mirror of https://github.com/zcash/halo2.git
Merge pull request #54 from zcash/column-types
Introduce Column struct and ColumnType trait
This commit is contained in:
commit
629bab41b0
|
@ -4,6 +4,7 @@ version = "0.0.1"
|
|||
authors = [
|
||||
"Sean Bowe <sean@electriccoin.co>",
|
||||
"Ying Tong Lai <yingtong@electriccoin.co>",
|
||||
"Daira Hopwood <daira@electriccoin.co>",
|
||||
]
|
||||
edition = "2018"
|
||||
description = """
|
||||
|
|
64
src/plonk.rs
64
src/plonk.rs
|
@ -114,28 +114,29 @@ fn test_proving() {
|
|||
use crate::arithmetic::{Curve, EqAffine, Field, Fp, Fq};
|
||||
use crate::poly::commitment::{Blind, Params};
|
||||
use crate::transcript::DummyHash;
|
||||
use circuit::{Advice, Column, Fixed};
|
||||
use std::marker::PhantomData;
|
||||
const K: u32 = 5;
|
||||
|
||||
/// This represents an advice wire at a certain row in the ConstraintSystem
|
||||
/// This represents an advice column at a certain row in the ConstraintSystem
|
||||
#[derive(Copy, Clone, Debug)]
|
||||
pub struct Variable(AdviceWire, usize);
|
||||
pub struct Variable(Column<Advice>, usize);
|
||||
|
||||
// Initialize the polynomial commitment parameters
|
||||
let params: Params<EqAffine> = Params::new::<DummyHash<Fq>>(K);
|
||||
|
||||
struct PLONKConfig {
|
||||
a: AdviceWire,
|
||||
b: AdviceWire,
|
||||
c: AdviceWire,
|
||||
d: AdviceWire,
|
||||
e: AdviceWire,
|
||||
a: Column<Advice>,
|
||||
b: Column<Advice>,
|
||||
c: Column<Advice>,
|
||||
d: Column<Advice>,
|
||||
e: Column<Advice>,
|
||||
|
||||
sa: FixedWire,
|
||||
sb: FixedWire,
|
||||
sc: FixedWire,
|
||||
sm: FixedWire,
|
||||
sp: FixedWire,
|
||||
sa: Column<Fixed>,
|
||||
sb: Column<Fixed>,
|
||||
sc: Column<Fixed>,
|
||||
sm: Column<Fixed>,
|
||||
sp: Column<Fixed>,
|
||||
|
||||
perm: usize,
|
||||
perm2: usize,
|
||||
|
@ -254,13 +255,13 @@ fn test_proving() {
|
|||
))
|
||||
}
|
||||
fn copy(&mut self, left: Variable, right: Variable) -> Result<(), Error> {
|
||||
let left_wire = match left.0 {
|
||||
let left_column = match left.0 {
|
||||
x if x == self.config.a => 0,
|
||||
x if x == self.config.b => 1,
|
||||
x if x == self.config.c => 2,
|
||||
_ => unreachable!(),
|
||||
};
|
||||
let right_wire = match right.0 {
|
||||
let right_column = match right.0 {
|
||||
x if x == self.config.a => 0,
|
||||
x if x == self.config.b => 1,
|
||||
x if x == self.config.c => 2,
|
||||
|
@ -268,9 +269,14 @@ fn test_proving() {
|
|||
};
|
||||
|
||||
self.cs
|
||||
.copy(self.config.perm, left_wire, left.1, right_wire, right.1)?;
|
||||
self.cs
|
||||
.copy(self.config.perm2, left_wire, left.1, right_wire, right.1)
|
||||
.copy(self.config.perm, left_column, left.1, right_column, right.1)?;
|
||||
self.cs.copy(
|
||||
self.config.perm2,
|
||||
left_column,
|
||||
left.1,
|
||||
right_column,
|
||||
right.1,
|
||||
)
|
||||
}
|
||||
fn public_input<F>(&mut self, f: F) -> Result<Variable, Error>
|
||||
where
|
||||
|
@ -290,22 +296,22 @@ fn test_proving() {
|
|||
type Config = PLONKConfig;
|
||||
|
||||
fn configure(meta: &mut ConstraintSystem<F>) -> PLONKConfig {
|
||||
let e = meta.advice_wire();
|
||||
let a = meta.advice_wire();
|
||||
let b = meta.advice_wire();
|
||||
let sf = meta.fixed_wire();
|
||||
let c = meta.advice_wire();
|
||||
let d = meta.advice_wire();
|
||||
let p = meta.aux_wire();
|
||||
let e = meta.advice_column();
|
||||
let a = meta.advice_column();
|
||||
let b = meta.advice_column();
|
||||
let sf = meta.fixed_column();
|
||||
let c = meta.advice_column();
|
||||
let d = meta.advice_column();
|
||||
let p = meta.aux_column();
|
||||
|
||||
let perm = meta.permutation(&[a, b, c]);
|
||||
let perm2 = meta.permutation(&[a, b, c]);
|
||||
|
||||
let sm = meta.fixed_wire();
|
||||
let sa = meta.fixed_wire();
|
||||
let sb = meta.fixed_wire();
|
||||
let sc = meta.fixed_wire();
|
||||
let sp = meta.fixed_wire();
|
||||
let sm = meta.fixed_column();
|
||||
let sa = meta.fixed_column();
|
||||
let sb = meta.fixed_column();
|
||||
let sc = meta.fixed_column();
|
||||
let sp = meta.fixed_column();
|
||||
|
||||
meta.create_gate(|meta| {
|
||||
let d = meta.query_advice(d, 1);
|
||||
|
|
|
@ -1,30 +1,136 @@
|
|||
use core::cmp::max;
|
||||
use core::ops::{Add, Mul};
|
||||
use std::collections::BTreeMap;
|
||||
use std::convert::TryFrom;
|
||||
|
||||
use super::Error;
|
||||
use crate::arithmetic::Field;
|
||||
|
||||
use crate::poly::Rotation;
|
||||
/// This represents a wire which has a fixed (permanent) value
|
||||
#[derive(Copy, Clone, Debug, Eq, PartialEq, Hash)]
|
||||
pub struct FixedWire(pub usize);
|
||||
|
||||
/// This represents a wire which has a witness-specific value
|
||||
#[derive(Copy, Clone, Debug, Eq, PartialEq, Hash)]
|
||||
pub struct AdviceWire(pub usize);
|
||||
/// A column type
|
||||
pub trait ColumnType: 'static + Sized {}
|
||||
|
||||
/// This represents a wire which has an externally assigned value
|
||||
#[derive(Copy, Clone, Debug, Eq, PartialEq, Hash)]
|
||||
pub struct AuxWire(pub usize);
|
||||
/// A column with an index and type
|
||||
#[derive(Clone, Copy, Debug, Eq, PartialEq)]
|
||||
pub struct Column<C: ColumnType> {
|
||||
index: usize,
|
||||
column_type: C,
|
||||
}
|
||||
|
||||
impl<C: ColumnType> Column<C> {
|
||||
pub(crate) fn index(&self) -> usize {
|
||||
self.index
|
||||
}
|
||||
|
||||
pub(crate) fn column_type(&self) -> &C {
|
||||
&self.column_type
|
||||
}
|
||||
}
|
||||
|
||||
/// An advice column
|
||||
#[derive(Clone, Copy, Debug, Eq, PartialEq)]
|
||||
pub struct Advice;
|
