mirror of https://github.com/zcash/halo2.git
Mitigate unnecessary scaling operations in commitment verifier.
This commit is contained in:
parent
a886663e05
commit
68de5db8c6
|
@ -256,17 +256,18 @@ impl<'a, C: CurveAffine> Proof<C> {
|
||||||
let x_7: C::Scalar = get_challenge_scalar(Challenge(transcript.squeeze().get_lower_128()));
|
let x_7: C::Scalar = get_challenge_scalar(Challenge(transcript.squeeze().get_lower_128()));
|
||||||
|
|
||||||
// Compute the final commitment that has to be opened
|
// Compute the final commitment that has to be opened
|
||||||
msm.add_term(C::Scalar::one(), self.f_commitment);
|
let mut commitment_msm = params.empty_msm();
|
||||||
|
commitment_msm.add_term(C::Scalar::one(), self.f_commitment);
|
||||||
for (_, &point_index) in srs.cs.rotations.iter() {
|
for (_, &point_index) in srs.cs.rotations.iter() {
|
||||||
msm.scale(x_7);
|
commitment_msm.scale(x_7);
|
||||||
msm.add_msm(&q_commitments[point_index.0]);
|
commitment_msm.add_msm(&q_commitments[point_index.0]);
|
||||||
f_eval *= &x_7;
|
f_eval *= &x_7;
|
||||||
f_eval += &self.q_evals[point_index.0];
|
f_eval += &self.q_evals[point_index.0];
|
||||||
}
|
}
|
||||||
|
|
||||||
// Verify the opening proof
|
// Verify the opening proof
|
||||||
self.opening
|
self.opening
|
||||||
.verify(params, msm, &mut transcript, x_6, f_eval)
|
.verify(params, msm, &mut transcript, x_6, commitment_msm, f_eval)
|
||||||
.map_err(|_| Error::OpeningError)
|
.map_err(|_| Error::OpeningError)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -437,10 +437,17 @@ fn test_opening_proof() {
|
||||||
} else {
|
} else {
|
||||||
let opening_proof = opening_proof.unwrap();
|
let opening_proof = opening_proof.unwrap();
|
||||||
// Verify the opening proof
|
// Verify the opening proof
|
||||||
let mut msm = params.empty_msm();
|
let mut commitment_msm = params.empty_msm();
|
||||||
msm.add_term(Field::one(), p);
|
commitment_msm.add_term(Field::one(), p);
|
||||||
let guard = opening_proof
|
let guard = opening_proof
|
||||||
.verify(¶ms, msm, &mut transcript_dup.clone(), x, v)
|
.verify(
|
||||||
|
¶ms,
|
||||||
|
params.empty_msm(),
|
||||||
|
&mut transcript_dup.clone(),
|
||||||
|
x,
|
||||||
|
commitment_msm,
|
||||||
|
v,
|
||||||
|
)
|
||||||
.unwrap();
|
.unwrap();
|
||||||
|
|
||||||
// Test guard behavior prior to checking another proof
|
// Test guard behavior prior to checking another proof
|
||||||
|
@ -456,10 +463,18 @@ fn test_opening_proof() {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check another proof to populate `msm.g_scalars`
|
// Check another proof to populate `msm.g_scalars`
|
||||||
let mut msm = guard.use_challenges();
|
let msm = guard.use_challenges();
|
||||||
msm.add_term(Field::one(), p);
|
let mut commitment_msm = params.empty_msm();
|
||||||
|
commitment_msm.add_term(Field::one(), p);
|
||||||
let guard = opening_proof
|
let guard = opening_proof
|
||||||
.verify(¶ms, msm, &mut transcript_dup.clone(), x, v)
|
.verify(
|
||||||
|
¶ms,
|
||||||
|
msm,
|
||||||
|
&mut transcript_dup.clone(),
|
||||||
|
x,
|
||||||
|
commitment_msm,
|
||||||
|
v,
|
||||||
|
)
|
||||||
.unwrap();
|
.unwrap();
|
||||||
|
|
||||||
// Test use_challenges()
|
// Test use_challenges()
|
||||||
|
|
|
@ -14,6 +14,7 @@ impl<C: CurveAffine> OpeningProof<C> {
|
||||||
mut msm: MSM<'a, C>,
|
mut msm: MSM<'a, C>,
|
||||||
transcript: &mut H,
|
transcript: &mut H,
|
||||||
x: C::Scalar,
|
x: C::Scalar,
|
||||||
|
mut commitment_msm: MSM<'a, C>,
|
||||||
v: C::Scalar,
|
v: C::Scalar,
|
||||||
) -> Result<Guard<'a, C>, Error> {
|
) -> Result<Guard<'a, C>, Error> {
|
||||||
// Check for well-formedness
|
// Check for well-formedness
|
||||||
|
@ -115,7 +116,8 @@ impl<C: CurveAffine> OpeningProof<C> {
|
||||||
let neg_z1 = -self.z1;
|
let neg_z1 = -self.z1;
|
||||||
|
|
||||||
// [c] P
|
// [c] P
|
||||||
msm.scale(c);
|
commitment_msm.scale(c);
|
||||||
|
msm.add_msm(&commitment_msm);
|
||||||
|
|
||||||
for scalar in &mut extra_scalars {
|
for scalar in &mut extra_scalars {
|
||||||
*scalar *= &c;
|
*scalar *= &c;
|
||||||
|
|
Loading…
Reference in New Issue