diff --git a/src/plonk.rs b/src/plonk.rs index 0af91f41..0772cc8d 100644 --- a/src/plonk.rs +++ b/src/plonk.rs @@ -12,7 +12,7 @@ use crate::poly::{ commitment::Params, Coeff, EvaluationDomain, ExtendedLagrangeCoeff, LagrangeCoeff, PinnedEvaluationDomain, Polynomial, }; -use crate::transcript::{ChallengeScalar, Transcript}; +use crate::transcript::{ChallengeScalar, ChallengeSpace, Transcript}; mod circuit; mod keygen; @@ -79,7 +79,10 @@ impl VerifyingKey { } /// Hashes a verification key into a transcript. - pub fn hash_into>(&self, transcript: &mut T) -> io::Result<()> { + pub fn hash_into, T: Transcript>( + &self, + transcript: &mut T, + ) -> io::Result<()> { let mut hasher = Blake2bParams::new() .hash_length(64) .personal(b"Halo2-Verify-Key") diff --git a/src/plonk/lookup/prover.rs b/src/plonk/lookup/prover.rs index 76693dcd..e1f1a737 100644 --- a/src/plonk/lookup/prover.rs +++ b/src/plonk/lookup/prover.rs @@ -10,7 +10,7 @@ use crate::{ multiopen::ProverQuery, Coeff, EvaluationDomain, ExtendedLagrangeCoeff, LagrangeCoeff, Polynomial, Rotation, }, - transcript::TranscriptWrite, + transcript::{ChallengeSpace, TranscriptWrite}, }; use ff::Field; use group::Curve; @@ -72,7 +72,7 @@ impl Argument { /// - constructs Permuted struct using permuted_input_value = A', and /// permuted_table_expression = S'. /// The Permuted struct is used to update the Lookup, and is then returned. - pub(in crate::plonk) fn commit_permuted<'a, C, T: TranscriptWrite>( + pub(in crate::plonk) fn commit_permuted<'a, C, S: ChallengeSpace, T: TranscriptWrite>( &self, pk: &ProvingKey, params: &Params, @@ -244,7 +244,7 @@ impl Permuted { /// grand product polynomial over the lookup. The grand product polynomial /// is used to populate the Product struct. The Product struct is /// added to the Lookup and finally returned by the method. - pub(in crate::plonk) fn commit_product>( + pub(in crate::plonk) fn commit_product, T: TranscriptWrite>( self, pk: &ProvingKey, params: &Params, @@ -488,7 +488,7 @@ impl<'a, C: CurveAffine> Committed { } impl Constructed { - pub(in crate::plonk) fn evaluate>( + pub(in crate::plonk) fn evaluate, T: TranscriptWrite>( self, pk: &ProvingKey, x: ChallengeX, diff --git a/src/plonk/lookup/verifier.rs b/src/plonk/lookup/verifier.rs index 0f152f39..fe23f834 100644 --- a/src/plonk/lookup/verifier.rs +++ b/src/plonk/lookup/verifier.rs @@ -1,12 +1,14 @@ use std::iter; -use super::super::circuit::Expression; +use super::super::{ + circuit::Expression, ChallengeBeta, ChallengeGamma, ChallengeTheta, ChallengeX, +}; use super::Argument; use crate::{ arithmetic::{CurveAffine, FieldExt}, - plonk::{ChallengeBeta, ChallengeGamma, ChallengeTheta, ChallengeX, Error, VerifyingKey}, + plonk::{Error, VerifyingKey}, poly::{multiopen::VerifierQuery, Rotation}, - transcript::TranscriptRead, + transcript::{ChallengeSpace, TranscriptRead}, }; use ff::Field; @@ -30,7 +32,11 @@ pub struct Evaluated { } impl Argument { - pub(in crate::plonk) fn read_permuted_commitments>( + pub(in crate::plonk) fn read_permuted_commitments< + C: CurveAffine, + S: ChallengeSpace, + T: TranscriptRead, + >( &self, transcript: &mut T, ) -> Result, Error> { @@ -49,7 +55,10 @@ impl Argument { } impl PermutationCommitments { - pub(in crate::plonk) fn read_product_commitment>( + pub(in crate::plonk) fn