mirror of https://github.com/zcash/halo2.git
Fix incorrect indexing into advice_cosets during proving.
This commit is contained in:
parent
e37d0c946b
commit
eff149e734
26
src/plonk.rs
26
src/plonk.rs
|
@ -107,6 +107,8 @@ fn test_proving() {
|
|||
a: AdviceWire,
|
||||
b: AdviceWire,
|
||||
c: AdviceWire,
|
||||
d: AdviceWire,
|
||||
e: AdviceWire,
|
||||
|
||||
sa: FixedWire,
|
||||
sb: FixedWire,
|
||||
|
@ -160,9 +162,15 @@ fn test_proving() {
|
|||
value = Some(f()?);
|
||||
Ok(value.ok_or(Error::SynthesisError)?.0)
|
||||
})?;
|
||||
self.cs.assign_advice(self.config.d, index, || {
|
||||
Ok(value.ok_or(Error::SynthesisError)?.0.square().square())
|
||||
})?;
|
||||
self.cs.assign_advice(self.config.b, index, || {
|
||||
Ok(value.ok_or(Error::SynthesisError)?.1)
|
||||
})?;
|
||||
self.cs.assign_advice(self.config.e, index, || {
|
||||
Ok(value.ok_or(Error::SynthesisError)?.1.square().square())
|
||||
})?;
|
||||
self.cs.assign_advice(self.config.c, index, || {
|
||||
Ok(value.ok_or(Error::SynthesisError)?.2)
|
||||
})?;
|
||||
|
@ -192,9 +200,15 @@ fn test_proving() {
|
|||
value = Some(f()?);
|
||||
Ok(value.ok_or(Error::SynthesisError)?.0)
|
||||
})?;
|
||||
self.cs.assign_advice(self.config.d, index, || {
|
||||
Ok(value.ok_or(Error::SynthesisError)?.0.square().square())
|
||||
})?;
|
||||
self.cs.assign_advice(self.config.b, index, || {
|
||||
Ok(value.ok_or(Error::SynthesisError)?.1)
|
||||
})?;
|
||||
self.cs.assign_advice(self.config.e, index, || {
|
||||
Ok(value.ok_or(Error::SynthesisError)?.1.square().square())
|
||||
})?;
|
||||
self.cs.assign_advice(self.config.c, index, || {
|
||||
Ok(value.ok_or(Error::SynthesisError)?.2)
|
||||
})?;
|
||||
|
@ -236,19 +250,25 @@ fn test_proving() {
|
|||
type Config = PLONKConfig;
|
||||
|
||||
fn configure(meta: &mut MetaCircuit<F>) -> PLONKConfig {
|
||||
let e = meta.advice_wire();
|
||||
let a = meta.advice_wire();
|
||||
let b = meta.advice_wire();
|
||||
let sf = meta.fixed_wire();
|
||||
let c = meta.advice_wire();
|
||||
let d = meta.advice_wire();
|
||||
|
||||
let perm = meta.permutation(&[a, b, c]);
|
||||
|
||||
let sm = meta.fixed_wire();
|
||||
let sa = meta.fixed_wire();
|
||||
let sb = meta.fixed_wire();
|
||||
let sc = meta.fixed_wire();
|
||||
let sm = meta.fixed_wire();
|
||||
|
||||
meta.create_gate(|meta| {
|
||||
let d = meta.query_advice(d, 1);
|
||||
let a = meta.query_advice(a, 0);
|
||||
let sf = meta.query_fixed(sf, 0);
|
||||
let e = meta.query_advice(e, -1);
|
||||
let b = meta.query_advice(b, 0);
|
||||
let c = meta.query_advice(c, 0);
|
||||
|
||||
|
@ -257,13 +277,15 @@ fn test_proving() {
|
|||
let sc = meta.query_fixed(sc, 0);
|
||||
let sm = meta.query_fixed(sm, 0);
|
||||
|
||||
a.clone() * sa + b.clone() * sb + a * b * sm + (c * sc * (-F::one()))
|
||||
a.clone() * sa + b.clone() * sb + a * b * sm + (c * sc * (-F::one())) + sf * (d * e)
|
||||
});
|
||||
|
||||
PLONKConfig {
|
||||
a,
|
||||
b,
|
||||
c,
|
||||
d,
|
||||
e,
|
||||
sa,
|
||||
sb,
|
||||
sc,
|
||||
|
|
|
@ -319,7 +319,7 @@ impl<C: CurveAffine> Proof<C> {
|
|||
}
|
||||
|
||||
// z(X) \prod (p(X) + \beta s_i(X) + \gamma) - z(omega^{-1} X) \prod (p(X) + \delta^i \beta X + \gamma)
|
||||
for (permutation_index, wires) in srs.meta.permutations.iter().enumerate() {
|
||||
for (permutation_index, wires) in srs.meta.permutation_queries.iter().enumerate() {
|
||||
parallelize(&mut h_poly, |a, _| {
|
||||
for a in a.iter_mut() {
|
||||
*a *= &x_2;
|
||||
|
@ -329,7 +329,7 @@ impl<C: CurveAffine> Proof<C> {
|
|||
let mut left = permutation_product_cosets[permutation_index].clone();
|
||||
for (advice, permutation) in wires
|
||||
.iter()
|
||||
.map(|&wire_index| &advice_cosets[wire_index.0])
|
||||
.map(|&wire| &advice_cosets[wire])
|
||||
.zip(srs.permutation_cosets[permutation_index].iter())
|
||||
{
|
||||
parallelize(&mut left, |left, start| {
|
||||
|
@ -346,7 +346,7 @@ impl<C: CurveAffine> Proof<C> {
|
|||
let mut right = permutation_product_cosets_inv[permutation_index].clone();
|
||||
let mut current_delta = x_0 * &C::Scalar::ZETA;
|
||||
let step = domain.get_extended_omega();
|
||||
for advice in wires.iter().map(|&wire_index| &advice_cosets[wire_index.0]) {
|
||||
for advice in wires.iter().map(|&wire| &advice_cosets[wire]) {
|
||||
parallelize(&mut right, move |right, start| {
|
||||
let mut beta_term = current_delta * &step.pow_vartime(&[start as u64, 0, 0, 0]);
|
||||
for (right, advice) in right.iter_mut().zip(advice[start..].iter()) {
|
||||
|
|
Loading…
Reference in New Issue