zec
/
halo2
mirror of https://github.com/zcash/halo2.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Propagate type changes

This commit is contained in:
therealyingtong 2021-04-13 14:47:25 +08:00
parent 1a9baab55b
commit 1a61eaa5d9
15 changed files with 111 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/plonk.rs
View File

@ -12,7 +12,7 @@ use crate::poly::{
commitment::Params, Coeff, EvaluationDomain, ExtendedLagrangeCoeff, LagrangeCoeff,
PinnedEvaluationDomain, Polynomial,
};
use crate::transcript::{ChallengeScalar, Transcript};
use crate::transcript::{ChallengeScalar, ChallengeSpace, Transcript};
mod circuit;
mod keygen;
@ -79,7 +79,10 @@ impl<C: CurveAffine> VerifyingKey<C> {
}
/// Hashes a verification key into a transcript.
pub fn hash_into<T: Transcript<C>>(&self, transcript: &mut T) -> io::Result<()> {
pub fn hash_into<S: ChallengeSpace<C>, T: Transcript<C, S>>(
&self,
transcript: &mut T,
) -> io::Result<()> {
let mut hasher = Blake2bParams::new()
.hash_length(64)
.personal(b"Halo2-Verify-Key")

8
src/plonk/lookup/prover.rs
View File

@ -10,7 +10,7 @@ use crate::{
multiopen::ProverQuery,
Coeff, EvaluationDomain, ExtendedLagrangeCoeff, LagrangeCoeff, Polynomial, Rotation,
},
transcript::TranscriptWrite,
transcript::{ChallengeSpace, TranscriptWrite},
};
use ff::Field;
use group::Curve;
@ -72,7 +72,7 @@ impl<F: FieldExt> Argument<F> {
/// - constructs Permuted<C> struct using permuted_input_value = A', and
/// permuted_table_expression = S'.
/// The Permuted<C> struct is used to update the Lookup, and is then returned.
pub(in crate::plonk) fn commit_permuted<'a, C, T: TranscriptWrite<C>>(
pub(in crate::plonk) fn commit_permuted<'a, C, S: ChallengeSpace<C>, T: TranscriptWrite<C, S>>(
&self,
pk: &ProvingKey<C>,
params: &Params<C>,
@ -244,7 +244,7 @@ impl<C: CurveAffine> Permuted<C> {
/// grand product polynomial over the lookup. The grand product polynomial
/// is used to populate the Product<C> struct. The Product<C> struct is
/// added to the Lookup and finally returned by the method.
pub(in crate::plonk) fn commit_product<T: TranscriptWrite<C>>(
pub(in crate::plonk) fn commit_product<S: ChallengeSpace<C>, T: TranscriptWrite<C, S>>(
self,
pk: &ProvingKey<C>,
params: &Params<C>,
@ -488,7 +488,7 @@ impl<'a, C: CurveAffine> Committed<C> {
}
impl<C: CurveAffine> Constructed<C> {
pub(in crate::plonk) fn evaluate<T: TranscriptWrite<C>>(
pub(in crate::plonk) fn evaluate<S: ChallengeSpace<C>, T: TranscriptWrite<C, S>>(
self,
pk: &ProvingKey<C>,
x: ChallengeX<C>,

21
src/plonk/lookup/verifier.rs
View File

@ -1,12 +1,14 @@
use std::iter;
use super::super::circuit::Expression;
use super::super::{
circuit::Expression, ChallengeBeta, ChallengeGamma, ChallengeTheta, ChallengeX,
};
use super::Argument;
use crate::{
arithmetic::{CurveAffine, FieldExt},
plonk::{ChallengeBeta, ChallengeGamma, ChallengeTheta, ChallengeX, Error, VerifyingKey},
plonk::{Error, VerifyingKey},
poly::{multiopen::VerifierQuery, Rotation},
transcript::TranscriptRead,
transcript::{ChallengeSpace, TranscriptRead},
};
use ff::Field;
@ -30,7 +32,11 @@ pub struct Evaluated<C: CurveAffine> {
}
impl<F: FieldExt> Argument<F> {
pub(in crate::plonk) fn read_permuted_commitments<C: CurveAffine, T: TranscriptRead<C>>(
pub(in crate::plonk) fn read_permuted_commitments<
C: CurveAffine,
S: ChallengeSpace<C>,
T: TranscriptRead<C, S>,
>(
&self,
transcript: &mut T,
) -> Result<PermutationCommitments<C>, Error> {
@ -49,7 +55,10 @@ impl<F: FieldExt> Argument<F> {
}
impl<C: CurveAffine> PermutationCommitments<C> {
pub(in crate::plonk) fn read_product_commitment<T: TranscriptRead<C>>(
pub(in crate::plonk) fn read_product_commitment<
S: ChallengeSpace<C>,
T: TranscriptRead<C, S>,
>(
self,
transcript: &mut T,
) -> Result<Committed<C>, Error> {
@ -65,7 +74,7 @@ impl<C: CurveAffine> PermutationCommitments<C> {
}
impl<C: CurveAffine> Committed<C> {
pub(crate) fn evaluate<T: TranscriptRead<C>>(
pub(crate) fn evaluate<S: ChallengeSpace<C>, T: TranscriptRead<C, S>>(
self,
transcript: &mut T,
) -> Result<Evaluated<C>, Error> {

