Mitigate unnecessary scaling operations in commitment verifier.

2020-09-15 17:42:02 -06:00 · 2020-09-15 17:42:02 -06:00 · 68de5db8c6
parent a886663e05
commit 68de5db8c6
3 changed files with 29 additions and 11 deletions
--- a/src/plonk/verifier.rs
+++ b/src/plonk/verifier.rs
@ -256,17 +256,18 @@ impl<'a, C: CurveAffine> Proof<C> {
        let x_7: C::Scalar = get_challenge_scalar(Challenge(transcript.squeeze().get_lower_128()));

        // Compute the final commitment that has to be opened
-        msm.add_term(C::Scalar::one(), self.f_commitment);
+        let mut commitment_msm = params.empty_msm();
+        commitment_msm.add_term(C::Scalar::one(), self.f_commitment);
        for (_, &point_index) in srs.cs.rotations.iter() {
-            msm.scale(x_7);
-            msm.add_msm(&q_commitments[point_index.0]);
+            commitment_msm.scale(x_7);
+            commitment_msm.add_msm(&q_commitments[point_index.0]);
            f_eval *= &x_7;
            f_eval += &self.q_evals[point_index.0];
        }

        // Verify the opening proof
        self.opening
-            .verify(params, msm, &mut transcript, x_6, f_eval)
+            .verify(params, msm, &mut transcript, x_6, commitment_msm, f_eval)
            .map_err(|_| Error::OpeningError)
    }
 }
--- a/src/poly/commitment.rs
+++ b/src/poly/commitment.rs
@ -437,10 +437,17 @@ fn test_opening_proof() {
        } else {
            let opening_proof = opening_proof.unwrap();
            // Verify the opening proof
-            let mut msm = params.empty_msm();
-            msm.add_term(Field::one(), p);
+            let mut commitment_msm = params.empty_msm();
+            commitment_msm.add_term(Field::one(), p);
            let guard = opening_proof
-                .verify(&params, msm, &mut transcript_dup.clone(), x, v)
+                .verify(
+                    &params,
+                    params.empty_msm(),
+                    &mut transcript_dup.clone(),
+                    x,
+                    commitment_msm,
+                    v,
+                )
                .unwrap();

            // Test guard behavior prior to checking another proof
@ -456,10 +463,18 @@ fn test_opening_proof() {
            }

            // Check another proof to populate `msm.g_scalars`
-            let mut msm = guard.use_challenges();
-            msm.add_term(Field::one(), p);
+            let msm = guard.use_challenges();
+            let mut commitment_msm = params.empty_msm();
+            commitment_msm.add_term(Field::one(), p);
            let guard = opening_proof
-                .verify(&params, msm, &mut transcript_dup.clone(), x, v)
+                .verify(
+                    &params,
+                    msm,
+                    &mut transcript_dup.clone(),
+                    x,
+                    commitment_msm,
+                    v,
+                )
                .unwrap();

            // Test use_challenges()
--- a/src/poly/commitment/verifier.rs
+++ b/src/poly/commitment/verifier.rs
@ -14,6 +14,7 @@ impl<C: CurveAffine> OpeningProof<C> {
        mut msm: MSM<'a, C>,
        transcript: &mut H,
        x: C::Scalar,
+        mut commitment_msm: MSM<'a, C>,
        v: C::Scalar,
    ) -> Result<Guard<'a, C>, Error> {
        // Check for well-formedness
@ -115,7 +116,8 @@ impl<C: CurveAffine> OpeningProof<C> {
        let neg_z1 = -self.z1;

        // [c] P
-        msm.scale(c);
+        commitment_msm.scale(c);
+        msm.add_msm(&commitment_msm);

        for scalar in &mut extra_scalars {
            *scalar *= &c;