Skip to content

Commit

Permalink
refactor: Improve code readability and error handling in zeromorph
Browse files Browse the repository at this point in the history
- Updated and enhanced clarity and consistency of mathematical notation in comments across `non_hiding_kzg.rs` and `non_hiding_zeromorph.rs` files.
- Implemented error handling in the `ZMPCS::verify` function within the `non_hiding_zeromorph.rs` file.
  • Loading branch information
huitseeker committed Nov 29, 2023
1 parent e0b5cde commit f9fe962
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 15 deletions.
6 changes: 3 additions & 3 deletions src/provider/non_hiding_kzg.rs
Original file line number Diff line number Diff line change
Expand Up @@ -22,11 +22,11 @@ use crate::{
))]
#[abomonation_omit_bounds]
pub struct UVUniversalKZGParam<E: Engine> {
/// Group elements of the form `{ \beta^i G }`, where `i` ranges from 0 to
/// Group elements of the form `{ β^i G }`, where `i` ranges from 0 to
/// `degree`.
#[abomonate_with(Vec<[u64; 8]>)] // // this is a hack; we just assume the size of the element.
pub powers_of_g: Vec<E::G1Affine>,
/// Group elements of the form `{ \beta^i H }`, where `i` ranges from 0 to
/// Group elements of the form `{ β^i H }`, where `i` ranges from 0 to
/// `degree`.
#[abomonate_with(Vec<[u64; 16]>)] // this is a hack; we just assume the size of the element.
pub powers_of_h: Vec<E::G2Affine>,
Expand Down Expand Up @@ -73,7 +73,7 @@ pub struct UVKZGVerifierKey<E: Engine> {
/// The generator of G2.
#[abomonate_with([u64; 16])] // this is a hack; we just assume the size of the element.
pub h: E::G2Affine,
/// \beta times the above generator of G2.
/// β times the above generator of G2.
#[abomonate_with([u64; 16])] // this is a hack; we just assume the size of the element.
pub beta_h: E::G2Affine,
}
Expand Down
26 changes: 14 additions & 12 deletions src/provider/non_hiding_zeromorph.rs
Original file line number Diff line number Diff line change
Expand Up @@ -219,7 +219,7 @@ where
let y = transcript.squeeze(b"y")?;

// Compute the batched, lifted-degree quotient `\hat{q}`
// q_hat = \sum_{i=0}^{num_vars-1} y^i * X^{2^{num_vars} - d_k - 1} * q_i(x)
// qq_hat = ∑_{i=0}^{num_vars-1} y^i * X^(2^num_vars - d_k - 1) * q_i(x)
let q_hat = batched_lifted_degree_quotient(y, &quotients_polys);
// Compute and absorb the commitment C_q = [\hat{q}]
let q_hat_comm = UVKZGPCS::commit(&pp.commit_pp, &q_hat)?;
Expand All @@ -232,7 +232,7 @@ where
// Compute batched degree and ZM-identity quotient polynomial pi
let (eval_scalar, (degree_check_q_scalars, zmpoly_q_scalars)) =
eval_and_quotient_scalars(y, x, z, point);
// f = z * poly.Z + q\_hat + (-z * Φ_n(x) * e) + \sum_k (q\_scalars_k * q_k)
// f = z * poly.Z + q_hat + (-z * Φ_n(x) * e) + ∑_k (q_scalars_k * q_k)
let mut f = UVKZGPoly::new(poly.Z.clone());
f *= &z;
f += &q_hat;
Expand Down Expand Up @@ -418,7 +418,7 @@ fn eval_and_quotient_scalars<F: Field>(y: F, x: F, z: F, point: &[F]) -> (F, (Ve
let squares_of_x = iter::successors(Some(x), |&x| Some(x.square()))
.take(num_vars + 1)
.collect::<Vec<_>>();
// offsets_of_x = [Π_{j=i}^{num_vars-1} x^{2^j}, i \in 0..=num_vars-1] = [x^{2^num_vars - d_i - 1}, i \in 0..=num_vars-1]
// offsets_of_x = [Π_{j=i}^{num_vars-1} x^(2^j), i ∈ [0, num_vars-1]] = [x^(2^num_vars - d_i - 1), i ∈ [0, num_vars-1]]
let offsets_of_x = {
let mut offsets_of_x = squares_of_x
.iter()
Expand All @@ -433,9 +433,9 @@ fn eval_and_quotient_scalars<F: Field>(y: F, x: F, z: F, point: &[F]) -> (F, (Ve
offsets_of_x
};

