zec
/
halo2
mirror of https://github.com/zcash/halo2.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Remove usage of `FieldExt::rand` 

All APIs now take `R: RngCore` arguments instead of internally depending
on `rand::rngs::OsRng`.
This commit is contained in:
Jack Grigg 2021-12-25 13:36:41 +00:00
parent 9297a938ab
commit 1556489a9f
17 changed files with 145 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -10,6 +10,7 @@ and this project adheres to Rust's notion of
- `halo2::dev::LookupFailure` (used in `VerifyFailure::Lookup`)
### Changed
- `halo2::plonk::create_proof` now takes an `R: rand::RngCore` argument.
- `halo2::plonk::Error` has been overhauled:
- `Error` now implements `std::fmt::Display` and `std::error::Error`.
- `Error` no longer implements `PartialEq`. Tests can check for specific error

10
benches/arithmetic.rs
View File

@ -2,14 +2,18 @@
extern crate criterion;
extern crate halo2;
use crate::arithmetic::{small_multiexp, FieldExt};
use crate::arithmetic::small_multiexp;
use crate::pasta::{EqAffine, Fp};
use crate::poly::commitment::Params;
use group::ff::Field;
use halo2::*;
use criterion::{black_box, Criterion};
use rand::rngs::OsRng;
fn criterion_benchmark(c: &mut Criterion) {
let rng = OsRng;
// small multiexp
{
let params: Params<EqAffine> = Params::new(5);
@ -17,8 +21,8 @@ fn criterion_benchmark(c: &mut Criterion) {
let len = g.len() / 2;
let (g_lo, g_hi) = g.split_at_mut(len);
let coeff_1 = Fp::rand();
let coeff_2 = Fp::rand();
let coeff_1 = Fp::random(rng);
let coeff_2 = Fp::random(rng);
c.bench_function("double-and-add", |b| {
b.iter(|| {

8
benches/plonk.rs
View File

@ -2,12 +2,14 @@
extern crate criterion;
extern crate halo2;
use group::ff::Field;
use halo2::arithmetic::FieldExt;
use halo2::circuit::{Cell, Layouter, SimpleFloorPlanner};
use halo2::pasta::{EqAffine, Fp};
use halo2::plonk::*;
use halo2::poly::{commitment::Params, Rotation};
use halo2::transcript::{Blake2bRead, Blake2bWrite, Challenge255};
use rand::rngs::OsRng;
use std::marker::PhantomData;
@ -253,13 +255,15 @@ fn criterion_benchmark(c: &mut Criterion) {
}
fn prover(k: u32, params: &Params<EqAffine>, pk: &ProvingKey<EqAffine>) -> Vec<u8> {
let rng = OsRng;
let circuit: MyCircuit<Fp> = MyCircuit {
a: Some(Fp::rand()),
a: Some(Fp::random(rng)),
k,
};
let mut transcript = Blake2bWrite::<_, _, Challenge255<_>>::init(vec![]);
create_proof(params, pk, &[circuit], &[&[]], &mut transcript)
create_proof(params, pk, &[circuit], &[&[]], rng, &mut transcript)
.expect("proof generation should not fail");
transcript.finalize()
}

3
examples/sha256/benches.rs
View File

@ -8,6 +8,7 @@ use halo2::{
poly::commitment::Params,
transcript::{Blake2bRead, Blake2bWrite, Challenge255},
};
use rand::rngs::OsRng;
use std::{
fs::File,
@ -134,7 +135,7 @@ fn bench(name: &str, k: u32, c: &mut Criterion) {
let proof_path = Path::new("./benches/sha256_assets/sha256_proof");
if File::open(&proof_path).is_err() {
let mut transcript = Blake2bWrite::<_, _, Challenge255<_>>::init(vec![]);
create_proof(&params, &pk, &[circuit], &[], &mut transcript)
create_proof(&params, &pk, &[circuit], &[], OsRng, &mut transcript)
.expect("proof generation should not fail");
let proof: Vec<u8> = transcript.finalize();
let mut file = File::create(&proof_path).expect("Failed to create sha256_proof");

9
examples/two-chip.rs
View File

@ -513,7 +513,9 @@ impl<F: FieldExt> Circuit<F> for MyCircuit<F> {
#[allow(clippy::many_single_char_names)]
fn main() {
use group::ff::Field;
use halo2::{dev::MockProver, pasta::Fp};
use rand::rngs::OsRng;
// ANCHOR: test-circuit
// The number of rows in our circuit cannot exceed 2^k. Since our example
@ -521,9 +523,10 @@ fn main() {
let k = 4;
// Prepare the private and public inputs to the circuit!
let a = Fp::rand();
let b = Fp::rand();
let c = Fp::rand();
let rng = OsRng;
let a = Fp::random(rng);
let b = Fp::random(rng);
let c = Fp::random(rng);
let d = (a + b) * c;
// Instantiate the circuit with the private inputs.