||||
|
||||
/// A fixed column
|
||||
#[derive(Clone, Copy, Debug, Eq, PartialEq)]
|
||||
pub struct Fixed;
|
||||
|
||||
/// An auxiliary column
|
||||
#[derive(Clone, Copy, Debug, Eq, PartialEq)]
|
||||
pub struct Aux;
|
||||
|
||||
/// An enum over the Advice, Fixed, Aux structs
|
||||
#[derive(Clone, Copy, Debug, Eq, PartialEq)]
|
||||
pub enum Any {
|
||||
/// An Advice variant
|
||||
Advice,
|
||||
/// A Fixed variant
|
||||
Fixed,
|
||||
/// An Auxiliary variant
|
||||
Aux,
|
||||
}
|
||||
|
||||
impl ColumnType for Advice {}
|
||||
impl ColumnType for Fixed {}
|
||||
impl ColumnType for Aux {}
|
||||
impl ColumnType for Any {}
|
||||
|
||||
impl From<Column<Advice>> for Column<Any> {
|
||||
fn from(advice: Column<Advice>) -> Column<Any> {
|
||||
Column {
|
||||
index: advice.index(),
|
||||
column_type: Any::Advice,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl From<Column<Fixed>> for Column<Any> {
|
||||
fn from(advice: Column<Fixed>) -> Column<Any> {
|
||||
Column {
|
||||
index: advice.index(),
|
||||
column_type: Any::Fixed,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl From<Column<Aux>> for Column<Any> {
|
||||
fn from(advice: Column<Aux>) -> Column<Any> {
|
||||
Column {
|
||||
index: advice.index(),
|
||||
column_type: Any::Aux,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl TryFrom<Column<Any>> for Column<Advice> {
|
||||
type Error = &'static str;
|
||||
|
||||
fn try_from(any: Column<Any>) -> Result<Self, Self::Error> {
|
||||
match any.column_type() {
|
||||
Any::Advice => Ok(Column {
|
||||
index: any.index(),
|
||||
column_type: Advice,
|
||||
}),
|
||||
_ => Err("Cannot convert into Column<Advice>"),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl TryFrom<Column<Any>> for Column<Fixed> {
|
||||
type Error = &'static str;
|
||||
|
||||
fn try_from(any: Column<Any>) -> Result<Self, Self::Error> {
|
||||
match any.column_type() {
|
||||
Any::Fixed => Ok(Column {
|
||||
index: any.index(),
|
||||
column_type: Fixed,
|
||||
}),
|
||||
_ => Err("Cannot convert into Column<Fixed>"),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl TryFrom<Column<Any>> for Column<Aux> {
|
||||
type Error = &'static str;
|
||||
|
||||
fn try_from(any: Column<Any>) -> Result<Self, Self::Error> {
|
||||
match any.column_type() {
|
||||
Any::Aux => Ok(Column {
|
||||
index: any.index(),
|
||||
column_type: Aux,
|
||||
}),
|
||||
_ => Err("Cannot convert into Column<Aux>"),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/// This trait allows a [`Circuit`] to direct some backend to assign a witness
|
||||
/// for a constraint system.
|
||||
pub trait Assignment<F: Field> {
|
||||
/// Assign an advice wire value (witness)
|
||||
/// Assign an advice column value (witness)
|
||||
fn assign_advice(
|
||||
&mut self,
|
||||
wire: AdviceWire,
|
||||
column: Column<Advice>,
|
||||
row: usize,
|
||||
to: impl FnOnce() -> Result<F, Error>,
|
||||
) -> Result<(), Error>;
|
||||
|
@ -32,18 +138,18 @@ pub trait Assignment<F: Field> {
|
|||
/// Assign a fixed value
|
||||
fn assign_fixed(
|
||||
&mut self,
|
||||
wire: FixedWire,
|
||||
column: Column<Fixed>,
|
||||
row: usize,
|
||||
to: impl FnOnce() -> Result<F, Error>,
|
||||
) -> Result<(), Error>;
|
||||
|
||||
/// Assign two advice wires to have the same value
|
||||
/// Assign two advice columns to have the same value
|
||||
fn copy(
|
||||
&mut self,
|
||||
permutation: usize,
|
||||
left_wire: usize,
|
||||
left_column: usize,
|
||||
left_row: usize,
|
||||
right_wire: usize,
|
||||
right_column: usize,
|
||||
right_row: usize,
|
||||
) -> Result<(), Error>;
|
||||
}
|
||||
|
@ -52,11 +158,11 @@ pub trait Assignment<F: Field> {
|
|||
/// backend prover can ask the circuit to synthesize using some given
|
||||
/// [`ConstraintSystem`] implementation.
|
||||
pub trait Circuit<F: Field> {
|
||||
/// This is a configuration object that stores things like wires.
|
||||
/// This is a configuration object that stores things like columns.
|
||||
type Config;
|
||||
|
||||
/// The circuit is given an opportunity to describe the exact gate
|
||||
/// arrangement, wire arrangement, etc.
|
||||
/// arrangement, column arrangement, etc.
|
||||
fn configure(meta: &mut ConstraintSystem<F>) -> Self::Config;
|
||||
|
||||
/// Given the provided `cs`, synthesize the circuit. The concrete type of
|
||||
|
@ -65,14 +171,14 @@ pub trait Circuit<F: Field> {
|
|||
fn synthesize(&self, cs: &mut impl Assignment<F>, config: Self::Config) -> Result<(), Error>;
|
||||
}
|
||||
|
||||
/// Low-degree expression representing an identity that must hold over the committed wires.
|
||||
/// Low-degree expression representing an identity that must hold over the committed columns.
|
||||
#[derive(Clone, Debug)]
|
||||
pub enum Expression<F> {
|
||||
/// This is a fixed wire queried at a certain relative location
|
||||
/// This is a fixed column queried at a certain relative location
|
||||
Fixed(usize),
|
||||
/// This is an advice (witness) wire queried at a certain relative location
|
||||
/// This is an advice (witness) column queried at a certain relative location
|
||||
Advice(usize),
|
||||
/// This is an auxiliary (external) wire queried at a certain relative location
|
||||
/// This is an auxiliary (external) column queried at a certain relative location
|
||||
Aux(usize),
|
||||
/// This is the sum of two polynomials
|
||||
Sum(Box<Expression<F>>, Box<Expression<F>>),
|
||||
|
@ -87,29 +193,64 @@ impl<F: Field> Expression<F> {
|
|||
/// operations.