14
src/plonk/permutation/prover.rs
View File

@ -2,17 +2,17 @@ use ff::Field;
use group::Curve;
use std::iter;
use super::super::circuit::Any;
use super::super::{circuit::Any, ChallengeBeta, ChallengeGamma, ChallengeX};
use super::{Argument, ProvingKey};
use crate::{
arithmetic::{eval_polynomial, parallelize, BatchInvert, CurveAffine, FieldExt},
plonk::{self, ChallengeBeta, ChallengeGamma, ChallengeX, Error},
plonk::{self, Error},
poly::{
commitment::{Blind, Params},
multiopen::ProverQuery,
Coeff, ExtendedLagrangeCoeff, LagrangeCoeff, Polynomial, Rotation,
},
transcript::TranscriptWrite,
transcript::{ChallengeSpace, TranscriptWrite},
};
pub(crate) struct Committed<C: CurveAffine> {
@ -32,7 +32,11 @@ pub(crate) struct Evaluated<C: CurveAffine> {
}
impl Argument {
pub(in crate::plonk) fn commit<C: CurveAffine, T: TranscriptWrite<C>>(
pub(in crate::plonk) fn commit<
C: CurveAffine,
S: ChallengeSpace<C>,
T: TranscriptWrite<C, S>,
>(
&self,
params: &Params<C>,
pk: &plonk::ProvingKey<C>,
@ -253,7 +257,7 @@ impl<C: CurveAffine> super::ProvingKey<C> {
}
impl<C: CurveAffine> Constructed<C> {
pub(in crate::plonk) fn evaluate<T: TranscriptWrite<C>>(
pub(in crate::plonk) fn evaluate<S: ChallengeSpace<C>, T: TranscriptWrite<C, S>>(
self,
pk: &plonk::ProvingKey<C>,
pkey: &ProvingKey<C>,

14
src/plonk/permutation/verifier.rs
View File

@ -1,13 +1,13 @@
use ff::Field;
use std::iter;
use super::super::circuit::Any;
use super::super::{circuit::Any, ChallengeBeta, ChallengeGamma, ChallengeX};
use super::{Argument, VerifyingKey};
use crate::{
arithmetic::{CurveAffine, FieldExt},
plonk::{self, ChallengeBeta, ChallengeGamma, ChallengeX, Error},
plonk::{self, Error},
poly::{multiopen::VerifierQuery, Rotation},
transcript::TranscriptRead,
transcript::{ChallengeSpace, TranscriptRead},
};
pub struct Committed<C: CurveAffine> {
@ -22,7 +22,11 @@ pub struct Evaluated<C: CurveAffine> {
}
impl Argument {
pub(crate) fn read_product_commitment<C: CurveAffine, T: TranscriptRead<C>>(
pub(crate) fn read_product_commitment<
C: CurveAffine,
S: ChallengeSpace<C>,
T: TranscriptRead<C, S>,
>(
&self,
transcript: &mut T,
) -> Result<Committed<C>, Error> {
@ -37,7 +41,7 @@ impl Argument {
}
impl<C: CurveAffine> Committed<C> {
pub(crate) fn evaluate<T: TranscriptRead<C>>(
pub(crate) fn evaluate<S: ChallengeSpace<C>, T: TranscriptRead<C, S>>(
self,
vkey: &VerifyingKey<C>,
transcript: &mut T,

