mirror of https://github.com/zcash/halo2.git
commit
daf54ddec9
|
@ -344,13 +344,10 @@ impl<'a, C: CurveAffine> Committed<'a, C> {
|
|||
theta: ChallengeTheta<C>,
|
||||
beta: ChallengeBeta<C>,
|
||||
gamma: ChallengeGamma<C>,
|
||||
) -> Result<
|
||||
(
|
||||
Constructed<C>,
|
||||
impl Iterator<Item = Polynomial<C::Scalar, ExtendedLagrangeCoeff>> + 'a,
|
||||
),
|
||||
Error,
|
||||
> {
|
||||
) -> (
|
||||
Constructed<C>,
|
||||
impl Iterator<Item = Polynomial<C::Scalar, ExtendedLagrangeCoeff>> + 'a,
|
||||
) {
|
||||
let permuted = self.permuted;
|
||||
|
||||
let expressions = iter::empty()
|
||||
|
@ -417,7 +414,7 @@ impl<'a, C: CurveAffine> Committed<'a, C> {
|
|||
* &(permuted.permuted_input_coset.clone() - &permuted.permuted_input_inv_coset),
|
||||
));
|
||||
|
||||
Ok((
|
||||
(
|
||||
Constructed {
|
||||
permuted_input_poly: permuted.permuted_input_poly,
|
||||
permuted_input_blind: permuted.permuted_input_blind,
|
||||
|
@ -427,7 +424,7 @@ impl<'a, C: CurveAffine> Committed<'a, C> {
|
|||
product_blind: self.product_blind,
|
||||
},
|
||||
expressions,
|
||||
))
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -506,6 +503,8 @@ impl<C: CurveAffine> Evaluated<C> {
|
|||
}
|
||||
}
|
||||
|
||||
type ColumnPair<F> = (Polynomial<F, LagrangeCoeff>, Polynomial<F, LagrangeCoeff>);
|
||||
|
||||
/// Given a column of input values A and a column of table values S,
|
||||
/// this method permutes A and S to produce A' and S', such that:
|
||||
/// - like values in A' are vertically adjacent to each other; and
|
||||
|
@ -516,13 +515,7 @@ fn permute_column_pair<C: CurveAffine>(
|
|||
domain: &EvaluationDomain<C::Scalar>,
|
||||
input_column: &Polynomial<C::Scalar, LagrangeCoeff>,
|
||||
table_column: &Polynomial<C::Scalar, LagrangeCoeff>,
|
||||
) -> Result<
|
||||
(
|
||||
Polynomial<C::Scalar, LagrangeCoeff>,
|
||||
Polynomial<C::Scalar, LagrangeCoeff>,
|
||||
),
|
||||
Error,
|
||||
> {
|
||||
) -> Result<ColumnPair<C::Scalar>, Error> {
|
||||
let mut permuted_input_column = input_column.clone();
|
||||
|
||||
// Sort input lookup column values
|
||||
|
|
|
@ -141,13 +141,10 @@ impl<C: CurveAffine> Committed<C> {
|
|||
advice_cosets: &'a [Polynomial<C::Scalar, ExtendedLagrangeCoeff>],
|
||||
beta: ChallengeBeta<C>,
|
||||
gamma: ChallengeGamma<C>,
|
||||
) -> Result<
|
||||
(
|
||||
Constructed<C>,
|
||||
impl Iterator<Item = Polynomial<C::Scalar, ExtendedLagrangeCoeff>> + 'a,
|
||||
),
|
||||
Error,
|
||||
> {
|
||||
) -> (
|
||||
Constructed<C>,
|
||||
impl Iterator<Item = Polynomial<C::Scalar, ExtendedLagrangeCoeff>> + 'a,
|
||||
) {
|
||||
let domain = &pk.vk.domain;
|
||||
|
||||
let expressions = iter::empty()
|
||||
|
@ -197,13 +194,13 @@ impl<C: CurveAffine> Committed<C> {
|
|||
left - &right
|
||||
}));
|
||||
|
||||
Ok((
|
||||
(
|
||||
Constructed {
|
||||
permutation_product_poly: self.permutation_product_poly,
|
||||
permutation_product_blind: self.permutation_product_blind,
|
||||
},
|
||||
expressions,
|
||||
))
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -208,24 +208,24 @@ pub fn create_proof<C: CurveAffine, T: TranscriptWrite<C>, ConcreteCircuit: Circ
|
|||
|
||||
// Evaluate the h(X) polynomial's constraint system expressions for the permutation constraints, if any.
