Made Prio3Sum circuit output bits-many elements

divviup · Nov 6, 2024 · bbccd32 · bbccd32
1 parent fde058f
commit bbccd32
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 33 deletions.
diff --git a/src/flp.rs b/src/flp.rs
@@ -480,8 +480,9 @@ pub trait Type: Sized + Eq + Clone + Debug {
                 .zip(query_rand_for_validity)
                 .fold(Self::Field::zero(), |acc, (&val, &r)| acc + r * val)
         } else {
-            // If `valid()` outputs one field element, just use that.
-            validity[0]
+            // If `valid()` outputs one field element, just use that. If it outputs none, then it is
+            // trivially satisfied, so use 0
+            validity.first().cloned().unwrap_or(Self::Field::zero())
         };
         verifier.push(check);
 

diff --git a/src/flp/types.rs b/src/flp/types.rs
@@ -173,7 +173,8 @@ impl<F: FftFriendlyFieldElement> Type for Sum<F> {
         _num_shares: usize,
     ) -> Result<Vec<F>, FlpError> {
         self.valid_call_check(input, joint_rand)?;
-        call_gadget_on_vec_entries(&mut g[0], input, joint_rand[0]).map(|out| vec![out])
+        let gadget = &mut g[0];
+        input.iter().map(|&b| gadget.call(&[b])).collect()
     }
 
     fn truncate(&self, input: Vec<F>) -> Result<Vec<F>, FlpError> {
@@ -199,11 +200,11 @@ impl<F: FftFriendlyFieldElement> Type for Sum<F> {
     }
 
     fn joint_rand_len(&self) -> usize {
-        1
+        0
     }
 
     fn eval_output_len(&self) -> usize {
-        1
+        self.bits
     }
 
     fn prove_rand_len(&self) -> usize {
@@ -872,27 +873,6 @@ where
     }
 }
 
-/// Compute a random linear combination of the result of calls of `g` on each element of `input`.
-///
-/// # Arguments
-///
-/// * `g` - The gadget to be applied elementwise
-/// * `input` - The vector on whose elements to apply `g`
-/// * `rnd` - The randomness used for the linear combination
-pub(crate) fn call_gadget_on_vec_entries<F: FftFriendlyFieldElement>(
-    g: &mut Box<dyn Gadget<F>>,
-    input: &[F],
-    rnd: F,
-) -> Result<F, FlpError> {
-    let mut comb = F::zero();
-    let mut r = rnd;
-    for chunk in input.chunks(1) {
-        comb += r * g.call(chunk)?;
-        r *= rnd;
-    }
-    Ok(comb)
-}
-
 /// Given a vector `data` of field elements which should contain exactly one entry, return the
 /// integer representation of that entry.
 pub(crate) fn decode_result<F: FftFriendlyFieldElement>(

diff --git a/src/vdaf/prio3.rs b/src/vdaf/prio3.rs
@@ -1664,11 +1664,6 @@ mod tests {
         thread_rng().fill(&mut verify_key[..]);
         let nonce = [0; 16];
 
-        let (public_share, mut input_shares) = prio3.shard(&1, &nonce).unwrap();
-        input_shares[0].joint_rand_blind.as_mut().unwrap().0[0] ^= 255;
-        let result = run_vdaf_prepare(&prio3, &verify_key, &(), &nonce, public_share, input_shares);
-        assert_matches!(result, Err(VdafError::Uncategorized(_)));
-
         let (public_share, mut input_shares) = prio3.shard(&1, &nonce).unwrap();
         assert_matches!(input_shares[0].measurement_share, Share::Leader(ref mut data) => {
             data[0] += Field128::one();
@@ -2007,8 +2002,6 @@ mod tests {
                     {
                         assert_ne!(left, right);
                     }
-
-                    assert_ne!(x.joint_rand_blind, y.joint_rand_blind);
                 }
             }
         }