zec
/
pasta_curves
mirror of https://github.com/zcash/pasta_curves.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Cleanups from code review 

Co-authored-by: Kris Nuttycombe <kris.nuttycombe@gmail.com>
Co-authored-by: Sean Bowe <ewillbefull@gmail.com>
This commit is contained in:
therealyingtong 2021-01-26 15:23:29 +08:00
parent de86391f0e
commit a00d7c2fa6
2 changed files with 140 additions and 196 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

177
src/plonk/prover.rs
View File

@ -34,13 +34,13 @@ pub fn create_proof<C: CurveAffine, T: TranscriptWrite<C>, ConcreteCircuit: Circ
let mut meta = ConstraintSystem::default();
let config = ConcreteCircuit::configure(&mut meta);
struct AuxSingle<C: CurveAffine> {
pub aux_values: Vec<Polynomial<C::Scalar, LagrangeCoeff>>,
struct AuxSingle<'a, C: CurveAffine> {
pub aux_values: &'a [Polynomial<C::Scalar, LagrangeCoeff>],
pub aux_polys: Vec<Polynomial<C::Scalar, Coeff>>,
pub aux_cosets: Vec<Polynomial<C::Scalar, ExtendedLagrangeCoeff>>,
}
let aux_vec: Result<Vec<_>, _> = auxs
let aux_vec: Vec<AuxSingle<C>> = auxs
.iter()
.map(|aux| -> Result<AuxSingle<C>, Error> {
let aux_commitments_projective: Vec<_> = aux
@ -77,17 +77,12 @@ pub fn create_proof<C: CurveAffine, T: TranscriptWrite<C>, ConcreteCircuit: Circ
.collect();
Ok(AuxSingle {
aux_values: aux.to_vec(),
aux_values: *aux,
aux_polys,
aux_cosets,
})
})
.collect();
let aux_vec = match aux_vec {
Ok(aux_vec) => aux_vec,
Err(err) => return Err(err),
};
.collect::<Result<Vec<_>, _>>()?;
struct AdviceSingle<C: CurveAffine> {
pub advice_values: Vec<Polynomial<C::Scalar, LagrangeCoeff>>,
@ -96,7 +91,7 @@ pub fn create_proof<C: CurveAffine, T: TranscriptWrite<C>, ConcreteCircuit: Circ
pub advice_blinds: Vec<Blind<C::Scalar>>,
}
let advice_vec: Result<Vec<_>, _> = circuits
let advice_vec: Vec<AdviceSingle<C>> = circuits
.iter()
.map(|circuit| -> Result<AdviceSingle<C>, Error> {
struct WitnessCollection<F: Field> {
@ -202,50 +197,38 @@ pub fn create_proof<C: CurveAffine, T: TranscriptWrite<C>, ConcreteCircuit: Circ
advice_blinds,
})
})
.collect();
let advice_vec = match advice_vec {
Ok(advice_vec) => advice_vec,
Err(err) => return Err(err),
};
.collect::<Result<Vec<_>, _>>()?;
// Sample theta challenge for keeping lookup columns linearly independent
let theta = ChallengeTheta::get(transcript);
let lookups_vec: Result<Vec<Vec<_>>, _> = aux_vec
let lookups_vec: Vec<Vec<lookup::prover::Permuted<'_, C>>> = aux_vec
.iter()
.zip(advice_vec.iter())
.map(
|(aux, advice)| -> Result<Vec<lookup::prover::Permuted<'_, C>>, Error> {
// Construct and commit to permuted values for each lookup
pk.vk
.cs
.lookups
.iter()
.map(|lookup| {
lookup.commit_permuted(
&pk,
&params,
&domain,
theta,
&advice.advice_values,
&pk.fixed_values,
&aux.aux_values,
&advice.advice_cosets,
&pk.fixed_cosets,
&aux.aux_cosets,
transcript,
)
})
.collect()
},
)
.collect();
let lookups_vec = match lookups_vec {
Ok(lookups_vec) => lookups_vec,
Err(err) => return Err(err),
};
.map(|(aux, advice)| -> Result<Vec<_>, Error> {
// Construct and commit to permuted values for each lookup
pk.vk
.cs
.lookups
.iter()
.map(|lookup| {
lookup.commit_permuted(
&pk,
&params,
&domain,
theta,
&advice.advice_values,
&pk.fixed_values,
&aux.aux_values,
&advice.advice_cosets,
&pk.fixed_cosets,
&aux.aux_cosets,
transcript,
)
})
.collect()
})
.collect::<Result<Vec<_>, _>>()?;
// Sample beta challenge
let beta = ChallengeBeta::get(transcript);
@ -253,38 +236,31 @@ pub fn create_proof<C: CurveAffine, T: TranscriptWrite<C>, ConcreteCircuit: Circ
// Sample gamma challenge
let gamma = ChallengeGamma::get(transcript);
let permutations_vec: Result<Vec<Vec<_>>, _> = advice_vec
let permutations_vec: Vec<Vec<permutation::prover::Committed<C>>> = advice_vec
.iter()
.map(
|advice| -> Result<Vec<permutation::prover::Committed<C>>, Error> {
// Commit to permutations, if any.