9
src/arithmetic.rs
View File

@ -402,13 +402,18 @@ pub fn lagrange_interpolate<F: FieldExt>(points: &[F], evals: &[F]) -> Vec<F> {
}
}
#[cfg(test)]
use rand::rngs::OsRng;
#[cfg(test)]
use crate::pasta::Fp;
#[test]
fn test_lagrange_interpolate() {
let points = (0..5).map(|_| Fp::rand()).collect::<Vec<_>>();
let evals = (0..5).map(|_| Fp::rand()).collect::<Vec<_>>();
let rng = OsRng;
let points = (0..5).map(|_| Fp::random(rng)).collect::<Vec<_>>();
let evals = (0..5).map(|_| Fp::random(rng)).collect::<Vec<_>>();
for coeffs in 0..5 {
let points = &points[0..coeffs];

41
src/plonk/lookup/prover.rs
View File

@ -16,6 +16,7 @@ use group::{
ff::{BatchInvert, Field},
Curve,
};
use rand::RngCore;
use std::{
collections::BTreeMap,
iter,
@ -73,6 +74,7 @@ impl<F: FieldExt> Argument<F> {
'a,
C,
E: EncodedChallenge<C>,
R: RngCore,
T: TranscriptWrite<C, E>,
>(
&self,
@ -86,6 +88,7 @@ impl<F: FieldExt> Argument<F> {
advice_cosets: &'a [Polynomial<C::Scalar, ExtendedLagrangeCoeff>],
fixed_cosets: &'a [Polynomial<C::Scalar, ExtendedLagrangeCoeff>],
instance_cosets: &'a [Polynomial<C::Scalar, ExtendedLagrangeCoeff>],
mut rng: R,
transcript: &mut T,
) -> Result<Permuted<C>, Error>
where
@ -173,14 +176,6 @@ impl<F: FieldExt> Argument<F> {
)
};
// Closure to construct commitment to vector of values
let commit_values = |values: &Polynomial<C::Scalar, LagrangeCoeff>| {
let poly = pk.vk.domain.lagrange_to_coeff(values.clone());
let blind = Blind(C::Scalar::rand());
let commitment = params.commit_lagrange(values, blind).to_affine();
(poly, blind, commitment)
};
// Get values of input expressions involved in the lookup and compress them
let (unpermuted_input_expressions, unpermuted_input_cosets, compressed_input_expression) =
compress_expressions(&self.input_expressions);
@ -190,14 +185,23 @@ impl<F: FieldExt> Argument<F> {
compress_expressions(&self.table_expressions);
// Permute compressed (InputExpression, TableExpression) pair
let (permuted_input_expression, permuted_table_expression) = permute_expression_pair::<C>(
let (permuted_input_expression, permuted_table_expression) = permute_expression_pair::<C, _>(
pk,
params,
domain,
&mut rng,
&compressed_input_expression,
&compressed_table_expression,
)?;
// Closure to construct commitment to vector of values
let mut commit_values = |values: &Polynomial<C::Scalar, LagrangeCoeff>| {
let poly = pk.vk.domain.lagrange_to_coeff(values.clone());
let blind = Blind(C::Scalar::random(&mut rng));
let commitment = params.commit_lagrange(values, blind).to_affine();
(poly, blind, commitment)
};
// Commit to permuted input expression
let (permuted_input_poly, permuted_input_blind, permuted_input_commitment) =
commit_values(&permuted_input_expression);
@ -238,13 +242,18 @@ impl<C: CurveAffine> Permuted<C> {
/// grand product polynomial over the lookup. The grand product polynomial
/// is used to populate the Product<C> struct. The Product<C> struct is
/// added to the Lookup and finally returned by the method.
pub(in crate::plonk) fn commit_product<E: EncodedChallenge<C>, T: TranscriptWrite<C, E>>(
pub(in crate::plonk) fn commit_product<
E: EncodedChallenge<C>,
R: RngCore,
T: TranscriptWrite<C, E>,
>(
self,
pk: &ProvingKey<C>,
params: &Params<C>,
theta: ChallengeTheta<C>,
beta: ChallengeBeta<C>,
gamma: ChallengeGamma<C>,