// vs = [ \frac{(x^{2^{num_vars}} - 1)}{x^{2^i} - 1}, i \in 0..=num_vars-1]
// Note Φ_{n-i}(x^{2^i}) = \frac{(x^{2^i})^{2^{n-i|} - 1}{x^{2^i} - 1} = \frac{(x^{2^{num_vars}} - 1)}{x^{2^i} - 1} = vs[i]
// Φ_{n-i-1}(x^{2^{i+1}}) = \frac{(x^{2^{i+1}})^{2^{n-i-1}} - 1}{x^{2^{i+1}} - 1} = \frac{(x^{2^{num_vars}} - 1)}{x^{2^{i+1}} - 1} = vs[i+1]
// vs = [ (x^(2^num_vars) - 1) / (x^(2^i) - 1), i ∈ [0, num_vars-1]]
// Note Φ_(n-i)(x^(2^i)) = (x^(2^i))^(2^(n-i) - 1) / (x^(2^i) - 1) = (x^(2^num_vars) - 1) / (x^(2^i) - 1) = vs[i]
// Φ_(n-i-1)(x^(2^(i+1))) = (x^(2^(i+1)))^(2^(n-i-1)) - 1 / (x^(2^(i+1)) - 1) = (x^(2^num_vars) - 1) / (x^(2^(i+1)) - 1) = vs[i+1]
let vs = {
let v_numer = squares_of_x[num_vars] - F::ONE;
let mut v_denoms = squares_of_x
Expand All @@ -449,8 +449,8 @@ fn eval_and_quotient_scalars<F: Field>(y: F, x: F, z: F, point: &[F]) -> (F, (Ve
.collect::<Vec<_>>()
};

// q_scalars = [- (y^i * x^{2^num_vars - d_i - 1} + z * (x^{2^i} * vs_{i+1} - u_i * vs_i)), i = 0..=num_vars-1]
// = [- (y^i * x^{2^num_vars - d_i - 1} + z * (x^{2^i} * Φ_{n-i-1}(x^{2^{i+1}}) - u_i * Φ_{n-i}(x^{2^i}))), i = 0..=num_vars-1]
// q_scalars = [- (y^i * x^(2^num_vars - d_i - 1) + z * (x^(2^i) * vs[i+1] - u_i * vs[i])), i ∈ [0, num_vars-1]]
// = [- (y^i * x^(2^num_vars - d_i - 1) + z * (x^(2^i) * Φ_(n-i-1)(x^(2^(i+1))) - u_i * Φ_(n-i)(x^(2^i)))), i ∈ [0, num_vars-1]]
let q_scalars = iter::successors(Some(F::ONE), |acc| Some(*acc * y))
.zip(offsets_of_x)
.zip(squares_of_x)
Expand All @@ -464,7 +464,7 @@ fn eval_and_quotient_scalars<F: Field>(y: F, x: F, z: F, point: &[F]) -> (F, (Ve
)
.unzip();

// -vs[0] * z = -z \frac{x^{2^{num\_vars}} - 1}{x - 1} = -z Φ_n(x)
// -vs[0] * z = -z * (x^(2^num_vars) - 1) / (x - 1) = -z Φ_n(x)
(-vs[0] * z, q_scalars)
}

Expand Down Expand Up @@ -514,7 +514,9 @@ where
let commitment = ZMCommitment::from(UVKZGCommitment::from(*comm));
let evaluation = ZMEvaluation(*eval);

ZMPCS::verify(vk, transcript, &commitment, point, &evaluation, arg)?;
if !ZMPCS::verify(vk, transcript, &commitment, point, &evaluation, arg)? {
return Err(NovaError::UnSat);
}
Ok(())
}
}
Expand Down Expand Up @@ -730,11 +732,11 @@ mod test {
let u_challenge: Vec<_> = (0..num_vars).map(|_| Scalar::random(&mut rng)).collect();
let z_challenge = Scalar::random(&mut rng);

// Construct zeta_x using the function
// Construct ζ_x using the function
let (_eval_scalar, (zeta_x_scalars, _right_quo_scalars)) =
eval_and_quotient_scalars(y_challenge, x_challenge, z_challenge, &u_challenge);

// Now construct zeta_x explicitly
// Now construct ζ_x explicitly
let n: u64 = 1 << num_vars;
// q_batched - \sum_k q_k * y^k * x^{N - deg(q_k) - 1}
assert_eq!(zeta_x_scalars[0], -x_challenge.pow([n - 1]));
Expand Down

0 comments on commit f9fe962

Please sign in to comment.