pk.vk
.cs
.permutations
.iter()
.zip(pk.permutations.iter())
.map(|(p, pkey)| {
p.commit(
params,
pk,
pkey,
&advice.advice_values,
beta,
gamma,
transcript,
)
})
.collect()
},
)
.collect();
.map(|advice| -> Result<Vec<_>, Error> {
// Commit to permutations, if any.
pk.vk
.cs
.permutations
.iter()
.zip(pk.permutations.iter())
.map(|(p, pkey)| {
p.commit(
params,
pk,
pkey,
&advice.advice_values,
beta,
gamma,
transcript,
)
})
.collect()
})
.collect::<Result<Vec<_>, _>>()?;
let permutations_vec = match permutations_vec {
Ok(permutations_vec) => permutations_vec,
Err(err) => return Err(err),
};
let lookups_vec: Result<Vec<Vec<lookup::prover::Committed<'_, C>>>, _> = lookups_vec
let lookups_vec: Vec<Vec<lookup::prover::Committed<'_, C>>> = lookups_vec
.into_iter()
.map(|lookups| -> Result<Vec<_>, _> {
// Construct and commit to products for each lookup
@ -293,12 +269,7 @@ pub fn create_proof<C: CurveAffine, T: TranscriptWrite<C>, ConcreteCircuit: Circ
.map(|lookup| lookup.commit_product(&pk, &params, theta, beta, gamma, transcript))
.collect::<Result<Vec<_>, _>>()
})
.collect();
let lookups_vec = match lookups_vec {
Ok(lookups_vec) => lookups_vec,
Err(err) => return Err(err),
};
.collect::<Result<Vec<_>, _>>()?;
// Obtain challenge for keeping all separate gates linearly independent
let y = ChallengeY::get(transcript);
@ -308,6 +279,7 @@ pub fn create_proof<C: CurveAffine, T: TranscriptWrite<C>, ConcreteCircuit: Circ
.into_iter()
.zip(advice_vec.iter())
.map(|(permutations, advice)| {
// Evaluate the h(X) polynomial's constraint system expressions for the permutation constraints, if any.
let tmp: Vec<_> = permutations
.into_iter()
.zip(pk.vk.cs.permutations.iter())
@ -362,9 +334,7 @@ pub fn create_proof<C: CurveAffine, T: TranscriptWrite<C>, ConcreteCircuit: Circ
// Lookup constraints, if any.
.chain(lookup_expressions.into_iter().flatten())
},
)
.collect::<Vec<_>>()
.into_iter();
);
// Construct the vanishing argument
let vanishing = vanishing::Argument::construct(params, domain, expressions, y, transcript)?;
@ -431,7 +401,7 @@ pub fn create_proof<C: CurveAffine, T: TranscriptWrite<C>, ConcreteCircuit: Circ
let vanishing = vanishing.evaluate(x, transcript)?;
// Evaluate the permutations, if any, at omega^i x.
let permutations_vec: Result<Vec<Vec<permutation::prover::Evaluated<C>>>, _> = permutations_vec
let permutations_vec: Vec<Vec<permutation::prover::Evaluated<C>>> = permutations_vec
.into_iter()
.map(|permutations| -> Result<Vec<_>, _> {
permutations
@ -440,15 +410,10 @@ pub fn create_proof<C: CurveAffine, T: TranscriptWrite<C>, ConcreteCircuit: Circ
.map(|(p, pkey)| p.evaluate(pk, pkey, x, transcript))
.collect::<Result<Vec<_>, _>>()
})
.collect();
let permutations_vec = match permutations_vec {
Ok(permutations_vec) => permutations_vec,
Err(err) => return Err(err),
};
.collect::<Result<Vec<_>, _>>()?;
// Evaluate the lookups, if any, at omega^i x.