mut rng: R,
transcript: &mut T,
) -> Result<Committed<C>, Error> {
let blinding_factors = pk.vk.cs.blinding_factors();
@ -326,7 +335,7 @@ impl<C: CurveAffine> Permuted<C> {
// be a boolean (and ideally 1, else soundness is broken)
.take(params.n as usize - blinding_factors)
// Chain random blinding factors.
.chain((0..blinding_factors).map(|_| C::Scalar::rand()))
.chain((0..blinding_factors).map(|_| C::Scalar::random(&mut rng)))
.collect::<Vec<_>>();
assert_eq!(z.len(), params.n as usize);
let z = pk.vk.domain.lagrange_from_vec(z);
@ -376,7 +385,7 @@ impl<C: CurveAffine> Permuted<C> {
assert_eq!(z[u], C::Scalar::one());
}
let product_blind = Blind(C::Scalar::rand());
let product_blind = Blind(C::Scalar::random(rng));
let product_commitment = params.commit_lagrange(&z, product_blind).to_affine();
let z = pk.vk.domain.lagrange_to_coeff(z);
let product_coset = pk.vk.domain.coeff_to_extended(z.clone());
@ -587,10 +596,11 @@ type ExpressionPair<F> = (Polynomial<F, LagrangeCoeff>, Polynomial<F, LagrangeCo
/// - the first row in a sequence of like values in A' is the row
/// that has the corresponding value in S'.
/// This method returns (A', S') if no errors are encountered.
fn permute_expression_pair<C: CurveAffine>(
fn permute_expression_pair<C: CurveAffine, R: RngCore>(
pk: &ProvingKey<C>,
params: &Params<C>,
domain: &EvaluationDomain<C::Scalar>,
mut rng: R,
input_expression: &Polynomial<C::Scalar, LagrangeCoeff>,
table_expression: &Polynomial<C::Scalar, LagrangeCoeff>,
) -> Result<ExpressionPair<C::Scalar>, Error> {
@ -645,8 +655,9 @@ fn permute_expression_pair<C: CurveAffine>(
}
assert!(repeated_input_rows.is_empty());
permuted_input_expression.extend((0..(blinding_factors + 1)).map(|_| C::Scalar::rand()));
permuted_table_coeffs.extend((0..(blinding_factors + 1)).map(|_| C::Scalar::rand()));
permuted_input_expression
.extend((0..(blinding_factors + 1)).map(|_| C::Scalar::random(&mut rng)));
permuted_table_coeffs.extend((0..(blinding_factors + 1)).map(|_| C::Scalar::random(&mut rng)));
assert_eq!(permuted_input_expression.len(), params.n as usize);
assert_eq!(permuted_table_coeffs.len(), params.n as usize);

7
src/plonk/permutation/prover.rs
View File

@ -2,6 +2,7 @@ use group::{
ff::{BatchInvert, Field},
Curve,
};
use rand::RngCore;
use std::iter::{self, ExactSizeIterator};
use super::super::{circuit::Any, ChallengeBeta, ChallengeGamma, ChallengeX};
@ -44,6 +45,7 @@ impl Argument {
pub(in crate::plonk) fn commit<
C: CurveAffine,
E: EncodedChallenge<C>,
R: RngCore,
T: TranscriptWrite<C, E>,
>(
&self,
@ -55,6 +57,7 @@ impl Argument {
instance: &[Polynomial<C::Scalar, LagrangeCoeff>],
beta: ChallengeBeta<C>,
gamma: ChallengeGamma<C>,
mut rng: R,
transcript: &mut T,
) -> Result<Committed<C>, Error> {
let domain = &pk.vk.domain;
@ -155,12 +158,12 @@ impl Argument {
let mut z = domain.lagrange_from_vec(z);
// Set blinding factors
for z in &mut z[params.n as usize - blinding_factors..] {
*z = C::Scalar::rand();
*z = C::Scalar::random(&mut rng);
}
// Set new last_z
last_z = z[params.n as usize - (blinding_factors + 1)];
let blind = Blind(C::Scalar::rand());
let blind = Blind(C::Scalar::random(&mut rng));
let permutation_product_commitment_projective = params.commit_lagrange(&z, blind);
let permutation_product_blind = blind;