|
||||
pub fn evaluate<T>(
|
||||
&self,
|
||||
fixed_wire: &impl Fn(usize) -> T,
|
||||
advice_wire: &impl Fn(usize) -> T,
|
||||
aux_wire: &impl Fn(usize) -> T,
|
||||
fixed_column: &impl Fn(usize) -> T,
|
||||
advice_column: &impl Fn(usize) -> T,
|
||||
aux_column: &impl Fn(usize) -> T,
|
||||
sum: &impl Fn(T, T) -> T,
|
||||
product: &impl Fn(T, T) -> T,
|
||||
scaled: &impl Fn(T, F) -> T,
|
||||
) -> T {
|
||||
match self {
|
||||
Expression::Fixed(index) => fixed_wire(*index),
|
||||
Expression::Advice(index) => advice_wire(*index),
|
||||
Expression::Aux(index) => aux_wire(*index),
|
||||
Expression::Fixed(index) => fixed_column(*index),
|
||||
Expression::Advice(index) => advice_column(*index),
|
||||
Expression::Aux(index) => aux_column(*index),
|
||||
Expression::Sum(a, b) => {
|
||||
let a = a.evaluate(fixed_wire, advice_wire, aux_wire, sum, product, scaled);
|
||||
let b = b.evaluate(fixed_wire, advice_wire, aux_wire, sum, product, scaled);
|
||||
let a = a.evaluate(
|
||||
fixed_column,
|
||||
advice_column,
|
||||
aux_column,
|
||||
sum,
|
||||
product,
|
||||
scaled,
|
||||
);
|
||||
let b = b.evaluate(
|
||||
fixed_column,
|
||||
advice_column,
|
||||
aux_column,
|
||||
sum,
|
||||
product,
|
||||
scaled,
|
||||
);
|
||||
sum(a, b)
|
||||
}
|
||||
Expression::Product(a, b) => {
|
||||
let a = a.evaluate(fixed_wire, advice_wire, aux_wire, sum, product, scaled);
|
||||
let b = b.evaluate(fixed_wire, advice_wire, aux_wire, sum, product, scaled);
|
||||
let a = a.evaluate(
|
||||
fixed_column,
|
||||
advice_column,
|
||||
aux_column,
|
||||
sum,
|
||||
product,
|
||||
scaled,
|
||||
);
|
||||
let b = b.evaluate(
|
||||
fixed_column,
|
||||
advice_column,
|
||||
aux_column,
|
||||
sum,
|
||||
product,
|
||||
scaled,
|
||||
);
|
||||
product(a, b)
|
||||
}
|
||||
Expression::Scaled(a, f) => {
|
||||
let a = a.evaluate(fixed_wire, advice_wire, aux_wire, sum, product, scaled);
|
||||
let a = a.evaluate(
|
||||
fixed_column,
|
||||
advice_column,
|
||||
aux_column,
|
||||
sum,
|
||||
product,
|
||||
scaled,
|
||||
);
|
||||
scaled(a, *f)
|
||||
}
|
||||
}
|
||||
|
@ -154,24 +295,24 @@ impl<F> Mul<F> for Expression<F> {
|
|||
#[derive(Copy, Clone, Debug)]
|
||||
pub(crate) struct PointIndex(pub usize);
|
||||
|
||||
/// This is a description of the circuit environment, such as the gate, wire and
|
||||
/// This is a description of the circuit environment, such as the gate, column and
|
||||
/// permutation arrangements.
|
||||
#[derive(Debug, Clone)]
|
||||
pub struct ConstraintSystem<F> {
|
||||
pub(crate) num_fixed_wires: usize,
|
||||
pub(crate) num_advice_wires: usize,
|
||||
pub(crate) num_aux_wires: usize,
|
||||
pub(crate) num_fixed_columns: usize,
|
||||
pub(crate) num_advice_columns: usize,
|
||||
pub(crate) num_aux_columns: usize,
|
||||
pub(crate) gates: Vec<Expression<F>>,
|
||||
pub(crate) advice_queries: Vec<(AdviceWire, Rotation)>,
|
||||
pub(crate) aux_queries: Vec<(AuxWire, Rotation)>,
|
||||
pub(crate) fixed_queries: Vec<(FixedWire, Rotation)>,
|
||||
pub(crate) advice_queries: Vec<(Column<Advice>, Rotation)>,
|
||||
pub(crate) aux_queries: Vec<(Column<Aux>, Rotation)>,
|
||||
pub(crate) fixed_queries: Vec<(Column<Fixed>, Rotation)>,
|
||||
|
||||
// Mapping from a witness vector rotation to the index in the point vector.
|
||||
pub(crate) rotations: BTreeMap<Rotation, PointIndex>,
|
||||
|
||||
// Vector of permutation arguments, where each corresponds to a set of wires
|
||||
// Vector of permutation arguments, where each corresponds to a sequence of columns
|
||||
// that are involved in a permutation argument.
|
||||
pub(crate) permutations: Vec<Vec<AdviceWire>>,
|
||||
pub(crate) permutations: Vec<Vec<Column<Advice>>>,
|
||||
}
|
||||
|
||||
impl<F: Field> Default for ConstraintSystem<F> {
|
||||
|
@ -180,9 +321,9 @@ impl<F: Field> Default for ConstraintSystem<F> {
|
|||
rotations.insert(Rotation::default(), PointIndex(0));
|
||||
|
||||
ConstraintSystem {
|
||||
num_fixed_wires: 0,
|
||||
num_advice_wires: 0,
|
||||
num_aux_wires: 0,
|
||||
num_fixed_columns: 0,
|
||||
num_advice_columns: 0,
|
||||
num_aux_columns: 0,
|
||||
gates: vec![],
|
||||
fixed_queries: Vec::new(),
|
||||
advice_queries: Vec::new(),
|
||||
|
@ -194,8 +335,8 @@ impl<F: Field> Default for ConstraintSystem<F> {
|
|||
}
|
||||
|
||||
impl<F: Field> ConstraintSystem<F> {
|
||||
/// Add a permutation argument for some advice wires
|
||||
pub fn permutation(&mut self, wires: &[AdviceWire]) -> usize {
|
||||
/// Add a permutation argument for some advice columns
|
||||
pub fn permutation(&mut self, columns: &[Column<Advice>]) -> usize {
|
||||
let index = self.permutations.len();
|
||||
if self.permutations.is_empty() {
|
||||
let at = Rotation(-1);
|
||||
|
@ -203,15 +344,15 @@ impl<F: Field> ConstraintSystem<F> {
|
|||
self.rotations.entry(at).or_insert(PointIndex(len));
|
||||
}
|
||||
|
||||
for wire in wires {
|
||||
self.query_advice_index(*wire, 0);
|
||||
for column in columns {
|
||||
self.query_advice_index(*column, 0);
|
||||
}
|
||||
self.permutations.push(wires.to_vec());
|
||||
self.permutations.push(columns.to_vec());
|
||||
|
||||
index
|
||||
}
|
||||
|
||||
fn query_fixed_index(&mut self, wire: FixedWire, at: i32) -> usize {
|
||||
fn query_fixed_index(&mut self, column: Column<Fixed>, at: i32) -> usize {
|
||||
let at = Rotation(at);
|
||||
{
|
||||
let len = self.rotations.len();
|
||||
|
@ -220,35 +361,24 @@ impl<F: Field> ConstraintSystem<F> {
|
|||
|
||||
// Return existing query, if it exists
|
||||
for (index, fixed_query) in self.fixed_queries.iter().enumerate() {
|
||||
if fixed_query == &(wire, at) {
|
||||