let lookups_vec: Result<Vec<Vec<lookup::prover::Evaluated<C>>>, _> = lookups_vec
let lookups_vec: Vec<Vec<lookup::prover::Evaluated<C>>> = lookups_vec
.into_iter()
.map(|lookups| -> Result<Vec<_>, _> {
lookups
@ -456,12 +421,7 @@ pub fn create_proof<C: CurveAffine, T: TranscriptWrite<C>, ConcreteCircuit: Circ
.map(|p| p.evaluate(pk, x, transcript))
.collect::<Result<Vec<_>, _>>()
})
.collect();
let lookups_vec = match lookups_vec {
Ok(lookups_vec) => lookups_vec,
Err(err) => return Err(err),
};
.collect::<Result<Vec<_>, _>>()?;
let instances = aux_vec
.iter()
@ -496,17 +456,10 @@ pub fn create_proof<C: CurveAffine, T: TranscriptWrite<C>, ConcreteCircuit: Circ
permutations
.iter()
.zip(pk.permutations.iter())
.map(move |(p, pkey)| p.open(pk, pkey, x))
.into_iter()
.flatten(),
)
.chain(
lookups
.iter()
.map(move |p| p.open(pk, x))
.into_iter()
.flatten(),
.flat_map(move |(p, pkey)| p.open(pk, pkey, x))
.into_iter(),
)
.chain(lookups.iter().flat_map(move |p| p.open(pk, x)).into_iter())
})
.collect::<Vec<_>>()
.into_iter()

159
src/plonk/verifier.rs
View File

@ -38,28 +38,26 @@ pub fn verify_proof<'a, C: CurveAffine, T: TranscriptRead<C>>(
}
}
let mut advice_commitments_vec = Vec::with_capacity(num_proofs);
for _ in 0..num_proofs {
// Hash the prover's advice commitments into the transcript
let advice_commitments = read_n_points(transcript, vk.cs.num_advice_columns)
.map_err(|_| Error::TranscriptError)?;
advice_commitments_vec.push(advice_commitments);
}
let advice_commitments_vec = (0..num_proofs)
.map(|_| -> Result<Vec<_>, _> {
// Hash the prover's advice commitments into the transcript
read_n_points(transcript, vk.cs.num_advice_columns).map_err(|_| Error::TranscriptError)
})
.collect::<Result<Vec<_>, _>>()?;
// Sample theta challenge for keeping lookup columns linearly independent
let theta = ChallengeTheta::get(transcript);
let mut lookups_permuted_vec = Vec::with_capacity(num_proofs);
for _ in 0..num_proofs {
// Hash each lookup permuted commitment
let lookups = vk
.cs
.lookups
.iter()
.map(|argument| argument.read_permuted_commitments(transcript))
.collect::<Result<Vec<_>, _>>()?;
lookups_permuted_vec.push(lookups);
}
let lookups_permuted_vec = (0..num_proofs)
.map(|_| -> Result<Vec<_>, _> {
// Hash each lookup permuted commitment
vk.cs
.lookups
.iter()
.map(|argument| argument.read_permuted_commitments(transcript))
.collect::<Result<Vec<_>, _>>()
})
.collect::<Result<Vec<_>, _>>()?;
// Sample beta challenge
let beta = ChallengeBeta::get(transcript);
@ -67,27 +65,27 @@ pub fn verify_proof<'a, C: CurveAffine, T: TranscriptRead<C>>(
// Sample gamma challenge
let gamma = ChallengeGamma::get(transcript);
let mut permutations_committed_vec = Vec::with_capacity(num_proofs);
for _ in 0..num_proofs {
// Hash each permutation product commitment
let permutations = vk
.cs
.permutations
.iter()
.map(|argument| argument.read_product_commitment(transcript))
.collect::<Result<Vec<_>, _>>()?;
permutations_committed_vec.push(permutations);
}
let permutations_committed_vec = (0..num_proofs)
.map(|_| -> Result<Vec<_>, _> {
// Hash each permutation product commitment
vk.cs
.permutations
.iter()
.map(|argument| argument.read_product_commitment(transcript))
.collect::<Result<Vec<_>, _>>()
})
.collect::<Result<Vec<_>, _>>()?;
let mut lookups_committed_vec = Vec::with_capacity(num_proofs);
for lookups in lookups_permuted_vec.into_iter() {
// Hash each lookup product commitment
let lookups = lookups
.into_iter()
.map(|lookup| lookup.read_product_commitment(transcript))
.collect::<Result<Vec<_>, _>>()?;
lookups_committed_vec.push(lookups);
}
let lookups_committed_vec = lookups_permuted_vec
.into_iter()
.map(|lookups| {
// Hash each lookup product commitment
lookups
.into_iter()
.map(|lookup| lookup.read_product_commitment(transcript))
.collect::<Result<Vec<_>, _>>()
})
.collect::<Result<Vec<_>, _>>()?;
// Sample y challenge, which keeps the gates linearly independent.
let y = ChallengeY::get(transcript);
@ -98,43 +96,44 @@ pub fn verify_proof<'a, C: CurveAffine, T: TranscriptRead<C>>(
// satisfied with high probability.
