zec
/
halo2
mirror of https://github.com/zcash/halo2.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Move Challenge and ChallengeScalar into the transcript module

This commit is contained in:
Jack Grigg 2020-12-01 22:40:54 +00:00
parent 2e6ca274a4
commit 4d4c79be58
6 changed files with 86 additions and 85 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/plonk.rs
View File

@ -6,10 +6,8 @@
//! [plonk]: https://eprint.iacr.org/2019/953
use crate::arithmetic::CurveAffine;
use crate::poly::{
commitment::ChallengeScalar, multiopen, Coeff, EvaluationDomain, ExtendedLagrangeCoeff,
Polynomial,
};
use crate::poly::{multiopen, Coeff, EvaluationDomain, ExtendedLagrangeCoeff, Polynomial};
use crate::transcript::ChallengeScalar;
mod circuit;
mod keygen;

75
src/poly/commitment.rs
View File

@ -5,11 +5,10 @@
use super::{Coeff, LagrangeCoeff, Polynomial};
use crate::arithmetic::{best_fft, best_multiexp, parallelize, Curve, CurveAffine, FieldExt};
use crate::transcript::{Hasher, Transcript};
use crate::transcript::Hasher;
use ff::{Field, PrimeField};
use std::marker::PhantomData;
use std::ops::{Add, AddAssign, Deref, Mul, MulAssign};
use std::ops::{Add, AddAssign, Mul, MulAssign};
mod msm;
mod prover;
@ -18,74 +17,6 @@ mod verifier;
pub use msm::MSM;
pub use verifier::{Accumulator, Guard};
/// This is a 128-bit verifier challenge.
#[derive(Copy, Clone, Debug)]
pub struct Challenge(pub(crate) u128);
impl Challenge {
/// Obtains a new challenge from the transcript.
pub fn get<C, HBase, HScalar>(transcript: &mut Transcript<C, HBase, HScalar>) -> Challenge
where
C: CurveAffine,
HBase: Hasher<C::Base>,
HScalar: Hasher<C::Scalar>,
{
Challenge(transcript.squeeze().get_lower_128())
}
}
/// The scalar representation of a verifier challenge.
///
/// The `T` type can be used to scope the challenge to a specific context, or set to `()`
/// if no context is required.
#[derive(Copy, Clone, Debug)]
pub struct ChallengeScalar<F: FieldExt, T> {
inner: F,
_marker: PhantomData<T>,
}
impl<F: FieldExt, T> From<Challenge> for ChallengeScalar<F, T> {
/// This algorithm applies the mapping of Algorithm 1 from the
/// [Halo](https://eprint.iacr.org/2019/1021) paper.
fn from(challenge: Challenge) -> Self {
let mut acc = (F::ZETA + F::one()).double();
for i in (0..64).rev() {
let should_negate = ((challenge.0 >> ((i << 1) + 1)) & 1) == 1;
let should_endo = ((challenge.0 >> (i << 1)) & 1) == 1;
let q = if should_negate { -F::one() } else { F::one() };
let q = if should_endo { q * F::ZETA } else { q };
acc = acc + q + acc;
}
ChallengeScalar {
inner: acc,
_marker: PhantomData::default(),
}
}
}
impl<F: FieldExt, T> ChallengeScalar<F, T> {
/// Obtains a new challenge from the transcript.
pub fn get<C, HBase, HScalar>(transcript: &mut Transcript<C, HBase, HScalar>) -> Self
where
C: CurveAffine,
HBase: Hasher<C::Base>,
HScalar: Hasher<C::Scalar>,
{
Challenge::get(transcript).into()
}
}
impl<F: FieldExt, T> Deref for ChallengeScalar<F, T> {
type Target = F;
fn deref(&self) -> &F {
&self.inner
}
}
/// These are the public parameters for the polynomial commitment scheme.
#[derive(Debug)]
pub struct Params<C: CurveAffine> {
@ -324,7 +255,7 @@ fn test_opening_proof() {
EvaluationDomain,
};
use crate::arithmetic::{eval_polynomial, Curve, FieldExt};
use crate::transcript::{DummyHash, Transcript};
use crate::transcript::{ChallengeScalar, DummyHash, Transcript};
use crate::tweedle::{EpAffine, Fp, Fq};
let params = Params::<EpAffine>::new::<DummyHash<Fp>>(K);

4
src/poly/commitment/prover.rs
View File

@ -1,11 +1,11 @@
use ff::Field;
use super::super::{Coeff, Error, Polynomial};
use super::{Blind, Challenge, ChallengeScalar, Params, Proof};
use super::{Blind, Params, Proof};
use crate::arithmetic::{
best_multiexp, compute_inner_product, parallelize, small_multiexp, Curve, CurveAffine, FieldExt,
};
use crate::transcript::{Hasher, Transcript};
use crate::transcript::{Challenge, ChallengeScalar, Hasher, Transcript};
impl<C: CurveAffine> Proof<C> {
/// Create a polynomial commitment opening proof for the polynomial defined