22
src/plonk/prover.rs
View File

@ -1,5 +1,6 @@
use ff::Field;
use group::Curve;
use rand::{rngs::OsRng, RngCore};
use std::iter;
use std::ops::RangeTo;
@ -32,6 +33,7 @@ use crate::{
pub fn create_proof<
C: CurveAffine,
E: EncodedChallenge<C>,
R: RngCore,
T: TranscriptWrite<C, E>,
ConcreteCircuit: Circuit<C::Scalar>,
>(
@ -39,6 +41,7 @@ pub fn create_proof<
pk: &ProvingKey<C>,
circuits: &[ConcreteCircuit],
instances: &[&[&[C::Scalar]]],
mut rng: R,
transcript: &mut T,
) -> Result<(), Error> {
for instance in instances.iter() {
@ -284,12 +287,15 @@ pub fn create_proof<
// Add blinding factors to advice columns
for advice in &mut advice {
for cell in &mut advice[unusable_rows_start..] {
*cell = C::Scalar::rand();
*cell = C::Scalar::random(&mut rng);
}
}
// Compute commitments to advice column polynomials
let advice_blinds: Vec<_> = advice.iter().map(|_| Blind(C::Scalar::rand())).collect();
let advice_blinds: Vec<_> = advice
.iter()
.map(|_| Blind(C::Scalar::random(&mut rng)))
.collect();
let advice_commitments_projective: Vec<_> = advice
.iter()
.zip(advice_blinds.iter())
@ -348,6 +354,7 @@ pub fn create_proof<
&advice.advice_cosets,
&pk.fixed_cosets,
&instance.instance_cosets,
&mut rng,
transcript,
)
})
@ -375,6 +382,7 @@ pub fn create_proof<
&instance.instance_values,
beta,
gamma,
&mut rng,
transcript,
)
})
@ -386,13 +394,15 @@ pub fn create_proof<
// Construct and commit to products for each lookup
lookups
.into_iter()
.map(|lookup| lookup.commit_product(pk, params, theta, beta, gamma, transcript))
.map(|lookup| {
lookup.commit_product(pk, params, theta, beta, gamma, &mut rng, transcript)
})
.collect::<Result<Vec<_>, _>>()
})
.collect::<Result<Vec<_>, _>>()?;
// Commit to the vanishing argument's random polynomial for blinding h(x_3)
let vanishing = vanishing::Argument::commit(params, domain, transcript)?;
let vanishing = vanishing::Argument::commit(params, domain, &mut rng, transcript)?;
// Obtain challenge for keeping all separate gates linearly independent
let y: ChallengeY<_> = transcript.squeeze_challenge_scalar();
@ -473,7 +483,7 @@ pub fn create_proof<
);
// Construct the vanishing argument's h(X) commitments
let vanishing = vanishing.construct(params, domain, expressions, y, transcript)?;
let vanishing = vanishing.construct(params, domain, expressions, y, &mut rng, transcript)?;
let x: ChallengeX<_> = transcript.squeeze_challenge_scalar();
let xn = x.pow(&[params.n as u64, 0, 0, 0]);
@ -601,5 +611,5 @@ pub fn create_proof<
// We query the h(X) polynomial at x
.chain(vanishing.open(x));
multiopen::create_proof(params, transcript, instances).map_err(|_| Error::Opening)
multiopen::create_proof(params, rng, transcript, instances).map_err(|_| Error::Opening)
}