|
||||
let (permutations, permutation_expressions): (Vec<_>, Vec<_>) = {
|
||||
let tmp = permutations
|
||||
let tmp: Vec<_> = permutations
|
||||
.into_iter()
|
||||
.zip(pk.vk.cs.permutations.iter())
|
||||
.zip(pk.permutations.iter())
|
||||
.map(|((p, argument), pkey)| {
|
||||
p.construct(pk, argument, pkey, &advice_cosets, beta, gamma)
|
||||
})
|
||||
.collect::<Result<Vec<_>, _>>()?;
|
||||
.collect();
|
||||
|
||||
tmp.into_iter().unzip()
|
||||
};
|
||||
|
||||
// Evaluate the h(X) polynomial's constraint system expressions for the lookup constraints, if any.
|
||||
let (lookups, lookup_expressions): (Vec<_>, Vec<_>) = {
|
||||
let tmp = lookups
|
||||
let tmp: Vec<_> = lookups
|
||||
.into_iter()
|
||||
.map(|p| p.construct(pk, theta, beta, gamma))
|
||||
.collect::<Result<Vec<_>, _>>()?;
|
||||
.collect();
|
||||
|
||||
tmp.into_iter().unzip()
|
||||
};
|
||||
|
|
|
@ -89,10 +89,10 @@ impl<C: CurveAffine> Constructed<C> {
|
|||
}
|
||||
|
||||
impl<C: CurveAffine> Evaluated<C> {
|
||||
pub(in crate::plonk) fn open<'a>(
|
||||
&'a self,
|
||||
pub(in crate::plonk) fn open(
|
||||
&self,
|
||||
x: ChallengeX<C>,
|
||||
) -> impl Iterator<Item = ProverQuery<'a, C>> + Clone {
|
||||
) -> impl Iterator<Item = ProverQuery<'_, C>> + Clone {
|
||||
self.constructed
|
||||
.h_pieces
|
||||
.iter()
|
||||
|
|
|
@ -70,10 +70,10 @@ impl<C: CurveAffine> Evaluated<C> {
|
|||
Ok(())
|
||||
}
|
||||
|
||||
pub(in crate::plonk) fn queries<'a>(
|
||||
&'a self,
|
||||
pub(in crate::plonk) fn queries(
|
||||
&self,
|
||||
x: ChallengeX<C>,
|
||||
) -> impl Iterator<Item = VerifierQuery<'a, C>> + Clone {
|
||||
) -> impl Iterator<Item = VerifierQuery<'_, C>> + Clone {
|
||||
self.h_commitments
|
||||
.iter()
|
||||
.zip(self.h_evals.iter())
|
||||
|
|
|
@ -63,10 +63,8 @@ pub fn create_proof<C: CurveAffine, T: TranscriptWrite<C>>(
|
|||
let mut final_poly = s_poly * iota + px;
|
||||
let v = eval_polynomial(&final_poly, x);
|
||||
final_poly[0] = final_poly[0] - &v;
|
||||
drop(px);
|
||||
let blind = s_poly_blind * Blind(iota) + blind;
|
||||
let mut blind = blind.0;
|
||||
drop(s_poly_blind);
|
||||
|
||||
// Initialize the vector `a` as the coefficients of the polynomial,
|
||||
// rounding up to the parameters.
|
||||
|
|
|
@ -61,7 +61,7 @@ impl<'a, C: CurveAffine> Guard<'a, C> {
|
|||
}
|
||||
}
|
||||
|
||||
/// Checks to see if an [`Proof`] is valid given the current `transcript`, and a
|
||||
/// Checks to see if the proof represented within `transcript` is valid, and a
|
||||
/// point `x` that the polynomial commitment `P` opens purportedly to the value
|
||||
/// `v`. The provided `msm` should evaluate to the commitment `P` being opened.
|
||||
pub fn verify_proof<'a, C: CurveAffine, T: TranscriptRead<C>>(
|
||||
|
@ -160,7 +160,7 @@ fn compute_b<F: Field>(x: F, challenges: &[F]) -> F {
|
|||
|
||||
/// Computes the coefficients of $g(X) = \prod\limits_{i=0}^{k-1} (1 + u_i X^{2^i})$.
