From 5b8ce67e4a4c6db31faabc8563763d4b295cdf8e Mon Sep 17 00:00:00 2001
From: ledwards2225 <l.edwards.d@gmail.com>
Date: Tue, 24 Oct 2023 21:45:46 +0000
Subject: [PATCH] simplify computation of CZx

---
 .../honk/pcs/zeromorph/zeromorph.hpp          | 116 +++---------------
 .../honk/pcs/zeromorph/zeromorph.test.cpp     |  16 +--
 2 files changed, 25 insertions(+), 107 deletions(-)

diff --git a/barretenberg/cpp/src/barretenberg/honk/pcs/zeromorph/zeromorph.hpp b/barretenberg/cpp/src/barretenberg/honk/pcs/zeromorph/zeromorph.hpp
index f7890183998..a8123234c9a 100644
--- a/barretenberg/cpp/src/barretenberg/honk/pcs/zeromorph/zeromorph.hpp
+++ b/barretenberg/cpp/src/barretenberg/honk/pcs/zeromorph/zeromorph.hpp
@@ -473,19 +473,27 @@ template <typename Curve> class ZeroMorphVerifier_ {
     }
 
     /**
-     * @brief Compute commitment to partially evaluated ZeroMorph identity Z
+     * @brief
      * @details Compute commitment C_{Z_x} = [Z_x]_1 using homomorphicity:
      *
      *  C_{Z_x} = x * \sum_{i=0}^{m-1}\rho^i*[f_i] + \sum_{i=0}^{l-1}\rho^{m+i}*[g_i] - v * x * \Phi_n(x) * [1]_1
      *              - x * \sum_k (x^{2^k}\Phi_{n-k-1}(x^{2^{k-1}}) - u_k\Phi_{n-k}(x^{2^k})) * [q_k]
+     *              + concatentation_term
+     * where
      *
-     * @param f_commitments Commitments to unshifted polynomials [f_i]
-     * @param g_commitments Commitments to to-be-shifted polynomials [g_i]
-     * @param C_q_k Commitments to q_k
+     *  concatenation_term = \sum{i=0}^{o-1}\sum_{j=0}^{concatenation_index}(rho^{m+l+i} * x^{j * min_N + 1}
+     *                       * concatenation_groups_commitments_{i}_{j})
+     *
+     * @note The concatenation term arises from an implementation detail in the Goblin Translator and is not part of the
+     * conventional ZM protocol
+     * @param f_commitments
+     * @param g_commitments
+     * @param C_q_k
      * @param rho
-     * @param batched_evaluation \sum_{i=0}^{m-1} \rho^i*f_i(u) + \sum_{i=0}^{l-1} \rho^{m+i}*h_i(u)
+     * @param batched_evaluation
      * @param x_challenge
-     * @param u_challenge multilinear challenge
+     * @param u_challenge
+     * @param concatenation_groups_commitments
      * @return Commitment
      */
     static Commitment compute_C_Z_x(std::vector<Commitment> f_commitments,
@@ -494,99 +502,8 @@ template <typename Curve> class ZeroMorphVerifier_ {
                                     FF rho,
                                     FF batched_evaluation,
                                     FF x_challenge,
-                                    std::vector<FF> u_challenge)
-    {
-        size_t log_N = C_q_k.size();
-        size_t N = 1 << log_N;
-
-        std::vector<FF> scalars;
-        std::vector<Commitment> commitments;
-
-        // Phi_n(x) = (x^N - 1) / (x - 1)
-        auto phi_numerator = x_challenge.pow(N) - 1; // x^N - 1
-        auto phi_n_x = phi_numerator / (x_challenge - 1);
-
-        // Add contribution: -v * x * \Phi_n(x) * [1]_1
-        if constexpr (Curve::is_stdlib_type) {
-            auto builder = x_challenge.get_context();
-            scalars.emplace_back(FF(builder, -1) * batched_evaluation * x_challenge * phi_n_x);
-            commitments.emplace_back(Commitment::one(builder));
-        } else {
-            scalars.emplace_back(FF(-1) * batched_evaluation * x_challenge * phi_n_x);
-            commitments.emplace_back(Commitment::one());
-        }
-
-        // Add contribution: x * \sum_{i=0}^{m-1} \rho^i*[f_i]
-        auto rho_pow = FF(1);
-        for (auto& commitment : f_commitments) {
-            scalars.emplace_back(x_challenge * rho_pow);
-            commitments.emplace_back(commitment);
-            rho_pow *= rho;
-        }
-
-        // Add contribution: \sum_{i=0}^{l-1} \rho^{m+i}*[g_i]
-        for (auto& commitment : g_commitments) {
-            scalars.emplace_back(rho_pow);
-            commitments.emplace_back(commitment);
-            rho_pow *= rho;
-        }
-
-        // Add contributions: scalar * [q_k],  k = 0,...,log_N, where
-        // scalar = -x * (x^{2^k} * \Phi_{n-k-1}(x^{2^{k+1}}) - u_k * \Phi_{n-k}(x^{2^k}))
-        auto x_pow_2k = x_challenge;                 // x^{2^k}
-        auto x_pow_2kp1 = x_challenge * x_challenge; // x^{2^{k + 1}}
-        for (size_t k = 0; k < log_N; ++k) {
-
-            auto phi_term_1 = phi_numerator / (x_pow_2kp1 - 1); // \Phi_{n-k-1}(x^{2^{k + 1}})
-            auto phi_term_2 = phi_numerator / (x_pow_2k - 1);   // \Phi_{n-k}(x^{2^k})
-
-            auto scalar = x_pow_2k * phi_term_1;
-            scalar -= u_challenge[k] * phi_term_2;
