mirror of https://github.com/zcash/halo2.git
tmp: don't query instance but build the evaluation directly
This commit is contained in:
han0110
parent
a9e99a72a6
commit
e54dedbe3f
|
|
@ -88,27 +88,28 @@ pub fn create_proof<
|
|||
return Err(Error::InstanceTooLarge);
|
||||
}
|
||||
for (poly, value) in poly.iter_mut().zip(values.iter()) {
|
||||
transcript.common_scalar(*value)?;
|
||||
*poly = *value;
|
||||
}
|
||||
Ok(poly)
|
||||
})
|
||||
.collect::<Result<Vec<_>, _>>()?;
|
||||
let instance_commitments_projective: Vec<_> = instance_values
|
||||
.iter()
|
||||
.map(|poly| params.commit_lagrange(poly, Blind::default()))
|
||||
.collect();
|
||||
let mut instance_commitments =
|
||||
vec![Scheme::Curve::identity(); instance_commitments_projective.len()];
|
||||
<Scheme::Curve as CurveAffine>::CurveExt::batch_normalize(
|
||||
&instance_commitments_projective,
|
||||
&mut instance_commitments,
|
||||
);
|
||||
let instance_commitments = instance_commitments;
|
||||
drop(instance_commitments_projective);
|
||||
// let instance_commitments_projective: Vec<_> = instance_values
|
||||
// .iter()
|
||||
// .map(|poly| params.commit_lagrange(poly, Blind::default()))
|
||||
// .collect();
|
||||
// let mut instance_commitments =
|
||||
// vec![Scheme::Curve::identity(); instance_commitments_projective.len()];
|
||||
// <Scheme::Curve as CurveAffine>::CurveExt::batch_normalize(
|
||||
// &instance_commitments_projective,
|
||||
// &mut instance_commitments,
|
||||
// );
|
||||
// let instance_commitments = instance_commitments;
|
||||
// drop(instance_commitments_projective);
|
||||
|
||||
for commitment in &instance_commitments {
|
||||
transcript.common_point(*commitment)?;
|
||||
}
|
||||
// for commitment in &instance_commitments {
|
||||
// transcript.common_point(*commitment)?;
|
||||
// }
|
||||
|
||||
let instance_polys: Vec<_> = instance_values
|
||||
.iter()
|
||||
|
|
@ -505,24 +506,24 @@ pub fn create_proof<
|
|||
let xn = x.pow(&[params.n() as u64, 0, 0, 0]);
|
||||
|
||||
// Compute and hash instance evals for each circuit instance
|
||||
for instance in instance.iter() {
|
||||
// Evaluate polynomials at omega^i x
|
||||
let instance_evals: Vec<_> = meta
|
||||
.instance_queries
|
||||
.iter()
|
||||
.map(|&(column, at)| {
|
||||
eval_polynomial(
|
||||
&instance.instance_polys[column.index()],
|
||||
domain.rotate_omega(*x, at),
|
||||
)
|
||||
})
|
||||
.collect();
|
||||
// for instance in instance.iter() {
|
||||
// // Evaluate polynomials at omega^i x
|
||||
// let instance_evals: Vec<_> = meta
|
||||
// .instance_queries
|
||||
// .iter()
|
||||
// .map(|&(column, at)| {
|
||||
// eval_polynomial(
|
||||
// &instance.instance_polys[column.index()],
|
||||
// domain.rotate_omega(*x, at),
|
||||
// )
|
||||
// })
|
||||
// .collect();
|
||||
|
||||
// Hash each instance column evaluation
|
||||
for eval in instance_evals.iter() {
|
||||
transcript.write_scalar(*eval)?;
|
||||
}
|
||||
}
|
||||
// // Hash each instance column evaluation
|
||||
// for eval in instance_evals.iter() {
|
||||
// transcript.write_scalar(*eval)?;
|
||||
// }
|
||||
// }
|
||||
|
||||
// Compute and hash advice evals for each circuit instance
|
||||
for advice in advice.iter() {
|
||||
|
|
@ -580,24 +581,27 @@ pub fn create_proof<
|
|||
})
|
||||
.collect::<Result<Vec<_>, _>>()?;
|
||||
|
||||
let instances = instance
|
||||
// let instances = instance
|
||||
// .iter()
|
||||
// .zip(advice.iter())