read_product_commitment< + S: ChallengeSpace, + T: TranscriptRead, + >( self, transcript: &mut T, ) -> Result, Error> { @@ -65,7 +74,7 @@ impl PermutationCommitments { } impl Committed { - pub(crate) fn evaluate>( + pub(crate) fn evaluate, T: TranscriptRead>( self, transcript: &mut T, ) -> Result, Error> { diff --git a/src/plonk/permutation/prover.rs b/src/plonk/permutation/prover.rs index eca39a2b..203ae120 100644 --- a/src/plonk/permutation/prover.rs +++ b/src/plonk/permutation/prover.rs @@ -2,17 +2,17 @@ use ff::Field; use group::Curve; use std::iter; -use super::super::circuit::Any; +use super::super::{circuit::Any, ChallengeBeta, ChallengeGamma, ChallengeX}; use super::{Argument, ProvingKey}; use crate::{ arithmetic::{eval_polynomial, parallelize, BatchInvert, CurveAffine, FieldExt}, - plonk::{self, ChallengeBeta, ChallengeGamma, ChallengeX, Error}, + plonk::{self, Error}, poly::{ commitment::{Blind, Params}, multiopen::ProverQuery, Coeff, ExtendedLagrangeCoeff, LagrangeCoeff, Polynomial, Rotation, }, - transcript::TranscriptWrite, + transcript::{ChallengeSpace, TranscriptWrite}, }; pub(crate) struct Committed { @@ -32,7 +32,11 @@ pub(crate) struct Evaluated { } impl Argument { - pub(in crate::plonk) fn commit>( + pub(in crate::plonk) fn commit< + C: CurveAffine, + S: ChallengeSpace, + T: TranscriptWrite, + >( &self, params: &Params, pk: &plonk::ProvingKey, @@ -253,7 +257,7 @@ impl super::ProvingKey { } impl Constructed { - pub(in crate::plonk) fn evaluate>( + pub(in crate::plonk) fn evaluate, T: TranscriptWrite>( self, pk: &plonk::ProvingKey, pkey: &ProvingKey, diff --git a/src/plonk/permutation/verifier.rs b/src/plonk/permutation/verifier.rs index 74471aec..97fa7a24 100644 --- a/src/plonk/permutation/verifier.rs +++ b/src/plonk/permutation/verifier.rs @@ -1,13 +1,13 @@ use ff::Field; use std::iter; -use super::super::circuit::Any; +use super::super::{circuit::Any, ChallengeBeta, ChallengeGamma, ChallengeX}; use super::{Argument, VerifyingKey}; use crate::{ arithmetic::{CurveAffine, FieldExt}, - plonk::{self, ChallengeBeta, ChallengeGamma, ChallengeX, Error}, + plonk::{self, Error}, poly::{multiopen::VerifierQuery, Rotation}, - transcript::TranscriptRead, + transcript::{ChallengeSpace, TranscriptRead}, }; pub struct Committed { @@ -22,7 +22,11 @@ pub struct Evaluated { } impl Argument { - pub(crate) fn read_product_commitment>( + pub(crate) fn read_product_commitment< + C: CurveAffine, + S: ChallengeSpace, + T: TranscriptRead, + >( &self, transcript: &mut T, ) -> Result, Error> { @@ -37,7 +41,7 @@ impl Argument { } impl Committed { - pub(crate) fn evaluate>( + pub(crate) fn evaluate, T: TranscriptRead>( self, vkey: &VerifyingKey, transcript: &mut T, diff --git a/src/plonk/prover.rs b/src/plonk/prover.rs index 0ff35fef..1a2220b0 100644 --- a/src/plonk/prover.rs +++ b/src/plonk/prover.rs @@ -4,8 +4,7 @@ use std::iter; use super::{ circuit::{Advice, Any, Assignment, Circuit, Column, ConstraintSystem, Fixed}, - lookup, permutation, vanishing, ChallengeBeta, ChallengeGamma, ChallengeTheta, ChallengeX, - ChallengeY, Error, Permutation, ProvingKey, + lookup, permutation, vanishing, Error, Permutation, ProvingKey, }; use crate::arithmetic::{eval_polynomial, CurveAffine, FieldExt}; use crate::poly::{ @@ -13,12 +12,17 @@ use crate::poly::{ multiopen::{self, ProverQuery}, Coeff, ExtendedLagrangeCoeff, LagrangeCoeff, Polynomial, }; -use crate::transcript::TranscriptWrite; +use crate::transcript::{ChallengeSpace, TranscriptWrite}; /// This creates a proof for the provided `circuit` when given the public /// parameters `params` and the proving key [`ProvingKey`] that was /// generated previously for the same circuit. -pub fn create_proof, ConcreteCircuit: Circuit>( +pub fn create_proof< + C: CurveAffine, + S: ChallengeSpace, + T: TranscriptWrite, + ConcreteCircuit: Circuit, +>( params: &Params, pk: &ProvingKey, circuits: &[ConcreteCircuit], @@ -241,7 +245,7 @@ pub fn create_proof, ConcreteCircuit: Circ .collect::, _>>()?; // Sample theta challenge for keeping lookup columns linearly independent - let theta = ChallengeTheta::get(transcript); + let theta = transcript.squeeze_challenge_scalar(); let lookups: Vec>> = instance .iter() @@ -272,10 +276,10 @@ pub fn create_proof, ConcreteCircuit: Circ .collect::, _>>()?; // Sample beta challenge - let beta = ChallengeBeta::get(transcript); + let beta = transcript.squeeze_challenge_scalar(); // Sample gamma challenge - let gamma = ChallengeGamma::get(transcript); + let gamma = transcript.squeeze_challenge_scalar(); let permutations: Vec>> = instance .iter() @@ -316,7 +320,7 @@ pub fn create_proof, ConcreteCircuit: Circ .collect::, _>>()?; // Obtain challenge for keeping all separate gates linearly independent - let y = ChallengeY::get(transcript); + let y = transcript.squeeze_challenge_scalar(); let (permutations, permutation_expressions): (Vec>, Vec>) = permutations .into_iter() @@ -389,7 +393,7 @@ pub fn create_proof, ConcreteCircuit: Circ // Construct the vanishing argument let vanishing = vanishing::Argument::construct(params, domain, expressions, y, transcript)?; - let x = ChallengeX::get(transcript); + let x = transcript.squeeze_challenge_scalar(); // Compute and hash instance evals for each circuit instance for instance in instance.iter() { diff --git a/src/plonk/vanishing/prover.rs b/src/plonk/vanishing/prover.rs index 441615e0..9e6ab4cd 100644 --- a/src/plonk/vanishing/prover.rs +++ b/src/plonk/vanishing/prover.rs @@ -1,15 +1,16 @@ use group::Curve; +use super::super::{ChallengeX, ChallengeY}; use super::Argument; use crate::{ arithmetic::{eval_polynomial, CurveAffine, FieldExt}, - plonk::{ChallengeX, ChallengeY, Error}, + plonk::Error, poly::{ commitment::{Blind, Params}, multiopen::ProverQuery, Coeff, EvaluationDomain, ExtendedLagrangeCoeff, Polynomial, }, - transcript::TranscriptWrite, + transcript::{ChallengeSpace, TranscriptWrite}, }; pub(in crate::plonk) struct Constructed { @@ -22,7 +23,7 @@ pub(in crate::plonk) struct Evaluated { } impl Argument { - pub(in crate::plonk) fn construct>( + pub(in crate::plonk) fn construct, T: TranscriptWrite>( params: &Params, domain: &EvaluationDomain, expressions: impl Iterator>, @@ -68,7 +69,7 @@ impl Argument { } impl Constructed { - pub(in crate::plonk) fn evaluate>( + pub(in crate::plonk) fn evaluate, T: TranscriptWrite>( self, x: ChallengeX, transcript: &mut T, diff --git a/src/plonk/vanishing/verifier.rs b/src/plonk/vanishing/verifier.rs index 7a4f1341..fd49d222 100644 --- a/src/plonk/vanishing/verifier.rs +++ b/src/plonk/vanishing/verifier.rs @@ -2,11 +2,12 @@ use