mirror of https://github.com/zcash/halo2.git
Mitigate unnecessary scaling operations in commitment verifier.
This commit is contained in:
parent
a886663e05
commit
68de5db8c6
|
@ -256,17 +256,18 @@ impl<'a, C: CurveAffine> Proof<C> {
|
|||
let x_7: C::Scalar = get_challenge_scalar(Challenge(transcript.squeeze().get_lower_128()));
|
||||
|
||||
// Compute the final commitment that has to be opened
|
||||
msm.add_term(C::Scalar::one(), self.f_commitment);
|
||||
let mut commitment_msm = params.empty_msm();
|
||||
commitment_msm.add_term(C::Scalar::one(), self.f_commitment);
|
||||
for (_, &point_index) in srs.cs.rotations.iter() {
|
||||
msm.scale(x_7);
|
||||
msm.add_msm(&q_commitments[point_index.0]);
|
||||
commitment_msm.scale(x_7);
|
||||
commitment_msm.add_msm(&q_commitments[point_index.0]);
|
||||
f_eval *= &x_7;
|
||||
f_eval += &self.q_evals[point_index.0];
|
||||
}
|
||||
|
||||
// Verify the opening proof
|
||||
self.opening
|
||||
.verify(params, msm, &mut transcript, x_6, f_eval)
|
||||
.verify(params, msm, &mut transcript, x_6, commitment_msm, f_eval)
|
||||
.map_err(|_| Error::OpeningError)
|
||||
}
|
||||
}
|
||||
|
|
|
@ -437,10 +437,17 @@ fn test_opening_proof() {
|
|||
} else {
|
||||
let opening_proof = opening_proof.unwrap();
|
||||
// Verify the opening proof
|
||||
let mut msm = params.empty_msm();
|
||||
msm.add_term(Field::one(), p);
|
||||
let mut commitment_msm = params.empty_msm();
|
||||
commitment_msm.add_term(Field::one(), p);
|
||||
let guard = opening_proof
|
||||
.verify(¶ms, msm, &mut transcript_dup.clone(), x, v)
|
||||
.verify(
|
||||
¶ms,
|
||||
params.empty_msm(),
|
||||
&mut transcript_dup.clone(),
|
||||
x,
|
||||
commitment_msm,
|
||||
v,
|
||||
)
|
||||
.unwrap();
|
||||
|
||||
// Test guard behavior prior to checking another proof
|
||||
|
@ -456,10 +463,18 @@ fn test_opening_proof() {
|
|||
}
|
||||
|
||||
// Check another proof to populate `msm.g_scalars`
|
||||
let mut msm = guard.use_challenges();
|
||||
msm.add_term(Field::one(), p);
|
||||
let msm = guard.use_challenges();
|
||||
let mut commitment_msm = params.empty_msm();
|
||||
commitment_msm.add_term(Field::one(), p);
|
||||
let guard = opening_proof
|
||||
.verify(¶ms, msm, &mut transcript_dup.clone(), x, v)
|
||||
.verify(
|
||||
¶ms,
|
||||
msm,
|
||||
&mut transcript_dup.clone(),
|
||||
x,
|
||||
commitment_msm,
|
||||
v,
|
||||
)
|
||||
.unwrap();
|
||||
|
||||
// Test use_challenges()
|
||||
|
|
|
@ -14,6 +14,7 @@ impl<C: CurveAffine> OpeningProof<C> {
|
|||
mut msm: MSM<'a, C>,
|
||||
transcript: &mut H,
|
||||
x: C::Scalar,
|
||||
mut commitment_msm: MSM<'a, C>,
|
||||
v: C::Scalar,
|
||||
) -> Result<Guard<'a, C>, Error> {
|
||||
// Check for well-formedness
|
||||
|
@ -115,7 +116,8 @@ impl<C: CurveAffine> OpeningProof<C> {
|
|||
let neg_z1 = -self.z1;
|
||||
|
||||
// [c] P
|
||||
msm.scale(c);
|
||||
commitment_msm.scale(c);
|
||||
msm.add_msm(&commitment_msm);
|
||||
|
||||
for scalar in &mut extra_scalars {
|
||||
*scalar *= &c;
|
||||
|
|
Loading…
Reference in New Issue