|
||||
let instances = advice
|
||||
.iter()
|
||||
.zip(advice.iter())
|
||||
.zip(permutations.iter())
|
||||
.zip(lookups.iter())
|
||||
.flat_map(|(((instance, advice), permutation), lookups)| {
|
||||
// .flat_map(|(((instance, advice), permutation), lookups)| {
|
||||
.flat_map(|((advice, permutation), lookups)| {
|
||||
iter::empty()
|
||||
.chain(
|
||||
pk.vk
|
||||
.cs
|
||||
.instance_queries
|
||||
.iter()
|
||||
.map(move |&(column, at)| ProverQuery {
|
||||
point: domain.rotate_omega(*x, at),
|
||||
poly: &instance.instance_polys[column.index()],
|
||||
blind: Blind::default(),
|
||||
}),
|
||||
)
|
||||
// .chain(
|
||||
// pk.vk
|
||||
// .cs
|
||||
// .instance_queries
|
||||
// .iter()
|
||||
// .map(move |&(column, at)| ProverQuery {
|
||||
// point: domain.rotate_omega(*x, at),
|
||||
// poly: &instance.instance_polys[column.index()],
|
||||
// blind: Blind::default(),
|
||||
// }),
|
||||
// )
|
||||
.chain(
|
||||
pk.vk
|
||||
.cs
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ use super::{
|
|||
vanishing, ChallengeBeta, ChallengeGamma, ChallengeTheta, ChallengeX, ChallengeY, Error,
|
||||
VerifyingKey,
|
||||
};
|
||||
use crate::arithmetic::{CurveAffine, FieldExt};
|
||||
use crate::arithmetic::{compute_inner_product, CurveAffine, FieldExt};
|
||||
use crate::poly::commitment::{CommitmentScheme, Verifier};
|
||||
use crate::poly::VerificationStrategy;
|
||||
use crate::poly::{
|
||||
|
|
@ -45,34 +45,42 @@ pub fn verify_proof<
|
|||
}
|
||||
}
|
||||
|
||||
let instance_commitments = instances
|
||||
.iter()
|
||||
.map(|instance| {
|
||||
instance
|
||||
.iter()
|
||||
.map(|instance| {
|
||||
if instance.len() > params.n() as usize - (vk.cs.blinding_factors() + 1) {
|
||||
return Err(Error::InstanceTooLarge);
|
||||
}
|
||||
let mut poly = instance.to_vec();
|
||||
poly.resize(params.n() as usize, Scheme::Scalar::zero());
|
||||
let poly = vk.domain.lagrange_from_vec(poly);
|
||||
// let instance_commitments = instances
|
||||
// .iter()
|
||||
// .map(|instance| {
|
||||
// instance
|
||||
// .iter()
|
||||
// .map(|instance| {
|
||||
// if instance.len() > params.n() as usize - (vk.cs.blinding_factors() + 1) {
|
||||
// return Err(Error::InstanceTooLarge);
|
||||
// }
|
||||
// let mut poly = instance.to_vec();
|
||||
// poly.resize(params.n() as usize, Scheme::Scalar::zero());
|
||||
// let poly = vk.domain.lagrange_from_vec(poly);
|
||||
|
||||
Ok(params.commit_lagrange(&poly, Blind::default()).to_affine())
|
||||
})
|
||||
.collect::<Result<Vec<_>, _>>()
|
||||
})
|
||||
.collect::<Result<Vec<_>, _>>()?;
|
||||
// Ok(params.commit_lagrange(&poly, Blind::default()).to_affine())
|
||||
// })
|
||||
// .collect::<Result<Vec<_>, _>>()
|
||||
// })
|
||||
// .collect::<Result<Vec<_>, _>>()?;
|
||||
|
||||
let num_proofs = instance_commitments.len();
|
||||
let num_proofs = instances.len();
|
||||
|
||||
// Hash verification key into transcript
|
||||
vk.hash_into(transcript)?;
|
||||
|
||||
for instance_commitments in instance_commitments.iter() {
|
||||
// Hash the instance (external) commitments into the transcript
|
||||
for commitment in instance_commitments {
|
||||
transcript.common_point(*commitment)?
|
||||
// for instance_commitments in instance_commitments.iter() {
|
||||
// // Hash the instance (external) commitments into the transcript
|
||||
// for commitment in instance_commitments {
|
||||
// transcript.common_point(*commitment)?