4
src/poly/commitment/verifier.rs
View File

@ -1,8 +1,8 @@
use ff::Field;
use super::super::Error;
use super::{Challenge, ChallengeScalar, Params, Proof, MSM};
use crate::transcript::{Hasher, Transcript};
use super::{Params, Proof, MSM};
use crate::transcript::{Challenge, ChallengeScalar, Hasher, Transcript};
use crate::arithmetic::{best_multiexp, Curve, CurveAffine, FieldExt};

13
src/poly/multiopen.rs
View File

@ -7,7 +7,10 @@ use ff::Field;
use std::collections::{BTreeMap, BTreeSet};
use super::*;
use crate::arithmetic::{CurveAffine, FieldExt};
use crate::{
arithmetic::{CurveAffine, FieldExt},
transcript::ChallengeScalar,
};
mod prover;
mod verifier;
@ -15,23 +18,23 @@ mod verifier;
#[derive(Clone, Copy, Debug)]
struct X1 {}
/// Challenge for compressing openings at the same point sets together.
type ChallengeX1<F> = commitment::ChallengeScalar<F, X1>;
type ChallengeX1<F> = ChallengeScalar<F, X1>;
#[derive(Clone, Copy, Debug)]
struct X2 {}
/// Challenge for keeping the multi-point quotient polynomial terms linearly independent.
type ChallengeX2<F> = commitment::ChallengeScalar<F, X2>;
type ChallengeX2<F> = ChallengeScalar<F, X2>;
#[derive(Clone, Copy, Debug)]
struct X3 {}
/// Challenge point at which the commitments are opened.
type ChallengeX3<F> = commitment::ChallengeScalar<F, X3>;
type ChallengeX3<F> = ChallengeScalar<F, X3>;
#[derive(Clone, Copy, Debug)]
struct X4 {}
/// Challenge for collapsing the openings of the various remaining polynomials at x_3
/// together.
type ChallengeX4<F> = commitment::ChallengeScalar<F, X4>;
type ChallengeX4<F> = ChallengeScalar<F, X4>;
/// This is a multi-point opening proof used in the polynomial commitment scheme opening.
#[derive(Debug, Clone)]

69
src/transcript.rs
View File

@ -3,6 +3,7 @@
use ff::Field;
use std::marker::PhantomData;
use std::ops::Deref;
use crate::arithmetic::{CurveAffine, FieldExt};
@ -122,3 +123,71 @@ impl<C: CurveAffine, HBase: Hasher<C::Base>, HScalar: Hasher<C::Scalar>>
self.base_hasher.squeeze()
}
}
/// This is a 128-bit verifier challenge.
#[derive(Copy, Clone, Debug)]
pub struct Challenge(pub(crate) u128);
impl Challenge {
/// Obtains a new challenge from the transcript.
pub fn get<C, HBase, HScalar>(transcript: &mut Transcript<C, HBase, HScalar>) -> Challenge
where
C: CurveAffine,
HBase: Hasher<C::Base>,
HScalar: Hasher<C::Scalar>,
{
Challenge(transcript.squeeze().get_lower_128())
}
}
/// The scalar representation of a verifier challenge.
///
/// The `T` type can be used to scope the challenge to a specific context, or set to `()`
/// if no context is required.
#[derive(Copy, Clone, Debug)]
pub struct ChallengeScalar<F: FieldExt, T> {
inner: F,
_marker: PhantomData<T>,
}
impl<F: FieldExt, T> From<Challenge> for ChallengeScalar<F, T> {
/// This algorithm applies the mapping of Algorithm 1 from the
/// [Halo](https://eprint.iacr.org/2019/1021) paper.
fn from(challenge: Challenge) -> Self {
let mut acc = (F::ZETA + F::one()).double();
for i in (0..64).rev() {
let should_negate = ((challenge.0 >> ((i << 1) + 1)) & 1) == 1;
let should_endo = ((challenge.0 >> (i << 1)) & 1) == 1;
let q = if should_negate { -F::one() } else { F::one() };
let q = if should_endo { q * F::ZETA } else { q };
acc = acc + q + acc;
}
ChallengeScalar {
inner: acc,
_marker: PhantomData::default(),
}
}
}
impl<F: FieldExt, T> ChallengeScalar<F, T> {
/// Obtains a new challenge from the transcript.
pub fn get<C, HBase, HScalar>(transcript: &mut Transcript<C, HBase, HScalar>) -> Self
where
C: CurveAffine,
HBase: Hasher<C::Base>,
HScalar: Hasher<C::Scalar>,
{
Challenge::get(transcript).into()
}
}
impl<F: FieldExt, T> Deref for ChallengeScalar<F, T> {
type Target = F;
fn deref(&self) -> &F {
&self.inner
}
}