if fixed_query == &(column, at) {
|
||||
return index;
|
||||
}
|
||||
}
|
||||
|
||||
// Make a new query
|
||||
let index = self.fixed_queries.len();
|
||||
self.fixed_queries.push((wire, at));
|
||||
self.fixed_queries.push((column, at));
|
||||
|
||||
index
|
||||
}
|
||||
|
||||
/// Query a fixed wire at a relative position
|
||||
pub fn query_fixed(&mut self, wire: FixedWire, at: i32) -> Expression<F> {
|
||||
Expression::Fixed(self.query_fixed_index(wire, at))
|
||||
/// Query a fixed column at a relative position
|
||||
pub fn query_fixed(&mut self, column: Column<Fixed>, at: i32) -> Expression<F> {
|
||||
Expression::Fixed(self.query_fixed_index(column, at))
|
||||
}
|
||||
|
||||
pub(crate) fn get_advice_query_index(&self, wire: AdviceWire, at: i32) -> usize {
|
||||
let at = Rotation(at);
|
||||
for (index, advice_query) in self.advice_queries.iter().enumerate() {
|
||||
if advice_query == &(wire, at) {
|
||||
return index;
|
||||
}
|
||||
}
|
||||
|
||||
panic!("get_advice_query_index called for non-existant query");
|
||||
}
|
||||
|
||||
pub(crate) fn query_advice_index(&mut self, wire: AdviceWire, at: i32) -> usize {
|
||||
pub(crate) fn query_advice_index(&mut self, column: Column<Advice>, at: i32) -> usize {
|
||||
let at = Rotation(at);
|
||||
{
|
||||
let len = self.rotations.len();
|
||||
|
@ -257,24 +387,24 @@ impl<F: Field> ConstraintSystem<F> {
|
|||
|
||||
// Return existing query, if it exists
|
||||
for (index, advice_query) in self.advice_queries.iter().enumerate() {
|
||||
if advice_query == &(wire, at) {
|
||||
if advice_query == &(column, at) {
|
||||
return index;
|
||||
}
|
||||
}
|
||||
|
||||
// Make a new query
|
||||
let index = self.advice_queries.len();
|
||||
self.advice_queries.push((wire, at));
|
||||
self.advice_queries.push((column, at));
|
||||
|
||||
index
|
||||
}
|
||||
|
||||
/// Query an advice wire at a relative position
|
||||
pub fn query_advice(&mut self, wire: AdviceWire, at: i32) -> Expression<F> {
|
||||
Expression::Advice(self.query_advice_index(wire, at))
|
||||
/// Query an advice column at a relative position
|
||||
pub fn query_advice(&mut self, column: Column<Advice>, at: i32) -> Expression<F> {
|
||||
Expression::Advice(self.query_advice_index(column, at))
|
||||
}
|
||||
|
||||
fn query_aux_index(&mut self, wire: AuxWire, at: i32) -> usize {
|
||||
fn query_aux_index(&mut self, column: Column<Aux>, at: i32) -> usize {
|
||||
let at = Rotation(at);
|
||||
{
|
||||
let len = self.rotations.len();
|
||||
|
@ -283,21 +413,91 @@ impl<F: Field> ConstraintSystem<F> {
|
|||
|
||||
// Return existing query, if it exists
|
||||
for (index, aux_query) in self.aux_queries.iter().enumerate() {
|
||||
if aux_query == &(wire, at) {
|
||||
if aux_query == &(column, at) {
|
||||
return index;
|
||||
}
|
||||
}
|
||||
|
||||
// Make a new query
|
||||
let index = self.aux_queries.len();
|
||||
self.aux_queries.push((wire, at));
|
||||
self.aux_queries.push((column, at));
|
||||
|
||||
index
|
||||
}
|
||||
|
||||
/// Query an auxiliary wire at a relative position
|
||||
pub fn query_aux(&mut self, wire: AuxWire, at: i32) -> Expression<F> {
|
||||
Expression::Aux(self.query_aux_index(wire, at))
|
||||
/// Query an auxiliary column at a relative position
|
||||
pub fn query_aux(&mut self, column: Column<Aux>, at: i32) -> Expression<F> {
|
||||
Expression::Aux(self.query_aux_index(column, at))
|
||||
}
|
||||
|
||||
fn query_any_index(&mut self, column: Column<Any>, at: i32) -> usize {
|
||||
let index = match column.column_type() {
|
||||
Any::Advice => self.query_advice_index(Column::<Advice>::try_from(column).unwrap(), at),
|
||||
Any::Fixed => self.query_fixed_index(Column::<Fixed>::try_from(column).unwrap(), at),
|
||||
Any::Aux => self.query_aux_index(Column::<Aux>::try_from(column).unwrap(), at),
|
||||
};
|
||||
|
||||
index
|
||||
}
|
||||
|
||||
/// Query an Any column at a relative position
|
||||
pub fn query_any(&mut self, column: Column<Any>, at: i32) -> Expression<F> {
|
||||
match column.column_type() {
|
||||
Any::Advice => Expression::Advice(
|
||||
self.query_advice_index(Column::<Advice>::try_from(column).unwrap(), at),
|
||||
),
|
||||
Any::Fixed => Expression::Fixed(
|
||||
self.query_fixed_index(Column::<Fixed>::try_from(column).unwrap(), at),
|
||||
),
|
||||
Any::Aux => {
|
||||
Expression::Aux(self.query_aux_index(Column::<Aux>::try_from(column).unwrap(), at))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
pub(crate) fn get_advice_query_index(&self, column: Column<Advice>, at: i32) -> usize {
|
||||
let at = Rotation(at);
|
||||
for (index, advice_query) in self.advice_queries.iter().enumerate() {
|
||||
if advice_query == &(column, at) {
|
||||
return index;
|
||||
}
|
||||
}
|
||||
|
||||
panic!("get_advice_query_index called for non-existent query");
|
||||
}
|
||||
|
||||
pub(crate) fn get_fixed_query_index(&self, column: Column<Fixed>, at: i32) -> usize {
|
||||
let at = Rotation(at);
|
||||
for (index, fixed_query) in self.fixed_queries.iter().enumerate() {
|
||||
if fixed_query == &(column, at) {
|
||||
return index;
|
||||
}
|
||||
}
|
||||
|
||||
panic!("get_fixed_query_index called for non-existent query");
|
||||
}
|
||||
|
||||
pub(crate) fn get_aux_query_index(&self, column: Column<Aux>, at: i32) -> usize {
|
||||
let at = Rotation(at);
|
||||
for (index, aux_query) in self.aux_queries.iter().enumerate() {
|
||||
if aux_query == &(column, at) {
|
||||
return index;
|
||||
}
|
||||
}
|
||||
|
||||
panic!("get_aux_query_index called for non-existent query");
|
||||
}
|
||||
|
||||
pub(crate) fn get_any_query_index(&self, column: Column<Any>, at: i32) -> usize {
|
||||