|
||||
// }
|
||||
// }
|
||||
|
||||
for instance in instances.iter() {
|
||||
for instance in instance.iter() {
|
||||
for value in instance.iter() {
|
||||
transcript.common_scalar(*value)?;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -153,9 +161,30 @@ pub fn verify_proof<
|
|||
// Sample x challenge, which is used to ensure the circuit is
|
||||
// satisfied with high probability.
|
||||
let x: ChallengeX<_> = transcript.squeeze_challenge_scalar();
|
||||
let instance_evals = (0..num_proofs)
|
||||
.map(|_| -> Result<Vec<_>, _> { read_n_scalars(transcript, vk.cs.instance_queries.len()) })
|
||||
.collect::<Result<Vec<_>, _>>()?;
|
||||
// let instance_evals = (0..num_proofs)
|
||||
// .map(|_| -> Result<Vec<_>, _> { read_n_scalars(transcript, vk.cs.instance_queries.len()) })
|
||||
// .collect::<Result<Vec<_>, _>>()?;
|
||||
let instance_evals = {
|
||||
let xn = x.pow(&[params.n() as u64, 0, 0, 0]);
|
||||
let l_i_s = &vk.domain.l_i_range(
|
||||
*x,
|
||||
xn,
|
||||
0..instances
|
||||
.iter()
|
||||
.flat_map(|instance| instance.iter().map(|instance| instance.len()))
|
||||
.max_by(Ord::cmp)
|
||||
.unwrap_or_default() as i32,
|
||||
);
|
||||
instances
|
||||
.iter()
|
||||
.map(|instance| {
|
||||
instance
|
||||
.iter()
|
||||
.map(|instance| compute_inner_product(instance, &l_i_s[..instance.len()]))
|
||||
.collect::<Vec<_>>()
|
||||
})
|
||||
.collect::<Vec<_>>()
|
||||
};
|
||||
|
||||
let advice_evals = (0..num_proofs)
|
||||
.map(|_| -> Result<Vec<_>, _> { read_n_scalars(transcript, vk.cs.advice_queries.len()) })
|
||||
|
|
@ -266,31 +295,35 @@ pub fn verify_proof<
|
|||
vanishing.verify(params, expressions, y, xn)
|
||||
};
|
||||
|
||||
let queries = instance_commitments
|
||||
// let queries = instance_commitments
|
||||
// .iter()
|
||||
// .zip(instance_evals.iter())
|
||||
// .zip(advice_commitments.iter())
|
||||
let queries = advice_commitments
|
||||
.iter()
|
||||
.zip(instance_evals.iter())
|
||||
.zip(advice_commitments.iter())
|
||||
.zip(advice_evals.iter())
|
||||
.zip(permutations_evaluated.iter())
|
||||
.zip(lookups_evaluated.iter())
|
||||
// .flat_map(
|
||||
// |(
|
||||
// (
|
||||
// (((instance_commitments, instance_evals), advice_commitments), advice_evals),
|
||||
// permutation,
|
||||
// ),
|
||||
// lookups,
|
||||
// )| {
|
||||
.flat_map(
|
||||
|(
|
||||
(
|
||||
(((instance_commitments, instance_evals), advice_commitments), advice_evals),
|
||||
permutation,
|
||||
),
|
||||
lookups,
|
||||
)| {
|
||||
|(((advice_commitments, advice_evals), permutation), lookups)| {
|
||||
iter::empty()
|
||||
.chain(vk.cs.instance_queries.iter().enumerate().map(
|
||||
move |(query_index, &(column, at))| {
|
||||
VerifierQuery::new_commitment(
|
||||
&instance_commitments[column.index()],
|
||||
vk.domain.rotate_omega(*x, at),
|
||||
instance_evals[query_index],
|
||||
)
|
||||
},
|
||||
))
|
||||
// .chain(vk.cs.instance_queries.iter().enumerate().map(
|
||||
// move |(query_index, &(column, at))| {
|
||||
// VerifierQuery::new_commitment(
|
||||
// &instance_commitments[column.index()],
|
||||
// vk.domain.rotate_omega(*x, at),
|
||||
// instance_evals[query_index],
|
||||
// )
|
||||
// },
|
||||
// ))
|
||||
.chain(vk.cs.advice_queries.iter().enumerate().map(
|
||||
move |(query_index, &(column, at))| {
|
||||
VerifierQuery::new_commitment(
|
||||
|
|
|
|||
Loading…
Reference in New Issue