22
src/plonk/prover.rs
View File

@ -4,8 +4,7 @@ use std::iter;
use super::{
circuit::{Advice, Any, Assignment, Circuit, Column, ConstraintSystem, Fixed},
lookup, permutation, vanishing, ChallengeBeta, ChallengeGamma, ChallengeTheta, ChallengeX,
ChallengeY, Error, Permutation, ProvingKey,
lookup, permutation, vanishing, Error, Permutation, ProvingKey,
};
use crate::arithmetic::{eval_polynomial, CurveAffine, FieldExt};
use crate::poly::{
@ -13,12 +12,17 @@ use crate::poly::{
multiopen::{self, ProverQuery},
Coeff, ExtendedLagrangeCoeff, LagrangeCoeff, Polynomial,
};
use crate::transcript::TranscriptWrite;
use crate::transcript::{ChallengeSpace, TranscriptWrite};
/// This creates a proof for the provided `circuit` when given the public
/// parameters `params` and the proving key [`ProvingKey`] that was
/// generated previously for the same circuit.
pub fn create_proof<C: CurveAffine, T: TranscriptWrite<C>, ConcreteCircuit: Circuit<C::Scalar>>(
pub fn create_proof<
C: CurveAffine,
S: ChallengeSpace<C>,
T: TranscriptWrite<C, S>,
ConcreteCircuit: Circuit<C::Scalar>,
>(
params: &Params<C>,
pk: &ProvingKey<C>,
circuits: &[ConcreteCircuit],
@ -241,7 +245,7 @@ pub fn create_proof<C: CurveAffine, T: TranscriptWrite<C>, ConcreteCircuit: Circ
.collect::<Result<Vec<_>, _>>()?;
// Sample theta challenge for keeping lookup columns linearly independent
let theta = ChallengeTheta::get(transcript);
let theta = transcript.squeeze_challenge_scalar();
let lookups: Vec<Vec<lookup::prover::Permuted<C>>> = instance
.iter()
@ -272,10 +276,10 @@ pub fn create_proof<C: CurveAffine, T: TranscriptWrite<C>, ConcreteCircuit: Circ
.collect::<Result<Vec<_>, _>>()?;
// Sample beta challenge
let beta = ChallengeBeta::get(transcript);
let beta = transcript.squeeze_challenge_scalar();
// Sample gamma challenge
let gamma = ChallengeGamma::get(transcript);
let gamma = transcript.squeeze_challenge_scalar();
let permutations: Vec<Vec<permutation::prover::Committed<C>>> = instance
.iter()
@ -316,7 +320,7 @@ pub fn create_proof<C: CurveAffine, T: TranscriptWrite<C>, ConcreteCircuit: Circ
.collect::<Result<Vec<_>, _>>()?;
// Obtain challenge for keeping all separate gates linearly independent
let y = ChallengeY::get(transcript);
let y = transcript.squeeze_challenge_scalar();
let (permutations, permutation_expressions): (Vec<Vec<_>>, Vec<Vec<_>>) = permutations
.into_iter()
@ -389,7 +393,7 @@ pub fn create_proof<C: CurveAffine, T: TranscriptWrite<C>, ConcreteCircuit: Circ
// Construct the vanishing argument
let vanishing = vanishing::Argument::construct(params, domain, expressions, y, transcript)?;
let x = ChallengeX::get(transcript);
let x = transcript.squeeze_challenge_scalar();
// Compute and hash instance evals for each circuit instance
for instance in instance.iter() {

9
src/plonk/vanishing/prover.rs
View File

@ -1,15 +1,16 @@
use group::Curve;
use super::super::{ChallengeX, ChallengeY};
use super::Argument;
use crate::{
arithmetic::{eval_polynomial, CurveAffine, FieldExt},
plonk::{ChallengeX, ChallengeY, Error},
plonk::Error,
poly::{
commitment::{Blind, Params},
multiopen::ProverQuery,
Coeff, EvaluationDomain, ExtendedLagrangeCoeff, Polynomial,
},
transcript::TranscriptWrite,
transcript::{ChallengeSpace, TranscriptWrite},
};
pub(in crate::plonk) struct Constructed<C: CurveAffine> {
@ -22,7 +23,7 @@ pub(in crate::plonk) struct Evaluated<C: CurveAffine> {
}
impl<C: CurveAffine> Argument<C> {
pub(in crate::plonk) fn construct<T: TranscriptWrite<C>>(
pub(in crate::plonk) fn construct<S: ChallengeSpace<C>, T: TranscriptWrite<C, S>>(
params: &Params<C>,
domain: &EvaluationDomain<C::Scalar>,
expressions: impl Iterator<Item = Polynomial<C::Scalar, ExtendedLagrangeCoeff>>,
@ -68,7 +69,7 @@ impl<C: CurveAffine> Argument<C> {
}
impl<C: CurveAffine> Constructed<C> {
pub(in crate::plonk) fn evaluate<T: TranscriptWrite<C>>(
pub(in crate::plonk) fn evaluate<S: ChallengeSpace<C>, T: TranscriptWrite<C, S>>(
self,
x: ChallengeX<C>,
transcript: &mut T,

