mirror of https://github.com/zcash/halo2.git
Move Challenge and ChallengeScalar into the transcript module
This commit is contained in:
parent
2e6ca274a4
commit
4d4c79be58
|
@ -6,10 +6,8 @@
|
|||
//! [plonk]: https://eprint.iacr.org/2019/953
|
||||
|
||||
use crate::arithmetic::CurveAffine;
|
||||
use crate::poly::{
|
||||
commitment::ChallengeScalar, multiopen, Coeff, EvaluationDomain, ExtendedLagrangeCoeff,
|
||||
Polynomial,
|
||||
};
|
||||
use crate::poly::{multiopen, Coeff, EvaluationDomain, ExtendedLagrangeCoeff, Polynomial};
|
||||
use crate::transcript::ChallengeScalar;
|
||||
|
||||
mod circuit;
|
||||
mod keygen;
|
||||
|
|
|
@ -5,11 +5,10 @@
|
|||
|
||||
use super::{Coeff, LagrangeCoeff, Polynomial};
|
||||
use crate::arithmetic::{best_fft, best_multiexp, parallelize, Curve, CurveAffine, FieldExt};
|
||||
use crate::transcript::{Hasher, Transcript};
|
||||
use crate::transcript::Hasher;
|
||||
|
||||
use ff::{Field, PrimeField};
|
||||
use std::marker::PhantomData;
|
||||
use std::ops::{Add, AddAssign, Deref, Mul, MulAssign};
|
||||
use std::ops::{Add, AddAssign, Mul, MulAssign};
|
||||
|
||||
mod msm;
|
||||
mod prover;
|
||||
|
@ -18,74 +17,6 @@ mod verifier;
|
|||
pub use msm::MSM;
|
||||
pub use verifier::{Accumulator, Guard};
|
||||
|
||||
/// This is a 128-bit verifier challenge.
|
||||
#[derive(Copy, Clone, Debug)]
|
||||
pub struct Challenge(pub(crate) u128);
|
||||
|
||||
impl Challenge {
|
||||
/// Obtains a new challenge from the transcript.
|
||||
pub fn get<C, HBase, HScalar>(transcript: &mut Transcript<C, HBase, HScalar>) -> Challenge
|
||||
where
|
||||
C: CurveAffine,
|
||||
HBase: Hasher<C::Base>,
|
||||
HScalar: Hasher<C::Scalar>,
|
||||
{
|
||||
Challenge(transcript.squeeze().get_lower_128())
|
||||
}
|
||||
}
|
||||
|
||||
/// The scalar representation of a verifier challenge.
|
||||
///
|
||||
/// The `T` type can be used to scope the challenge to a specific context, or set to `()`
|
||||
/// if no context is required.
|
||||
#[derive(Copy, Clone, Debug)]
|
||||
pub struct ChallengeScalar<F: FieldExt, T> {
|
||||
inner: F,
|
||||
_marker: PhantomData<T>,
|
||||
}
|
||||
|
||||
impl<F: FieldExt, T> From<Challenge> for ChallengeScalar<F, T> {
|
||||
/// This algorithm applies the mapping of Algorithm 1 from the
|
||||
/// [Halo](https://eprint.iacr.org/2019/1021) paper.
|
||||
fn from(challenge: Challenge) -> Self {
|
||||
let mut acc = (F::ZETA + F::one()).double();
|
||||
|
||||
for i in (0..64).rev() {
|
||||
let should_negate = ((challenge.0 >> ((i << 1) + 1)) & 1) == 1;
|
||||
let should_endo = ((challenge.0 >> (i << 1)) & 1) == 1;
|
||||
|
||||
let q = if should_negate { -F::one() } else { F::one() };
|
||||
let q = if should_endo { q * F::ZETA } else { q };
|
||||
acc = acc + q + acc;
|
||||
}
|
||||
|
||||
ChallengeScalar {
|
||||
inner: acc,
|
||||
_marker: PhantomData::default(),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl<F: FieldExt, T> ChallengeScalar<F, T> {
|
||||
/// Obtains a new challenge from the transcript.
