Use the correct permutation values from the SRS.

2020-09-03 14:21:13 -06:00 · 2020-09-03 14:21:13 -06:00 · 4a88d52457
parent d601533bd7
commit 4a88d52457
3 changed files with 10 additions and 4 deletions
--- a/src/plonk.rs
+++ b/src/plonk.rs
@ -33,6 +33,7 @@ pub struct SRS<C: CurveAffine> {
    fixed_polys: Vec<Vec<C::Scalar>>,
    fixed_cosets: Vec<Vec<C::Scalar>>,
    permutation_commitments: Vec<Vec<C>>,
+    permutations: Vec<Vec<Vec<C::Scalar>>>,
    permutation_polys: Vec<Vec<Vec<C::Scalar>>>,
    permutation_cosets: Vec<Vec<Vec<C::Scalar>>>,
    meta: MetaCircuit<C::Scalar>,
--- a/src/plonk/prover.rs
+++ b/src/plonk/prover.rs
@ -158,7 +158,7 @@ impl<C: CurveAffine> Proof<C> {
        let mut permutation_product_blinds = vec![];

        // Iterate over each permutation
-        for (wires, permutations) in srs.meta.permutations.iter().zip(srs.permutation_polys) {
+        for (wires, permutations) in srs.meta.permutations.iter().zip(srs.permutations.iter()) {
            // Goal is to compute the fraction
            //
            // (p_j(\omega^i) + \delta^j \omega^i \beta + \gamma) /
--- a/src/plonk/srs.rs
+++ b/src/plonk/srs.rs
@ -146,10 +146,12 @@ impl<C: CurveAffine> SRS<C> {
        // Compute permutation polynomials, convert to coset form and
        // pre-compute commitments for the SRS.
        let mut permutation_commitments = vec![];
+        let mut permutations = vec![];
        let mut permutation_polys = vec![];
        let mut permutation_cosets = vec![];
        for (permutation_index, permutation) in meta.permutations.iter().enumerate() {
            let mut commitments = vec![];
+            let mut inner_permutations = vec![];
            let mut polys = vec![];
            let mut cosets = vec![];
            for (i, _) in permutation.iter().enumerate() {
@ -172,11 +174,13 @@ impl<C: CurveAffine> SRS<C> {
                        .to_affine(),
                );
                // Store permutation polynomial and precompute its coset evaluation
-                polys.push(permutation_poly.clone());
-                let permutation_poly = domain.obtain_poly(permutation_poly);
-                cosets.push(domain.obtain_coset(permutation_poly, Rotation::default()));
+                inner_permutations.push(permutation_poly.clone());
+                let poly = domain.obtain_poly(permutation_poly);
+                polys.push(poly.clone());
+                cosets.push(domain.obtain_coset(poly, Rotation::default()));
            }
            permutation_commitments.push(commitments);
+            permutations.push(inner_permutations);
            permutation_polys.push(polys);
            permutation_cosets.push(cosets);
        }
@ -208,6 +212,7 @@ impl<C: CurveAffine> SRS<C> {
            fixed_polys,
            fixed_cosets,
            permutation_commitments,
+            permutations,
            permutation_polys,
            permutation_cosets,
            meta,