Skip to content

Commit

Permalink
chore: Review iteration fixes
Browse files Browse the repository at this point in the history
  • Loading branch information
storojs72 committed Feb 9, 2024
1 parent 64b18f0 commit ac21d62
Show file tree
Hide file tree
Showing 4 changed files with 52 additions and 73 deletions.
5 changes: 2 additions & 3 deletions src/provider/hyperkzg.rs
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ where
com: &[E::G1Affine],
transcript: &mut impl TranscriptEngineTrait<NE>,
) -> E::Fr {
transcript.absorb(b"c", &com.to_vec().as_slice());
transcript.absorb(b"c", &com);
transcript.squeeze(b"c").unwrap()
}

Expand All @@ -90,9 +90,8 @@ where
transcript.squeeze(b"r").unwrap()
}

/// TODO: write doc
/// Compute powers of q : (1, q, q^2, ..., q^(k-1))
pub fn batch_challenge_powers(q: E::Fr, k: usize) -> Vec<E::Fr> {
// Compute powers of q : (1, q, q^2, ..., q^(k-1))
std::iter::successors(Some(E::Fr::ONE), |&x| Some(x * q))
.take(k)
.collect()
Expand Down
2 changes: 1 addition & 1 deletion src/provider/non_hiding_kzg.rs
Original file line number Diff line number Diff line change
Expand Up @@ -222,7 +222,7 @@ pub struct UVKZGProof<E: Engine> {
}

/// Polynomial and its associated types
pub type UVKZGPoly<F> = crate::spartan::polys::univariate::UniPoly<F>;
type UVKZGPoly<F> = crate::spartan::polys::univariate::UniPoly<F>;

#[derive(Debug, Eq, PartialEq, Default)]
/// KZG Polynomial Commitment Scheme on univariate polynomial.
Expand Down
53 changes: 22 additions & 31 deletions src/provider/non_hiding_zeromorph.rs
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ use crate::{
errors::{NovaError, PCSError},
provider::{
non_hiding_kzg::{
KZGProverKey, KZGVerifierKey, UVKZGCommitment, UVKZGEvaluation, UVKZGPoly, UVKZGProof,
KZGProverKey, KZGVerifierKey, UVKZGCommitment, UVKZGEvaluation, UVKZGProof,
UniversalKZGParam, UVKZGPCS,
},
traits::DlogGroup,
Expand All @@ -33,6 +33,7 @@ use std::sync::Arc;
use std::{borrow::Borrow, iter, marker::PhantomData};

use crate::provider::kzg_commitment::KZGCommitmentEngine;
use crate::spartan::polys::univariate::UniPoly;

/// `ZMProverKey` is used to generate a proof
#[derive(Clone, Debug, Eq, PartialEq)]
Expand Down Expand Up @@ -156,7 +157,7 @@ where
if pp.commit_pp.powers_of_g().len() < poly.Z.len() {
return Err(PCSError::LengthError.into());
}
UVKZGPCS::commit(&pp.commit_pp, UVKZGPoly::ref_cast(&poly.Z)).map(|c| c.into())
UVKZGPCS::commit(&pp.commit_pp, UniPoly::ref_cast(&poly.Z)).map(|c| c.into())
}

/// On input a polynomial `poly` and a point `point`, outputs a proof for the
Expand Down Expand Up @@ -184,10 +185,7 @@ where
debug_assert_eq!(remainder, eval.0);

// Compute the multilinear quotients q_k = q_k(X_0, ..., X_{k-1})
let quotients_polys = quotients
.into_iter()
.map(UVKZGPoly::new)
.collect::<Vec<_>>();
let quotients_polys = quotients.into_iter().map(UniPoly::new).collect::<Vec<_>>();