-            scalar *= x_challenge;
-            scalar *= FF(-1);
-
-            scalars.emplace_back(scalar);
-            commitments.emplace_back(C_q_k[k]);
-
-            // Update powers of challenge x
-            x_pow_2k = x_pow_2kp1;
-            x_pow_2kp1 *= x_pow_2kp1;
-        }
-
-        if constexpr (Curve::is_stdlib_type) {
-            return Commitment::batch_mul(commitments, scalars);
-        } else {
-            return batch_mul_native(commitments, scalars);
-        }
-    }
-
-    /**
-     * @brief Compute commitment to partially evaluated ZeroMorph identity Z
-     * @details Compute commitment C_{Z_x} = [Z_x]_1 using homomorphicity:
-     *
-     *  C_{Z_x} = x * \sum_{i=0}^{m-1}\rho^i*[f_i] + \sum_{i=0}^{l-1}\rho^{m+i}*[g_i] +
-     * \sum{i=0}^{o-1}\sum_{j=0}^{concatenation_index}(rho^{m+l+i} * x^{j * min_N + 1}
-     * *concatenation_groups_commitments_{i}_{j}) - v * x * \Phi_n(x) * [1]_1 - x * \sum_k
-     * (x^{2^k}\Phi_{n-k-1}(x^{2^{k-1}}) - u_k\Phi_{n-k}(x^{2^k})) * [q_k]
-     *
-     * @param f_commitments Commitments to unshifted polynomials [f_i]
-     * @param g_commitments Commitments to to-be-shifted polynomials [g_i]
-     * @param C_q_k Commitments to q_k
-     * @param rho
-     * @param batched_evaluation \sum_{i=0}^{m-1} \rho^i*f_i(u) + \sum_{i=0}^{l-1} \rho^{m+i}*h_i(u)
-     * @param x_challenge
-     * @param u_challenge multilinear challenge
-     * @return Commitment
-     */
-    static Commitment compute_C_Z_x_with_concatenations(
-        std::vector<Commitment> f_commitments,
-        std::vector<Commitment> g_commitments,
-        std::vector<std::vector<Commitment>> concatenation_groups_commitments,
-        std::vector<Commitment>& C_q_k,
-        FF rho,
-        FF batched_evaluation,
-        FF x_challenge,
-        std::vector<FF> u_challenge)
+                                    std::vector<FF> u_challenge,
+                                    std::vector<std::vector<Commitment>> concatenation_groups_commitments = {})
     {
         size_t log_N = C_q_k.size();
         size_t N = 1 << log_N;
@@ -641,6 +558,7 @@ template <typename Curve> class ZeroMorphVerifier_ {
                 rho_pow *= rho;
             }
         }
+
         // Add contributions: scalar * [q_k],  k = 0,...,log_N, where
         // scalar = -x * (x^{2^k} * \Phi_{n-k-1}(x^{2^{k+1}}) - u_k * \Phi_{n-k}(x^{2^k}))
         auto x_pow_2k = x_challenge;                 // x^{2^k}
diff --git a/barretenberg/cpp/src/barretenberg/honk/pcs/zeromorph/zeromorph.test.cpp b/barretenberg/cpp/src/barretenberg/honk/pcs/zeromorph/zeromorph.test.cpp
index 34c1496ec13..ba1e8cc24fb 100644
--- a/barretenberg/cpp/src/barretenberg/honk/pcs/zeromorph/zeromorph.test.cpp
+++ b/barretenberg/cpp/src/barretenberg/honk/pcs/zeromorph/zeromorph.test.cpp
@@ -462,14 +462,14 @@ template <class Curve> class ZeroMorphWithConcatenationTest : public CommitmentT
             auto C_zeta_x = ZeroMorphVerifier::compute_C_zeta_x(C_q, C_q_k, y_challenge, x_challenge);
 
             // Compute commitment C_{Z_x}
-            Commitment C_Z_x = ZeroMorphVerifier::compute_C_Z_x_with_concatenations(f_commitments,
-                                                                                    g_commitments,
-                                                                                    concatenation_groups_commitments,
-                                                                                    C_q_k,
-                                                                                    rho,
-                                                                                    v_evaluation,
-                                                                                    x_challenge,
-                                                                                    u_challenge);
+            Commitment C_Z_x = ZeroMorphVerifier::compute_C_Z_x(f_commitments,
+                                                                g_commitments,
+                                                                C_q_k,
+                                                                rho,
+                                                                v_evaluation,
+                                                                x_challenge,
+                                                                u_challenge,
+                                                                concatenation_groups_commitments);
 
             // Compute commitment C_{\zeta,Z}
             auto C_zeta_Z = C_zeta_x + C_Z_x * z_challenge;