proofs: exploit remaining batch inversion opportunities

Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com>

src/bench.zig

@@ -114,7 +114,7 @@ fn benchIPAs() !void {
     std.debug.print("Setting up IPA benchmark...\n", .{});
     const N = 100;
 
-    var weights = PrecomputedWeights.init();
+    var weights = try PrecomputedWeights.init();
     const xcrs = crs.CRS.init();
     const IPA = ipa.IPA(crs.DomainSize);
 
@@ -134,7 +134,7 @@ fn benchIPAs() !void {
         }
         prover_queries[i].commitment = xcrs.commit(prover_queries[i].A);
         prover_queries[i].eval_point = Fr.fromInteger(i + 0x414039).add(z256);
-        prover_queries[i].B = weights.barycentricFormulaConstants(prover_queries[i].eval_point);
+        prover_queries[i].B = try weights.barycentricFormulaConstants(prover_queries[i].eval_point);
     }
 
     var accum_prover: i64 = 0;
@@ -203,7 +203,7 @@ fn benchMultiproofs() !void {
         vec_openings[i].C = crs.CRS.commit(vkt_crs, vec_openings[i].poly_evaluations);
     }
 
-    const mproof = multiproof.MultiProof.init(vkt_crs);
+    const mproof = try multiproof.MultiProof.init(vkt_crs);
     for (openings) |num_openings| {
         std.debug.print("\tBenchmarking {} openings...", .{num_openings});
 

src/ipa/ipa.zig

@@ -235,7 +235,7 @@ test "basic proof" {
     const ipa = IPA(crs.DomainSize);
 
     // Test a simple IPA proof
-    var weights = PrecomputedWeights.init();
+    var weights = try PrecomputedWeights.init();
 
     // Polynomial in lagrange basis
     var lagrange_poly: [crs.DomainSize]Fr = undefined;
@@ -254,7 +254,7 @@ test "basic proof" {
 
     // create a opening proof for a point outside of the domain
     const eval_point = Fr.fromInteger(2101);
-    const b = weights.barycentricFormulaConstants(eval_point);
+    const b = try weights.barycentricFormulaConstants(eval_point);
     const output_point_check = ipa.innerProduct(&lagrange_poly, &b);
     const output_point_check_hex = std.fmt.bytesToHex(output_point_check.toBytes(), std.fmt.Case.lower);
     try std.testing.expectEqualStrings("4a353e70b03c89f161de002e8713beec0d740a5e20722fd5bd68b30540a33208", &output_point_check_hex);
@@ -275,7 +275,7 @@ test "basic proof" {
 
     // Verify the proof.
     var verifier_transcript = Transcript.init("test");
-    const b_verifier = weights.barycentricFormulaConstants(eval_point);
+    const b_verifier = try weights.barycentricFormulaConstants(eval_point);
     const verifier_query = ipa.VerifierQuery{
         .commitment = commitment,
         .B = b_verifier,

src/multiproof/multiproof.zig

@@ -38,9 +38,9 @@ pub const MultiProof = struct {
     precomp: PrecomputedWeights,
     crs: CRS,
 
-    pub fn init(vkt_crs: CRS) MultiProof {
+    pub fn init(vkt_crs: CRS) !MultiProof {
         return MultiProof{
-            .precomp = PrecomputedWeights.init(),
+            .precomp = try PrecomputedWeights.init(),
             .crs = vkt_crs,
         };
     }
@@ -114,7 +114,7 @@ pub const MultiProof = struct {
 
         const polynomial = h_minus_g;
         const eval_point = t;
-        const input_point_vector = self.precomp.barycentricFormulaConstants(eval_point);
+        const input_point_vector = try self.precomp.barycentricFormulaConstants(eval_point);
 
         var query = IPA.ProverQuery{
             .commitment = ipa_commitment,
@@ -182,7 +182,7 @@ pub const MultiProof = struct {
         ipa_commitment.sub(E, D);
         const eval_point = t;
         const output_point = y;
-        const input_point_vector = self.precomp.barycentricFormulaConstants(eval_point);
+        const input_point_vector = try self.precomp.barycentricFormulaConstants(eval_point);
 
         const query = IPA.VerifierQuery{
             .commitment = ipa_commitment,
@@ -318,7 +318,7 @@ test "basic" {
         .y = ys[1],
     };
 
-    const multiproof = MultiProof.init(vkt_crs);
+    const multiproof = try MultiProof.init(vkt_crs);
 
     var prover_transcript = Transcript.init("test");
     const proof = try multiproof.createProof(&prover_transcript, &[_]ProverQuery{ query_a, query_b });

src/polynomial/precomputed_weights.zig

@@ -26,16 +26,16 @@ pub fn PrecomputedWeights(
         //Inverse of the domain
         domain_inverses: [2 * crs.DomainSize]Fr,
 
-        pub fn init() Self {
+        pub fn init() !Self {
             const _A = monomial_basis.MonomialBasis(DomainSize).vanishingPoly(domain);
             const _Aprime = _A.formalDerivative();
             var _Aprime_domain: [DomainSize]Fr = undefined;
-            var _Aprime_domain_inv: [DomainSize]Fr = undefined;
 
             for (0..DomainSize) |i| {
                 _Aprime_domain[i] = _Aprime.evaluate(Fr.fromInteger(i));
-                _Aprime_domain_inv[i] = Fr.inv(_Aprime_domain[i]).?; // TODO(jsign): could do batching.
             }
+            var _Aprime_domain_inv: [DomainSize]Fr = undefined;
+            try Fr.batchInv(&_Aprime_domain_inv, &_Aprime_domain);
 
             // This is not fully correct as the first element will be the inverse of 0
             // We keep it this way for now because it is what the research code did
@@ -59,16 +59,17 @@ pub fn PrecomputedWeights(
         // barycentricFormularConstants returns a slice with the constants to be used when evaluating a polynomial at z.
         // b_i = A(z) / A'(DOMAIN[i]) * 1 / (z - DOMAIN[i])
         // The caller is responsible for freeing the returned slice.
-        pub fn barycentricFormulaConstants(self: Self, z: Fr) [DomainSize]Fr {
+        pub fn barycentricFormulaConstants(self: Self, z: Fr) ![DomainSize]Fr {
             std.debug.assert(z.toInteger() >= DomainSize);
 
             const Az = self.A.evaluate(z);
 
-            var zSubXInvs: [DomainSize]Fr = undefined;
+            var zSubX: [DomainSize]Fr = undefined;
             for (crs.Domain, 0..) |x, i| {
-                // TODO(jsign): batching.
-                zSubXInvs[i] = Fr.inv(Fr.sub(z, x)).?;
+                zSubX[i] = Fr.sub(z, x);
             }
+            var zSubXInvs: [DomainSize]Fr = undefined;
+            try Fr.batchInv(&zSubXInvs, &zSubX);
 
             var r: [DomainSize]Fr = undefined;
             for (0..DomainSize) |i| {