9
src/plonk/vanishing/verifier.rs
View File

@ -2,11 +2,12 @@ use ff::Field;
use crate::{
arithmetic::CurveAffine,
plonk::{ChallengeX, ChallengeY, Error, VerifyingKey},
plonk::{Error, VerifyingKey},
poly::multiopen::VerifierQuery,
transcript::{read_n_points, read_n_scalars, TranscriptRead},
transcript::{read_n_points, read_n_scalars, ChallengeSpace, TranscriptRead},
};
use super::super::{ChallengeX, ChallengeY};
use super::Argument;
pub struct Committed<C: CurveAffine> {
@ -19,7 +20,7 @@ pub struct Evaluated<C: CurveAffine> {
}
impl<C: CurveAffine> Argument<C> {
pub(in crate::plonk) fn read_commitments<T: TranscriptRead<C>>(
pub(in crate::plonk) fn read_commitments<S: ChallengeSpace<C>, T: TranscriptRead<C, S>>(
vk: &VerifyingKey<C>,
transcript: &mut T,
) -> Result<Committed<C>, Error> {
@ -32,7 +33,7 @@ impl<C: CurveAffine> Argument<C> {
}
impl<C: CurveAffine> Committed<C> {
pub(in crate::plonk) fn evaluate<T: TranscriptRead<C>>(
pub(in crate::plonk) fn evaluate<S: ChallengeSpace<C>, T: TranscriptRead<C, S>>(
self,
transcript: &mut T,
) -> Result<Evaluated<C>, Error> {

21
src/plonk/verifier.rs
View File

@ -1,19 +1,16 @@
use ff::Field;
use std::iter;
use super::{
vanishing, ChallengeBeta, ChallengeGamma, ChallengeTheta, ChallengeX, ChallengeY, Error,
VerifyingKey,
};
use super::{vanishing, Error, VerifyingKey};
use crate::arithmetic::{CurveAffine, FieldExt};
use crate::poly::{
commitment::{Guard, Params, MSM},
multiopen::{self, VerifierQuery},
};
use crate::transcript::{read_n_points, read_n_scalars, TranscriptRead};
use crate::transcript::{read_n_points, read_n_scalars, ChallengeSpace, TranscriptRead};
/// Returns a boolean indicating whether or not the proof is valid
pub fn verify_proof<'a, C: CurveAffine, T: TranscriptRead<C>>(
pub fn verify_proof<'a, C: CurveAffine, S: ChallengeSpace<C>, T: TranscriptRead<C, S>>(
params: &'a Params<C>,
vk: &VerifyingKey<C>,
msm: MSM<'a, C>,
@ -50,7 +47,7 @@ pub fn verify_proof<'a, C: CurveAffine, T: TranscriptRead<C>>(
.collect::<Result<Vec<_>, _>>()?;
// Sample theta challenge for keeping lookup columns linearly independent
let theta = ChallengeTheta::get(transcript);
let theta = transcript.squeeze_challenge_scalar();
let lookups_permuted = (0..num_proofs)
.map(|_| -> Result<Vec<_>, _> {
@ -64,10 +61,10 @@ pub fn verify_proof<'a, C: CurveAffine, T: TranscriptRead<C>>(
.collect::<Result<Vec<_>, _>>()?;
// Sample beta challenge
let beta = ChallengeBeta::get(transcript);
let beta = transcript.squeeze_challenge_scalar();
// Sample gamma challenge
let gamma = ChallengeGamma::get(transcript);
let gamma = transcript.squeeze_challenge_scalar();
let permutations_committed = (0..num_proofs)
.map(|_| -> Result<Vec<_>, _> {
@ -92,14 +89,12 @@ pub fn verify_proof<'a, C: CurveAffine, T: TranscriptRead<C>>(
.collect::<Result<Vec<_>, _>>()?;
// Sample y challenge, which keeps the gates linearly independent.
let y = ChallengeY::get(transcript);
let y = transcript.squeeze_challenge_scalar();
let vanishing = vanishing::Argument::read_commitments(vk, transcript)?;
// Sample x challenge, which is used to ensure the circuit is
// satisfied with high probability.
let x = ChallengeX::get(transcript);
let x = transcript.squeeze_challenge_scalar();
let instance_evals = (0..num_proofs)
.map(|_| -> Result<Vec<_>, _> {
read_n_scalars(transcript, vk.cs.instance_queries.len())