let x = ChallengeX::get(transcript);
let mut aux_evals_vec = Vec::with_capacity(num_proofs);
for _ in 0..num_proofs {
let aux_evals = read_n_scalars(transcript, vk.cs.aux_queries.len())
.map_err(|_| Error::TranscriptError)?;
aux_evals_vec.push(aux_evals);
}
let aux_evals_vec = (0..num_proofs)
.map(|_| -> Result<Vec<_>, _> {
read_n_scalars(transcript, vk.cs.aux_queries.len()).map_err(|_| Error::TranscriptError)
})
.collect::<Result<Vec<_>, _>>()?;
let mut advice_evals_vec = Vec::with_capacity(num_proofs);
for _ in 0..num_proofs {
let advice_evals = read_n_scalars(transcript, vk.cs.advice_queries.len())
.map_err(|_| Error::TranscriptError)?;
advice_evals_vec.push(advice_evals);
}
let advice_evals_vec = (0..num_proofs)
.map(|_| -> Result<Vec<_>, _> {
read_n_scalars(transcript, vk.cs.advice_queries.len())
.map_err(|_| Error::TranscriptError)
})
.collect::<Result<Vec<_>, _>>()?;
let fixed_evals = read_n_scalars(transcript, vk.cs.fixed_queries.len())
.map_err(|_| Error::TranscriptError)?;
let vanishing = vanishing.evaluate(transcript)?;
let mut permutations_evaluated_vec = Vec::with_capacity(num_proofs);
for permutations in permutations_committed_vec.into_iter() {
let permutations = permutations
.into_iter()
.zip(vk.permutations.iter())
.map(|(permutation, vkey)| permutation.evaluate(vkey, transcript))
.collect::<Result<Vec<_>, _>>()?;
permutations_evaluated_vec.push(permutations);
}
let permutations_evaluated_vec = permutations_committed_vec
.into_iter()
.map(|permutations| -> Result<Vec<_>, _> {
permutations
.into_iter()
.zip(vk.permutations.iter())
.map(|(permutation, vkey)| permutation.evaluate(vkey, transcript))
.collect::<Result<Vec<_>, _>>()
})
.collect::<Result<Vec<_>, _>>()?;
let mut lookups_evaluated_vec = Vec::with_capacity(num_proofs);
for lookups in lookups_committed_vec.into_iter() {
let lookups = lookups
.into_iter()
.map(|lookup| lookup.evaluate(transcript))
.collect::<Result<Vec<_>, _>>()?;
lookups_evaluated_vec.push(lookups);
}
let lookups_evaluated_vec = lookups_committed_vec
.into_iter()
.map(|lookups| -> Result<Vec<_>, _> {
lookups
.into_iter()
.map(|lookup| lookup.evaluate(transcript))
.collect::<Result<Vec<_>, _>>()
})
.collect::<Result<Vec<_>, _>>()?;
// This check ensures the circuit is satisfied so long as the polynomial
// commitments open to the correct values.
@ -174,17 +173,16 @@ pub fn verify_proof<'a, C: CurveAffine, T: TranscriptRead<C>>(
permutations
.iter()
.zip(vk.cs.permutations.iter())
.map(move |(p, argument)| {
.flat_map(move |(p, argument)| {
p.expressions(vk, argument, &advice_evals, l_0, beta, gamma, x)
})
.into_iter()
.flatten(),
.into_iter(),
)
.chain(
lookups
.iter()
.zip(vk.cs.lookups.iter())
.map(move |(p, argument)| {
.flat_map(move |(p, argument)| {
p.expressions(
vk,
l_0,
@ -197,12 +195,9 @@ pub fn verify_proof<'a, C: CurveAffine, T: TranscriptRead<C>>(
&aux_evals,
)
})
.into_iter()
.flatten(),
.into_iter(),
)
})
.collect::<Vec<_>>()
.into_iter();
});
vanishing.verify(expressions, y, xn)?;
}
@ -238,21 +233,17 @@ pub fn verify_proof<'a, C: CurveAffine, T: TranscriptRead<C>>(
permutations
.iter()
.zip(vk.permutations.iter())
.map(move |(p, vkey)| p.queries(vk, vkey, x))
.into_iter()
.flatten(),
.flat_map(move |(p, vkey)| p.queries(vk, vkey, x))
.into_iter(),
)
.chain(
lookups
.iter()
.map(move |p| p.queries(vk, x))
.into_iter()
.flatten(),
.flat_map(move |p| p.queries(vk, x))
.into_iter(),
)
},
)
.collect::<Vec<_>>()
.into_iter()
.chain(
vk.cs
.fixed_queries