// Compute and absorb commitments C_{q_k} = [q_k], k = 0,...,d-1
let q_comms = quotients_polys
Expand Down Expand Up @@ -215,7 +213,7 @@ where
let (eval_scalar, (degree_check_q_scalars, zmpoly_q_scalars)) =
eval_and_quotient_scalars(y, x, z, point);
// f = z * poly.Z + q_hat + (-z * Φ_n(x) * e) + ∑_k (q_scalars_k * q_k)
let mut f = UVKZGPoly::new(poly.Z.clone());
let mut f = UniPoly::new(poly.Z.clone());
f *= &z;
f += &q_hat;
f[0] += eval_scalar * eval.0;
Expand Down Expand Up @@ -360,8 +358,8 @@ fn quotients<F: PrimeField>(poly: &MultilinearPolynomial<F>, point: &[F]) -> (Ve
// Compute the batched, lifted-degree quotient `\hat{q}`
fn batched_lifted_degree_quotient<F: PrimeField>(
y: F,
quotients_polys: &[UVKZGPoly<F>],
) -> (UVKZGPoly<F>, usize) {
quotients_polys: &[UniPoly<F>],
) -> (UniPoly<F>, usize) {
let num_vars = quotients_polys.len();

let powers_of_y = (0..num_vars)
Expand Down Expand Up @@ -390,7 +388,7 @@ fn batched_lifted_degree_quotient<F: PrimeField>(
},
);

(UVKZGPoly::new(q_hat), 1 << (num_vars - 1))
(UniPoly::new(q_hat), 1 << (num_vars - 1))
}

/// Computes some key terms necessary for computing the partially evaluated univariate ZM polynomial
Expand Down Expand Up @@ -523,12 +521,11 @@ mod test {

use super::quotients;

use crate::spartan::polys::univariate::UniPoly;
use crate::{
errors::PCSError,
provider::{
non_hiding_kzg::{
trim, KZGProverKey, UVKZGCommitment, UVKZGPoly, UniversalKZGParam, UVKZGPCS,
},
non_hiding_kzg::{trim, KZGProverKey, UVKZGCommitment, UniversalKZGParam, UVKZGPCS},
non_hiding_zeromorph::{batched_lifted_degree_quotient, eval_and_quotient_scalars, ZMPCS},
traits::DlogGroup,
util::test_utils::prove_verify_from_num_vars,
Expand Down Expand Up @@ -598,9 +595,9 @@ mod test {
let n = 1 << num_vars; // Assuming N = 2^num_vars

// Define mock q_k with deg(q_k) = 2^k - 1
let q_0 = UVKZGPoly::new(vec![Scalar::one()]);
let q_1 = UVKZGPoly::new(vec![Scalar::from(2), Scalar::from(3)]);
let q_2 = UVKZGPoly::new(vec![
let q_0 = UniPoly::new(vec![Scalar::one()]);
let q_1 = UniPoly::new(vec![Scalar::from(2), Scalar::from(3)]);
let q_2 = UniPoly::new(vec![
Scalar::from(4),
Scalar::from(5),
Scalar::from(6),
Expand Down Expand Up @@ -644,10 +641,7 @@ mod test {
});

// Compare the computed and expected batched quotients
assert_eq!(
batched_quotient.0,
UVKZGPoly::new(batched_quotient_expected)
);
assert_eq!(batched_quotient.0, UniPoly::new(batched_quotient_expected));
}

#[test]
Expand All @@ -657,9 +651,9 @@ mod test {
let num_vars = 3;

// Define some mock q_k with deg(q_k) = 2^k - 1
let _q_0 = UVKZGPoly::new(vec![Scalar::one()]);
let _q_1 = UVKZGPoly::new(vec![Scalar::from(2), Scalar::from(3)]);
let _q_2 = UVKZGPoly::new(vec![
let _q_0 = UniPoly::new(vec![Scalar::one()]);
let _q_1 = UniPoly::new(vec![Scalar::from(2), Scalar::from(3)]);
let _q_2 = UniPoly::new(vec![
Scalar::from(4),
Scalar::from(5),
Scalar::from(6),
Expand Down Expand Up @@ -713,9 +707,9 @@ mod test {
let mut rng = ChaCha20Rng::from_seed([0u8; 32]);

