zec
/
halo2
mirror of https://github.com/zcash/halo2.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Switch directionality of the permutation argument's constraints.

This commit is contained in:
Sean Bowe 2021-03-04 10:34:56 -07:00
parent 9118697213
commit 1c586c081c
No known key found for this signature in database
GPG Key ID: 95684257D8F8B031
3 changed files with 25 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/plonk/permutation.rs
View File

@ -35,8 +35,8 @@ impl Argument {
// l_0(X) * (1 - z(X)) = 0 // l_0(X) * (1 - z(X)) = 0
// //
// degree columns + 1 // degree columns + 1
// z(X) \prod (p(X) + \beta s_i(X) + \gamma) // z(omega X) \prod (p(X) + \beta s_i(X) + \gamma)
// - z(omega^{-1} X) \prod (p(X) + \delta^i \beta X + \gamma) // - z(X) \prod (p(X) + \delta^i \beta X + \gamma)
std::cmp::max(self.columns.len() + 1, 2) std::cmp::max(self.columns.len() + 1, 2)
} }

24
src/plonk/permutation/prover.rs
View File

@ -18,7 +18,7 @@ use crate::{
pub(crate) struct Committed<C: CurveAffine> { pub(crate) struct Committed<C: CurveAffine> {
permutation_product_poly: Polynomial<C::Scalar, Coeff>, permutation_product_poly: Polynomial<C::Scalar, Coeff>,
permutation_product_coset: Polynomial<C::Scalar, ExtendedLagrangeCoeff>, permutation_product_coset: Polynomial<C::Scalar, ExtendedLagrangeCoeff>,
permutation_product_coset_inv: Polynomial<C::Scalar, ExtendedLagrangeCoeff>, permutation_product_coset_next: Polynomial<C::Scalar, ExtendedLagrangeCoeff>,
permutation_product_blind: Blind<C::Scalar>, permutation_product_blind: Blind<C::Scalar>,
} }
@ -120,7 +120,7 @@ impl Argument {
for row in 1..(params.n as usize) { for row in 1..(params.n as usize) {
let mut tmp = z[row - 1]; let mut tmp = z[row - 1];
tmp *= &modified_values[row]; tmp *= &modified_values[row - 1];
z.push(tmp); z.push(tmp);
} }
let z = domain.lagrange_from_vec(z); let z = domain.lagrange_from_vec(z);
@ -132,7 +132,7 @@ impl Argument {
let z = domain.lagrange_to_coeff(z); let z = domain.lagrange_to_coeff(z);
let permutation_product_poly = z.clone(); let permutation_product_poly = z.clone();
let permutation_product_coset = domain.coeff_to_extended(z.clone(), Rotation::cur()); let permutation_product_coset = domain.coeff_to_extended(z.clone(), Rotation::cur());
let permutation_product_coset_inv = domain.coeff_to_extended(z, Rotation::prev()); let permutation_product_coset_next = domain.coeff_to_extended(z, Rotation::next());
let permutation_product_commitment = permutation_product_commitment_projective.to_affine(); let permutation_product_commitment = permutation_product_commitment_projective.to_affine();
@ -144,7 +144,7 @@ impl Argument {
Ok(Committed { Ok(Committed {
permutation_product_poly, permutation_product_poly,
permutation_product_coset, permutation_product_coset,
permutation_product_coset_inv, permutation_product_coset_next,
permutation_product_blind, permutation_product_blind,
}) })
} }
@ -171,9 +171,9 @@ impl<C: CurveAffine> Committed<C> {
.chain(Some( .chain(Some(
Polynomial::one_minus(self.permutation_product_coset.clone()) * &pk.l0, Polynomial::one_minus(self.permutation_product_coset.clone()) * &pk.l0,
)) ))
// z(X) \prod (p(X) + \beta s_i(X) + \gamma) - z(omega^{-1} X) \prod (p(X) + \delta^i \beta X + \gamma) // z(omega X) \prod (p(X) + \beta s_i(X) + \gamma) - z(X) \prod (p(X) + \delta^i \beta X + \gamma)
.chain(Some({ .chain(Some({
let mut left = self.permutation_product_coset.clone(); let mut left = self.permutation_product_coset_next.clone();
for (values, permutation) in p for (values, permutation) in p
.columns .columns
.iter() .iter()
@ -201,7 +201,7 @@ impl<C: CurveAffine> Committed<C> {
}); });
} }
let mut right = self.permutation_product_coset_inv.clone(); let mut right = self.permutation_product_coset.clone();
let mut current_delta = *beta * &C::Scalar::ZETA; let mut current_delta = *beta * &C::Scalar::ZETA;
let step = domain.get_extended_omega(); let step = domain.get_extended_omega();
for values in p.columns.iter().map(|&column| match column.column_type() { for values in p.columns.iter().map(|&column| match column.column_type() {
@ -268,9 +268,9 @@ impl<C: CurveAffine> Constructed<C> {
let permutation_product_eval = eval_polynomial(&self.permutation_product_poly, *x); let permutation_product_eval = eval_polynomial(&self.permutation_product_poly, *x);
let permutation_product_inv_eval = eval_polynomial( let permutation_product_next_eval = eval_polynomial(
&self.permutation_product_poly, &self.permutation_product_poly,
domain.rotate_omega(*x, Rotation(-1)), domain.rotate_omega(*x, Rotation::next()),
); );
let permutation_evals = pkey.evaluate(x); let permutation_evals = pkey.evaluate(x);
@ -278,7 +278,7 @@ impl<C: CurveAffine> Constructed<C> {
// Hash permutation product evals // Hash permutation product evals
for eval in iter::empty() for eval in iter::empty()
.chain(Some(&permutation_product_eval)) .chain(Some(&permutation_product_eval))
.chain(Some(&permutation_product_inv_eval)) .chain(Some(&permutation_product_next_eval))
.chain(permutation_evals.iter()) .chain(permutation_evals.iter())
{ {
transcript transcript
@ -297,7 +297,7 @@ impl<C: CurveAffine> Evaluated<C> {
pkey: &'a ProvingKey<C>, pkey: &'a ProvingKey<C>,
x: ChallengeX<C>, x: ChallengeX<C>,
) -> impl Iterator<Item = ProverQuery<'a, C>> + Clone { ) -> impl Iterator<Item = ProverQuery<'a, C>> + Clone {
let x_inv = pk.vk.domain.rotate_omega(*x, Rotation(-1)); let x_next = pk.vk.domain.rotate_omega(*x, Rotation::next());
iter::empty() iter::empty()
// Open permutation product commitments at x and \omega^{-1} x // Open permutation product commitments at x and \omega^{-1} x
@ -307,7 +307,7 @@ impl<C: CurveAffine> Evaluated<C> {
blind: self.constructed.permutation_product_blind, blind: self.constructed.permutation_product_blind,
})) }))
.chain(Some(ProverQuery { .chain(Some(ProverQuery {
point: x_inv, point: x_next,
poly: &self.constructed.permutation_product_poly, poly: &self.constructed.permutation_product_poly,
blind: self.constructed.permutation_product_blind, blind: self.constructed.permutation_product_blind,
})) }))