match column.column_type() {
|
||||
Any::Advice => {
|
||||
self.get_advice_query_index(Column::<Advice>::try_from(column).unwrap(), at)
|
||||
}
|
||||
Any::Fixed => {
|
||||
self.get_fixed_query_index(Column::<Fixed>::try_from(column).unwrap(), at)
|
||||
}
|
||||
Any::Aux => self.get_aux_query_index(Column::<Aux>::try_from(column).unwrap(), at),
|
||||
}
|
||||
}
|
||||
|
||||
/// Create a new gate
|
||||
|
@ -306,24 +506,33 @@ impl<F: Field> ConstraintSystem<F> {
|
|||
self.gates.push(poly);
|
||||
}
|
||||
|
||||
/// Allocate a new fixed wire
|
||||
pub fn fixed_wire(&mut self) -> FixedWire {
|
||||
let tmp = FixedWire(self.num_fixed_wires);
|
||||
self.num_fixed_wires += 1;
|
||||
/// Allocate a new fixed column
|
||||
pub fn fixed_column(&mut self) -> Column<Fixed> {
|
||||
let tmp = Column {
|
||||
index: self.num_fixed_columns,
|
||||
column_type: Fixed,
|
||||
};
|
||||
self.num_fixed_columns += 1;
|
||||
tmp
|
||||
}
|
||||
|
||||
/// Allocate a new advice wire
|
||||
pub fn advice_wire(&mut self) -> AdviceWire {
|
||||
let tmp = AdviceWire(self.num_advice_wires);
|
||||
self.num_advice_wires += 1;
|
||||
/// Allocate a new advice column
|
||||
pub fn advice_column(&mut self) -> Column<Advice> {
|
||||
let tmp = Column {
|
||||
index: self.num_advice_columns,
|
||||
column_type: Advice,
|
||||
};
|
||||
self.num_advice_columns += 1;
|
||||
tmp
|
||||
}
|
||||
|
||||
/// Allocate a new auxiliary wire
|
||||
pub fn aux_wire(&mut self) -> AuxWire {
|
||||
let tmp = AuxWire(self.num_aux_wires);
|
||||
self.num_aux_wires += 1;
|
||||
/// Allocate a new auxiliary column
|
||||
pub fn aux_column(&mut self) -> Column<Aux> {
|
||||
let tmp = Column {
|
||||
index: self.num_aux_columns,
|
||||
column_type: Aux,
|
||||
};
|
||||
self.num_aux_columns += 1;
|
||||
tmp
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
use super::{
|
||||
circuit::{AdviceWire, Assignment, Circuit, ConstraintSystem, FixedWire},
|
||||
circuit::{Advice, Assignment, Circuit, Column, ConstraintSystem, Fixed},
|
||||
Error, ProvingKey, VerifyingKey,
|
||||
};
|
||||
use crate::arithmetic::{Curve, CurveAffine, Field};
|
||||
|
@ -28,23 +28,23 @@ where
|
|||
impl<F: Field> Assignment<F> for Assembly<F> {
|
||||
fn assign_advice(
|
||||
&mut self,
|
||||
_: AdviceWire,
|
||||
_: Column<Advice>,
|
||||
_: usize,
|
||||
_: impl FnOnce() -> Result<F, Error>,
|
||||
) -> Result<(), Error> {
|
||||
// We only care about fixed wires here
|
||||
// We only care about fixed columns here
|
||||
Ok(())
|
||||
}
|
||||
|
||||
fn assign_fixed(
|
||||
&mut self,
|
||||
wire: FixedWire,
|
||||
column: Column<Fixed>,
|
||||
row: usize,
|
||||
to: impl FnOnce() -> Result<F, Error>,
|
||||
) -> Result<(), Error> {
|
||||
*self
|
||||
.fixed
|
||||
.get_mut(wire.0)
|
||||
.get_mut(column.index())
|
||||
.and_then(|v| v.get_mut(row))
|
||||
.ok_or(Error::BoundsFailure)? = to()?;
|
||||
|
||||
|
@ -54,23 +54,23 @@ where
|
|||
fn copy(
|
||||
&mut self,
|
||||
permutation: usize,
|
||||
left_wire: usize,
|
||||
left_column: usize,
|
||||
left_row: usize,
|
||||
right_wire: usize,
|
||||
right_column: usize,
|
||||
right_row: usize,
|
||||
) -> Result<(), Error> {
|
||||
// Check bounds first
|
||||
if permutation >= self.mapping.len()
|
||||
|| left_wire >= self.mapping[permutation].len()
|
||||
|| left_row >= self.mapping[permutation][left_wire].len()
|
||||
|| right_wire >= self.mapping[permutation].len()
|
||||
|| right_row >= self.mapping[permutation][right_wire].len()
|
||||
|| left_column >= self.mapping[permutation].len()
|
||||
|| left_row >= self.mapping[permutation][left_column].len()
|
||||
|| right_column >= self.mapping[permutation].len()
|
||||
|| right_row >= self.mapping[permutation][right_column].len()
|
||||
{
|
||||
return Err(Error::BoundsFailure);
|
||||
}
|
||||
|
||||
let mut left_cycle = self.aux[permutation][left_wire][left_row];
|
||||
let mut right_cycle = self.aux[permutation][right_wire][right_row];
|
||||
let mut left_cycle = self.aux[permutation][left_column][left_row];
|
||||
let mut right_cycle = self.aux[permutation][right_column][right_row];
|
||||
|
||||
if left_cycle == right_cycle {
|
||||
return Ok(());
|
||||
|
@ -93,10 +93,10 @@ where
|
|||
}
|
||||
}
|
||||
|
||||
let tmp = self.mapping[permutation][left_wire][left_row];
|
||||
self.mapping[permutation][left_wire][left_row] =
|
||||
self.mapping[permutation][right_wire][right_row];
|
||||
self.mapping[permutation][right_wire][right_row] = tmp;
|
||||
let tmp = self.mapping[permutation][left_column][left_row];
|
||||
self.mapping[permutation][left_column][left_row] =
|
||||
self.mapping[permutation][right_column][right_row];
|
||||
self.mapping[permutation][right_column][right_row] = tmp;
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
@ -106,7 +106,7 @@ where
|
|||
let config = ConcreteCircuit::configure(&mut cs);
|
||||
|
||||
// Get the largest permutation argument length in terms of the number of
|
||||
// advice wires involved.
|
||||
// advice columns involved.
|
||||
let mut largest_permutation_length = 0;
|
||||
for permutation in &cs.permutations {
|
||||
largest_permutation_length = std::cmp::max(permutation.len(), largest_permutation_length);
|
||||
|
@ -151,7 +151,7 @@ where
|
|||
}
|
||||
|
||||
let mut assembly: Assembly<C::Scalar> = Assembly {
|
||||
fixed: vec![domain.empty_lagrange(); cs.num_fixed_wires],
|
||||
fixed: vec![domain.empty_lagrange(); cs.num_fixed_columns],
|
||||
mapping: vec![],
|
||||
aux: vec![],
|
||||
sizes: vec![],
|
||||
|
@ -161,13 +161,13 @@ where
|
|||
// Initialize the copy vector to keep track of copy constraints in all
|
||||
// the permutation arguments.