// Define some mock q_k with deg(q_k) = 2^k - 1
let _q_0 = UVKZGPoly::new(vec![Scalar::one()]);
let _q_1 = UVKZGPoly::new(vec![Scalar::from(2), Scalar::from(3)]);
let _q_2 = UVKZGPoly::new(vec![
let _q_0 = UniPoly::new(vec![Scalar::one()]);
let _q_1 = UniPoly::new(vec![Scalar::from(2), Scalar::from(3)]);
let _q_2 = UniPoly::new(vec![
Scalar::from(4),
Scalar::from(5),
Scalar::from(6),
Expand Down Expand Up @@ -755,7 +749,7 @@ mod test {

fn commit_filtered<E>(
prover_param: impl Borrow<KZGProverKey<E>>,
poly: &UVKZGPoly<E::Fr>,
poly: &UniPoly<E::Fr>,
) -> Result<UVKZGCommitment<E>, NovaError>
where
E: MultiMillerLoop,
Expand Down Expand Up @@ -802,10 +796,7 @@ mod test {
}

let (quotients, _remainder) = quotients(&multilinear_poly, random_points.as_slice());
let quotients_polys = quotients
.into_iter()
.map(UVKZGPoly::new)
.collect::<Vec<_>>();
let quotients_polys = quotients.into_iter().map(UniPoly::new).collect::<Vec<_>>();

let (q_hat, offset) = batched_lifted_degree_quotient(E::Fr::random(&mut rng), &quotients_polys);

Expand Down
65 changes: 27 additions & 38 deletions src/provider/shplonk.rs
Original file line number Diff line number Diff line change
@@ -1,7 +1,5 @@
use crate::provider::kzg_commitment::KZGCommitmentEngine;
use crate::provider::non_hiding_kzg::{
trim, KZGProverKey, KZGVerifierKey, UVKZGPoly, UniversalKZGParam,
};
use crate::provider::non_hiding_kzg::{trim, KZGProverKey, KZGVerifierKey, UniversalKZGParam};
use crate::provider::pedersen::Commitment;
use crate::provider::traits::DlogGroup;
use crate::provider::util::iterators::DoubleEndedIteratorExt;
Expand All @@ -20,6 +18,7 @@ use serde::{de::DeserializeOwned, Deserialize, Serialize};
use std::marker::PhantomData;

use crate::provider::hyperkzg::EvaluationEngine as HyperKZG;
use group::prime::PrimeCurveAffine;
use itertools::Itertools;
use ref_cast::RefCast as _;
use std::sync::Arc;
Expand Down Expand Up @@ -68,11 +67,12 @@ where
let Pi_len = polys[i].len() / 2;
let mut Pi = vec![E::Fr::ZERO; Pi_len];

#[allow(clippy::needless_range_loop)]
Pi.par_iter_mut().enumerate().for_each(|(j, Pi_j)| {
*Pi_j =
point[point.len() - i - 1] * (polys[i][2 * j + 1] - polys[i][2 * j]) + polys[i][2 * j];
});
(0..Pi_len)
.into_par_iter()
.map(|j| {
point[point.len() - i - 1] * (polys[i][2 * j + 1] - polys[i][2 * j]) + polys[i][2 * j]
})
.collect_into_vec(&mut Pi);

polys.push(Pi);
}
Expand All @@ -91,17 +91,16 @@ where
polys: &[Vec<E::Fr>],
) -> Vec<E::G1Affine> {
// TODO avoid computing commitment to constant polynomial
let mut comms: Vec<E::G1Affine> = (1..polys.len())
let mut comms: Vec<NE::GE> = (1..polys.len())
.into_par_iter()
.map(|i| {
<NE::CE as CommitmentEngineTrait<NE>>::commit(ck, &polys[i])
.comm
.to_affine()
})
.map(|i| <NE::CE as CommitmentEngineTrait<NE>>::commit(ck, &polys[i]).comm)
.collect();
// TODO avoid inserting commitment known to verifier
comms.insert(0, C.comm.to_affine());
comms
comms.insert(0, C.comm);

let mut comms_affine: Vec<E::G1Affine> = vec![E::G1Affine::identity(); comms.len()];
NE::GE::batch_normalize(&comms, &mut comms_affine);
comms_affine
}

fn compute_evals(polys: &[Vec<E::Fr>], u: &[E::Fr]) -> Vec<Vec<E::Fr>> {
Expand All @@ -127,7 +126,7 @@ where
let mut tmp = Q_x.clone();
tmp *= &D.evaluate(&a);
tmp[0] += &R_x.evaluate(&a);
tmp = UVKZGPoly::new(
tmp = UniPoly::new(
tmp
.coeffs
.into_iter()
Expand Down Expand Up @@ -192,7 +191,7 @@ where
let batched_Pi: UniPoly<E::Fr> = polys.into_iter().map(UniPoly::new).rlc(&q);