12
src/poly/commitment.rs
View File

@ -306,7 +306,7 @@ fn test_opening_proof() {
use crate::arithmetic::{eval_polynomial, FieldExt};
use crate::pasta::{EpAffine, Fq};
use crate::transcript::{
Blake2bRead, Blake2bWrite, ChallengeScalar, Transcript, TranscriptRead, TranscriptWrite,
Blake2bRead, Blake2bWrite, ChallengeScalarEndo, Transcript, TranscriptRead, TranscriptWrite,
};
let params = Params::<EpAffine>::new(K);
@ -326,9 +326,10 @@ fn test_opening_proof() {
let p = params.commit(&px, blind).to_affine();
let mut transcript = Blake2bWrite::<Vec<u8>, EpAffine>::init(vec![]);
let mut transcript =
Blake2bWrite::<Vec<u8>, EpAffine, ChallengeScalarEndo<EpAffine>>::init(vec![]);
transcript.write_point(p).unwrap();
let x = ChallengeScalar::<_, ()>::get(&mut transcript);
let x = transcript.squeeze_challenge_scalar::<()>();
// Evaluate the polynomial
let v = eval_polynomial(&px, *x);
transcript.write_scalar(v).unwrap();
@ -340,10 +341,11 @@ fn test_opening_proof() {
};
// Verify the opening proof
let mut transcript = Blake2bRead::<&[u8], EpAffine>::init(&proof[..]);
let mut transcript =
Blake2bRead::<&[u8], EpAffine, ChallengeScalarEndo<EpAffine>>::init(&proof[..]);
let p_prime = transcript.read_point().unwrap();
assert_eq!(p, p_prime);
let x_prime = ChallengeScalar::<_, ()>::get(&mut transcript);
let x_prime = transcript.squeeze_challenge_scalar::<()>();
assert_eq!(*x, *x_prime);
let v_prime = transcript.read_scalar().unwrap();
assert_eq!(v, v_prime);

11
src/poly/commitment/prover.rs
View File

@ -5,7 +5,7 @@ use super::{Blind, Params};
use crate::arithmetic::{
best_multiexp, compute_inner_product, eval_polynomial, parallelize, CurveAffine, FieldExt,
};
use crate::transcript::{Challenge, ChallengeScalar, TranscriptWrite};
use crate::transcript::{ChallengeSpace, TranscriptWrite};
use group::Curve;
use std::io;
@ -23,7 +23,7 @@ use std::io;
/// opening v, and the point x. It's probably also nice for the transcript
/// to have seen the elliptic curve description and the URS, if you want to
/// be rigorous.
pub fn create_proof<C: CurveAffine, T: TranscriptWrite<C>>(
pub fn create_proof<C: CurveAffine, S: ChallengeSpace<C>, T: TranscriptWrite<C, S>>(
params: &Params<C>,
transcript: &mut T,
px: &Polynomial<C::Scalar, Coeff>,
@ -53,11 +53,11 @@ pub fn create_proof<C: CurveAffine, T: TranscriptWrite<C>>(
// Challenge that will ensure that the prover cannot change P but can only
// witness a random polynomial commitment that agrees with P at x, with high
// probability.
let iota = *ChallengeScalar::<C, ()>::get(transcript);
let iota = *transcript.squeeze_challenge_scalar::<()>();
// Challenge that ensures that the prover did not interfere with the U term
// in their commitments.
let z = *ChallengeScalar::<C, ()>::get(transcript);
let z = *transcript.squeeze_challenge_scalar::<()>();
// We'll be opening `s_poly_commitment * iota + P - [v] G_0` to ensure it
// has a root at zero.
@ -110,8 +110,7 @@ pub fn create_proof<C: CurveAffine, T: TranscriptWrite<C>>(
transcript.write_point(l)?;
transcript.write_point(r)?;
let challenge_packed = Challenge::get(transcript);
let challenge = *ChallengeScalar::<C, ()>::from(challenge_packed);
let challenge = *transcript.squeeze_challenge_scalar::<()>();
let challenge_inv = challenge.invert().unwrap(); // TODO, bubble this up
// Collapse `a` and `b`.