ff::Field; use crate::{ arithmetic::CurveAffine, - plonk::{ChallengeX, ChallengeY, Error, VerifyingKey}, + plonk::{Error, VerifyingKey}, poly::multiopen::VerifierQuery, - transcript::{read_n_points, read_n_scalars, TranscriptRead}, + transcript::{read_n_points, read_n_scalars, ChallengeSpace, TranscriptRead}, }; +use super::super::{ChallengeX, ChallengeY}; use super::Argument; pub struct Committed { @@ -19,7 +20,7 @@ pub struct Evaluated { } impl Argument { - pub(in crate::plonk) fn read_commitments>( + pub(in crate::plonk) fn read_commitments, T: TranscriptRead>( vk: &VerifyingKey, transcript: &mut T, ) -> Result, Error> { @@ -32,7 +33,7 @@ impl Argument { } impl Committed { - pub(in crate::plonk) fn evaluate>( + pub(in crate::plonk) fn evaluate, T: TranscriptRead>( self, transcript: &mut T, ) -> Result, Error> { diff --git a/src/plonk/verifier.rs b/src/plonk/verifier.rs index 38f7485f..592f01b9 100644 --- a/src/plonk/verifier.rs +++ b/src/plonk/verifier.rs @@ -1,19 +1,16 @@ use ff::Field; use std::iter; -use super::{ - vanishing, ChallengeBeta, ChallengeGamma, ChallengeTheta, ChallengeX, ChallengeY, Error, - VerifyingKey, -}; +use super::{vanishing, Error, VerifyingKey}; use crate::arithmetic::{CurveAffine, FieldExt}; use crate::poly::{ commitment::{Guard, Params, MSM}, multiopen::{self, VerifierQuery}, }; -use crate::transcript::{read_n_points, read_n_scalars, TranscriptRead}; +use crate::transcript::{read_n_points, read_n_scalars, ChallengeSpace, TranscriptRead}; /// Returns a boolean indicating whether or not the proof is valid -pub fn verify_proof<'a, C: CurveAffine, T: TranscriptRead>( +pub fn verify_proof<'a, C: CurveAffine, S: ChallengeSpace, T: TranscriptRead>( params: &'a Params, vk: &VerifyingKey, msm: MSM<'a, C>, @@ -50,7 +47,7 @@ pub fn verify_proof<'a, C: CurveAffine, T: TranscriptRead>( .collect::, _>>()?; // Sample theta challenge for keeping lookup columns linearly independent - let theta = ChallengeTheta::get(transcript); + let theta = transcript.squeeze_challenge_scalar(); let lookups_permuted = (0..num_proofs) .map(|_| -> Result, _> { @@ -64,10 +61,10 @@ pub fn verify_proof<'a, C: CurveAffine, T: TranscriptRead>( .collect::, _>>()?; // Sample beta challenge - let beta = ChallengeBeta::get(transcript); + let beta = transcript.squeeze_challenge_scalar(); // Sample gamma challenge - let gamma = ChallengeGamma::get(transcript); + let gamma = transcript.squeeze_challenge_scalar(); let permutations_committed = (0..num_proofs) .map(|_| -> Result, _> { @@ -92,14 +89,12 @@ pub fn verify_proof<'a, C: CurveAffine, T: TranscriptRead>( .collect::, _>>()?; // Sample y challenge, which keeps the gates linearly independent. - let y = ChallengeY::get(transcript); - + let y = transcript.squeeze_challenge_scalar(); let vanishing = vanishing::Argument::read_commitments(vk, transcript)?; // Sample x challenge, which is used to ensure the circuit is // satisfied with high probability. - let x = ChallengeX::get(transcript); - + let x = transcript.squeeze_challenge_scalar(); let instance_evals = (0..num_proofs) .map(|_| -> Result, _> { read_n_scalars(transcript, vk.cs.instance_queries.len()) diff --git a/src/poly/commitment.rs b/src/poly/commitment.rs index 4471ce8d..6432e505 100644 --- a/src/poly/commitment.rs +++ b/src/poly/commitment.rs @@ -306,7 +306,7 @@ fn test_opening_proof() { use crate::arithmetic::{eval_polynomial, FieldExt}; use crate::pasta::{EpAffine, Fq}; use crate::transcript::{ - Blake2bRead, Blake2bWrite, ChallengeScalar, Transcript, TranscriptRead, TranscriptWrite, + Blake2bRead, Blake2bWrite, ChallengeScalarEndo, Transcript, TranscriptRead, TranscriptWrite, }; let params = Params::::new(K); @@ -326,9 +326,10 @@ fn test_opening_proof() { let p = params.commit(&px, blind).to_affine(); - let mut transcript = Blake2bWrite::, EpAffine>::init(vec![]); + let mut transcript = + Blake2bWrite::, EpAffine, ChallengeScalarEndo>::init(vec![]); transcript.write_point(p).unwrap(); - let x = ChallengeScalar::<_, ()>::get(&mut transcript); + let x = transcript.squeeze_challenge_scalar::<()>(); // Evaluate the polynomial let v = eval_polynomial(&px, *x); transcript.write_scalar(v).unwrap(); @@ -340,10 +341,11 @@ fn test_opening_proof() { }; // Verify the opening proof - let mut transcript = Blake2bRead::<&[u8], EpAffine>::init(&proof[..]); + let mut transcript = + Blake2bRead::<&[u8], EpAffine, ChallengeScalarEndo>::init(&proof[..]); let p_prime = transcript.read_point().unwrap(); assert_eq!(p, p_prime); - let x_prime = ChallengeScalar::<_, ()>::get(&mut transcript); + let x_prime = transcript.squeeze_challenge_scalar::<()>(); assert_eq!(*x, *x_prime); let v_prime = transcript.read_scalar().unwrap(); assert_eq!(v, v_prime); diff --git a/src/poly/commitment/prover.rs b/src/poly/commitment/prover.rs index e78f3aa6..d039c301 100644 --- a/src/poly/commitment/prover.rs +++ b/src/poly/commitment/prover.rs @@ -5,7 +5,7 @@ use super::{Blind, Params}; use crate::arithmetic::{ best_multiexp, compute_inner_product, eval_polynomial, parallelize, CurveAffine, FieldExt, }; -use crate::transcript::{Challenge, ChallengeScalar, TranscriptWrite}; +use crate::transcript::{ChallengeSpace, TranscriptWrite}; use group::Curve; use std::io; @@ -23,7 +23,7 @@ use std::io; /// opening v, and the point x. It's probably also nice for the transcript /// to have seen the elliptic curve description and the URS, if you want to /// be rigorous. -pub fn create_proof>( +pub fn create_proof, T: TranscriptWrite>( params: &Params, transcript: &mut T, px: &Polynomial, @@ -53,11 +53,11 @@ pub fn create_proof>( // Challenge that will ensure that the prover cannot change P but can only // witness a random polynomial commitment that agrees with P at x, with high // probability. - let iota = *ChallengeScalar::::get(transcript); + let iota = *transcript.squeeze_challenge_scalar::<()>(); // Challenge that ensures that the prover did not interfere with the U term // in their commitments. - let z = *ChallengeScalar::::get(transcript); + let z = *transcript.squeeze_challenge_scalar::<()>(); // We'll be opening `s_poly_commitment * iota + P - [v] G_0` to ensure it // has a root at zero. @@ -110,8 +110,7 @@ pub fn create_proof>( transcript.write_point(l)?; transcript.write_point(r)?; - let challenge_packed = Challenge::get(transcript); - let challenge = *ChallengeScalar::::from(challenge_packed); + let challenge = *transcript.squeeze_challenge_scalar::<()>(); let challenge_inv = challenge.invert().unwrap(); // TODO, bubble this up // Collapse `a` and `b`. diff --git a/src/poly/commitment/verifier.rs b/src/poly/commitment/verifier.rs