Skip to content

Commit

Permalink
Update verifier to match the last Plonk paper
Browse files Browse the repository at this point in the history
  • Loading branch information
xevisalle committed Jul 7, 2024
1 parent 31fb677 commit 7b40f21
Show file tree
Hide file tree
Showing 6 changed files with 166 additions and 96 deletions.
27 changes: 12 additions & 15 deletions src/commitment_scheme/kzg10/key.rs
Original file line number Diff line number Diff line change
Expand Up @@ -225,15 +225,15 @@ pub struct OpeningKey {
/// The generator of G2.
#[cfg_attr(feature = "rkyv-impl", omit_bounds)]
pub(crate) h: G2Affine,
/// \beta times the above generator of G2.
/// 'x' times the above generator of G2.
#[cfg_attr(feature = "rkyv-impl", omit_bounds)]
pub(crate) beta_h: G2Affine,
pub(crate) x_h: G2Affine,
/// The generator of G2, prepared for use in pairings.
#[cfg_attr(feature = "rkyv-impl", omit_bounds)]
pub(crate) prepared_h: G2Prepared,
/// \beta times the above generator of G2, prepared for use in pairings.
/// 'x' times the above generator of G2, prepared for use in pairings.
#[cfg_attr(feature = "rkyv-impl", omit_bounds)]
pub(crate) prepared_beta_h: G2Prepared,
pub(crate) prepared_x_h: G2Prepared,
}

impl Serializable<{ G1Affine::SIZE + G2Affine::SIZE * 2 }> for OpeningKey {
Expand All @@ -246,7 +246,7 @@ impl Serializable<{ G1Affine::SIZE + G2Affine::SIZE * 2 }> for OpeningKey {
// This can't fail therefore we don't care about the Result nor use it.
writer.write(&self.g.to_bytes());
writer.write(&self.h.to_bytes());
writer.write(&self.beta_h.to_bytes());
writer.write(&self.x_h.to_bytes());

buf
}
Expand All @@ -262,24 +262,21 @@ impl Serializable<{ G1Affine::SIZE + G2Affine::SIZE * 2 }> for OpeningKey {
}

impl OpeningKey {
pub(crate) fn new(
g: G1Affine,
h: G2Affine,
beta_h: G2Affine,
) -> OpeningKey {
pub(crate) fn new(g: G1Affine, h: G2Affine, x_h: G2Affine) -> OpeningKey {
let prepared_h = G2Prepared::from(h);
let prepared_beta_h = G2Prepared::from(beta_h);
let prepared_x_h = G2Prepared::from(x_h);
OpeningKey {
g,
h,
beta_h,
x_h,
prepared_h,
prepared_beta_h,
prepared_x_h,
}
}

/// Checks whether a batch of polynomials evaluated at different points,
/// returned their specified value.
#[allow(dead_code)]
pub(crate) fn batch_check(
&self,
points: &[BlsScalar],
Expand Down Expand Up @@ -313,7 +310,7 @@ impl OpeningKey {
let affine_total_c = G1Affine::from(total_c);

let pairing = dusk_bls12_381::multi_miller_loop(&[
(&affine_total_w, &self.prepared_beta_h),
(&affine_total_w, &self.prepared_x_h),
(&affine_total_c, &self.prepared_h),
])
.final_exponentiation();
Expand Down Expand Up @@ -343,7 +340,7 @@ mod test {
- (op_key.g * proof.evaluated_point))
.into();

let inner_b: G2Affine = (op_key.beta_h - (op_key.h * point)).into();
let inner_b: G2Affine = (op_key.x_h - (op_key.h * point)).into();
let prepared_inner_b = G2Prepared::from(-inner_b);

let pairing = dusk_bls12_381::multi_miller_loop(&[
Expand Down
2 changes: 2 additions & 0 deletions src/commitment_scheme/kzg10/proof.rs
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ pub(crate) mod alloc {
/// Proof that multiple polynomials were correctly evaluated at a point `z`,
/// each producing their respective evaluated points p_i(z).
#[derive(Debug)]
#[allow(dead_code)]
pub(crate) struct AggregateProof {
/// This is a commitment to the aggregated witness polynomial.
pub(crate) commitment_to_witness: Commitment,
Expand All @@ -45,6 +46,7 @@ pub(crate) mod alloc {
pub(crate) commitments_to_polynomials: Vec<Commitment>,
}

#[allow(dead_code)]
impl AggregateProof {
/// Initializes an `AggregatedProof` with the commitment to the witness.
pub(crate) fn with_witness(witness: Commitment) -> AggregateProof {
Expand Down
4 changes: 2 additions & 2 deletions src/commitment_scheme/kzg10/srs.rs
Original file line number Diff line number Diff line change
Expand Up @@ -230,7 +230,7 @@ mod test {
assert_eq!(got_pp.commit_key.powers_of_g, pp.commit_key.powers_of_g);
assert_eq!(got_pp.opening_key.g, pp.opening_key.g);
assert_eq!(got_pp.opening_key.h, pp.opening_key.h);
assert_eq!(got_pp.opening_key.beta_h, pp.opening_key.beta_h);
assert_eq!(got_pp.opening_key.x_h, pp.opening_key.x_h);
}

#[test]
Expand All @@ -245,6 +245,6 @@ mod test {
assert_eq!(pp.commit_key, pp_p.commit_key);
assert_eq!(pp.opening_key.g, pp_p.opening_key.g);
assert_eq!(pp.opening_key.h, pp_p.opening_key.h);
assert_eq!(pp.opening_key.beta_h, pp_p.opening_key.beta_h);
assert_eq!(pp.opening_key.x_h, pp_p.opening_key.x_h);
}
}
7 changes: 3 additions & 4 deletions src/compiler/prover.rs
Original file line number Diff line number Diff line change
Expand Up @@ -515,15 +515,14 @@ impl Prover {
);
let w_z_chall_comm = self.commit_key.commit(&aggregate_witness)?;

// compute the shifted challenge 'v'
let v_challenge_shifted =
transcript.challenge_scalar(b"v_challenge_shifted");
// compute the shifted challenge 'v_w'
let v_w_challenge = transcript.challenge_scalar(b"v_w_challenge");

// compute the shifted opening proof polynomial 'W_zw(X)'
let shifted_aggregate_witness = CommitKey::compute_aggregate_witness(
&[z_poly, a_w_poly, b_w_poly, d_w_poly],
&(z_challenge * domain.group_gen),
&v_challenge_shifted,
&v_w_challenge,
);
let w_z_chall_w_comm =
self.commit_key.commit(&shifted_aggregate_witness)?;
Expand Down
Loading

0 comments on commit 7b40f21

Please sign in to comment.