20
src/plonk/vanishing/prover.rs
View File

@ -2,6 +2,7 @@ use std::iter;
use ff::Field;
use group::Curve;
use rand::RngCore;
use super::Argument;
use crate::{
@ -33,18 +34,19 @@ pub(in crate::plonk) struct Evaluated<C: CurveAffine> {
}
impl<C: CurveAffine> Argument<C> {
pub(in crate::plonk) fn commit<E: EncodedChallenge<C>, T: TranscriptWrite<C, E>>(
pub(in crate::plonk) fn commit<E: EncodedChallenge<C>, R: RngCore, T: TranscriptWrite<C, E>>(
params: &Params<C>,
domain: &EvaluationDomain<C::Scalar>,
mut rng: R,
transcript: &mut T,
) -> Result<Committed<C>, Error> {
// Sample a random polynomial of degree n - 1
let mut random_poly = domain.empty_coeff();
for coeff in random_poly.iter_mut() {
*coeff = C::Scalar::rand();
*coeff = C::Scalar::random(&mut rng);
}
// Sample a random blinding factor
let random_blind = Blind(C::Scalar::rand());
let random_blind = Blind(C::Scalar::random(rng));
// Commit
let c = params.commit(&random_poly, random_blind).to_affine();
@ -58,12 +60,17 @@ impl<C: CurveAffine> Argument<C> {
}
impl<C: CurveAffine> Committed<C> {
pub(in crate::plonk) fn construct<E: EncodedChallenge<C>, T: TranscriptWrite<C, E>>(
pub(in crate::plonk) fn construct<
E: EncodedChallenge<C>,
R: RngCore,
T: TranscriptWrite<C, E>,
>(
self,
params: &Params<C>,
domain: &EvaluationDomain<C::Scalar>,
expressions: impl Iterator<Item = Polynomial<C::Scalar, ExtendedLagrangeCoeff>>,
y: ChallengeY<C>,
mut rng: R,
transcript: &mut T,
) -> Result<Constructed<C>, Error> {
// Evaluate the h(X) polynomial's constraint system expressions for the constraints provided
@ -81,7 +88,10 @@ impl<C: CurveAffine> Committed<C> {
.map(|v| domain.coeff_from_vec(v.to_vec()))
.collect::<Vec<_>>();
drop(h_poly);
let h_blinds: Vec<_> = h_pieces.iter().map(|_| Blind(C::Scalar::rand())).collect();
let h_blinds: Vec<_> = h_pieces
.iter()
.map(|_| Blind(C::Scalar::random(&mut rng)))
.collect();
// Compute commitments to each h(X) piece
let h_commitments_projective: Vec<_> = h_pieces

15
src/poly/commitment.rs
View File

@ -256,6 +256,8 @@ impl<F: FieldExt> MulAssign<F> for Blind<F> {
fn test_commit_lagrange_epaffine() {
const K: u32 = 6;
use rand::rngs::OsRng;
use crate::pasta::{EpAffine, Fq};
let params = Params::<EpAffine>::new(K);
let domain = super::EvaluationDomain::new(1, K);
@ -268,7 +270,7 @@ fn test_commit_lagrange_epaffine() {
let b = domain.lagrange_to_coeff(a.clone());
let alpha = Blind(Fq::rand());
let alpha = Blind(Fq::random(OsRng));
assert_eq!(params.commit(&b, alpha), params.commit_lagrange(&a, alpha));
}
@ -277,6 +279,8 @@ fn test_commit_lagrange_epaffine() {
fn test_commit_lagrange_eqaffine() {
const K: u32 = 6;
use rand::rngs::OsRng;
use crate::pasta::{EqAffine, Fp};
let params = Params::<EqAffine>::new(K);
let domain = super::EvaluationDomain::new(1, K);
@ -289,7 +293,7 @@ fn test_commit_lagrange_eqaffine() {
let b = domain.lagrange_to_coeff(a.clone());
let alpha = Blind(Fp::rand());
let alpha = Blind(Fp::random(OsRng));
assert_eq!(params.commit(&b, alpha), params.commit_lagrange(&a, alpha));
}
@ -299,6 +303,7 @@ fn test_opening_proof() {
const K: u32 = 6;
use ff::Field;
use rand::rngs::OsRng;
use super::{
commitment::{Blind, Params},
@ -310,6 +315,8 @@ fn test_opening_proof() {
Blake2bRead, Blake2bWrite, Challenge255, Transcript, TranscriptRead, TranscriptWrite,
};
let rng = OsRng;
let params = Params::<EpAffine>::new(K);
let mut params_buffer = vec![];
params.write(&mut params_buffer).unwrap();
@ -323,7 +330,7 @@ fn test_opening_proof() {
*a = Fq::from(i as u64);
}
let blind = Blind(Fq::rand());
let blind = Blind(Fq::random(rng));
let p = params.commit(&px, blind).to_affine();
@ -335,7 +342,7 @@ fn test_opening_proof() {
transcript.write_scalar(v).unwrap();
let (proof, ch_prover) = {
create_proof(&params, &mut transcript, &px, blind, *x).unwrap();
create_proof(&params, rng, &mut transcript, &px, blind, *x).unwrap();
let ch_prover = transcript.squeeze_challenge();
(transcript.finalize(), ch_prover)
};