|
||||
fn compute_s<F: Field>(challenges: &[F], init: F) -> Vec<F> {
|
||||
assert!(challenges.len() > 0);
|
||||
assert!(!challenges.is_empty());
|
||||
let mut v = vec![F::zero(); 1 << challenges.len()];
|
||||
v[0] = init;
|
||||
|
||||
|
|
|
@ -87,9 +87,12 @@ trait Query<F>: Sized {
|
|||
fn get_commitment(&self) -> Self::Commitment;
|
||||
}
|
||||
|
||||
fn construct_intermediate_sets<F: FieldExt, I, Q: Query<F>>(
|
||||
queries: I,
|
||||
) -> (Vec<CommitmentData<Q::Eval, Q::Commitment>>, Vec<Vec<F>>)
|
||||
type IntermediateSets<F, Q> = (
|
||||
Vec<CommitmentData<<Q as Query<F>>::Eval, <Q as Query<F>>::Commitment>>,
|
||||
Vec<Vec<F>>,
|
||||
);
|
||||
|
||||
fn construct_intermediate_sets<F: FieldExt, I, Q: Query<F>>(queries: I) -> IntermediateSets<F, Q>
|
||||
where
|
||||
I: IntoIterator<Item = Q> + Clone,
|
||||
{
|
||||
|
|
|
@ -104,7 +104,7 @@ where
|
|||
let x_4 = ChallengeX4::get(transcript);
|
||||
|
||||
let (f_poly, f_blind_try) = q_polys.iter().zip(q_blinds.iter()).fold(
|
||||
(f_poly.clone(), f_blind),
|
||||
(f_poly, f_blind),
|
||||
|(f_poly, f_blind), (poly, blind)| {
|
||||
(
|
||||
f_poly * *x_4 + poly.as_ref().unwrap(),
|
||||
|
|
|
@ -66,10 +66,9 @@ impl<R: Read, C: CurveAffine> TranscriptRead<C> for DummyHashRead<R, C> {
|
|||
fn read_point(&mut self) -> io::Result<C> {
|
||||
let mut compressed = [0u8; 32];
|
||||
self.reader.read_exact(&mut compressed[..])?;
|
||||
let point: C = Option::from(C::from_bytes(&compressed)).ok_or(io::Error::new(
|
||||
io::ErrorKind::Other,
|
||||
"invalid point encoding in proof",
|
||||
))?;
|
||||
let point: C = Option::from(C::from_bytes(&compressed)).ok_or_else(|| {
|
||||
io::Error::new(io::ErrorKind::Other, "invalid point encoding in proof")
|
||||
})?;
|
||||
self.common_point(point)?;
|
||||
|
||||
Ok(point)
|
||||
|
@ -78,10 +77,12 @@ impl<R: Read, C: CurveAffine> TranscriptRead<C> for DummyHashRead<R, C> {
|
|||
fn read_scalar(&mut self) -> io::Result<C::Scalar> {
|
||||
let mut data = [0u8; 32];
|
||||
self.reader.read_exact(&mut data)?;
|
||||
let scalar = Option::from(C::Scalar::from_bytes(&data)).ok_or(io::Error::new(
|
||||
io::ErrorKind::Other,
|
||||
"invalid field element encoding in proof",
|
||||
))?;
|
||||
let scalar = Option::from(C::Scalar::from_bytes(&data)).ok_or_else(|| {
|
||||
io::Error::new(
|
||||
io::ErrorKind::Other,
|
||||
"invalid field element encoding in proof",
|
||||
)
|
||||
})?;
|
||||
self.scalar_state += &(scalar * &C::Scalar::ZETA);
|
||||
self.scalar_state = self.scalar_state.square();
|
||||
self.read_scalar = true;
|
||||
|
@ -92,10 +93,12 @@ impl<R: Read, C: CurveAffine> TranscriptRead<C> for DummyHashRead<R, C> {
|
|||
|
||||
impl<R: Read, C: CurveAffine> Transcript<C> for DummyHashRead<R, C> {
|
||||
fn common_point(&mut self, point: C) -> io::Result<()> {
|
||||
let (x, y) = Option::from(point.get_xy()).ok_or(io::Error::new(
|
||||
io::ErrorKind::Other,
|
||||
"cannot write points at infinity to the transcript",
|
||||
))?;
|
||||
let (x, y) = Option::from(point.get_xy()).ok_or_else(|| {
|
||||
io::Error::new(
|
||||
io::ErrorKind::Other,
|
||||
"cannot write points at infinity to the transcript",
|
||||
)
|
||||
})?;
|
||||
self.base_state += &(x * &C::Base::ZETA);
|
||||
self.base_state = self.base_state.square();
|
||||
self.base_state += &(y * &C::Base::ZETA);
|
||||
|
@ -170,10 +173,12 @@ impl<W: Write, C: CurveAffine> TranscriptWrite<C> for DummyHashWrite<W, C> {
|
|||
|
||||
impl<W: Write, C: CurveAffine> Transcript<C> for DummyHashWrite<W, C> {
|
||||
fn common_point(&mut self, point: C) -> io::Result<()> {
|
||||
let (x, y) = Option::from(point.get_xy()).ok_or(io::Error::new(
|
||||
io::ErrorKind::Other,
|
||||
"cannot write points at infinity to the transcript",
|
||||
))?;
|
||||
let (x, y) = Option::from(point.get_xy()).ok_or_else(|| {
|
||||
io::Error::new(
|
||||
io::ErrorKind::Other,
|
||||
"cannot write points at infinity to the transcript",
|
||||
)
|
||||
})?;
|
||||
self.base_state += &(x * &C::Base::ZETA);
|
||||
self.base_state = self.base_state.square();
|
||||
self.base_state += &(y * &C::Base::ZETA);
|
||||
|
|
Loading…
Reference in New Issue