|
||||
pub fn get<C, HBase, HScalar>(transcript: &mut Transcript<C, HBase, HScalar>) -> Self
|
||||
where
|
||||
C: CurveAffine,
|
||||
HBase: Hasher<C::Base>,
|
||||
HScalar: Hasher<C::Scalar>,
|
||||
{
|
||||
Challenge::get(transcript).into()
|
||||
}
|
||||
}
|
||||
|
||||
impl<F: FieldExt, T> Deref for ChallengeScalar<F, T> {
|
||||
type Target = F;
|
||||
|
||||
fn deref(&self) -> &F {
|
||||
&self.inner
|
||||
}
|
||||
}
|
||||
|
||||
/// These are the public parameters for the polynomial commitment scheme.
|
||||
#[derive(Debug)]
|
||||
pub struct Params<C: CurveAffine> {
|
||||
|
@ -324,7 +255,7 @@ fn test_opening_proof() {
|
|||
EvaluationDomain,
|
||||
};
|
||||
use crate::arithmetic::{eval_polynomial, Curve, FieldExt};
|
||||
use crate::transcript::{DummyHash, Transcript};
|
||||
use crate::transcript::{ChallengeScalar, DummyHash, Transcript};
|
||||
use crate::tweedle::{EpAffine, Fp, Fq};
|
||||
|
||||
let params = Params::<EpAffine>::new::<DummyHash<Fp>>(K);
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
use ff::Field;
|
||||
|
||||
use super::super::{Coeff, Error, Polynomial};
|
||||
use super::{Blind, Challenge, ChallengeScalar, Params, Proof};
|
||||
use super::{Blind, Params, Proof};
|
||||
use crate::arithmetic::{
|
||||
best_multiexp, compute_inner_product, parallelize, small_multiexp, Curve, CurveAffine, FieldExt,
|
||||
};
|
||||
use crate::transcript::{Hasher, Transcript};
|
||||
use crate::transcript::{Challenge, ChallengeScalar, Hasher, Transcript};
|
||||
|
||||
impl<C: CurveAffine> Proof<C> {
|
||||
/// Create a polynomial commitment opening proof for the polynomial defined
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
use ff::Field;
|
||||
|
||||
use super::super::Error;
|
||||
use super::{Challenge, ChallengeScalar, Params, Proof, MSM};
|
||||
use crate::transcript::{Hasher, Transcript};
|
||||
use super::{Params, Proof, MSM};
|
||||
use crate::transcript::{Challenge, ChallengeScalar, Hasher, Transcript};
|
||||
|
||||
use crate::arithmetic::{best_multiexp, Curve, CurveAffine, FieldExt};
|
||||
|
||||
|
|
|
@ -7,7 +7,10 @@ use ff::Field;
|
|||
use std::collections::{BTreeMap, BTreeSet};
|
||||
|
||||
use super::*;
|
||||
use crate::arithmetic::{CurveAffine, FieldExt};
|
||||
use crate::{
|
||||
arithmetic::{CurveAffine, FieldExt},
|
||||
transcript::ChallengeScalar,
|
||||
};
|
||||
|
||||
mod prover;
|
||||
mod verifier;
|
||||
|
@ -15,23 +18,23 @@ mod verifier;
|
|||
#[derive(Clone, Copy, Debug)]
|
||||
struct X1 {}
|
||||
/// Challenge for compressing openings at the same point sets together.
|
||||
type ChallengeX1<F> = commitment::ChallengeScalar<F, X1>;
|
||||
type ChallengeX1<F> = ChallengeScalar<F, X1>;
|
||||
|
||||
#[derive(Clone, Copy, Debug)]
|
||||
struct X2 {}
|
||||
/// Challenge for keeping the multi-point quotient polynomial terms linearly independent.
|
||||
type ChallengeX2<F> = commitment::ChallengeScalar<F, X2>;
|
||||
type ChallengeX2<F> = ChallengeScalar<F, X2>;
|
||||
|
||||
#[derive(Clone, Copy, Debug)]
|
||||
struct X3 {}
|
||||
/// Challenge point at which the commitments are opened.