|
||||
for permutation in &cs.permutations {
|
||||
let mut wires = vec![];
|
||||
let mut columns = vec![];
|
||||
for i in 0..permutation.len() {
|
||||
// Computes [(i, 0), (i, 1), ..., (i, n - 1)]
|
||||
wires.push((0..params.n).map(|j| (i, j as usize)).collect());
|
||||
columns.push((0..params.n).map(|j| (i, j as usize)).collect());
|
||||
}
|
||||
assembly.mapping.push(wires.clone());
|
||||
assembly.aux.push(wires);
|
||||
assembly.mapping.push(columns.clone());
|
||||
assembly.aux.push(columns);
|
||||
assembly
|
||||
.sizes
|
||||
.push(vec![vec![1usize; params.n as usize]; permutation.len()]);
|
||||
|
@ -229,8 +229,8 @@ where
|
|||
let fixed_cosets = cs
|
||||
.fixed_queries
|
||||
.iter()
|
||||
.map(|&(wire, at)| {
|
||||
let poly = fixed_polys[wire.0].clone();
|
||||
.map(|&(column, at)| {
|
||||
let poly = fixed_polys[column.index()].clone();
|
||||
domain.coeff_to_extended(poly, at)
|
||||
})
|
||||
.collect();
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
use super::{
|
||||
circuit::{AdviceWire, Assignment, Circuit, ConstraintSystem, FixedWire},
|
||||
circuit::{Advice, Assignment, Circuit, Column, ConstraintSystem, Fixed},
|
||||
hash_point, Error, Proof, ProvingKey,
|
||||
};
|
||||
use crate::arithmetic::{
|
||||
|
@ -27,7 +27,7 @@ impl<C: CurveAffine> Proof<C> {
|
|||
circuit: &ConcreteCircuit,
|
||||
aux: &[Polynomial<C::Scalar, LagrangeCoeff>],
|
||||
) -> Result<Self, Error> {
|
||||
if aux.len() != pk.vk.cs.num_aux_wires {
|
||||
if aux.len() != pk.vk.cs.num_aux_columns {
|
||||
return Err(Error::IncompatibleParams);
|
||||
}
|
||||
|
||||
|
@ -39,13 +39,13 @@ impl<C: CurveAffine> Proof<C> {
|
|||
impl<F: Field> Assignment<F> for WitnessCollection<F> {
|
||||
fn assign_advice(
|
||||
&mut self,
|
||||
wire: AdviceWire,
|
||||
column: Column<Advice>,
|
||||
row: usize,
|
||||
to: impl FnOnce() -> Result<F, Error>,
|
||||
) -> Result<(), Error> {
|
||||
*self
|
||||
.advice
|
||||
.get_mut(wire.0)
|
||||
.get_mut(column.index())
|
||||
.and_then(|v| v.get_mut(row))
|
||||
.ok_or(Error::BoundsFailure)? = to()?;
|
||||
|
||||
|
@ -54,11 +54,11 @@ impl<C: CurveAffine> Proof<C> {
|
|||
|
||||
fn assign_fixed(
|
||||
&mut self,
|
||||
_: FixedWire,
|
||||
_: Column<Fixed>,
|
||||
_: usize,
|
||||
_: impl FnOnce() -> Result<F, Error>,
|
||||
) -> Result<(), Error> {
|
||||
// We only care about advice wires here
|
||||
// We only care about advice columns here
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
@ -71,7 +71,7 @@ impl<C: CurveAffine> Proof<C> {
|
|||
_: usize,
|
||||
_: usize,
|
||||
) -> Result<(), Error> {
|
||||
// We only care about advice wires here
|
||||
// We only care about advice columns here
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
@ -82,7 +82,7 @@ impl<C: CurveAffine> Proof<C> {
|
|||
let config = ConcreteCircuit::configure(&mut meta);
|
||||
|
||||
let mut witness = WitnessCollection {
|
||||
advice: vec![domain.empty_lagrange(); meta.num_advice_wires],
|
||||
advice: vec![domain.empty_lagrange(); meta.num_advice_columns],
|
||||
_marker: std::marker::PhantomData,
|
||||
};
|
||||
|
||||
|
@ -94,7 +94,7 @@ impl<C: CurveAffine> Proof<C> {
|
|||
// Create a transcript for obtaining Fiat-Shamir challenges.
|
||||
let mut transcript = HBase::init(C::Base::one());
|
||||
|
||||
// Compute commitments to aux wire polynomials
|
||||
// Compute commitments to aux column polynomials
|
||||
let aux_commitments_projective: Vec<_> = aux
|
||||
.iter()
|
||||
.map(|poly| params.commit_lagrange(poly, Blind::default()))
|
||||
|
@ -119,13 +119,13 @@ impl<C: CurveAffine> Proof<C> {
|
|||
let aux_cosets: Vec<_> = meta
|
||||
.aux_queries
|
||||
.iter()
|
||||
.map(|&(wire, at)| {
|
||||
let poly = aux_polys[wire.0].clone();
|
||||
.map(|&(column, at)| {
|
||||
let poly = aux_polys[column.index()].clone();
|
||||
domain.coeff_to_extended(poly, at)
|
||||
})
|
||||
.collect();
|
||||
|
||||
// Compute commitments to advice wire polynomials
|
||||
// Compute commitments to advice column polynomials
|
||||
let advice_blinds: Vec<_> = witness
|
||||
.advice
|
||||
.iter()
|
||||
|
@ -156,8 +156,8 @@ impl<C: CurveAffine> Proof<C> {
|
|||
let advice_cosets: Vec<_> = meta
|
||||
.advice_queries
|
||||
.iter()
|
||||
.map(|&(wire, at)| {
|
||||
let poly = advice_polys[wire.0].clone();
|
||||
.map(|&(column, at)| {
|
||||
let poly = advice_polys[column.index()].clone();
|
||||
domain.coeff_to_extended(poly, at)
|
||||
})
|
||||
.collect();
|
||||
|
@ -177,23 +177,23 @@ impl<C: CurveAffine> Proof<C> {
|
|||
|
||||
// Iterate over each permutation
|
||||
let mut permutation_modified_advice = vec![];
|
||||
for (wires, permuted_values) in pk.vk.cs.permutations.iter().zip(pk.permutations.iter()) {
|
||||
for (columns, permuted_values) in pk.vk.cs.permutations.iter().zip(pk.permutations.iter()) {
|
||||
// Goal is to compute the products of fractions
|
||||
//
|
||||
// (p_j(\omega^i) + \delta^j \omega^i \beta + \gamma) /
|
||||
// (p_j(\omega^i) + \beta s_j(\omega^i) + \gamma)
|
||||
//
|
||||
// where p_j(X) is the jth advice wire in this permutation,
|
||||
// and i is the ith row of the wire.
|
||||
// where p_j(X) is the jth advice column in this permutation,
|
||||
// and i is the ith row of the column.