index f226de2f..2cccee7d 100644 --- a/src/poly/commitment/verifier.rs +++ b/src/poly/commitment/verifier.rs @@ -3,7 +3,7 @@ use group::Curve; use super::super::Error; use super::{Params, MSM}; -use crate::transcript::{Challenge, ChallengeScalar, TranscriptRead}; +use crate::transcript::{Challenge, ChallengeSpace, TranscriptRead}; use crate::arithmetic::{best_multiexp, BatchInvert, CurveAffine}; @@ -64,7 +64,7 @@ impl<'a, C: CurveAffine> Guard<'a, C> { /// Checks to see if the proof represented within `transcript` is valid, and a /// point `x` that the polynomial commitment `P` opens purportedly to the value /// `v`. The provided `msm` should evaluate to the commitment `P` being opened. -pub fn verify_proof<'a, C: CurveAffine, T: TranscriptRead>( +pub fn verify_proof<'a, C: CurveAffine, S: ChallengeSpace, T: TranscriptRead>( params: &'a Params, mut msm: MSM<'a, C>, transcript: &mut T, @@ -78,10 +78,11 @@ pub fn verify_proof<'a, C: CurveAffine, T: TranscriptRead>( msm.add_constant_term(-v); let s_poly_commitment = transcript.read_point().map_err(|_| Error::OpeningError)?; - let iota = *ChallengeScalar::::get(transcript); + let iota = *transcript.squeeze_challenge_scalar::<()>(); + msm.append_term(iota, s_poly_commitment); - let z = *ChallengeScalar::::get(transcript); + let z = *transcript.squeeze_challenge_scalar::<()>(); let mut rounds = vec![]; for _ in 0..k { @@ -89,8 +90,8 @@ pub fn verify_proof<'a, C: CurveAffine, T: TranscriptRead>( let l = transcript.read_point().map_err(|_| Error::OpeningError)?; let r = transcript.read_point().map_err(|_| Error::OpeningError)?; - let challenge_packed = Challenge::get(transcript); - let challenge = *ChallengeScalar::::from(challenge_packed); + let challenge_packed = transcript.squeeze_challenge_128(); + let challenge = *transcript.to_challenge_scalar::<()>(challenge_packed); rounds.push(( l, diff --git a/src/poly/multiopen.rs b/src/poly/multiopen.rs index 2ed4ee72..42207b92 100644 --- a/src/poly/multiopen.rs +++ b/src/poly/multiopen.rs @@ -211,6 +211,7 @@ fn test_roundtrip() { use super::commitment::{Blind, Params}; use crate::arithmetic::{eval_polynomial, FieldExt}; use crate::pasta::{EqAffine, Fp}; + use crate::transcript::ChallengeScalarEndo; const K: u32 = 4; @@ -244,7 +245,8 @@ fn test_roundtrip() { let bvx = eval_polynomial(&bx, x); let cvy = eval_polynomial(&cx, y); - let mut transcript = crate::transcript::Blake2bWrite::init(vec![]); + let mut transcript = + crate::transcript::Blake2bWrite::<_, _, ChallengeScalarEndo>::init(vec![]); create_proof( ¶ms, &mut transcript, @@ -270,7 +272,8 @@ fn test_roundtrip() { { let mut proof = &proof[..]; - let mut transcript = crate::transcript::Blake2bRead::init(&mut proof); + let mut transcript = + crate::transcript::Blake2bRead::<_, _, ChallengeScalarEndo>::init(&mut proof); let msm = params.empty_msm(); let guard = verify_proof( @@ -303,7 +306,8 @@ fn test_roundtrip() { { let mut proof = &proof[..]; - let mut transcript = crate::transcript::Blake2bRead::init(&mut proof); + let mut transcript = + crate::transcript::Blake2bRead::<_, _, ChallengeScalarEndo>::init(&mut proof); let msm = params.empty_msm(); let guard = verify_proof( diff --git a/src/poly/multiopen/prover.rs b/src/poly/multiopen/prover.rs index 9dbb6471..75cf886b 100644 --- a/src/poly/multiopen/prover.rs +++ b/src/poly/multiopen/prover.rs @@ -8,7 +8,7 @@ use super::{ }; use crate::arithmetic::{eval_polynomial, kate_division, CurveAffine, FieldExt}; -use crate::transcript::TranscriptWrite; +use crate::transcript::{ChallengeSpace, TranscriptWrite}; use ff::Field; use group::Curve; @@ -24,7 +24,7 @@ struct CommitmentData { } /// Create a multi-opening proof -pub fn create_proof<'a, I, C: CurveAffine, T: TranscriptWrite>( +pub fn create_proof<'a, I, C: CurveAffine, S: ChallengeSpace, T: TranscriptWrite>( params: &Params, transcript: &mut T, queries: I, @@ -32,8 +32,8 @@ pub fn create_proof<'a, I, C: CurveAffine, T: TranscriptWrite>( where I: IntoIterator> + Clone, { - let x_1 = ChallengeX1::get(transcript); - let x_2 = ChallengeX2::get(transcript); + let x_1 = transcript.squeeze_challenge_scalar::>(); + let x_2 = transcript.squeeze_challenge_scalar::>(); let (poly_map, point_sets) = construct_intermediate_sets(queries); @@ -91,7 +91,7 @@ where transcript.write_point(f_commitment)?; - let x_3 = ChallengeX3::get(transcript); + let x_3 = transcript.squeeze_challenge_scalar::>(); let q_evals: Vec = q_polys .iter() @@ -102,7 +102,7 @@ where transcript.write_scalar(*eval)?; } - let x_4 = ChallengeX4::get(transcript); + let x_4 = transcript.squeeze_challenge_scalar::>(); let (f_poly, f_blind_try) = q_polys.iter().zip(q_blinds.iter()).fold( (f_poly, f_blind), diff --git a/src/poly/multiopen/verifier.rs b/src/poly/multiopen/verifier.rs index 8ab7734f..222b7f14 100644 --- a/src/poly/multiopen/verifier.rs +++ b/src/poly/multiopen/verifier.rs @@ -9,7 +9,7 @@ use super::{ VerifierQuery, }; use crate::arithmetic::{eval_polynomial, lagrange_interpolate, CurveAffine, FieldExt}; -use crate::transcript::TranscriptRead; +use crate::transcript::{ChallengeSpace, TranscriptRead}; #[derive(Debug, Clone)] struct CommitmentData { set_index: usize, @@ -18,7 +18,7 @@ struct CommitmentData { } /// Verify a multi-opening proof -pub fn verify_proof<'b, 'a: 'b, I, C: CurveAffine, T: TranscriptRead>( +pub fn verify_proof<'b, 'a: 'b, I, C: CurveAffine, S: ChallengeSpace, T: TranscriptRead>( params: &'a Params, transcript: &mut T, queries: I, @@ -33,11 +33,11 @@ where msm.scale(C::Scalar::rand()); // Sample x_1 for compressing openings at the same point sets together - let x_1 = ChallengeX1::get(transcript); + let x_1 = transcript.squeeze_challenge_scalar::>(); // Sample a challenge x_2 for keeping the multi-point quotient // polynomial terms linearly independent. - let x_2 = ChallengeX2::get(transcript); + let x_2 = transcript.squeeze_challenge_scalar::>(); let (commitment_map, point_sets) = construct_intermediate_sets(queries); @@ -77,7 +77,7 @@ where // Sample a challenge x_3 for checking that f(X) was committed to // correctly. - let x_3 = ChallengeX3::get(transcript); + let x_3 = transcript.squeeze_challenge_scalar::>(); let mut q_evals = Vec::with_capacity(q_eval_sets.len()); for _ in 0..q_eval_sets.len() { @@ -104,7 +104,7 @@ where // Sample a challenge x_4 that we will use to collapse the openings of // the various remaining polynomials at x_3 together. - let x_4 = ChallengeX4::get(transcript); + let x_4 = transcript.squeeze_challenge_scalar::>(); // Compute the final commitment that has to be opened msm.append_term(C::Scalar::one(), f_commitment);