zec
/
halo2
mirror of https://github.com/zcash/halo2.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add advice_shifted_evals to Proof struct

This commit is contained in:
therealyingtong 2020-09-02 16:45:34 +08:00
parent 2472ec3291
commit bdd48f6037
No known key found for this signature in database
GPG Key ID: 179F32A1503D607E
4 changed files with 48 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/plonk.rs
View File

@ -48,6 +48,7 @@ pub struct Proof<C: CurveAffine> {
permutation_product_evals: Vec<C::Scalar>,
permutation_product_inv_evals: Vec<C::Scalar>,
permutation_evals: Vec<C::Scalar>,
advice_shifted_evals: Vec<Vec<Vec<C::Scalar>>>,
advice_evals: Vec<C::Scalar>,
fixed_evals: Vec<C::Scalar>,
h_evals: Vec<C::Scalar>,

28
src/plonk/prover.rs
View File

@ -117,6 +117,33 @@ impl<C: CurveAffine> Proof<C> {
// Sample x_1 challenge
let x_1: C::Scalar = get_challenge_scalar(Challenge(transcript.squeeze().get_lower_128()));
// Compute [omega^0, omega^1, ..., omega^{params.n - 1}]
let mut omega_powers = Vec::with_capacity(params.n as usize);
{
let mut cur = C::Scalar::one();
for _ in 0..params.n {
omega_powers.push(cur);
cur *= &srs.domain.get_omega();
}
}
let mut advice_shifted_evals =
vec![
vec![vec![C::Scalar::zero(); params.n as usize]; meta.num_advice_wires];
meta.permutations.len()
];
for perm_idx in 0..meta.permutations.len() {
for wire_idx in 0..meta.permutations[perm_idx].len() {
for point_idx in 0..params.n {
let mut eval =
eval_polynomial(&advice_polys[wire_idx], omega_powers[point_idx as usize]);
eval += &x_1;
advice_shifted_evals[perm_idx][wire_idx as usize][point_idx as usize] = eval;
}
}
}
// Obtain challenge for keeping all separate gates linearly independent
let x_2: C::Scalar = get_challenge_scalar(Challenge(transcript.squeeze().get_lower_128()));
@ -379,6 +406,7 @@ impl<C: CurveAffine> Proof<C> {
permutation_product_evals: vec![C::Scalar::one(); params.n as usize],
permutation_product_inv_evals: vec![C::Scalar::one(); params.n as usize],
permutation_evals: vec![C::Scalar::one(); params.n as usize],
advice_shifted_evals,
advice_evals,
fixed_evals,
h_evals,

2
src/plonk/srs.rs
View File

@ -164,7 +164,7 @@ impl<C: CurveAffine> SRS<C> {
deltaomega[permuted_i][permuted_j]
})
.collect();
// Compute commitment to permutation polynomial
commitments.push(
params

24
src/plonk/verifier.rs
View File

@ -37,16 +37,28 @@ impl<C: CurveAffine> Proof<C> {
}
// For each permutation
for perm in &srs.meta.permutations {
// Check permutation condition on all points
for i in 0..params.n as usize {
let left_perm_eval = self.permutation_product_inv_evals[i];
let right_perm_eval = self.permutation_product_evals[i];
for perm_idx in 0..srs.meta.permutations.len() {
// For each X in evaluation domain
for point_idx in 0..params.n as usize {
let point = omega_powers[point_idx];
for wire in perm {
let mut left_perm_eval = self.permutation_product_inv_evals[point_idx];
let mut right_perm_eval = self.permutation_product_evals[point_idx];
let mut cur_delta = C::Scalar::one();
for wire_idx in 0..srs.meta.permutations[perm_idx].len() {
// z(\omega^{-1} X) (a(X) + \beta X + \gamma) (b(X) + \delta \beta X + \gamma) (c(X) + \delta^2 \beta X + \gamma)
let left_tmp = &(self.advice_shifted_evals[perm_idx][wire_idx][point_idx]
+ &(x_0 * &(cur_delta * &point)));
left_perm_eval *= &left_tmp;
cur_delta *= &C::Scalar::DELTA;
// z(X) (a(X) + \beta s_a(X) + \gamma) (b(X) + \beta s_b(X) + \gamma) (c(X) + \beta s_c(X) + \gamma)
let perm_eval = srs.permutation_polys[perm_idx][wire_idx][point_idx];
let right_tmp = &(self.advice_shifted_evals[perm_idx][wire_idx][point_idx]
+ &(x_0 * &perm_eval));
right_perm_eval *= &right_tmp;
}
if left_perm_eval != right_perm_eval {
return false;