|
||||
let mut modified_advice = vec![C::Scalar::one(); params.n as usize];
|
||||
|
||||
// Iterate over each wire of the permutation
|
||||
for (&wire, permuted_wire_values) in wires.iter().zip(permuted_values.iter()) {
|
||||
// Iterate over each column of the permutation
|
||||
for (&column, permuted_column_values) in columns.iter().zip(permuted_values.iter()) {
|
||||
parallelize(&mut modified_advice, |modified_advice, start| {
|
||||
for ((modified_advice, advice_value), permuted_advice_value) in modified_advice
|
||||
.iter_mut()
|
||||
.zip(witness.advice[wire.0][start..].iter())
|
||||
.zip(permuted_wire_values[start..].iter())
|
||||
.zip(witness.advice[column.index()][start..].iter())
|
||||
.zip(permuted_column_values[start..].iter())
|
||||
{
|
||||
*modified_advice *= &(x_0 * permuted_advice_value + &x_1 + advice_value);
|
||||
}
|
||||
|
@ -210,23 +210,23 @@ impl<C: CurveAffine> Proof<C> {
|
|||
.flat_map(|v| v.iter_mut())
|
||||
.batch_invert();
|
||||
|
||||
for (wires, mut modified_advice) in pk
|
||||
for (columns, mut modified_advice) in pk
|
||||
.vk
|
||||
.cs
|
||||
.permutations
|
||||
.iter()
|
||||
.zip(permutation_modified_advice.into_iter())
|
||||
{
|
||||
// Iterate over each wire again, this time finishing the computation
|
||||
// Iterate over each column again, this time finishing the computation
|
||||
// of the entire fraction by computing the numerators
|
||||
let mut deltaomega = C::Scalar::one();
|
||||
for &wire in wires.iter() {
|
||||
for &column in columns.iter() {
|
||||
let omega = domain.get_omega();
|
||||
parallelize(&mut modified_advice, |modified_advice, start| {
|
||||
let mut deltaomega = deltaomega * &omega.pow_vartime(&[start as u64, 0, 0, 0]);
|
||||
for (modified_advice, advice_value) in modified_advice
|
||||
.iter_mut()
|
||||
.zip(witness.advice[wire.0][start..].iter())
|
||||
.zip(witness.advice[column.index()][start..].iter())
|
||||
{
|
||||
// Multiply by p_j(\omega^i) + \delta^j \omega^i \beta
|
||||
*modified_advice *= &(deltaomega * &x_0 + &x_1 + advice_value);
|
||||
|
@ -242,7 +242,7 @@ impl<C: CurveAffine> Proof<C> {
|
|||
// (p_j(\omega^i) + \delta^j \omega^i \beta + \gamma) /
|
||||
// (p_j(\omega^i) + \beta s_j(\omega^i) + \gamma)
|
||||
//
|
||||
// where i is the index into modified_advice, for the jth wire in
|
||||
// where i is the index into modified_advice, for the jth column in
|
||||
// the permutation
|
||||
|
||||
// Compute the evaluations of the permutation product polynomial
|
||||
|
@ -315,13 +315,13 @@ impl<C: CurveAffine> Proof<C> {
|
|||
}
|
||||
|
||||
// z(X) \prod (p(X) + \beta s_i(X) + \gamma) - z(omega^{-1} X) \prod (p(X) + \delta^i \beta X + \gamma)
|
||||
for (permutation_index, wires) in pk.vk.cs.permutations.iter().enumerate() {
|
||||
for (permutation_index, columns) in pk.vk.cs.permutations.iter().enumerate() {
|
||||
h_poly = h_poly * x_2;
|
||||
|
||||
let mut left = permutation_product_cosets[permutation_index].clone();
|
||||
for (advice, permutation) in wires
|
||||
for (advice, permutation) in columns
|
||||
.iter()
|
||||
.map(|&wire| &advice_cosets[pk.vk.cs.get_advice_query_index(wire, 0)])
|
||||
.map(|&column| &advice_cosets[pk.vk.cs.get_advice_query_index(column, 0)])
|
||||
.zip(pk.permutation_cosets[permutation_index].iter())
|
||||
{
|
||||
parallelize(&mut left, |left, start| {
|
||||
|
@ -338,9 +338,9 @@ impl<C: CurveAffine> Proof<C> {
|
|||
let mut right = permutation_product_cosets_inv[permutation_index].clone();
|
||||
let mut current_delta = x_0 * &C::Scalar::ZETA;
|
||||
let step = domain.get_extended_omega();
|
||||
for advice in wires
|
||||
for advice in columns
|
||||
.iter()
|
||||
.map(|&wire| &advice_cosets[pk.vk.cs.get_advice_query_index(wire, 0)])
|
||||
.map(|&column| &advice_cosets[pk.vk.cs.get_advice_query_index(column, 0)])
|
||||
{
|
||||
parallelize(&mut right, move |right, start| {
|
||||
let mut beta_term = current_delta * &step.pow_vartime(&[start as u64, 0, 0, 0]);
|
||||
|
@ -394,20 +394,27 @@ impl<C: CurveAffine> Proof<C> {
|
|||
let advice_evals: Vec<_> = meta
|
||||
.advice_queries
|
||||
.iter()
|
||||
.map(|&(wire, at)| eval_polynomial(&advice_polys[wire.0], domain.rotate_omega(x_3, at)))
|
||||
.map(|&(column, at)| {
|
||||
eval_polynomial(&advice_polys[column.index()], domain.rotate_omega(x_3, at))
|
||||
})
|
||||
.collect();
|
||||
|
||||
let aux_evals: Vec<_> = meta
|
||||
.aux_queries
|
||||
.iter()
|
||||
.map(|&(wire, at)| eval_polynomial(&aux_polys[wire.0], domain.rotate_omega(x_3, at)))
|
||||
.map(|&(column, at)| {
|
||||
eval_polynomial(&aux_polys[column.index()], domain.rotate_omega(x_3, at))
|
||||
})
|
||||
.collect();
|
||||
|
||||
let fixed_evals: Vec<_> = meta
|
||||
.fixed_queries
|
||||
.iter()
|
||||
.map(|&(wire, at)| {
|
||||
eval_polynomial(&pk.fixed_polys[wire.0], domain.rotate_omega(x_3, at))
|
||||
.map(|&(column, at)| {
|
||||
eval_polynomial(
|
||||
&pk.fixed_polys[column.index()],
|
||||
domain.rotate_omega(x_3, at),
|
||||
)
|
||||
})
|
||||
.collect();
|
||||
|
||||
|
@ -460,34 +467,34 @@ impl<C: CurveAffine> Proof<C> {
|
|||
|
||||
let mut instances: Vec<ProverQuery<C>> = Vec::new();
|
||||
|
||||
for (query_index, &(wire, at)) in pk.vk.cs.advice_queries.iter().enumerate() {
|
||||
for (query_index, &(column, at)) in pk.vk.cs.advice_queries.iter().enumerate() {
|
||||
let point = domain.rotate_omega(x_3, at);
|
||||
|
||||
instances.push(ProverQuery {
|
||||
point,
|
||||
poly: &advice_polys[wire.0],
|
||||