13
src/poly/commitment/verifier.rs
View File

@ -3,7 +3,7 @@ use group::Curve;
use super::super::Error;
use super::{Params, MSM};
use crate::transcript::{Challenge, ChallengeScalar, TranscriptRead};
use crate::transcript::{Challenge, ChallengeSpace, TranscriptRead};
use crate::arithmetic::{best_multiexp, BatchInvert, CurveAffine};
@ -64,7 +64,7 @@ impl<'a, C: CurveAffine> Guard<'a, C> {
/// Checks to see if the proof represented within `transcript` is valid, and a
/// point `x` that the polynomial commitment `P` opens purportedly to the value
/// `v`. The provided `msm` should evaluate to the commitment `P` being opened.
pub fn verify_proof<'a, C: CurveAffine, T: TranscriptRead<C>>(
pub fn verify_proof<'a, C: CurveAffine, S: ChallengeSpace<C>, T: TranscriptRead<C, S>>(
params: &'a Params<C>,
mut msm: MSM<'a, C>,
transcript: &mut T,
@ -78,10 +78,11 @@ pub fn verify_proof<'a, C: CurveAffine, T: TranscriptRead<C>>(
msm.add_constant_term(-v);
let s_poly_commitment = transcript.read_point().map_err(|_| Error::OpeningError)?;
let iota = *ChallengeScalar::<C, ()>::get(transcript);
let iota = *transcript.squeeze_challenge_scalar::<()>();
msm.append_term(iota, s_poly_commitment);
let z = *ChallengeScalar::<C, ()>::get(transcript);
let z = *transcript.squeeze_challenge_scalar::<()>();
let mut rounds = vec![];
for _ in 0..k {
@ -89,8 +90,8 @@ pub fn verify_proof<'a, C: CurveAffine, T: TranscriptRead<C>>(
let l = transcript.read_point().map_err(|_| Error::OpeningError)?;
let r = transcript.read_point().map_err(|_| Error::OpeningError)?;
let challenge_packed = Challenge::get(transcript);
let challenge = *ChallengeScalar::<C, ()>::from(challenge_packed);
let challenge_packed = transcript.squeeze_challenge_128();
let challenge = *transcript.to_challenge_scalar::<()>(challenge_packed);
rounds.push((
l,

10
src/poly/multiopen.rs
View File

@ -211,6 +211,7 @@ fn test_roundtrip() {
use super::commitment::{Blind, Params};
use crate::arithmetic::{eval_polynomial, FieldExt};
use crate::pasta::{EqAffine, Fp};
use crate::transcript::ChallengeScalarEndo;
const K: u32 = 4;
@ -244,7 +245,8 @@ fn test_roundtrip() {
let bvx = eval_polynomial(&bx, x);
let cvy = eval_polynomial(&cx, y);
let mut transcript = crate::transcript::Blake2bWrite::init(vec![]);
let mut transcript =
crate::transcript::Blake2bWrite::<_, _, ChallengeScalarEndo<EqAffine>>::init(vec![]);
create_proof(
&params,
&mut transcript,
@ -270,7 +272,8 @@ fn test_roundtrip() {
{
let mut proof = &proof[..];
let mut transcript = crate::transcript::Blake2bRead::init(&mut proof);
let mut transcript =
crate::transcript::Blake2bRead::<_, _, ChallengeScalarEndo<EqAffine>>::init(&mut proof);
let msm = params.empty_msm();
let guard = verify_proof(
@ -303,7 +306,8 @@ fn test_roundtrip() {
{
let mut proof = &proof[..];
let mut transcript = crate::transcript::Blake2bRead::init(&mut proof);
let mut transcript =
crate::transcript::Blake2bRead::<_, _, ChallengeScalarEndo<EqAffine>>::init(&mut proof);
let msm = params.empty_msm();
let guard = verify_proof(