17
src/poly/commitment/prover.rs
View File

@ -1,4 +1,5 @@
use ff::Field;
use rand::RngCore;
use super::super::{Coeff, Polynomial};
use super::{Blind, Params};
@ -23,8 +24,14 @@ use std::io;
/// opening v, and the point x. It's probably also nice for the transcript
/// to have seen the elliptic curve description and the URS, if you want to
/// be rigorous.
pub fn create_proof<C: CurveAffine, E: EncodedChallenge<C>, T: TranscriptWrite<C, E>>(
pub fn create_proof<
C: CurveAffine,
E: EncodedChallenge<C>,
R: RngCore,
T: TranscriptWrite<C, E>,
>(
params: &Params<C>,
mut rng: R,
transcript: &mut T,
px: &Polynomial<C::Scalar, Coeff>,
blind: Blind<C::Scalar>,
@ -37,14 +44,14 @@ pub fn create_proof<C: CurveAffine, E: EncodedChallenge<C>, T: TranscriptWrite<C
// by setting all coefficients to random values.
let mut s_poly = (*px).clone();
for coeff in s_poly.iter_mut() {
*coeff = C::Scalar::rand();
*coeff = C::Scalar::random(&mut rng);
}
// Evaluate the random polynomial at x
let v_prime = eval_polynomial(&s_poly[..], x);
// Subtract constant coefficient to get a random polynomial with a root at x
s_poly[0] = s_poly[0] - &v_prime;
// And sample a random blind
let s_poly_blind = Blind(C::Scalar::rand());
let s_poly_blind = Blind(C::Scalar::random(&mut rng));
// Write a commitment to the random polynomial to the transcript
let s_poly_commitment = params.commit(&s_poly, s_poly_blind).to_affine();
@ -99,8 +106,8 @@ pub fn create_proof<C: CurveAffine, E: EncodedChallenge<C>, T: TranscriptWrite<C
let r = best_multiexp(&a[0..half], &g[half..]);
let value_l = compute_inner_product(&a[half..], &b[0..half]);
let value_r = compute_inner_product(&a[0..half], &b[half..]);
let l_randomness = C::Scalar::rand();
let r_randomness = C::Scalar::rand();
let l_randomness = C::Scalar::random(&mut rng);
let r_randomness = C::Scalar::random(&mut rng);
let l = l + &best_multiexp(&[value_l * &z, l_randomness], &[params.u, params.h]);
let r = r + &best_multiexp(&[value_r * &z, r_randomness], &[params.u, params.h]);
let l = l.to_affine();

12
src/poly/domain.rs
View File

@ -554,14 +554,18 @@ pub struct PinnedEvaluationDomain<'a, G: Group> {
#[test]
fn test_rotate() {
use rand::rngs::OsRng;
use crate::arithmetic::eval_polynomial;
use crate::pasta::pallas::Scalar;
let domain = EvaluationDomain::<Scalar>::new(1, 3);
let rng = OsRng;
let mut poly = domain.empty_lagrange();
assert_eq!(poly.len(), 8);
for value in poly.iter_mut() {
*value = Scalar::rand();
*value = Scalar::random(rng);
}
let poly_rotated_cur = poly.rotate(Rotation::cur());
@ -573,7 +577,7 @@ fn test_rotate() {
let poly_rotated_next = domain.lagrange_to_coeff(poly_rotated_next);
let poly_rotated_prev = domain.lagrange_to_coeff(poly_rotated_prev);
let x = Scalar::rand();
let x = Scalar::random(rng);
assert_eq!(
eval_polynomial(&poly[..], x),
@ -591,6 +595,8 @@ fn test_rotate() {
#[test]
fn test_l_i() {
use rand::rngs::OsRng;
use crate::arithmetic::{eval_polynomial, lagrange_interpolate};
use crate::pasta::pallas::Scalar;
let domain = EvaluationDomain::<Scalar>::new(1, 3);
@ -607,7 +613,7 @@ fn test_l_i() {
l.push(l_i);
}
let x = Scalar::rand();
let x = Scalar::random(OsRng);
let xn = x.pow(&[8, 0, 0, 0]);
let evaluations = domain.l_i_range(x, xn, -7..=7);