blind: advice_blinds[wire.0],
|
||||
poly: &advice_polys[column.index()],
|
||||
blind: advice_blinds[column.index()],
|
||||
eval: advice_evals[query_index],
|
||||
});
|
||||
}
|
||||
|
||||
for (query_index, &(wire, at)) in pk.vk.cs.aux_queries.iter().enumerate() {
|
||||
for (query_index, &(column, at)) in pk.vk.cs.aux_queries.iter().enumerate() {
|
||||
let point = domain.rotate_omega(x_3, at);
|
||||
|
||||
instances.push(ProverQuery {
|
||||
point,
|
||||
poly: &aux_polys[wire.0],
|
||||
poly: &aux_polys[column.index()],
|
||||
blind: Blind::default(),
|
||||
eval: aux_evals[query_index],
|
||||
});
|
||||
}
|
||||
|
||||
for (query_index, &(wire, at)) in pk.vk.cs.fixed_queries.iter().enumerate() {
|
||||
for (query_index, &(column, at)) in pk.vk.cs.fixed_queries.iter().enumerate() {
|
||||
let point = domain.rotate_omega(x_3, at);
|
||||
|
||||
instances.push(ProverQuery {
|
||||
point,
|
||||
poly: &pk.fixed_polys[wire.0],
|
||||
poly: &pk.fixed_polys[column.index()],
|
||||
blind: Blind::default(),
|
||||
eval: fixed_evals[query_index],
|
||||
});
|
||||
|
|
|
@ -18,10 +18,10 @@ impl<'a, C: CurveAffine> Proof<C> {
|
|||
) -> Result<Guard<'a, C>, Error> {
|
||||
self.check_lengths(vk, aux_commitments)?;
|
||||
|
||||
// Check that aux_commitments matches the expected number of aux_wires
|
||||
// Check that aux_commitments matches the expected number of aux_columns
|
||||
// and self.aux_evals
|
||||
if aux_commitments.len() != vk.cs.num_aux_wires
|
||||
|| self.aux_evals.len() != vk.cs.num_aux_wires
|
||||
if aux_commitments.len() != vk.cs.num_aux_columns
|
||||
|| self.aux_evals.len() != vk.cs.num_aux_columns
|
||||
{
|
||||
return Err(Error::IncompatibleParams);
|
||||
}
|
||||
|
@ -89,29 +89,29 @@ impl<'a, C: CurveAffine> Proof<C> {
|
|||
|
||||
let mut queries: Vec<VerifierQuery<'a, C>> = Vec::new();
|
||||
|
||||
for (query_index, &(wire, at)) in vk.cs.advice_queries.iter().enumerate() {
|
||||
for (query_index, &(column, at)) in vk.cs.advice_queries.iter().enumerate() {
|
||||
let point = vk.domain.rotate_omega(x_3, at);
|
||||
queries.push(VerifierQuery {
|
||||
point,
|
||||
commitment: &self.advice_commitments[wire.0],
|
||||
commitment: &self.advice_commitments[column.index()],
|
||||
eval: self.advice_evals[query_index],
|
||||
});
|
||||
}
|
||||
|
||||
for (query_index, &(wire, at)) in vk.cs.aux_queries.iter().enumerate() {
|
||||
for (query_index, &(column, at)) in vk.cs.aux_queries.iter().enumerate() {
|
||||
let point = vk.domain.rotate_omega(x_3, at);
|
||||
queries.push(VerifierQuery {
|
||||
point,
|
||||
commitment: &aux_commitments[wire.0],
|
||||
commitment: &aux_commitments[column.index()],
|
||||
eval: self.aux_evals[query_index],
|
||||
});
|
||||
}
|
||||
|
||||
for (query_index, &(wire, at)) in vk.cs.fixed_queries.iter().enumerate() {
|
||||
for (query_index, &(column, at)) in vk.cs.fixed_queries.iter().enumerate() {
|
||||
let point = vk.domain.rotate_omega(x_3, at);
|
||||
queries.push(VerifierQuery {
|
||||
point,
|
||||
commitment: &vk.fixed_commitments[wire.0],
|
||||
commitment: &vk.fixed_commitments[column.index()],
|
||||
eval: self.fixed_evals[query_index],
|
||||
});
|
||||
}
|
||||
|
@ -193,10 +193,10 @@ impl<'a, C: CurveAffine> Proof<C> {
|
|||
/// Checks that the lengths of vectors are consistent with the constraint
|
||||
/// system
|
||||
fn check_lengths(&self, vk: &VerifyingKey<C>, aux_commitments: &[C]) -> Result<(), Error> {
|
||||
// Check that aux_commitments matches the expected number of aux_wires
|
||||
// Check that aux_commitments matches the expected number of aux_columns
|
||||
// and self.aux_evals
|
||||
if aux_commitments.len() != vk.cs.num_aux_wires
|
||||
|| self.aux_evals.len() != vk.cs.num_aux_wires
|
||||
if aux_commitments.len() != vk.cs.num_aux_columns
|
||||
|| self.aux_evals.len() != vk.cs.num_aux_columns
|
||||
{
|
||||
return Err(Error::IncompatibleParams);
|
||||
}
|
||||
|
@ -237,7 +237,7 @@ impl<'a, C: CurveAffine> Proof<C> {
|
|||
|
||||
// TODO: check h_commitments
|
||||
|
||||
if self.advice_commitments.len() != vk.cs.num_advice_wires {
|
||||
if self.advice_commitments.len() != vk.cs.num_advice_columns {
|
||||
return Err(Error::IncompatibleParams);
|
||||
}
|
||||
|
||||
|
@ -293,12 +293,12 @@ impl<'a, C: CurveAffine> Proof<C> {
|
|||
.zip(self.permutation_product_evals.iter())
|
||||
.zip(self.permutation_product_inv_evals.iter())
|
||||
.map(
|
||||
|(((wires, permutation_evals), product_eval), product_inv_eval)| {
|
||||
|(((columns, permutation_evals), product_eval), product_inv_eval)| {
|
||||
let mut left = *product_eval;
|
||||
for (advice_eval, permutation_eval) in wires
|
||||
for (advice_eval, permutation_eval) in columns
|
||||
.iter()
|
||||
.map(|&wire| {
|
||||
self.advice_evals[vk.cs.get_advice_query_index(wire, 0)]
|
||||
.map(|&column| {
|
||||
self.advice_evals[vk.cs.get_advice_query_index(column, 0)]
|
||||
})
|
||||
.zip(permutation_evals.iter())
|
||||
{
|
||||
|
@ -307,8 +307,8 @@ impl<'a, C: CurveAffine> Proof<C> {
|
|||
|
||||
let mut right = *product_inv_eval;
|
||||
let mut current_delta = x_0 * &x_3;
|
||||
for advice_eval in wires.iter().map(|&wire| {
|
||||
self.advice_evals[vk.cs.get_advice_query_index(wire, 0)]
|
||||
for advice_eval in columns.iter().map(|&column| {
|
||||
self.advice_evals[vk.cs.get_advice_query_index(column, 0)]
|
||||
}) {
|
||||
right *= &(advice_eval + ¤t_delta + &x_1);
|
||||
current_delta *= &C::Scalar::DELTA;
|
||||
|
|
Loading…
Reference in New Issue