12
src/poly/multiopen/prover.rs
View File

@ -8,7 +8,7 @@ use super::{
};
use crate::arithmetic::{eval_polynomial, kate_division, CurveAffine, FieldExt};
use crate::transcript::TranscriptWrite;
use crate::transcript::{ChallengeSpace, TranscriptWrite};
use ff::Field;
use group::Curve;
@ -24,7 +24,7 @@ struct CommitmentData<C: CurveAffine> {
}
/// Create a multi-opening proof
pub fn create_proof<'a, I, C: CurveAffine, T: TranscriptWrite<C>>(
pub fn create_proof<'a, I, C: CurveAffine, S: ChallengeSpace<C>, T: TranscriptWrite<C, S>>(
params: &Params<C>,
transcript: &mut T,
queries: I,
@ -32,8 +32,8 @@ pub fn create_proof<'a, I, C: CurveAffine, T: TranscriptWrite<C>>(
where
I: IntoIterator<Item = ProverQuery<'a, C>> + Clone,
{
let x_1 = ChallengeX1::get(transcript);
let x_2 = ChallengeX2::get(transcript);
let x_1 = transcript.squeeze_challenge_scalar::<ChallengeX1<C>>();
let x_2 = transcript.squeeze_challenge_scalar::<ChallengeX2<C>>();
let (poly_map, point_sets) = construct_intermediate_sets(queries);
@ -91,7 +91,7 @@ where
transcript.write_point(f_commitment)?;
let x_3 = ChallengeX3::get(transcript);
let x_3 = transcript.squeeze_challenge_scalar::<ChallengeX3<C>>();
let q_evals: Vec<C::Scalar> = q_polys
.iter()
@ -102,7 +102,7 @@ where
transcript.write_scalar(*eval)?;
}
let x_4 = ChallengeX4::get(transcript);
let x_4 = transcript.squeeze_challenge_scalar::<ChallengeX4<C>>();
let (f_poly, f_blind_try) = q_polys.iter().zip(q_blinds.iter()).fold(
(f_poly, f_blind),

12
src/poly/multiopen/verifier.rs
View File

@ -9,7 +9,7 @@ use super::{
VerifierQuery,
};
use crate::arithmetic::{eval_polynomial, lagrange_interpolate, CurveAffine, FieldExt};
use crate::transcript::TranscriptRead;
use crate::transcript::{ChallengeSpace, TranscriptRead};
#[derive(Debug, Clone)]
struct CommitmentData<C: CurveAffine> {
set_index: usize,
@ -18,7 +18,7 @@ struct CommitmentData<C: CurveAffine> {
}
/// Verify a multi-opening proof
pub fn verify_proof<'b, 'a: 'b, I, C: CurveAffine, T: TranscriptRead<C>>(
pub fn verify_proof<'b, 'a: 'b, I, C: CurveAffine, S: ChallengeSpace<C>, T: TranscriptRead<C, S>>(
params: &'a Params<C>,
transcript: &mut T,
queries: I,
@ -33,11 +33,11 @@ where
msm.scale(C::Scalar::rand());
// Sample x_1 for compressing openings at the same point sets together
let x_1 = ChallengeX1::get(transcript);
let x_1 = transcript.squeeze_challenge_scalar::<ChallengeX1<C>>();
// Sample a challenge x_2 for keeping the multi-point quotient
// polynomial terms linearly independent.
let x_2 = ChallengeX2::get(transcript);
let x_2 = transcript.squeeze_challenge_scalar::<ChallengeX2<C>>();
let (commitment_map, point_sets) = construct_intermediate_sets(queries);
@ -77,7 +77,7 @@ where
// Sample a challenge x_3 for checking that f(X) was committed to
// correctly.
let x_3 = ChallengeX3::get(transcript);
let x_3 = transcript.squeeze_challenge_scalar::<ChallengeX3<C>>();
let mut q_evals = Vec::with_capacity(q_eval_sets.len());
for _ in 0..q_eval_sets.len() {
@ -104,7 +104,7 @@ where
// Sample a challenge x_4 that we will use to collapse the openings of
// the various remaining polynomials at x_3 together.
let x_4 = ChallengeX4::get(transcript);
let x_4 = transcript.squeeze_challenge_scalar::<ChallengeX4<C>>();
// Compute the final commitment that has to be opened
msm.append_term(C::Scalar::one(), f_commitment);