zec
/
halo2
mirror of https://github.com/zcash/halo2.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Remove query allocations from Proof::verify 

multiopen::Proof::verify takes `queries: IntoIterator`, so we can just
pass it an iterator directly.
This commit is contained in:
Jack Grigg 2020-10-21 17:10:57 +01:00
parent 7f29ab913d
commit 6360da1f4e
1 changed files with 91 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

127
src/plonk/verifier.rs
View File

@ -1,3 +1,5 @@
use std::iter;
use super::{Error, Proof, VerifyingKey}; use super::{Error, Proof, VerifyingKey};
use crate::arithmetic::{get_challenge_scalar, Challenge, CurveAffine, Field}; use crate::arithmetic::{get_challenge_scalar, Challenge, CurveAffine, Field};
use crate::poly::{ use crate::poly::{
@ -69,6 +71,7 @@ impl<'a, C: CurveAffine> Proof<C> {
// Sample x_3 challenge, which is used to ensure the circuit is // Sample x_3 challenge, which is used to ensure the circuit is
// satisfied with high probability. // satisfied with high probability.
let x_3: C::Scalar = get_challenge_scalar(Challenge(transcript.squeeze().get_lower_128())); let x_3: C::Scalar = get_challenge_scalar(Challenge(transcript.squeeze().get_lower_128()));
let x_3_inv = vk.domain.rotate_omega(x_3, Rotation(-1));
// This check ensures the circuit is satisfied so long as the polynomial // This check ensures the circuit is satisfied so long as the polynomial
// commitments open to the correct values. // commitments open to the correct values.
@ -87,100 +90,100 @@ impl<'a, C: CurveAffine> Proof<C> {
transcript.absorb_scalar(*eval); transcript.absorb_scalar(*eval);
} }
let mut queries: Vec<VerifierQuery<'a, C>> = Vec::new(); let queries =
iter::empty()
for (query_index, &(column, at)) in vk.cs.advice_queries.iter().enumerate() { .chain(vk.cs.advice_queries.iter().enumerate().map(
let point = vk.domain.rotate_omega(x_3, at); |(query_index, &(column, at))| VerifierQuery {
queries.push(VerifierQuery { point: vk.domain.rotate_omega(x_3, at),
point,
commitment: &self.advice_commitments[column.index()], commitment: &self.advice_commitments[column.index()],
eval: self.advice_evals[query_index], eval: self.advice_evals[query_index],
}); },
} ))
.chain(
for (query_index, &(column, at)) in vk.cs.aux_queries.iter().enumerate() { vk.cs
let point = vk.domain.rotate_omega(x_3, at); .aux_queries
queries.push(VerifierQuery { .iter()
point, .enumerate()
.map(|(query_index, &(column, at))| VerifierQuery {
point: vk.domain.rotate_omega(x_3, at),
commitment: &aux_commitments[column.index()], commitment: &aux_commitments[column.index()],
eval: self.aux_evals[query_index], eval: self.aux_evals[query_index],
}); }),
} )
.chain(vk.cs.fixed_queries.iter().enumerate().map(
for (query_index, &(column, at)) in vk.cs.fixed_queries.iter().enumerate() { |(query_index, &(column, at))| VerifierQuery {
let point = vk.domain.rotate_omega(x_3, at); point: vk.domain.rotate_omega(x_3, at),
queries.push(VerifierQuery {
point,
commitment: &vk.fixed_commitments[column.index()], commitment: &vk.fixed_commitments[column.index()],
eval: self.fixed_evals[query_index], eval: self.fixed_evals[query_index],
}); },
} ))
.chain(
for ((idx, _), &eval) in self self.h_commitments
.h_commitments
.iter() .iter()
.enumerate() .enumerate()
.zip(self.h_evals.iter()) .zip(self.h_evals.iter())
{ .map(|((idx, _), &eval)| VerifierQuery {
let commitment = &self.h_commitments[idx];
queries.push(VerifierQuery {
point: x_3, point: x_3,
commitment, commitment: &self.h_commitments[idx],
eval, eval,
}); }),
} );
// Handle permutation arguments, if any exist // Handle permutation arguments, if any exist
if !vk.cs.permutations.is_empty() { let permutation_queries = if !vk.cs.permutations.is_empty() {
Some(
iter::empty()
// Open permutation product commitments at x_3 // Open permutation product commitments at x_3
for ((idx, _), &eval) in self .chain(
.permutation_product_commitments self.permutation_product_commitments
.iter() .iter()
.enumerate() .enumerate()
.zip(self.permutation_product_evals.iter()) .zip(self.permutation_product_evals.iter())
{ .map(|((idx, _), &eval)| VerifierQuery {
let commitment = &self.permutation_product_commitments[idx];
queries.push(VerifierQuery {
point: x_3, point: x_3,
commitment, commitment: &self.permutation_product_commitments[idx],
eval, eval,
}); }),
} )
// Open permutation commitments for each permutation argument at x_3 // Open permutation commitments for each permutation argument at x_3
for outer_idx in 0..vk.permutation_commitments.len() { .chain(
(0..vk.permutation_commitments.len())
.map(|outer_idx| {
let inner_len = vk.permutation_commitments[outer_idx].len(); let inner_len = vk.permutation_commitments[outer_idx].len();
for inner_idx in 0..inner_len { (0..inner_len).map(move |inner_idx| VerifierQuery {
let commitment = &vk.permutation_commitments[outer_idx][inner_idx];
let eval = self.permutation_evals[outer_idx][inner_idx];
queries.push(VerifierQuery {
point: x_3, point: x_3,
commitment, commitment: &vk.permutation_commitments[outer_idx][inner_idx],
eval, eval: self.permutation_evals[outer_idx][inner_idx],
}); })
} })
} .flatten(),
)
// Open permutation product commitments at \omega^{-1} x_3 // Open permutation product commitments at \omega^{-1} x_3
let x_3_inv = vk.domain.rotate_omega(x_3, Rotation(-1)); .chain(
for ((idx, _), &eval) in self self.permutation_product_commitments
.permutation_product_commitments
.iter() .iter()
.enumerate() .enumerate()
.zip(self.permutation_product_inv_evals.iter()) .zip(self.permutation_product_inv_evals.iter())
{ .map(|((idx, _), &eval)| VerifierQuery {
let commitment = &self.permutation_product_commitments[idx];
queries.push(VerifierQuery {
point: x_3_inv, point: x_3_inv,
commitment, commitment: &self.permutation_product_commitments[idx],
eval, eval,
}); }),
} ),
} )
} else {
None
};
// We are now convinced the circuit is satisfied so long as the // We are now convinced the circuit is satisfied so long as the
// polynomial commitments open to the correct values. // polynomial commitments open to the correct values.
self.multiopening self.multiopening
.verify(params, &mut transcript, queries, msm) .verify(
params,
&mut transcript,
queries.chain(permutation_queries.into_iter().flatten()),
msm,
)
.map_err(|_| Error::OpeningError) .map_err(|_| Error::OpeningError)
} }