zec
/
halo2
mirror of https://github.com/zcash/halo2.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Modify commitment opening argument so that G element can be foux blinded to align with wire blinding in PLONK.

This commit is contained in:
Sean Bowe 2020-09-25 09:22:19 -06:00
parent 3db368b40e
commit 316a027784
No known key found for this signature in database
GPG Key ID: 95684257D8F8B031
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/poly/commitment/verifier.rs
View File

@ -33,6 +33,7 @@ impl<'a, C: CurveAffine> Guard<'a, C> {
pub fn use_challenges(mut self) -> MSM<'a, C> {
let s = compute_s(&self.challenges_sq, self.allinv * &self.neg_z1);
self.msm.add_to_g(&s);
self.msm.add_to_h(self.neg_z1);
self.msm
}
@ -53,7 +54,10 @@ impl<'a, C: CurveAffine> Guard<'a, C> {
/// Computes the g value when given a potential scalar as input.
pub fn compute_g(&self) -> C {
let s = compute_s(&self.challenges_sq, self.allinv);
best_multiexp(&s, &self.msm.params.g).to_affine()
let mut tmp = best_multiexp(&s, &self.msm.params.g);
tmp += self.msm.params.h;
tmp.to_affine()
}
}
@ -159,7 +163,7 @@ impl<C: CurveAffine> Proof<C> {
let c: C::Scalar = get_challenge_scalar(Challenge(c_packed));
// Check
// [c] P + [c * v] U + [c] sum(L_i * u_i^2) + [c] sum(R_i * u_i^-2) + delta - [z1] G - [z1 * b] U - [z2] H
// [c] P + [c * v] U + [c] sum(L_i * u_i^2) + [c] sum(R_i * u_i^-2) + delta - [z1] G - [z1 * b] U - [z1 - z2] H
// = 0
let b = compute_b(x, &challenges, &challenges_inv);
@ -184,8 +188,8 @@ impl<C: CurveAffine> Proof<C> {
// delta
msm.add_term(Field::one(), self.delta);
// - [z2] H
msm.add_to_h(-self.z2);
// - [z1 - z2] H
msm.add_to_h(self.z1 - &self.z2);
let guard = Guard {
msm,