diff --git a/src/plonk/permutation.rs b/src/plonk/permutation.rs index dffa01c5..cc62ca1a 100644 --- a/src/plonk/permutation.rs +++ b/src/plonk/permutation.rs @@ -35,8 +35,8 @@ impl Argument { // l_0(X) * (1 - z(X)) = 0 // // degree columns + 1 - // z(X) \prod (p(X) + \beta s_i(X) + \gamma) - // - z(omega^{-1} X) \prod (p(X) + \delta^i \beta X + \gamma) + // z(omega X) \prod (p(X) + \beta s_i(X) + \gamma) + // - z(X) \prod (p(X) + \delta^i \beta X + \gamma) std::cmp::max(self.columns.len() + 1, 2) } diff --git a/src/plonk/permutation/prover.rs b/src/plonk/permutation/prover.rs index 70928906..d07e0dda 100644 --- a/src/plonk/permutation/prover.rs +++ b/src/plonk/permutation/prover.rs @@ -18,7 +18,7 @@ use crate::{ pub(crate) struct Committed { permutation_product_poly: Polynomial, permutation_product_coset: Polynomial, - permutation_product_coset_inv: Polynomial, + permutation_product_coset_next: Polynomial, permutation_product_blind: Blind, } @@ -120,7 +120,7 @@ impl Argument { for row in 1..(params.n as usize) { let mut tmp = z[row - 1]; - tmp *= &modified_values[row]; + tmp *= &modified_values[row - 1]; z.push(tmp); } let z = domain.lagrange_from_vec(z); @@ -132,7 +132,7 @@ impl Argument { let z = domain.lagrange_to_coeff(z); let permutation_product_poly = z.clone(); let permutation_product_coset = domain.coeff_to_extended(z.clone(), Rotation::cur()); - let permutation_product_coset_inv = domain.coeff_to_extended(z, Rotation::prev()); + let permutation_product_coset_next = domain.coeff_to_extended(z, Rotation::next()); let permutation_product_commitment = permutation_product_commitment_projective.to_affine(); @@ -144,7 +144,7 @@ impl Argument { Ok(Committed { permutation_product_poly, permutation_product_coset, - permutation_product_coset_inv, + permutation_product_coset_next, permutation_product_blind, }) } @@ -171,9 +171,9 @@ impl Committed { .chain(Some( Polynomial::one_minus(self.permutation_product_coset.clone()) * &pk.l0, )) - // z(X) \prod (p(X) + \beta s_i(X) + \gamma) - z(omega^{-1} X) \prod (p(X) + \delta^i \beta X + \gamma) + // z(omega X) \prod (p(X) + \beta s_i(X) + \gamma) - z(X) \prod (p(X) + \delta^i \beta X + \gamma) .chain(Some({ - let mut left = self.permutation_product_coset.clone(); + let mut left = self.permutation_product_coset_next.clone(); for (values, permutation) in p .columns .iter() @@ -201,7 +201,7 @@ impl Committed { }); } - let mut right = self.permutation_product_coset_inv.clone(); + let mut right = self.permutation_product_coset.clone(); let mut current_delta = *beta * &C::Scalar::ZETA; let step = domain.get_extended_omega(); for values in p.columns.iter().map(|&column| match column.column_type() { @@ -268,9 +268,9 @@ impl Constructed { let permutation_product_eval = eval_polynomial(&self.permutation_product_poly, *x); - let permutation_product_inv_eval = eval_polynomial( + let permutation_product_next_eval = eval_polynomial( &self.permutation_product_poly, - domain.rotate_omega(*x, Rotation(-1)), + domain.rotate_omega(*x, Rotation::next()), ); let permutation_evals = pkey.evaluate(x); @@ -278,7 +278,7 @@ impl Constructed { // Hash permutation product evals for eval in iter::empty() .chain(Some(&permutation_product_eval)) - .chain(Some(&permutation_product_inv_eval)) + .chain(Some(&permutation_product_next_eval)) .chain(permutation_evals.iter()) { transcript @@ -297,7 +297,7 @@ impl Evaluated { pkey: &'a ProvingKey, x: ChallengeX, ) -> impl Iterator> + Clone { - let x_inv = pk.vk.domain.rotate_omega(*x, Rotation(-1)); + let x_next = pk.vk.domain.rotate_omega(*x, Rotation::next()); iter::empty() // Open permutation product commitments at x and \omega^{-1} x @@ -307,7 +307,7 @@ impl Evaluated { blind: self.constructed.permutation_product_blind, })) .chain(Some(ProverQuery { - point: x_inv, + point: x_next, poly: &self.constructed.permutation_product_poly, blind: self.constructed.permutation_product_blind, })) diff --git a/src/plonk/permutation/verifier.rs b/src/plonk/permutation/verifier.rs index 3c4bae21..80cadcc6 100644 --- a/src/plonk/permutation/verifier.rs +++ b/src/plonk/permutation/verifier.rs @@ -17,7 +17,7 @@ pub struct Committed { pub struct Evaluated { permutation_product_commitment: C, permutation_product_eval: C::Scalar, - permutation_product_inv_eval: C::Scalar, + permutation_product_next_eval: C::Scalar, permutation_evals: Vec, } @@ -49,7 +49,7 @@ impl Committed { let permutation_product_eval = transcript .read_scalar() .map_err(|_| Error::TranscriptError)?; - let permutation_product_inv_eval = transcript + let permutation_product_next_eval = transcript .read_scalar() .map_err(|_| Error::TranscriptError)?; let mut permutation_evals = Vec::with_capacity(vkey.commitments.len()); @@ -64,7 +64,7 @@ impl Committed { Ok(Evaluated { permutation_product_commitment: self.permutation_product_commitment, permutation_product_eval, - permutation_product_inv_eval, + permutation_product_next_eval, permutation_evals, }) } @@ -88,10 +88,10 @@ impl Evaluated { .chain(Some( l_0 * &(C::Scalar::one() - &self.permutation_product_eval), )) - // z(X) \prod (p(X) + \beta s_i(X) + \gamma) - // - z(omega^{-1} X) \prod (p(X) + \delta^i \beta X + \gamma) + // z(omega X) \prod (p(X) + \beta s_i(X) + \gamma) + // - z(X) \prod (p(X) + \delta^i \beta X + \gamma) .chain(Some({ - let mut left = self.permutation_product_eval; + let mut left = self.permutation_product_next_eval; for (eval, permutation_eval) in p .columns .iter() @@ -111,7 +111,7 @@ impl Evaluated { left *= &(eval + &(*beta * permutation_eval) + &*gamma); } - let mut right = self.permutation_product_inv_eval; + let mut right = self.permutation_product_eval; let mut current_delta = *beta * &*x; for eval in p.columns.iter().map(|&column| match column.column_type() { Any::Advice => advice_evals[vk.cs.get_any_query_index(column, Rotation::cur())], @@ -134,10 +134,10 @@ impl Evaluated { vkey: &'r VerifyingKey, x: ChallengeX, ) -> impl Iterator> + Clone { - let x_inv = vk.domain.rotate_omega(*x, Rotation(-1)); + let x_next = vk.domain.rotate_omega(*x, Rotation::next()); iter::empty() - // Open permutation product commitments at x and \omega^{-1} x + // Open permutation product commitments at x and \omega x .chain(Some(VerifierQuery::new_commitment( &self.permutation_product_commitment, *x, @@ -145,8 +145,8 @@ impl Evaluated { ))) .chain(Some(VerifierQuery::new_commitment( &self.permutation_product_commitment, - x_inv, - self.permutation_product_inv_eval, + x_next, + self.permutation_product_next_eval, ))) // Open permutation commitments for each permutation argument at x .chain(