// Q(x), R(x) = P(x) / D(x), where D(x) = (x - r) * (x + r) * (x - r^2) = 1 * x^3 - r^2 * x^2 - r^2 * x + r^4
let D = UVKZGPoly::new(vec![u[2] * u[2], -u[2], -u[2], E::Fr::from(1)]);
let D = UniPoly::new(vec![u[2] * u[2], -u[2], -u[2], E::Fr::from(1)]);
let (Q_x, R_x) = batched_Pi.divide_with_q_and_r(&D).unwrap();

let C_Q = <NE::CE as CommitmentEngineTrait<NE>>::commit(ck, &Q_x.coeffs)
Expand All @@ -206,7 +205,7 @@ where

// TODO: since this is a usual KZG10 we should use it as utility instead
// H(x) = K(x) / (x - a)
let divisor = UVKZGPoly::new(vec![-a, E::Fr::from(1)]);
let divisor = UniPoly::new(vec![-a, E::Fr::from(1)]);
let (H_x, _) = K_x.divide_with_q_and_r(&divisor).unwrap();

let C_H = <NE::CE as CommitmentEngineTrait<NE>>::commit(ck, &H_x.coeffs)
Expand Down Expand Up @@ -247,9 +246,9 @@ where
// compute commitment for eval and insert it into pi.comms[last]

let q = HyperKZG::<E, NE>::get_batch_challenge(&pi.evals, transcript);
let q_powers = HyperKZG::<E, NE>::batch_challenge_powers(q, pi.comms.len());
//let q_powers = HyperKZG::<E, NE>::batch_challenge_powers(q, pi.comms.len());

let R_x = UVKZGPoly::new(pi.R_x.clone());
let R_x = UniPoly::new(pi.R_x.clone());

let mut evals_at_r = vec![];
let mut evals_at_minus_r = vec![];
Expand All @@ -265,13 +264,7 @@ where
evals_at_r_squared = evals_i.clone();
}

let mut batched_eval = E::Fr::ZERO;
evals_i
.iter()
.zip_eq(q_powers.iter())
.for_each(|(eval, q_i)| {
batched_eval += *eval * q_i;
});
let batched_eval = UniPoly::ref_cast(evals_i).evaluate(&q);

// here we check correlation between R polynomial and batched evals, e.g.:
// 1) R(r) == eval at r
Expand Down Expand Up @@ -304,17 +297,13 @@ where
}
}

let C_P = q_powers
.iter()
.zip_eq(pi.comms.iter())
.fold(E::G1::identity(), |acc, (q_i, C_i)| acc + *C_i * q_i);

let C_P: E::G1 = pi.comms.iter().map(|comm| comm.to_curve()).rlc(&q);
let C_Q = pi.C_Q;
let C_H = pi.C_H;
let r_squared = u[2];

// D = (x - r) * (x + r) * (x - r^2) = 1 * x^3 - r^2 * x^2 - r^2 * x + r^4
let D = UVKZGPoly::new(vec![
let D = UniPoly::new(vec![
r_squared * r_squared,
-r_squared,
-r_squared,
Expand Down Expand Up @@ -374,7 +363,7 @@ mod tests {
let r_squared = r * r;

let divident = batched_Pi.clone();
let D = UVKZGPoly::new(vec![
let D = UniPoly::new(vec![
r_squared * r_squared,
-r_squared,
-r_squared,
Expand Down Expand Up @@ -422,7 +411,7 @@ mod tests {
let r_squared = r * r;

let divident = batched_Pi.clone();
let D = UVKZGPoly::new(vec![
let D = UniPoly::new(vec![
r_squared * r_squared,
-r_squared,
-r_squared,
Expand All @@ -447,7 +436,7 @@ mod tests {

let divident = batched_Pi.clone();
// D(x) = (x - r) * (x + r) * (x - r^2)
let D = UVKZGPoly::new(vec![
let D = UniPoly::new(vec![
r_squared * r_squared,
-r_squared,
-r_squared,
Expand All @@ -464,7 +453,7 @@ mod tests {

// Check that Q(x) = (P(x) - R(x)) / D(x)
let mut P_x = batched_Pi.clone();
let minus_R_x = UVKZGPoly::new(
let minus_R_x = UniPoly::new(
R_x
.clone()
.coeffs
Expand Down

0 comments on commit ac21d62

Please sign in to comment.