zec
/
halo2
mirror of https://github.com/zcash/halo2.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Minor improvements to check_hx()

This commit is contained in:
Sean Bowe 2020-09-29 17:14:37 -06:00
parent 7d8daa5d05
commit 9672bf9725
No known key found for this signature in database
GPG Key ID: 95684257D8F8B031
1 changed files with 10 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/plonk/verifier.rs
View File

@ -241,7 +241,7 @@ impl<'a, C: CurveAffine> Proof<C> {
* &vk.domain.get_barycentric_weight(); // l_0(x_3) * &vk.domain.get_barycentric_weight(); // l_0(x_3)
// Compute the expected value of h(x_3) // Compute the expected value of h(x_3)
let h_eval = std::iter::empty() let expected_h_eval = std::iter::empty()
// Evaluate the circuit using the custom gates provided // Evaluate the circuit using the custom gates provided
.chain(vk.cs.gates.iter().map(|poly| { .chain(vk.cs.gates.iter().map(|poly| {
poly.evaluate( poly.evaluate(
@ -296,15 +296,16 @@ impl<'a, C: CurveAffine> Proof<C> {
) )
.fold(C::Scalar::zero(), |h_eval, v| h_eval * &x_2 + &v); .fold(C::Scalar::zero(), |h_eval, v| h_eval * &x_2 + &v);
// Compute the expected h(x_3) value // Compute h(x_3) from the prover
let mut expected_h_eval = C::Scalar::zero(); let (_, h_eval) = self
let mut cur = C::Scalar::one(); .h_evals
for eval in &self.h_evals { .iter()
expected_h_eval += &(cur * eval); .fold((C::Scalar::one(), C::Scalar::zero()), |(cur, acc), eval| {
cur *= &x_3n; (cur * &x_3n, acc + &(cur * eval))
} });
if h_eval != (expected_h_eval * &(x_3n - &C::Scalar::one())) { // Did the prover commit to the correct polynomial?
if expected_h_eval != (h_eval * &(x_3n - &C::Scalar::one())) {
return Err(Error::ConstraintSystemFailure); return Err(Error::ConstraintSystemFailure);
} }