22
src/plonk/permutation/verifier.rs
View File

@ -17,7 +17,7 @@ pub struct Committed<C: CurveAffine> {
pub struct Evaluated<C: CurveAffine> { pub struct Evaluated<C: CurveAffine> {
permutation_product_commitment: C, permutation_product_commitment: C,
permutation_product_eval: C::Scalar, permutation_product_eval: C::Scalar,
permutation_product_inv_eval: C::Scalar, permutation_product_next_eval: C::Scalar,
permutation_evals: Vec<C::Scalar>, permutation_evals: Vec<C::Scalar>,
} }
@ -49,7 +49,7 @@ impl<C: CurveAffine> Committed<C> {
let permutation_product_eval = transcript let permutation_product_eval = transcript
.read_scalar() .read_scalar()
.map_err(|_| Error::TranscriptError)?; .map_err(|_| Error::TranscriptError)?;
let permutation_product_inv_eval = transcript let permutation_product_next_eval = transcript
.read_scalar() .read_scalar()
.map_err(|_| Error::TranscriptError)?; .map_err(|_| Error::TranscriptError)?;
let mut permutation_evals = Vec::with_capacity(vkey.commitments.len()); let mut permutation_evals = Vec::with_capacity(vkey.commitments.len());
@ -64,7 +64,7 @@ impl<C: CurveAffine> Committed<C> {
Ok(Evaluated { Ok(Evaluated {
permutation_product_commitment: self.permutation_product_commitment, permutation_product_commitment: self.permutation_product_commitment,
permutation_product_eval, permutation_product_eval,
permutation_product_inv_eval, permutation_product_next_eval,
permutation_evals, permutation_evals,
}) })
} }
@ -88,10 +88,10 @@ impl<C: CurveAffine> Evaluated<C> {
.chain(Some( .chain(Some(
l_0 * &(C::Scalar::one() - &self.permutation_product_eval), l_0 * &(C::Scalar::one() - &self.permutation_product_eval),
)) ))
// z(X) \prod (p(X) + \beta s_i(X) + \gamma) // z(omega X) \prod (p(X) + \beta s_i(X) + \gamma)
// - z(omega^{-1} X) \prod (p(X) + \delta^i \beta X + \gamma) // - z(X) \prod (p(X) + \delta^i \beta X + \gamma)
.chain(Some({ .chain(Some({
let mut left = self.permutation_product_eval; let mut left = self.permutation_product_next_eval;
for (eval, permutation_eval) in p for (eval, permutation_eval) in p
.columns .columns
.iter() .iter()
@ -111,7 +111,7 @@ impl<C: CurveAffine> Evaluated<C> {
left *= &(eval + &(*beta * permutation_eval) + &*gamma); left *= &(eval + &(*beta * permutation_eval) + &*gamma);
} }
let mut right = self.permutation_product_inv_eval; let mut right = self.permutation_product_eval;
let mut current_delta = *beta * &*x; let mut current_delta = *beta * &*x;
for eval in p.columns.iter().map(|&column| match column.column_type() { for eval in p.columns.iter().map(|&column| match column.column_type() {
Any::Advice => advice_evals[vk.cs.get_any_query_index(column, Rotation::cur())], Any::Advice => advice_evals[vk.cs.get_any_query_index(column, Rotation::cur())],
@ -134,10 +134,10 @@ impl<C: CurveAffine> Evaluated<C> {
vkey: &'r VerifyingKey<C>, vkey: &'r VerifyingKey<C>,
x: ChallengeX<C>, x: ChallengeX<C>,
) -> impl Iterator<Item = VerifierQuery<'r, 'params, C>> + Clone { ) -> impl Iterator<Item = VerifierQuery<'r, 'params, C>> + Clone {
let x_inv = vk.domain.rotate_omega(*x, Rotation(-1)); let x_next = vk.domain.rotate_omega(*x, Rotation::next());
iter::empty() iter::empty()
// Open permutation product commitments at x and \omega^{-1} x // Open permutation product commitments at x and \omega x
.chain(Some(VerifierQuery::new_commitment( .chain(Some(VerifierQuery::new_commitment(
&self.permutation_product_commitment, &self.permutation_product_commitment,
*x, *x,
@ -145,8 +145,8 @@ impl<C: CurveAffine> Evaluated<C> {
))) )))
.chain(Some(VerifierQuery::new_commitment( .chain(Some(VerifierQuery::new_commitment(
&self.permutation_product_commitment, &self.permutation_product_commitment,
x_inv, x_next,
self.permutation_product_inv_eval, self.permutation_product_next_eval,
))) )))
// Open permutation commitments for each permutation argument at x // Open permutation commitments for each permutation argument at x
.chain( .chain(