mirror of https://github.com/zcash/halo2.git
Remove query allocations from Proof::verify
multiopen::Proof::verify takes `queries: IntoIterator`, so we can just pass it an iterator directly.
This commit is contained in:
parent
7f29ab913d
commit
6360da1f4e
|
@ -1,3 +1,5 @@
|
||||||
|
use std::iter;
|
||||||
|
|
||||||
use super::{Error, Proof, VerifyingKey};
|
use super::{Error, Proof, VerifyingKey};
|
||||||
use crate::arithmetic::{get_challenge_scalar, Challenge, CurveAffine, Field};
|
use crate::arithmetic::{get_challenge_scalar, Challenge, CurveAffine, Field};
|
||||||
use crate::poly::{
|
use crate::poly::{
|
||||||
|
@ -69,6 +71,7 @@ impl<'a, C: CurveAffine> Proof<C> {
|
||||||
// Sample x_3 challenge, which is used to ensure the circuit is
|
// Sample x_3 challenge, which is used to ensure the circuit is
|
||||||
// satisfied with high probability.
|
// satisfied with high probability.
|
||||||
let x_3: C::Scalar = get_challenge_scalar(Challenge(transcript.squeeze().get_lower_128()));
|
let x_3: C::Scalar = get_challenge_scalar(Challenge(transcript.squeeze().get_lower_128()));
|
||||||
|
let x_3_inv = vk.domain.rotate_omega(x_3, Rotation(-1));
|
||||||
|
|
||||||
// This check ensures the circuit is satisfied so long as the polynomial
|
// This check ensures the circuit is satisfied so long as the polynomial
|
||||||
// commitments open to the correct values.
|
// commitments open to the correct values.
|
||||||
|
@ -87,100 +90,100 @@ impl<'a, C: CurveAffine> Proof<C> {
|
||||||
transcript.absorb_scalar(*eval);
|
transcript.absorb_scalar(*eval);
|
||||||
}
|
}
|
||||||
|
|
||||||
let mut queries: Vec<VerifierQuery<'a, C>> = Vec::new();
|
let queries =
|
||||||
|
iter::empty()
|
||||||
for (query_index, &(column, at)) in vk.cs.advice_queries.iter().enumerate() {
|
.chain(vk.cs.advice_queries.iter().enumerate().map(
|
||||||
let point = vk.domain.rotate_omega(x_3, at);
|
|(query_index, &(column, at))| VerifierQuery {
|
||||||
queries.push(VerifierQuery {
|
point: vk.domain.rotate_omega(x_3, at),
|
||||||
point,
|
|
||||||
commitment: &self.advice_commitments[column.index()],
|
commitment: &self.advice_commitments[column.index()],
|
||||||
eval: self.advice_evals[query_index],
|
eval: self.advice_evals[query_index],
|
||||||
});
|
},
|
||||||
}
|
))
|
||||||
|
.chain(
|
||||||
for (query_index, &(column, at)) in vk.cs.aux_queries.iter().enumerate() {
|
vk.cs
|
||||||
let point = vk.domain.rotate_omega(x_3, at);
|
.aux_queries
|
||||||
queries.push(VerifierQuery {
|
.iter()
|
||||||
point,
|
.enumerate()
|
||||||
|
.map(|(query_index, &(column, at))| VerifierQuery {
|
||||||
|
point: vk.domain.rotate_omega(x_3, at),
|
||||||
commitment: &aux_commitments[column.index()],
|
commitment: &aux_commitments[column.index()],
|
||||||
eval: self.aux_evals[query_index],
|
eval: self.aux_evals[query_index],
|
||||||
});
|
}),
|
||||||
}
|
)
|
||||||
|
.chain(vk.cs.fixed_queries.iter().enumerate().map(
|
||||||
for (query_index, &(column, at)) in vk.cs.fixed_queries.iter().enumerate() {
|
|(query_index, &(column, at))| VerifierQuery {
|
||||||
let point = vk.domain.rotate_omega(x_3, at);
|
point: vk.domain.rotate_omega(x_3, at),
|
||||||
queries.push(VerifierQuery {
|
|
||||||
point,
|
|
||||||
commitment: &vk.fixed_commitments[column.index()],
|
commitment: &vk.fixed_commitments[column.index()],
|
||||||
eval: self.fixed_evals[query_index],
|
eval: self.fixed_evals[query_index],
|
||||||
});
|
},
|
||||||
}
|
))
|
||||||
|
.chain(
|
||||||
for ((idx, _), &eval) in self
|
self.h_commitments
|
||||||
.h_commitments
|
|
||||||
.iter()
|
.iter()
|
||||||
.enumerate()
|
.enumerate()
|
||||||
.zip(self.h_evals.iter())
|
.zip(self.h_evals.iter())
|
||||||
{
|
.map(|((idx, _), &eval)| VerifierQuery {
|
||||||
