Comment out errors

2026-01-05 07:13:08 +00:00 · 2021-06-09 17:55:49 +02:00 · 2021-06-09 17:55:49 +02:00 · f7e92af963
commit f7e92af963
parent 89761ef22a
5 changed files with 27 additions and 23 deletions
--- a/src/fri/recursive_verifier.rs
+++ b/src/fri/recursive_verifier.rs
@ -308,14 +308,14 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
            };
            let mut evals = round_proof.steps[i].evals.clone();
            // Insert P(y) into the evaluation vector, since it wasn't included by the prover.
-            evals.insert(x_index & (arity - 1), e_x);
-            evaluations.push(evals);
-            self.verify_merkle_proof(
-                flatten_target(&evaluations[i]),
-                x_index >> arity_bits,
-                proof.commit_phase_merkle_roots[i],
-                &round_proof.steps[i].merkle_proof,
-            )?;
+            // evals.insert(x_index & (arity - 1), e_x);
+            // evaluations.push(evals);
+            // self.verify_merkle_proof(
+            //     flatten_target(&evaluations[i]),
+            //     x_index >> arity_bits,
+            //     proof.commit_phase_merkle_roots[i],
+            //     &round_proof.steps[i].merkle_proof,
+            // )?;

            if i > 0 {
                // Update the point x to x^arity.
@ -325,7 +325,7 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
            }
            domain_size = next_domain_size;
            old_x_index = x_index;
-            x_index >>= arity_bits;
+            // x_index >>= arity_bits;
        }

        let last_evals = evaluations.last().unwrap();
@ -343,10 +343,8 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {

        // Final check of FRI. After all the reductions, we check that the final polynomial is equal
        // to the one sent by the prover.
-        ensure!(
-            proof.final_poly.eval(subgroup_x.into()) == purported_eval,
-            "Final polynomial evaluation is invalid."
-        );
+        let eval = proof.final_poly.eval_scalar(self, subgroup_x);
+        self.assert_equal_extension(eval, purported_eval);

        Ok(())
    }
--- a/src/gadgets/split_base.rs
+++ b/src/gadgets/split_base.rs
@ -48,8 +48,13 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
 /// Returns `k` such that any number with `k` trailing zeros in base `base` has at least
 /// `n` trailing zeros in base 2.
 const fn num_limbs_to_check(n: u32, base: usize) -> usize {
-    assert_eq!(base % 2, 0, "Base should be even.");
-    ceil_div_usize(n as usize, base.trailing_zeros() as usize)
+    if base % 2 == 1 {
+        // Dirty trick to panic if the base is odd.
+        // TODO: replace with `assert_eq!(base % 2, 0, "Base should be even.")` when stable.
+        [][0]
+    } else {
+        ceil_div_usize(n as usize, base.trailing_zeros() as usize)
+    }
 }

 #[cfg(test)]
--- a/src/gadgets/split_join.rs
+++ b/src/gadgets/split_join.rs
@ -29,24 +29,24 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
    /// Verifies that the decomposition is correct by using `k` `BaseSum<2>` gates
    /// with `k` such that `k*num_routed_bits>=64`.
    pub(crate) fn split_le(&mut self, integer: Target) -> Vec<Target> {
-        let num_limbs = self.config.num_routed_wires - BaseSumGate::WIRE_LIMBS_START;
+        let num_limbs = self.config.num_routed_wires - BaseSumGate::<2>::WIRE_LIMBS_START;
        let k = ceil_div_usize(64, num_limbs);
        let gates = (0..k)
-            .map(|_| self.add_gate_no_constants(BaseSumGate::new(num_limbs)))
+            .map(|_| self.add_gate_no_constants(BaseSumGate::<2>::new(num_limbs)))
            .collect::<Vec<_>>();

        let mut bits = Vec::with_capacity(64);
        for &gate in &gates {
            bits.extend(Target::wires_from_range(
                gate,
-                BaseSumGate::WIRE_LIMBS_START..BaseSumGate::WIRE_LIMBS_START + num_limbs,
+                BaseSumGate::<2>::WIRE_LIMBS_START..BaseSumGate::<2>::WIRE_LIMBS_START + num_limbs,
            ));
        }

        let zero = self.zero();
        let mut acc = zero;
        for &gate in gates.iter().rev() {
-            let sum = Target::wire(gate, BaseSumGate::WIRE_SUM);
+            let sum = Target::wire(gate, BaseSumGate::<2>::WIRE_SUM);
            acc = self.arithmetic(
                F::from_canonical_usize(1 << num_limbs),
                acc,
@ -140,8 +140,8 @@ impl<F: Field> SimpleGenerator<F> for WireSplitGenerator {
        let mut integer_value = witness.get_target(self.integer).to_canonical_u64();

        let mut result = PartialWitness::new();
-        for gate in self.gates {
-            let sum = Target::wire(gate, BaseSumGate::WIRE_SUM);
+        for &gate in &self.gates {
+            let sum = Target::wire(gate, BaseSumGate::<2>::WIRE_SUM);
            result.set_target(
                sum,
                F::from_canonical_u64(integer_value & ((1 << self.num_limbs) - 1)),
--- a/src/proof.rs
+++ b/src/proof.rs
@ -144,6 +144,7 @@ pub struct FriProofTarget<const D: usize> {
    pub pow_witness: Target,
 }

+#[derive(Clone, Debug)]
 /// The purported values of each polynomial at a single point.
 pub struct OpeningSet<F: Field + Extendable<D>, const D: usize> {
    pub constants: Vec<F::Extension>,
--- a/src/verifier.rs
+++ b/src/verifier.rs
@ -55,13 +55,13 @@ pub(crate) fn verify<F: Extendable<D>, const D: usize>(
    );

    // Check each polynomial identity, of the form `vanishing(x) = Z_H(x) quotient(x)`, at zeta.
-    let quotient_polys_zeta = proof.openings.quotient_polys;
+    let quotient_polys_zeta = &proof.openings.quotient_polys;
    let z_h_zeta = eval_zero_poly(common_data.degree(), zeta);
    for i in 0..num_challenges {
        ensure!(vanishing_polys_zeta[i] == z_h_zeta * quotient_polys_zeta[i]);
    }

-    let evaluations = proof.openings;
+    let evaluations = proof.openings.clone();

    let merkle_roots = &[
        verifier_data.constants_root,