9
src/poly/multiopen.rs
View File

@ -250,6 +250,7 @@ where
#[test]
fn test_roundtrip() {
use group::Curve;
use rand::rngs::OsRng;
use super::commitment::{Blind, Params};
use crate::arithmetic::{eval_polynomial, FieldExt};
@ -260,6 +261,7 @@ fn test_roundtrip() {
let params: Params<EqAffine> = Params::new(K);
let domain = EvaluationDomain::new(1, K);
let rng = OsRng;
let mut ax = domain.empty_coeff();
for (i, a) in ax.iter_mut().enumerate() {
@ -276,14 +278,14 @@ fn test_roundtrip() {
*a = Fp::from(100 + i as u64);
}
let blind = Blind(Fp::rand());
let blind = Blind(Fp::random(rng));
let a = params.commit(&ax, blind).to_affine();
let b = params.commit(&bx, blind).to_affine();
let c = params.commit(&cx, blind).to_affine();
let x = Fp::rand();
let y = Fp::rand();
let x = Fp::random(rng);
let y = Fp::random(rng);
let avx = eval_polynomial(&ax, x);
let bvx = eval_polynomial(&bx, x);
let cvy = eval_polynomial(&cx, y);
@ -291,6 +293,7 @@ fn test_roundtrip() {
let mut transcript = crate::transcript::Blake2bWrite::<_, _, Challenge255<_>>::init(vec![]);
create_proof(
&params,
rng,
&mut transcript,
std::iter::empty()
.chain(Some(ProverQuery {

15
src/poly/multiopen/prover.rs
View File

@ -12,12 +12,21 @@ use crate::transcript::{EncodedChallenge, TranscriptWrite};
use ff::Field;
use group::Curve;
use rand::RngCore;
use std::io;
use std::marker::PhantomData;
/// Create a multi-opening proof
pub fn create_proof<'a, I, C: CurveAffine, E: EncodedChallenge<C>, T: TranscriptWrite<C, E>>(
pub fn create_proof<
'a,
I,
C: CurveAffine,
E: EncodedChallenge<C>,
R: RngCore,
T: TranscriptWrite<C, E>,
>(
params: &Params<C>,
mut rng: R,
transcript: &mut T,
queries: I,
) -> io::Result<()>
@ -78,7 +87,7 @@ where
})
.unwrap();
let f_blind = Blind(C::Scalar::rand());
let f_blind = Blind(C::Scalar::random(&mut rng));
let f_commitment = params.commit(&f_poly, f_blind).to_affine();
transcript.write_point(f_commitment)?;
@ -106,7 +115,7 @@ where
},
);
commitment::create_proof(params, transcript, &f_poly, f_blind_try, *x_3)
commitment::create_proof(params, rng, transcript, &f_poly, f_blind_try, *x_3)
}
#[doc(hidden)]

3
src/poly/multiopen/verifier.rs
View File

@ -1,4 +1,5 @@
use ff::Field;
use rand::rngs::OsRng;
use super::super::{
commitment::{Guard, Params, MSM},
@ -31,7 +32,7 @@ where
// Scale the MSM by a random factor to ensure that if the existing MSM
// has is_zero() == false then this argument won't be able to interfere
// with it to make it true, with high probability.
msm.scale(C::Scalar::rand());
msm.scale(C::Scalar::random(OsRng));
// Sample x_1 for compressing openings at the same point sets together
let x_1: ChallengeX1<_> = transcript.squeeze_challenge_scalar();

2
tests/plonk_api.rs
View File

@ -12,6 +12,7 @@ use halo2::plonk::{
};
use halo2::poly::{commitment::Params, Rotation};
use halo2::transcript::{Blake2bRead, Blake2bWrite, Challenge255};
use rand::rngs::OsRng;
use std::marker::PhantomData;
#[test]
@ -436,6 +437,7 @@ fn plonk_api() {
&pk,
&[circuit.clone(), circuit.clone()],
&[&[&[instance]], &[&[instance]]],
OsRng,
&mut transcript,
)
.expect("proof generation should not fail");