diff --git a/src/circuit/gadget/ecc/chip/add_incomplete.rs b/src/circuit/gadget/ecc/chip/add_incomplete.rs index e846f19a..5016230c 100644 --- a/src/circuit/gadget/ecc/chip/add_incomplete.rs +++ b/src/circuit/gadget/ecc/chip/add_incomplete.rs @@ -60,7 +60,8 @@ impl Config { // (y_r + y_q)(x_p − x_q) − (y_p − y_q)(x_q − x_r) = 0 let poly2 = (y_r + y_q.clone()) * (x_p - x_q.clone()) - (y_p - y_q) * (x_q - x_r); - array::IntoIter::new([poly1, poly2]).map(move |poly| q_add_incomplete.clone() * poly) + array::IntoIter::new([("x_r", poly1), ("y_r", poly2)]) + .map(move |(name, poly)| (name, q_add_incomplete.clone() * poly)) }); } diff --git a/src/circuit/gadget/ecc/chip/mul.rs b/src/circuit/gadget/ecc/chip/mul.rs index be384f37..bd74b43d 100644 --- a/src/circuit/gadget/ecc/chip/mul.rs +++ b/src/circuit/gadget/ecc/chip/mul.rs @@ -118,8 +118,12 @@ impl Config { let lsb_x = (lsb.clone() * x_p.clone()) + one_minus_lsb.clone() * (x_p - base_x); let lsb_y = (lsb * y_p.clone()) + one_minus_lsb * (y_p + base_y); - std::array::IntoIter::new([bool_check, lsb_x, lsb_y]) - .map(move |poly| q_mul_lsb.clone() * poly) + std::array::IntoIter::new([ + ("bool_check", bool_check), + ("lsb_x", lsb_x), + ("lsb_y", lsb_y), + ]) + .map(move |(name, poly)| (name, q_mul_lsb.clone() * poly)) }); self.hi_config.create_gate(meta); diff --git a/src/circuit/gadget/ecc/chip/mul/overflow.rs b/src/circuit/gadget/ecc/chip/mul/overflow.rs index 4b17d6bc..109616b8 100644 --- a/src/circuit/gadget/ecc/chip/mul/overflow.rs +++ b/src/circuit/gadget/ecc/chip/mul/overflow.rs @@ -81,12 +81,12 @@ impl Config { let canonicity = (one.clone() - k_254) * (one - z_130 * eta) * s_minus_lo_130; iter::empty() - .chain(Some(s_check)) - .chain(Some(recovery)) - .chain(Some(lo_zero)) - .chain(Some(s_minus_lo_130_check)) - .chain(Some(canonicity)) - .map(|poly| q_mul_overflow.clone() * poly) + .chain(Some(("s_check", s_check))) + .chain(Some(("recovery", recovery))) + .chain(Some(("lo_zero", lo_zero))) + .chain(Some(("s_minus_lo_130_check", s_minus_lo_130_check))) + .chain(Some(("canonicity", canonicity))) + .map(|(name, poly)| (name, q_mul_overflow.clone() * poly)) .collect::>() }); } diff --git a/src/circuit/gadget/ecc/chip/witness_point.rs b/src/circuit/gadget/ecc/chip/witness_point.rs index c9267963..d3edad49 100644 --- a/src/circuit/gadget/ecc/chip/witness_point.rs +++ b/src/circuit/gadget/ecc/chip/witness_point.rs @@ -45,8 +45,8 @@ impl Config { - Expression::Constant(pallas::Affine::b()); vec![ - q_point.clone() * x * curve_eqn.clone(), - q_point * y * curve_eqn, + ("x == 0 ∨ on_curve", q_point.clone() * x * curve_eqn.clone()), + ("y == 0 ∨ on_curve", q_point * y * curve_eqn), ] }); } diff --git a/src/circuit/gadget/poseidon/pow5t3.rs b/src/circuit/gadget/poseidon/pow5t3.rs index 833adfd0..00c590cb 100644 --- a/src/circuit/gadget/poseidon/pow5t3.rs +++ b/src/circuit/gadget/poseidon/pow5t3.rs @@ -110,10 +110,14 @@ impl Pow5T3Chip { - next[next_idx].clone()) }; - vec![full_round(0), full_round(1), full_round(2)] + vec![ + ("state[0]", full_round(0)), + ("state[1]", full_round(1)), + ("state[2]", full_round(2)), + ] }); - meta.create_gate("partial round", |meta| { + meta.create_gate("partial rounds", |meta| { let cur_0 = meta.query_advice(state[0], Rotation::cur()); let cur_1 = meta.query_advice(state[1], Rotation::cur()); let cur_2 = meta.query_advice(state[2], Rotation::cur()); @@ -143,18 +147,24 @@ impl Pow5T3Chip { }; vec![ - s_partial.clone() * (pow_5(cur_0 + rc_a0) - mid_0.clone()), - s_partial.clone() - * (pow_5( - mid_0.clone() * m_reg[0][0] - + (cur_1.clone() + rc_a1.clone()) * m_reg[0][1] - + (cur_2.clone() + rc_a2.clone()) * m_reg[0][2] - + rc_b0, - ) - (next_0.clone() * m_inv[0][0] - + next_1.clone() * m_inv[0][1] - + next_2.clone() * m_inv[0][2])), - partial_round_linear(1, rc_b1), - partial_round_linear(2, rc_b2), + ( + "state[0] round a", + s_partial.clone() * (pow_5(cur_0 + rc_a0) - mid_0.clone()), + ), + ( + "state[0] round b", + s_partial.clone() + * (pow_5( + mid_0.clone() * m_reg[0][0] + + (cur_1.clone() + rc_a1.clone()) * m_reg[0][1] + + (cur_2.clone() + rc_a2.clone()) * m_reg[0][2] + + rc_b0, + ) - (next_0.clone() * m_inv[0][0] + + next_1.clone() * m_inv[0][1] + + next_2.clone() * m_inv[0][2])), + ), + ("state[1]", partial_round_linear(1, rc_b1)), + ("state[2]", partial_round_linear(2, rc_b2)), ] }); @@ -177,10 +187,19 @@ impl Pow5T3Chip { }; vec![ - pad_and_add(initial_state_0, input_0, output_state_0), - pad_and_add(initial_state_1, input_1, output_state_1), + ( + "state[0]", + pad_and_add(initial_state_0, input_0, output_state_0), + ), + ( + "state[1]", + pad_and_add(initial_state_1, input_1, output_state_1), + ), // The capacity element is never altered by the input. - s_pad_and_add * (initial_state_2 - output_state_2), + ( + "state[2]", + s_pad_and_add * (initial_state_2 - output_state_2), + ), ] }); diff --git a/src/circuit/gadget/sinsemilla/commit_ivk.rs b/src/circuit/gadget/sinsemilla/commit_ivk.rs index 35014384..0f0fb74c 100644 --- a/src/circuit/gadget/sinsemilla/commit_ivk.rs +++ b/src/circuit/gadget/sinsemilla/commit_ivk.rs @@ -159,10 +159,10 @@ impl CommitIvkConfig { }; std::iter::empty() - .chain(Some(b0_canon_check)) - .chain(Some(z13_a_check)) - .chain(Some(a_prime_check)) - .chain(Some(z13_a_prime)) + .chain(Some(("b0_canon_check", b0_canon_check))) + .chain(Some(("z13_a_check", z13_a_check))) + .chain(Some(("a_prime_check", a_prime_check))) + .chain(Some(("z13_a_prime", z13_a_prime))) }; // nk = b_2 (5 bits) || c (240 bits) || d_0 (9 bits) || d_1 (1 bit) @@ -197,22 +197,22 @@ impl CommitIvkConfig { }; std::iter::empty() - .chain(Some(c0_canon_check)) - .chain(Some(z13_c_check)) - .chain(Some(b2_c_prime_check)) - .chain(Some(z14_b2_c_prime)) + .chain(Some(("c0_canon_check", c0_canon_check))) + .chain(Some(("z13_c_check", z13_c_check))) + .chain(Some(("b2_c_prime_check", b2_c_prime_check))) + .chain(Some(("z14_b2_c_prime", z14_b2_c_prime))) }; std::iter::empty() - .chain(Some(b1_bool_check)) - .chain(Some(d1_bool_check)) - .chain(Some(b_decomposition_check)) - .chain(Some(d_decomposition_check)) - .chain(Some(ak_decomposition_check)) - .chain(Some(nk_decomposition_check)) + .chain(Some(("b1_bool_check", b1_bool_check))) + .chain(Some(("d1_bool_check", d1_bool_check))) + .chain(Some(("b_decomposition_check", b_decomposition_check))) + .chain(Some(("d_decomposition_check", d_decomposition_check))) + .chain(Some(("ak_decomposition_check", ak_decomposition_check))) + .chain(Some(("nk_decomposition_check", nk_decomposition_check))) .chain(ak_canonicity_checks) .chain(nk_canonicity_checks) - .map(move |poly| q_commit_ivk.clone() * poly) + .map(move |(name, poly)| (name, q_commit_ivk.clone() * poly)) }); config