|
||||
type ChallengeX3<F> = commitment::ChallengeScalar<F, X3>;
|
||||
type ChallengeX3<F> = ChallengeScalar<F, X3>;
|
||||
|
||||
#[derive(Clone, Copy, Debug)]
|
||||
struct X4 {}
|
||||
/// Challenge for collapsing the openings of the various remaining polynomials at x_3
|
||||
/// together.
|
||||
type ChallengeX4<F> = commitment::ChallengeScalar<F, X4>;
|
||||
type ChallengeX4<F> = ChallengeScalar<F, X4>;
|
||||
|
||||
/// This is a multi-point opening proof used in the polynomial commitment scheme opening.
|
||||
#[derive(Debug, Clone)]
|
||||
|
|
|
@ -3,6 +3,7 @@
|
|||
|
||||
use ff::Field;
|
||||
use std::marker::PhantomData;
|
||||
use std::ops::Deref;
|
||||
|
||||
use crate::arithmetic::{CurveAffine, FieldExt};
|
||||
|
||||
|
@ -122,3 +123,71 @@ impl<C: CurveAffine, HBase: Hasher<C::Base>, HScalar: Hasher<C::Scalar>>
|
|||
self.base_hasher.squeeze()
|
||||
}
|
||||
}
|
||||
|
||||
/// This is a 128-bit verifier challenge.
|
||||
#[derive(Copy, Clone, Debug)]
|
||||
pub struct Challenge(pub(crate) u128);
|
||||
|
||||
impl Challenge {
|
||||
/// Obtains a new challenge from the transcript.
|
||||
pub fn get<C, HBase, HScalar>(transcript: &mut Transcript<C, HBase, HScalar>) -> Challenge
|
||||
where
|
||||
C: CurveAffine,
|
||||
HBase: Hasher<C::Base>,
|
||||
HScalar: Hasher<C::Scalar>,
|
||||
{
|
||||
Challenge(transcript.squeeze().get_lower_128())
|
||||
}
|
||||
}
|
||||
|
||||
/// The scalar representation of a verifier challenge.
|
||||
///
|
||||
/// The `T` type can be used to scope the challenge to a specific context, or set to `()`
|
||||
/// if no context is required.
|
||||
#[derive(Copy, Clone, Debug)]
|
||||
pub struct ChallengeScalar<F: FieldExt, T> {
|
||||
inner: F,
|
||||
_marker: PhantomData<T>,
|
||||
}
|
||||
|
||||
impl<F: FieldExt, T> From<Challenge> for ChallengeScalar<F, T> {
|
||||
/// This algorithm applies the mapping of Algorithm 1 from the
|
||||
/// [Halo](https://eprint.iacr.org/2019/1021) paper.
|
||||
fn from(challenge: Challenge) -> Self {
|
||||
let mut acc = (F::ZETA + F::one()).double();
|
||||
|
||||
for i in (0..64).rev() {
|
||||
let should_negate = ((challenge.0 >> ((i << 1) + 1)) & 1) == 1;
|
||||
let should_endo = ((challenge.0 >> (i << 1)) & 1) == 1;
|
||||
|
||||
let q = if should_negate { -F::one() } else { F::one() };
|
||||
let q = if should_endo { q * F::ZETA } else { q };
|
||||
acc = acc + q + acc;
|
||||
}
|
||||
|
||||
ChallengeScalar {
|
||||
inner: acc,
|
||||
_marker: PhantomData::default(),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl<F: FieldExt, T> ChallengeScalar<F, T> {
|
||||
/// Obtains a new challenge from the transcript.
|
||||
pub fn get<C, HBase, HScalar>(transcript: &mut Transcript<C, HBase, HScalar>) -> Self
|
||||
where
|
||||
C: CurveAffine,
|
||||
HBase: Hasher<C::Base>,
|
||||
HScalar: Hasher<C::Scalar>,
|
||||
{
|
||||
Challenge::get(transcript).into()
|
||||
}
|
||||
}
|
||||
|
||||
impl<F: FieldExt, T> Deref for ChallengeScalar<F, T> {
|
||||
type Target = F;
|
||||
|
||||
fn deref(&self) -> &F {
|
||||
&self.inner
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue