zec
/
halo2
mirror of https://github.com/zcash/halo2.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Rename Curve and CurveAffine properties to match group traits

This commit is contained in:
Jack Grigg 2021-02-22 18:39:14 +00:00
parent 81a7936d99
commit 7037d55320
12 changed files with 98 additions and 107 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/arithmetic.rs
View File

@ -68,7 +68,7 @@ where
}
}
fn multiexp_serial<C: CurveAffine>(coeffs: &[C::Scalar], bases: &[C], acc: &mut C::Projective) {
fn multiexp_serial<C: CurveAffine>(coeffs: &[C::Scalar], bases: &[C], acc: &mut C::Curve) {
let coeffs: Vec<[u8; 32]> = coeffs.iter().map(|a| a.to_bytes()).collect();
let c = if bases.len() < 4 {
@ -110,7 +110,7 @@ fn multiexp_serial<C: CurveAffine>(coeffs: &[C::Scalar], bases: &[C], acc: &mut
enum Bucket<C: CurveAffine> {
None,
Affine(C),
Projective(C::Projective),
Projective(C::Curve),
}
impl<C: CurveAffine> Bucket<C> {
@ -125,7 +125,7 @@ fn multiexp_serial<C: CurveAffine>(coeffs: &[C::Scalar], bases: &[C], acc: &mut
}
}
fn add(self, mut other: C::Projective) -> C::Projective {
fn add(self, mut other: C::Curve) -> C::Curve {
match self {
Bucket::None => other,
Bucket::Affine(a) => {
@ -150,7 +150,7 @@ fn multiexp_serial<C: CurveAffine>(coeffs: &[C::Scalar], bases: &[C], acc: &mut
// e.g. 3a + 2b + 1c = a +
// (a) + b +
// ((a) + b) + c
let mut running_sum = C::Projective::zero();
let mut running_sum = C::Curve::identity();
for exp in buckets.into_iter().rev() {
running_sum = exp.add(running_sum);
*acc = *acc + &running_sum;
@ -160,9 +160,9 @@ fn multiexp_serial<C: CurveAffine>(coeffs: &[C::Scalar], bases: &[C], acc: &mut
/// Performs a small multi-exponentiation operation.
/// Uses the double-and-add algorithm with doublings shared across points.
pub fn small_multiexp<C: CurveAffine>(coeffs: &[C::Scalar], bases: &[C]) -> C::Projective {
pub fn small_multiexp<C: CurveAffine>(coeffs: &[C::Scalar], bases: &[C]) -> C::Curve {
let coeffs: Vec<[u8; 32]> = coeffs.iter().map(|a| a.to_bytes()).collect();
let mut acc = C::Projective::zero();
let mut acc = C::Curve::identity();
// for byte idx
for byte_idx in (0..32).rev() {
@ -187,14 +187,14 @@ pub fn small_multiexp<C: CurveAffine>(coeffs: &[C::Scalar], bases: &[C]) -> C::P
/// This function will panic if coeffs and bases have a different length.
///
/// This will use multithreading if beneficial.
pub fn best_multiexp<C: CurveAffine>(coeffs: &[C::Scalar], bases: &[C]) -> C::Projective {
pub fn best_multiexp<C: CurveAffine>(coeffs: &[C::Scalar], bases: &[C]) -> C::Curve {
assert_eq!(coeffs.len(), bases.len());
let num_cpus = num_cpus::get();
if coeffs.len() > num_cpus {
let chunk = coeffs.len() / num_cpus;
let num_chunks = coeffs.chunks(chunk).len();
let mut results = vec![C::Projective::zero(); num_chunks];
let mut results = vec![C::Curve::identity(); num_chunks];
thread::scope(|scope| {
let chunk = coeffs.len() / num_cpus;
@ -209,9 +209,9 @@ pub fn best_multiexp<C: CurveAffine>(coeffs: &[C::Scalar], bases: &[C]) -> C::Pr
}
})
.unwrap();
results.iter().fold(C::Projective::zero(), |a, b| a + b)
results.iter().fold(C::Curve::identity(), |a, b| a + b)
} else {
let mut acc = C::Projective::zero();
let mut acc = C::Curve::identity();
multiexp_serial(coeffs, bases, &mut acc);
acc
}

37
src/arithmetic/curves.rs
View File

@ -43,11 +43,8 @@ pub trait Curve:
+ Group<Scalar = <Self as Curve>::Scalar>
{
/// The representation of a point on this curve in the affine coordinate space.
type Affine: CurveAffine<
Projective = Self,
Scalar = <Self as Curve>::Scalar,
Base = <Self as Curve>::Base,
> + Add<Output = Self>
type Affine: CurveAffine<Curve = Self, Scalar = <Self as Curve>::Scalar, Base = <Self as Curve>::Base>
+ Add<Output = Self>
+ Sub<Output = Self>
+ Mul<<Self as Curve>::Scalar, Output = Self>
+ Neg<Output = <Self as Curve>::Affine>
@ -58,16 +55,16 @@ pub trait Curve:
type Base: FieldExt;
/// Obtains the additive identity.
fn zero() -> Self;
fn identity() -> Self;
/// Obtains the base point of the curve.
fn one() -> Self;
fn generator() -> Self;
/// Doubles this element.
fn double(&self) -> Self;
/// Returns whether or not this element is the identity.
fn is_zero(&self) -> Choice;
fn is_identity(&self) -> Choice;
/// Apply the curve endomorphism by multiplying the x-coordinate
/// by an element of multiplicative order 3.
@ -89,7 +86,7 @@ pub trait Curve:
/// ```
/// use halo2::arithmetic::{Curve, CurveAffine};
/// fn pedersen_commitment<C: CurveAffine>(x: C::Scalar, r: C::Scalar) -> C {
/// let hasher = C::Projective::hash_to_curve("z.cash:example_pedersen_commitment");
/// let hasher = C::Curve::hash_to_curve("z.cash:example_pedersen_commitment");
/// let g = hasher(b"g");
/// let h = hasher(b"h");
/// (g * x + &(h * r)).to_affine()
@ -103,7 +100,7 @@ pub trait Curve:
/// Converts many elements into their affine form. Panics if the
/// sizes of the slices are different.
fn batch_to_affine(v: &[Self], target: &mut [Self::Affine]);
fn batch_normalize(v: &[Self], target: &mut [Self::Affine]);
/// Returns the curve constant a.
fn a() -> Self::Base;
@ -127,22 +124,22 @@ pub trait CurveAffine:
+ Sync
+ 'static
+ Debug
+ Add<Output = <Self as CurveAffine>::Projective>
+ Sub<Output = <Self as CurveAffine>::Projective>
+ Mul<<Self as CurveAffine>::Scalar, Output = <Self as CurveAffine>::Projective>
+ Add<Output = <Self as CurveAffine>::Curve>
+ Sub<Output = <Self as CurveAffine>::Curve>
+ Mul<<Self as CurveAffine>::Scalar, Output = <Self as CurveAffine>::Curve>
+ Neg<Output = Self>
+ PartialEq
+ cmp::Eq
+ ConditionallySelectable
+ ConstantTimeEq
+ From<<Self as CurveAffine>::Projective>
+ From<<Self as CurveAffine>::Curve>
{
/// The representation of a point on this curve in the projective coordinate space.
type Projective: Curve<
type Curve: Curve<
Affine = Self,
Scalar = <Self as CurveAffine>::Scalar,
Base = <Self as CurveAffine>::Base,
> + Mul<<Self as CurveAffine>::Scalar, Output = <Self as CurveAffine>::Projective>
> + Mul<<Self as CurveAffine>::Scalar, Output = <Self as CurveAffine>::Curve>
+ MulAssign<<Self as CurveAffine>::Scalar>
+ AddAssign<Self>
+ SubAssign<Self>
@ -160,16 +157,16 @@ pub trait CurveAffine:
const CURVE_ID: &'static str;
/// Obtains the additive identity.
fn zero() -> Self;
fn identity() -> Self;
/// Obtains the base point of the curve.
fn one() -> Self;
fn generator() -> Self;
/// Returns whether or not this element is the identity.
fn is_zero(&self) -> Choice;
fn is_identity(&self) -> Choice;
/// Converts this element into its projective form.
fn to_projective(&self) -> Self::Projective;
fn to_curve(&self) -> Self::Curve;
/// Gets the $(x, y)$ coordinates of this point.
fn get_xy(&self) -> CtOption<(Self::Base, Self::Base)>;

4
src/pasta.rs
View File

@ -17,8 +17,8 @@ pub use fields::*;
fn test_endo_consistency() {
use crate::arithmetic::{Curve, FieldExt};
let a = pallas::Point::one();
let a = pallas::Point::generator();
assert_eq!(a * pallas::Scalar::ZETA, a.endo());
let a = vesta::Point::one();
let a = vesta::Point::generator();
assert_eq!(a * vesta::Scalar::ZETA, a.endo());
}

88
src/pasta/curves.rs
View File

@ -57,7 +57,7 @@ macro_rules! new_curve_impl {
impl_projective_curve_specific!($name, $base, $curve_type);
fn zero() -> Self {
fn identity() -> Self {
Self {
x: $base::zero(),
y: $base::zero(),
@ -65,7 +65,7 @@ macro_rules! new_curve_impl {
}
}
fn is_zero(&self) -> Choice {
fn is_identity(&self) -> Choice {
self.z.ct_is_zero()
}
@ -82,7 +82,7 @@ macro_rules! new_curve_impl {
infinity: Choice::from(0u8),
};
$name_affine::conditional_select(&tmp, &$name_affine::zero(), zinv.ct_is_zero())
$name_affine::conditional_select(&tmp, &$name_affine::identity(), zinv.ct_is_zero())
}
impl_projective_curve_ext!($name, $name_affine, $iso_affine, $base, $curve_type);
@ -111,7 +111,7 @@ macro_rules! new_curve_impl {
| self.z.ct_is_zero()
}
fn batch_to_affine(p: &[Self], q: &mut [Self::Affine]) {
fn batch_normalize(p: &[Self], q: &mut [Self::Affine]) {
assert_eq!(p.len(), q.len());
let mut acc = $base::one();
@ -121,7 +121,7 @@ macro_rules! new_curve_impl {
q.x = acc;
// We will end up skipping all identities in p
acc = $base::conditional_select(&(acc * p.z), &acc, p.is_zero());
acc = $base::conditional_select(&(acc * p.z), &acc, p.is_identity());
}
// This is the inverse, as all z-coordinates are nonzero and the ones
@ -129,7 +129,7 @@ macro_rules! new_curve_impl {
acc = acc.invert().unwrap();
for (p, q) in p.iter().rev().zip(q.iter_mut().rev()) {
let skip = p.is_zero();
let skip = p.is_identity();
// Compute tmp = 1/z
let tmp = q.x * acc;
@ -145,7 +145,7 @@ macro_rules! new_curve_impl {
q.y = p.y * tmp3;
q.infinity = Choice::from(0u8);
*q = $name_affine::conditional_select(&q, &$name_affine::zero(), skip);
*q = $name_affine::conditional_select(&q, &$name_affine::identity(), skip);
}
}
@ -157,19 +157,19 @@ macro_rules! new_curve_impl {
impl<'a> From<&'a $name_affine> for $name {
fn from(p: &'a $name_affine) -> $name {
p.to_projective()
p.to_curve()
}
}
impl From<$name_affine> for $name {
fn from(p: $name_affine) -> $name {
p.to_projective()
p.to_curve()
}
}
impl Default for $name {
fn default() -> $name {
$name::zero()
$name::identity()
}
}
@ -186,8 +186,8 @@ macro_rules! new_curve_impl {
let z = z * self.z;
let y2 = other.y * z;
let self_is_zero = self.is_zero();
let other_is_zero = other.is_zero();
let self_is_zero = self.is_identity();
let other_is_zero = other.is_identity();
(self_is_zero & other_is_zero) // Both point at infinity
| ((!self_is_zero) & (!other_is_zero) & x1.ct_eq(&x2) & y1.ct_eq(&y2))
@ -237,9 +237,9 @@ macro_rules! new_curve_impl {
type Output = $name;
fn add(self, rhs: &'a $name) -> $name {
if bool::from(self.is_zero()) {
if bool::from(self.is_identity()) {
*rhs
} else if bool::from(rhs.is_zero()) {
} else if bool::from(rhs.is_identity()) {
*self
} else {
let z1z1 = self.z.square();
@ -253,7 +253,7 @@ macro_rules! new_curve_impl {
if s1 == s2 {
self.double()
} else {
$name::zero()
$name::identity()
}
} else {
let h = u2 - u1;
@ -281,9 +281,9 @@ macro_rules! new_curve_impl {
type Output = $name;
fn add(self, rhs: &'a $name_affine) -> $name {
if bool::from(self.is_zero()) {
rhs.to_projective()
} else if bool::from(rhs.is_zero()) {
if bool::from(self.is_identity()) {
rhs.to_curve()
} else if bool::from(rhs.is_identity()) {
*self
} else {
let z1z1 = self.z.square();
@ -294,7 +294,7 @@ macro_rules! new_curve_impl {
if self.y == s2 {
self.double()
} else {
$name::zero()
$name::identity()
}
} else {
let h = u2 - self.x;
@ -341,7 +341,7 @@ macro_rules! new_curve_impl {
fn mul(self, other: &'b $scalar) -> Self::Output {
// TODO: make this faster
let mut acc = $name::zero();
let mut acc = $name::identity();
// This is a simple double-and-add implementation of point
// multiplication, moving from most significant to least
@ -395,16 +395,16 @@ macro_rules! new_curve_impl {
type Output = $name;
fn add(self, rhs: &'a $name_affine) -> $name {
if bool::from(self.is_zero()) {
rhs.to_projective()
} else if bool::from(rhs.is_zero()) {
self.to_projective()
if bool::from(self.is_identity()) {
rhs.to_curve()
} else if bool::from(rhs.is_identity()) {
self.to_curve()
} else {
if self.x == rhs.x {
if self.y == rhs.y {
self.to_projective().double()
self.to_curve().double()
} else {
$name::zero()
$name::identity()
}
} else {
let h = rhs.x - self.x;
@ -451,7 +451,7 @@ macro_rules! new_curve_impl {
fn mul(self, other: &'b $scalar) -> Self::Output {
// TODO: make this faster
let mut acc = $name::zero();
let mut acc = $name::identity();
// This is a simple double-and-add implementation of point
// multiplication, moving from most significant to least
@ -474,7 +474,7 @@ macro_rules! new_curve_impl {
}
impl CurveAffine for $name_affine {
type Projective = $name;
type Curve = $name;
type Scalar = $scalar;
type Base = $base;
@ -483,7 +483,7 @@ macro_rules! new_curve_impl {
impl_affine_curve_specific!($name, $base, $curve_type);
fn zero() -> Self {
fn identity() -> Self {
Self {
x: $base::zero(),
y: $base::zero(),
@ -491,7 +491,7 @@ macro_rules! new_curve_impl {
}
}
fn is_zero(&self) -> Choice {
fn is_identity(&self) -> Choice {
self.infinity
}
@ -501,7 +501,7 @@ macro_rules! new_curve_impl {
| self.infinity
}
fn to_projective(&self) -> Self::Projective {
fn to_curve(&self) -> Self::Curve {
$name {
x: self.x,
y: self.y,
@ -510,7 +510,7 @@ macro_rules! new_curve_impl {
}
fn get_xy(&self) -> CtOption<(Self::Base, Self::Base)> {
CtOption::new((self.x, self.y), !self.is_zero())
CtOption::new((self.x, self.y), !self.is_identity())
}
fn from_xy(x: Self::Base, y: Self::Base) -> CtOption<Self> {
@ -526,7 +526,7 @@ macro_rules! new_curve_impl {
tmp[31] &= 0b0111_1111;
$base::from_bytes(&tmp).and_then(|x| {
CtOption::new(Self::zero(), x.ct_is_zero() & (!ysign)).or_else(|| {
CtOption::new(Self::identity(), x.ct_is_zero() & (!ysign)).or_else(|| {
let x3 = x.square() * x;
(x3 + $name::curve_constant_b()).sqrt().and_then(|y| {
let sign = Choice::from(y.to_bytes()[0] & 1);
@ -548,7 +548,7 @@ macro_rules! new_curve_impl {
fn to_bytes(&self) -> [u8; 32] {
// TODO: not constant time
if bool::from(self.is_zero()) {
if bool::from(self.is_identity()) {
[0; 32]
} else {
let (x, y) = (self.x, self.y);
@ -567,7 +567,7 @@ macro_rules! new_curve_impl {
$base::from_bytes(&xbytes).and_then(|x| {
$base::from_bytes(&ybytes).and_then(|y| {
CtOption::new(Self::zero(), x.ct_is_zero() & y.ct_is_zero()).or_else(|| {
CtOption::new(Self::identity(), x.ct_is_zero() & y.ct_is_zero()).or_else(|| {
let on_curve =
(x * x.square() + $name::curve_constant_b()).ct_eq(&y.square());
@ -586,7 +586,7 @@ macro_rules! new_curve_impl {
fn to_bytes_wide(&self) -> [u8; 64] {
// TODO: not constant time
if bool::from(self.is_zero()) {
if bool::from(self.is_identity()) {
[0; 64]
} else {
let mut out = [0u8; 64];
@ -608,7 +608,7 @@ macro_rules! new_curve_impl {
impl Default for $name_affine {
fn default() -> $name_affine {
$name_affine::zero()
$name_affine::identity()
}
}
@ -662,7 +662,7 @@ macro_rules! new_curve_impl {
type Scalar = $scalar;
fn group_zero() -> Self {
Self::zero()
Self::identity()
}
fn group_add(&mut self, rhs: &Self) {
*self = *self + *rhs;
@ -679,7 +679,7 @@ macro_rules! new_curve_impl {
macro_rules! impl_projective_curve_specific {
($name:ident, $base:ident, special_a0_b5) => {
fn one() -> Self {
fn generator() -> Self {
// NOTE: This is specific to b = 5
const NEGATIVE_ONE: $base = $base::neg(&$base::one());
@ -720,12 +720,12 @@ macro_rules! impl_projective_curve_specific {
z: z3,
};
$name::conditional_select(&tmp, &$name::zero(), self.is_zero())
$name::conditional_select(&tmp, &$name::identity(), self.is_identity())
}
};
($name:ident, $base:ident, general) => {
/// Unimplemented: there is no standard generator for this curve.
fn one() -> Self {
fn generator() -> Self {
unimplemented!()
}
@ -753,7 +753,7 @@ macro_rules! impl_projective_curve_specific {
z: z3,
};
$name::conditional_select(&tmp, &$name::zero(), self.is_zero())
$name::conditional_select(&tmp, &$name::identity(), self.is_identity())
}
};
}
@ -810,7 +810,7 @@ macro_rules! impl_projective_curve_ext {
macro_rules! impl_affine_curve_specific {
($name:ident, $base:ident, special_a0_b5) => {
fn one() -> Self {
fn generator() -> Self {
// NOTE: This is specific to b = 5
const NEGATIVE_ONE: $base = $base::neg(&$base::from_raw([1, 0, 0, 0]));
@ -825,7 +825,7 @@ macro_rules! impl_affine_curve_specific {
};
($name:ident, $base:ident, general) => {
/// Unimplemented: there is no standard generator for this curve.
fn one() -> Self {
fn generator() -> Self {
unimplemented!()
}
};

10
src/pasta/hashtocurve.rs
View File

@ -73,9 +73,9 @@ pub fn hash_to_field<F: FieldExt>(
/// Implements a degree 3 isogeny map.
pub fn iso_map<F: FieldExt, C: CurveAffine<Base = F>, I: CurveAffine<Base = F>>(
p: &I::Projective,
p: &I::Curve,
iso: &[C::Base; 13],
) -> C::Projective {
) -> C::Curve {
// The input and output are in Jacobian coordinates, using the method
// in "Avoiding inversions" [WB2019, section 4.3].
@ -96,14 +96,14 @@ pub fn iso_map<F: FieldExt, C: CurveAffine<Base = F>, I: CurveAffine<Base = F>>(
let xo = num_x * div_y * zo;
let yo = num_y * div_x * zo.square();
C::Projective::new_jacobian(xo, yo, zo).unwrap()
C::Curve::new_jacobian(xo, yo, zo).unwrap()
}
pub fn map_to_curve_simple_swu<F: FieldExt, C: CurveAffine<Base = F>, I: CurveAffine<Base = F>>(
u: &F,
theta: F,
z: F,
) -> I::Projective {
) -> I::Curve {
// 1. tv1 = inv0(Z^2 * u^4 + Z * u^2)
// 2. x1 = (-B / A) * (1 + tv1)
// 3. If tv1 == 0, set x1 = B / (Z * A)
@ -171,5 +171,5 @@ pub fn map_to_curve_simple_swu<F: FieldExt, C: CurveAffine<Base = F>, I: CurveAf
(u.get_lower_32() % 2).ct_eq(&(y.get_lower_32() % 2)),
);
I::Projective::new_jacobian(num_x * div, y * div3, div).unwrap()
I::Curve::new_jacobian(num_x * div, y * div3, div).unwrap()
}

6
src/pasta/pallas.rs
View File

@ -91,11 +91,11 @@ fn test_iso_map_identity() {
.unwrap();
let r = (r * -Fq::one()) + r;
assert!(bool::from(r.is_on_curve()));
assert!(bool::from(r.is_zero()));
assert!(bool::from(r.is_identity()));
let p =
super::hashtocurve::iso_map::<_, Affine, super::IsoEpAffine>(&r, &Ep::ISOGENY_CONSTANTS);
assert!(bool::from(p.is_on_curve()));
assert!(bool::from(p.is_zero()));
assert!(bool::from(p.is_identity()));
}
#[test]
@ -157,5 +157,5 @@ fn test_hash_to_curve() {
let p = (p * -Fq::one()) + p;
assert!(bool::from(p.is_on_curve()));
assert!(bool::from(p.is_zero()));
assert!(bool::from(p.is_identity()));
}

2
src/plonk/lookup/prover.rs
View File

@ -87,7 +87,7 @@ impl<F: FieldExt> Argument<F> {
) -> Result<Permuted<C>, Error>
where
C: CurveAffine<Scalar = F>,
C::Projective: Mul<F, Output = C::Projective> + MulAssign<F>,
C::Curve: Mul<F, Output = C::Curve> + MulAssign<F>,
{
// Closure to get values of expressions and compress them
let compress_expressions = |expressions: &[Expression<C::Scalar>]| {

12
src/plonk/prover.rs
View File

@ -52,11 +52,9 @@ pub fn create_proof<C: CurveAffine, T: TranscriptWrite<C>, ConcreteCircuit: Circ
.iter()
.map(|poly| params.commit_lagrange(poly, Blind::default()))
.collect();
let mut instance_commitments = vec![C::zero(); instance_commitments_projective.len()];
C::Projective::batch_to_affine(
&instance_commitments_projective,
&mut instance_commitments,
);
let mut instance_commitments =
vec![C::identity(); instance_commitments_projective.len()];
C::Curve::batch_normalize(&instance_commitments_projective, &mut instance_commitments);
let instance_commitments = instance_commitments;
drop(instance_commitments_projective);
metrics::counter!("instance_commitments", instance_commitments.len() as u64);
@ -206,8 +204,8 @@ pub fn create_proof<C: CurveAffine, T: TranscriptWrite<C>, ConcreteCircuit: Circ
.zip(advice_blinds.iter())
.map(|(poly, blind)| params.commit_lagrange(poly, *blind))
.collect();
let mut advice_commitments = vec![C::zero(); advice_commitments_projective.len()];
C::Projective::batch_to_affine(&advice_commitments_projective, &mut advice_commitments);
let mut advice_commitments = vec![C::identity(); advice_commitments_projective.len()];
C::Curve::batch_normalize(&advice_commitments_projective, &mut advice_commitments);
let advice_commitments = advice_commitments;
drop(advice_commitments_projective);
metrics::counter!("advice_commitments", advice_commitments.len() as u64);

4
src/plonk/vanishing/prover.rs
View File

@ -50,8 +50,8 @@ impl<C: CurveAffine> Argument<C> {
.zip(h_blinds.iter())
.map(|(h_piece, blind)| params.commit(&h_piece, *blind))
.collect();
let mut h_commitments = vec![C::zero(); h_commitments_projective.len()];
C::Projective::batch_to_affine(&h_commitments_projective, &mut h_commitments);
let mut h_commitments = vec![C::identity(); h_commitments_projective.len()];
C::Curve::batch_normalize(&h_commitments_projective, &mut h_commitments);
let h_commitments = h_commitments;
// Hash each h(X) piece

16
src/poly/commitment.rs
View File

@ -60,7 +60,7 @@ impl<C: CurveAffine> Params<C> {
let g = {
let mut g = Vec::with_capacity(n as usize);
g.resize(n as usize, C::zero());
g.resize(n as usize, C::identity());
parallelize(&mut g, move |g, start| {
let mut hasher = Blake2bParams::new()
@ -87,7 +87,7 @@ impl<C: CurveAffine> Params<C> {
for _ in k..C::Scalar::S {
alpha_inv = alpha_inv.square();
}
let mut g_lagrange_projective = g.iter().map(|g| g.to_projective()).collect::<Vec<_>>();
let mut g_lagrange_projective = g.iter().map(|g| g.to_curve()).collect::<Vec<_>>();
best_fft(&mut g_lagrange_projective, alpha_inv, k);
let minv = C::Scalar::TWO_INV.pow_vartime(&[k as u64, 0, 0, 0]);
parallelize(&mut g_lagrange_projective, |g, _| {
@ -97,9 +97,9 @@ impl<C: CurveAffine> Params<C> {
});
let g_lagrange = {
let mut g_lagrange = vec![C::zero(); n as usize];
let mut g_lagrange = vec![C::identity(); n as usize];
parallelize(&mut g_lagrange, |g_lagrange, starts| {
C::Projective::batch_to_affine(
C::Curve::batch_normalize(
&g_lagrange_projective[starts..(starts + g_lagrange.len())],
g_lagrange,
);
@ -141,11 +141,7 @@ impl<C: CurveAffine> Params<C> {
/// This computes a commitment to a polynomial described by the provided
/// slice of coefficients. The commitment will be blinded by the blinding
/// factor `r`.
pub fn commit(
&self,
poly: &Polynomial<C::Scalar, Coeff>,
r: Blind<C::Scalar>,
) -> C::Projective {
pub fn commit(&self, poly: &Polynomial<C::Scalar, Coeff>, r: Blind<C::Scalar>) -> C::Curve {
metrics::increment_counter!("multiexp", "size" => format!("{}", poly.len() + 1), "fn" => "commit");
let mut tmp_scalars = Vec::with_capacity(poly.len() + 1);
let mut tmp_bases = Vec::with_capacity(poly.len() + 1);
@ -166,7 +162,7 @@ impl<C: CurveAffine> Params<C> {
&self,
poly: &Polynomial<C::Scalar, LagrangeCoeff>,
r: Blind<C::Scalar>,
) -> C::Projective {
) -> C::Curve {
metrics::increment_counter!("multiexp", "size" => format!("{}", poly.len() + 1), "fn" => "commit_lagrange");
let mut tmp_scalars = Vec::with_capacity(poly.len() + 1);
let mut tmp_bases = Vec::with_capacity(poly.len() + 1);

2
src/poly/commitment/msm.rs
View File

@ -144,6 +144,6 @@ impl<'a, C: CurveAffine> MSM<'a, C> {
assert_eq!(scalars.len(), len);
metrics::increment_counter!("multiexp", "size" => format!("{}", len), "fn" => "MSM::eval");
bool::from(best_multiexp(&scalars, &bases).is_zero())
bool::from(best_multiexp(&scalars, &bases).is_identity())
}
}

4
src/poly/commitment/prover.rs
View File

@ -152,8 +152,8 @@ fn parallel_generator_collapse<C: CurveAffine>(g: &mut [C], challenge: C::Scalar
let g_hi = &g_hi[start..];
let mut tmp = Vec::with_capacity(g_lo.len());
for (g_lo, g_hi) in g_lo.iter().zip(g_hi.iter()) {
tmp.push(g_lo.to_projective() + &(*g_hi * challenge));
tmp.push(g_lo.to_curve() + &(*g_hi * challenge));
}
C::Projective::batch_to_affine(&tmp, g_lo);
C::Curve::batch_normalize(&tmp, g_lo);
});
}