
-                constants_sigmas_root: builder.add_virtual_cap(config.cap_height),
+                constants_sigmas_cap: builder.add_virtual_cap(config.cap_height),
             };
-            pw.set_cap_target(&inner_data.constants_sigmas_root, &vd.constants_sigmas_root);
+            pw.set_cap_target(&inner_data.constants_sigmas_cap, &vd.constants_sigmas_cap);
 
             builder.add_recursive_verifier(pt, &config, &inner_data, &cd);
 
@@ -480,9 +480,9 @@ mod tests {
         set_proof_target(&proof_with_pis, &pt, &mut pw);
 
         let inner_data = VerifierCircuitTarget {
-            constants_sigmas_root: builder.add_virtual_cap(config.cap_height),
+            constants_sigmas_cap: builder.add_virtual_cap(config.cap_height),
         };
-        pw.set_cap_target(&inner_data.constants_sigmas_root, &vd.constants_sigmas_root);
+        pw.set_cap_target(&inner_data.constants_sigmas_cap, &vd.constants_sigmas_cap);
 
         builder.add_recursive_verifier(pt, &config, &inner_data, &cd);
 
diff --git a/src/plonk/verifier.rs b/src/plonk/verifier.rs
index 98736044..cc0da79b 100644
--- a/src/plonk/verifier.rs
+++ b/src/plonk/verifier.rs
@@ -31,14 +31,14 @@ pub(crate) fn verify<F: Extendable<D>, const D: usize>(
     challenger.observe_hash(&common_data.circuit_digest);
     challenger.observe_hash(&public_inputs_hash);
 
-    challenger.observe_cap(&proof.wires_root);
+    challenger.observe_cap(&proof.wires_cap);
     let betas = challenger.get_n_challenges(num_challenges);
     let gammas = challenger.get_n_challenges(num_challenges);
 
-    challenger.observe_cap(&proof.plonk_zs_partial_products_root);
+    challenger.observe_cap(&proof.plonk_zs_partial_products_cap);
     let alphas = challenger.get_n_challenges(num_challenges);
 
-    challenger.observe_cap(&proof.quotient_polys_root);
+    challenger.observe_cap(&proof.quotient_polys_cap);
     let zeta = challenger.get_extension_challenge();
 
     let local_constants = &proof.openings.constants;
@@ -83,17 +83,17 @@ pub(crate) fn verify<F: Extendable<D>, const D: usize>(
         ensure!(vanishing_polys_zeta[i] == z_h_zeta * reduce_with_powers(chunk, zeta_pow_deg));
     }
 
-    let merkle_roots = &[
-        verifier_data.constants_sigmas_root.clone(),
-        proof.wires_root,
-        proof.plonk_zs_partial_products_root,
-        proof.quotient_polys_root,
+    let merkle_caps = &[
+        verifier_data.constants_sigmas_cap.clone(),
+        proof.wires_cap,
+        proof.plonk_zs_partial_products_cap,
+        proof.quotient_polys_cap,
     ];
 
     verify_fri_proof(
         &proof.openings,
         zeta,
-        merkle_roots,
+        merkle_caps,
         &proof.opening_proof,
         &mut challenger,
         common_data,