let commitment = &self.h_commitments[idx];
|
|
||||||
queries.push(VerifierQuery {
|
|
||||||
point: x_3,
|
point: x_3,
|
||||||
commitment,
|
commitment: &self.h_commitments[idx],
|
||||||
eval,
|
eval,
|
||||||
});
|
}),
|
||||||
}
|
);
|
||||||
|
|
||||||
// Handle permutation arguments, if any exist
|
// Handle permutation arguments, if any exist
|
||||||
if !vk.cs.permutations.is_empty() {
|
let permutation_queries = if !vk.cs.permutations.is_empty() {
|
||||||
|
Some(
|
||||||
|
iter::empty()
|
||||||
// Open permutation product commitments at x_3
|
// Open permutation product commitments at x_3
|
||||||
for ((idx, _), &eval) in self
|
.chain(
|
||||||
.permutation_product_commitments
|
self.permutation_product_commitments
|
||||||
.iter()
|
.iter()
|
||||||
.enumerate()
|
.enumerate()
|
||||||
.zip(self.permutation_product_evals.iter())
|
.zip(self.permutation_product_evals.iter())
|
||||||
{
|
.map(|((idx, _), &eval)| VerifierQuery {
|
||||||
let commitment = &self.permutation_product_commitments[idx];
|
|
||||||
queries.push(VerifierQuery {
|
|
||||||
point: x_3,
|
point: x_3,
|
||||||
commitment,
|
commitment: &self.permutation_product_commitments[idx],
|
||||||
eval,
|
eval,
|
||||||
});
|
}),
|
||||||
}
|
)
|
||||||
// Open permutation commitments for each permutation argument at x_3
|
// Open permutation commitments for each permutation argument at x_3
|
||||||
for outer_idx in 0..vk.permutation_commitments.len() {
|
.chain(
|
||||||
|
(0..vk.permutation_commitments.len())
|
||||||
|
.map(|outer_idx| {
|
||||||
let inner_len = vk.permutation_commitments[outer_idx].len();
|
let inner_len = vk.permutation_commitments[outer_idx].len();
|
||||||
for inner_idx in 0..inner_len {
|
(0..inner_len).map(move |inner_idx| VerifierQuery {
|
||||||
let commitment = &vk.permutation_commitments[outer_idx][inner_idx];
|
|
||||||
let eval = self.permutation_evals[outer_idx][inner_idx];
|
|
||||||
queries.push(VerifierQuery {
|
|
||||||
point: x_3,
|
point: x_3,
|
||||||
commitment,
|
commitment: &vk.permutation_commitments[outer_idx][inner_idx],
|
||||||
eval,
|
eval: self.permutation_evals[outer_idx][inner_idx],
|
||||||
});
|
})
|
||||||
}
|
})
|
||||||
}
|
.flatten(),
|
||||||
|
)
|
||||||
// Open permutation product commitments at \omega^{-1} x_3
|
// Open permutation product commitments at \omega^{-1} x_3
|
||||||
let x_3_inv = vk.domain.rotate_omega(x_3, Rotation(-1));
|
.chain(
|
||||||
for ((idx, _), &eval) in self
|
self.permutation_product_commitments
|
||||||
.permutation_product_commitments
|
|
||||||
.iter()
|
.iter()
|
||||||
.enumerate()
|
.enumerate()
|
||||||
.zip(self.permutation_product_inv_evals.iter())
|
.zip(self.permutation_product_inv_evals.iter())
|
||||||
{
|
.map(|((idx, _), &eval)| VerifierQuery {
|
||||||
let commitment = &self.permutation_product_commitments[idx];
|
|
||||||
queries.push(VerifierQuery {
|
|
||||||
point: x_3_inv,
|
point: x_3_inv,
|
||||||
commitment,
|
commitment: &self.permutation_product_commitments[idx],
|
||||||
eval,
|
eval,
|
||||||
});
|
}),
|
||||||
}
|
),
|
||||||
}
|
)
|
||||||
|
} else {
|
||||||
|
None
|
||||||
|
};
|
||||||
|
|
||||||
// We are now convinced the circuit is satisfied so long as the
|
// We are now convinced the circuit is satisfied so long as the
|
||||||
// polynomial commitments open to the correct values.
|
// polynomial commitments open to the correct values.
|
||||||
self.multiopening
|
self.multiopening
|
||||||
.verify(params, &mut transcript, queries, msm)
|
.verify(
|
||||||
|
params,
|
||||||
|
&mut transcript,
|
||||||
|
queries.chain(permutation_queries.into_iter().flatten()),
|
||||||
|
msm,
|
||||||
|
)
|
||||||
.map_err(|_| Error::OpeningError)
|
.map_err(|_| Error::OpeningError)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue