From e3f8a7e2b0c6371da047bfd50ce7750b73536970 Mon Sep 17 00:00:00 2001 From: xevisalle Date: Wed, 3 Jul 2024 15:16:18 +0200 Subject: [PATCH] Rename wire 'o' to 'c' --- src/commitment_scheme/kzg10/key.rs | 16 +++---- src/compiler/prover.rs | 24 +++++----- src/composer/permutation.rs | 48 +++++++++---------- src/proof_system/linearization_poly.rs | 28 +++++------ src/proof_system/proof.rs | 22 ++++----- src/proof_system/quotient_poly.rs | 28 +++++------ .../widget/arithmetic/proverkey.rs | 14 +++--- .../widget/arithmetic/verifierkey.rs | 2 +- .../widget/ecc/curve_addition/proverkey.rs | 8 ++-- .../widget/ecc/curve_addition/verifierkey.rs | 2 +- .../ecc/scalar_mul/fixed_base/proverkey.rs | 8 ++-- .../ecc/scalar_mul/fixed_base/verifierkey.rs | 2 +- src/proof_system/widget/logic/proverkey.rs | 8 ++-- src/proof_system/widget/logic/verifierkey.rs | 2 +- .../widget/permutation/proverkey.rs | 44 ++++++++--------- .../widget/permutation/verifierkey.rs | 8 ++-- src/proof_system/widget/range/proverkey.rs | 14 +++--- src/proof_system/widget/range/verifierkey.rs | 4 +- 18 files changed, 141 insertions(+), 141 deletions(-) diff --git a/src/commitment_scheme/kzg10/key.rs b/src/commitment_scheme/kzg10/key.rs index 1f802e94..78430198 100644 --- a/src/commitment_scheme/kzg10/key.rs +++ b/src/commitment_scheme/kzg10/key.rs @@ -485,13 +485,13 @@ mod test { let poly_b = Polynomial::rand(26 + 1, &mut OsRng); let poly_b_eval = poly_b.evaluate(&point); - let poly_o = Polynomial::rand(27, &mut OsRng); - let poly_o_eval = poly_o.evaluate(&point); + let poly_c = Polynomial::rand(27, &mut OsRng); + let poly_c_eval = poly_c.evaluate(&point); open_multiple( &ck, - &[poly_a, poly_b, poly_o], - vec![poly_a_eval, poly_b_eval, poly_o_eval], + &[poly_a, poly_b, poly_c], + vec![poly_a_eval, poly_b_eval, poly_c_eval], &point, &mut Transcript::new(b"agg_flatten"), )? @@ -525,16 +525,16 @@ mod test { let poly_b = Polynomial::rand(26, &mut OsRng); let poly_b_eval = poly_b.evaluate(&point_a); - let poly_o = Polynomial::rand(27, &mut OsRng); - let poly_o_eval = poly_o.evaluate(&point_a); + let poly_c = Polynomial::rand(27, &mut OsRng); + let poly_c_eval = poly_c.evaluate(&point_a); let poly_d = Polynomial::rand(28, &mut OsRng); let poly_d_eval = poly_d.evaluate(&point_b); let aggregated_proof = open_multiple( &ck, - &[poly_a, poly_b, poly_o], - vec![poly_a_eval, poly_b_eval, poly_o_eval], + &[poly_a, poly_b, poly_c], + vec![poly_a_eval, poly_b_eval, poly_c_eval], &point_a, &mut Transcript::new(b"agg_batch"), )?; diff --git a/src/compiler/prover.rs b/src/compiler/prover.rs index fbd1ad97..1e5ffe35 100644 --- a/src/compiler/prover.rs +++ b/src/compiler/prover.rs @@ -256,32 +256,32 @@ impl Prover { // convert wires to padded scalars let mut a_w_scalar = vec![BlsScalar::zero(); size]; let mut b_w_scalar = vec![BlsScalar::zero(); size]; - let mut o_w_scalar = vec![BlsScalar::zero(); size]; + let mut c_w_scalar = vec![BlsScalar::zero(); size]; let mut d_w_scalar = vec![BlsScalar::zero(); size]; prover.constraints.iter().enumerate().for_each(|(i, c)| { a_w_scalar[i] = prover[c.w_a]; b_w_scalar[i] = prover[c.w_b]; - o_w_scalar[i] = prover[c.w_o]; + c_w_scalar[i] = prover[c.w_o]; d_w_scalar[i] = prover[c.w_d]; }); let a_w_poly = Self::blind_poly(rng, &a_w_scalar, 1, &domain); let b_w_poly = Self::blind_poly(rng, &b_w_scalar, 1, &domain); - let o_w_poly = Self::blind_poly(rng, &o_w_scalar, 1, &domain); + let c_w_poly = Self::blind_poly(rng, &c_w_scalar, 1, &domain); let d_w_poly = Self::blind_poly(rng, &d_w_scalar, 1, &domain); // commit to wire polynomials // ([a(x)]_1, [b(x)]_1, [c(x)]_1, [d(x)]_1) let a_w_poly_commit = self.commit_key.commit(&a_w_poly)?; let b_w_poly_commit = self.commit_key.commit(&b_w_poly)?; - let o_w_poly_commit = self.commit_key.commit(&o_w_poly)?; + let c_w_poly_commit = self.commit_key.commit(&c_w_poly)?; let d_w_poly_commit = self.commit_key.commit(&d_w_poly)?; // Add wire polynomial commitments to transcript transcript.append_commitment(b"a_w", &a_w_poly_commit); transcript.append_commitment(b"b_w", &b_w_poly_commit); - transcript.append_commitment(b"o_w", &o_w_poly_commit); + transcript.append_commitment(b"c_w", &c_w_poly_commit); transcript.append_commitment(b"d_w", &d_w_poly_commit); // round 2 @@ -299,7 +299,7 @@ impl Prover { let wires = [ a_w_scalar.as_slice(), b_w_scalar.as_slice(), - o_w_scalar.as_slice(), + c_w_scalar.as_slice(), d_w_scalar.as_slice(), ]; let permutation = prover @@ -327,7 +327,7 @@ impl Prover { let pi_poly = Polynomial::from_coefficients_vec(pi_poly); // compute quotient polynomial - let wires = (&a_w_poly, &b_w_poly, &o_w_poly, &d_w_poly); + let wires = (&a_w_poly, &b_w_poly, &c_w_poly, &d_w_poly); let args = &( alpha, beta, @@ -397,7 +397,7 @@ impl Prover { // compute opening evaluations let a_eval = a_w_poly.evaluate(&z_challenge); let b_eval = b_w_poly.evaluate(&z_challenge); - let o_eval = o_w_poly.evaluate(&z_challenge); + let c_eval = c_w_poly.evaluate(&z_challenge); let d_eval = d_w_poly.evaluate(&z_challenge); let s_sigma_1_eval = self @@ -424,7 +424,7 @@ impl Prover { // add opening evaluations to transcript. transcript.append_scalar(b"a_eval", &a_eval); transcript.append_scalar(b"b_eval", &b_eval); - transcript.append_scalar(b"o_eval", &o_eval); + transcript.append_scalar(b"c_eval", &c_eval); transcript.append_scalar(b"d_eval", &d_eval); transcript.append_scalar(b"s_sigma_1_eval", &s_sigma_1_eval); @@ -458,7 +458,7 @@ impl Prover { &z_poly, &a_eval, &b_eval, - &o_eval, + &c_eval, &d_eval, &s_sigma_1_eval, &s_sigma_2_eval, @@ -501,7 +501,7 @@ impl Prover { r_poly, a_w_poly.clone(), b_w_poly.clone(), - o_w_poly, + c_w_poly, d_w_poly.clone(), self.prover_key.permutation.s_sigma_1.0.clone(), self.prover_key.permutation.s_sigma_2.0.clone(), @@ -528,7 +528,7 @@ impl Prover { let proof = Proof { a_comm: a_w_poly_commit, b_comm: b_w_poly_commit, - o_comm: o_w_poly_commit, + c_comm: c_w_poly_commit, d_comm: d_w_poly_commit, z_comm: z_poly_commit, diff --git a/src/composer/permutation.rs b/src/composer/permutation.rs index 32f5fc81..4db92efb 100644 --- a/src/composer/permutation.rs +++ b/src/composer/permutation.rs @@ -223,7 +223,7 @@ impl Permutation { let ks = vec![BlsScalar::one(), K1, K2, K3]; // Transpose wires and sigma values to get "rows" in the form [a_w_i, - // b_w_i, o_w_i, d_w_i] where each row contains the wire and sigma + // b_w_i, c_w_i, d_w_i] where each row contains the wire and sigma // values for a single gate let gatewise_wires = izip!(wires[0], wires[1], wires[2], wires[3]) .map(|(w0, w1, w2, w3)| vec![w0, w1, w2, w3]); @@ -311,7 +311,7 @@ mod test { domain: &EvaluationDomain, a_w: &[BlsScalar], b_w: &[BlsScalar], - o_w: &[BlsScalar], + c_w: &[BlsScalar], d_w: &[BlsScalar], beta: &BlsScalar, gamma: &BlsScalar, @@ -362,7 +362,7 @@ mod test { let b_w_gamma: Vec<_> = b_w.iter().map(|b_w| b_w + gamma).collect(); // Compute out_wire + gamma - let o_w_gamma: Vec<_> = o_w.iter().map(|o_w| o_w + gamma).collect(); + let c_w_gamma: Vec<_> = c_w.iter().map(|c_w| c_w + gamma).collect(); // Compute fourth_wire + gamma let d_w_gamma: Vec<_> = d_w.iter().map(|d_w| d_w + gamma).collect(); @@ -372,7 +372,7 @@ mod test { let accumulator_components_without_l1: Vec<_> = izip!( a_w_gamma, b_w_gamma, - o_w_gamma, + c_w_gamma, d_w_gamma, common_roots, beta_roots_k1, @@ -387,7 +387,7 @@ mod test { |( a_w_gamma, b_w_gamma, - o_w_gamma, + c_w_gamma, d_w_gamma, beta_root, beta_root_k1, @@ -405,7 +405,7 @@ mod test { let ac2 = b_w_gamma + beta_root_k1; // w_{2n+j} + beta * K2 * root^j-1 + gamma - let ac3 = o_w_gamma + beta_root_k2; + let ac3 = c_w_gamma + beta_root_k2; // w_{3n+j} + beta * K3 * root^j-1 + gamma let ac4 = d_w_gamma + beta_root_k3; @@ -417,7 +417,7 @@ mod test { let ac6 = (b_w_gamma + beta_s_sigma_2).invert().unwrap(); // 1 / w_{2n+j} + beta * sigma(2n+j) + gamma - let ac7 = (o_w_gamma + beta_s_sigma_3).invert().unwrap(); + let ac7 = (c_w_gamma + beta_s_sigma_3).invert().unwrap(); // 1 / w_{3n+j} + beta * sigma(3n+j) + gamma let ac8 = (d_w_gamma + beta_s_sigma_4).invert().unwrap(); @@ -472,7 +472,7 @@ mod test { domain: &EvaluationDomain, a_w: I, b_w: I, - o_w: I, + c_w: I, d_w: I, beta: &BlsScalar, gamma: &BlsScalar, @@ -522,7 +522,7 @@ mod test { let b_w_gamma: Vec<_> = b_w.map(|w| w + gamma).collect(); // Compute out_wire + gamma - let o_w_gamma: Vec<_> = o_w.map(|w| w + gamma).collect(); + let c_w_gamma: Vec<_> = c_w.map(|w| w + gamma).collect(); // Compute fourth_wire + gamma let d_w_gamma: Vec<_> = d_w.map(|w| w + gamma).collect(); @@ -544,7 +544,7 @@ mod test { for ( a_w_gamma, b_w_gamma, - o_w_gamma, + c_w_gamma, d_w_gamma, beta_root, beta_root_k1, @@ -553,7 +553,7 @@ mod test { ) in izip!( a_w_gamma.iter(), b_w_gamma.iter(), - o_w_gamma.iter(), + c_w_gamma.iter(), d_w_gamma.iter(), beta_roots_iter, beta_roots_k1_iter, @@ -566,8 +566,8 @@ mod test { // (b_w + beta * root * k_1 + gamma) let prod_b = beta_root_k1 + b_w_gamma; - // (o_w + beta * root * k_2 + gamma) - let prod_c = beta_root_k2 + o_w_gamma; + // (c_w + beta * root * k_2 + gamma) + let prod_c = beta_root_k2 + c_w_gamma; // (d_w + beta * root * k_3 + gamma) let prod_d = beta_root_k3 + d_w_gamma; @@ -585,7 +585,7 @@ mod test { for ( a_w_gamma, b_w_gamma, - o_w_gamma, + c_w_gamma, d_w_gamma, beta_s_sigma_1, beta_s_sigma_2, @@ -594,7 +594,7 @@ mod test { ) in izip!( a_w_gamma, b_w_gamma, - o_w_gamma, + c_w_gamma, d_w_gamma, beta_s_sigma_1_iter, beta_s_sigma_2_iter, @@ -607,8 +607,8 @@ mod test { // (b_w + beta * s_sigma_2 + gamma) let prod_b = beta_s_sigma_2 + b_w_gamma; - // (o_w + beta * s_sigma_3 + gamma) - let prod_c = beta_s_sigma_3 + o_w_gamma; + // (c_w + beta * s_sigma_3 + gamma) + let prod_c = beta_s_sigma_3 + c_w_gamma; // (d_w + beta * s_sigma_4 + gamma) let prod_d = beta_s_sigma_4 + d_w_gamma; @@ -809,7 +809,7 @@ mod test { BlsScalar::one(), BlsScalar::one(), ]; - let o_w = vec![ + let c_w = vec![ BlsScalar::one(), BlsScalar::one(), BlsScalar::one(), @@ -828,7 +828,7 @@ mod test { &domain, a_w, b_w, - o_w, + c_w, d_w, ); } @@ -955,7 +955,7 @@ mod test { let a_w: Vec<_> = vec![BlsScalar::one(), BlsScalar::from(3)]; let b_w: Vec<_> = vec![BlsScalar::from(2), BlsScalar::from(2)]; - let o_w: Vec<_> = vec![BlsScalar::from(3), BlsScalar::one()]; + let c_w: Vec<_> = vec![BlsScalar::from(3), BlsScalar::one()]; let d_w: Vec<_> = vec![BlsScalar::one(), BlsScalar::one()]; test_correct_permutation_poly( @@ -964,7 +964,7 @@ mod test { &domain, a_w, b_w, - o_w, + c_w, d_w, ); } @@ -983,7 +983,7 @@ mod test { domain: &EvaluationDomain, a_w: Vec, b_w: Vec, - o_w: Vec, + c_w: Vec, d_w: Vec, ) { // 0. Generate beta and gamma challenges @@ -1000,7 +1000,7 @@ mod test { domain, a_w.clone().into_iter(), b_w.clone().into_iter(), - o_w.clone().into_iter(), + c_w.clone().into_iter(), d_w.clone().into_iter(), &beta, &gamma, @@ -1016,7 +1016,7 @@ mod test { domain, &a_w, &b_w, - &o_w, + &c_w, &d_w, &beta, &gamma, diff --git a/src/proof_system/linearization_poly.rs b/src/proof_system/linearization_poly.rs index 46074fe4..a1597e6e 100644 --- a/src/proof_system/linearization_poly.rs +++ b/src/proof_system/linearization_poly.rs @@ -47,7 +47,7 @@ pub(crate) struct ProofEvaluations { pub(crate) b_eval: BlsScalar, // Evaluation of the witness polynomial for the output wire at `z` #[cfg_attr(feature = "rkyv-impl", omit_bounds)] - pub(crate) o_eval: BlsScalar, + pub(crate) c_eval: BlsScalar, // Evaluation of the witness polynomial for the fourth wire at `z` #[cfg_attr(feature = "rkyv-impl", omit_bounds)] pub(crate) d_eval: BlsScalar, @@ -106,7 +106,7 @@ impl Serializable<{ 16 * BlsScalar::SIZE }> for ProofEvaluations { let mut writer = &mut buf[..]; writer.write(&self.a_eval.to_bytes()); writer.write(&self.b_eval.to_bytes()); - writer.write(&self.o_eval.to_bytes()); + writer.write(&self.c_eval.to_bytes()); writer.write(&self.d_eval.to_bytes()); writer.write(&self.a_next_eval.to_bytes()); writer.write(&self.b_next_eval.to_bytes()); @@ -130,7 +130,7 @@ impl Serializable<{ 16 * BlsScalar::SIZE }> for ProofEvaluations { let mut buffer = &buf[..]; let a_eval = BlsScalar::from_reader(&mut buffer)?; let b_eval = BlsScalar::from_reader(&mut buffer)?; - let o_eval = BlsScalar::from_reader(&mut buffer)?; + let c_eval = BlsScalar::from_reader(&mut buffer)?; let d_eval = BlsScalar::from_reader(&mut buffer)?; let a_next_eval = BlsScalar::from_reader(&mut buffer)?; let b_next_eval = BlsScalar::from_reader(&mut buffer)?; @@ -148,7 +148,7 @@ impl Serializable<{ 16 * BlsScalar::SIZE }> for ProofEvaluations { Ok(ProofEvaluations { a_eval, b_eval, - o_eval, + c_eval, d_eval, a_next_eval, b_next_eval, @@ -200,7 +200,7 @@ pub(crate) fn compute( z_poly: &Polynomial, a_eval: &BlsScalar, b_eval: &BlsScalar, - o_eval: &BlsScalar, + c_eval: &BlsScalar, d_eval: &BlsScalar, s_sigma_1_eval: &BlsScalar, s_sigma_2_eval: &BlsScalar, @@ -228,7 +228,7 @@ pub(crate) fn compute( ), a_eval, b_eval, - o_eval, + c_eval, d_eval, &a_next_eval, &b_next_eval, @@ -243,7 +243,7 @@ pub(crate) fn compute( let f_2 = prover_key.permutation.compute_linearization( z_challenge, (alpha, beta, gamma), - (&a_eval, &b_eval, &o_eval, &d_eval), + (&a_eval, &b_eval, &c_eval, &d_eval), (&s_sigma_1_eval, &s_sigma_2_eval, &s_sigma_3_eval), z_eval, z_poly, @@ -260,7 +260,7 @@ pub(crate) fn compute( proof: ProofEvaluations { a_eval: *a_eval, b_eval: *b_eval, - o_eval: *o_eval, + c_eval: *c_eval, d_eval: *d_eval, a_next_eval, b_next_eval, @@ -290,7 +290,7 @@ fn compute_circuit_satisfiability( ): (&BlsScalar, &BlsScalar, &BlsScalar, &BlsScalar), a_eval: &BlsScalar, b_eval: &BlsScalar, - o_eval: &BlsScalar, + c_eval: &BlsScalar, d_eval: &BlsScalar, a_next_eval: &BlsScalar, b_next_eval: &BlsScalar, @@ -304,7 +304,7 @@ fn compute_circuit_satisfiability( let a = prover_key.arithmetic.compute_linearization( a_eval, b_eval, - o_eval, + c_eval, d_eval, q_arith_eval, ); @@ -313,7 +313,7 @@ fn compute_circuit_satisfiability( range_separation_challenge, a_eval, b_eval, - o_eval, + c_eval, d_eval, d_next_eval, ); @@ -324,7 +324,7 @@ fn compute_circuit_satisfiability( a_next_eval, b_eval, b_next_eval, - o_eval, + c_eval, d_eval, d_next_eval, q_c_eval, @@ -336,7 +336,7 @@ fn compute_circuit_satisfiability( a_next_eval, b_eval, b_next_eval, - o_eval, + c_eval, d_eval, d_next_eval, q_l_eval, @@ -350,7 +350,7 @@ fn compute_circuit_satisfiability( a_next_eval, b_eval, b_next_eval, - o_eval, + c_eval, d_eval, d_next_eval, ); diff --git a/src/proof_system/proof.rs b/src/proof_system/proof.rs index bdbbf05d..fd15b2de 100644 --- a/src/proof_system/proof.rs +++ b/src/proof_system/proof.rs @@ -49,7 +49,7 @@ pub struct Proof { pub(crate) b_comm: Commitment, /// Commitment to the witness polynomial for the output wires. #[cfg_attr(feature = "rkyv-impl", omit_bounds)] - pub(crate) o_comm: Commitment, + pub(crate) c_comm: Commitment, /// Commitment to the witness polynomial for the fourth wires. #[cfg_attr(feature = "rkyv-impl", omit_bounds)] pub(crate) d_comm: Commitment, @@ -92,7 +92,7 @@ impl CheckBytes for ArchivedProof { ) -> Result<&'a Self, Self::Error> { check_field(&(*value).a_comm, context, "a_comm")?; check_field(&(*value).b_comm, context, "b_comm")?; - check_field(&(*value).o_comm, context, "o_comm")?; + check_field(&(*value).c_comm, context, "c_comm")?; check_field(&(*value).d_comm, context, "d_comm")?; check_field(&(*value).z_comm, context, "z_comm")?; @@ -124,7 +124,7 @@ impl Serializable<{ 11 * Commitment::SIZE + ProofEvaluations::SIZE }> let mut writer = &mut buf[..]; writer.write(&self.a_comm.to_bytes()); writer.write(&self.b_comm.to_bytes()); - writer.write(&self.o_comm.to_bytes()); + writer.write(&self.c_comm.to_bytes()); writer.write(&self.d_comm.to_bytes()); writer.write(&self.z_comm.to_bytes()); writer.write(&self.t_low_comm.to_bytes()); @@ -143,7 +143,7 @@ impl Serializable<{ 11 * Commitment::SIZE + ProofEvaluations::SIZE }> let a_comm = Commitment::from_reader(&mut buffer)?; let b_comm = Commitment::from_reader(&mut buffer)?; - let o_comm = Commitment::from_reader(&mut buffer)?; + let c_comm = Commitment::from_reader(&mut buffer)?; let d_comm = Commitment::from_reader(&mut buffer)?; let z_comm = Commitment::from_reader(&mut buffer)?; let t_low_comm = Commitment::from_reader(&mut buffer)?; @@ -157,7 +157,7 @@ impl Serializable<{ 11 * Commitment::SIZE + ProofEvaluations::SIZE }> Ok(Proof { a_comm, b_comm, - o_comm, + c_comm, d_comm, z_comm, t_low_comm, @@ -214,7 +214,7 @@ pub(crate) mod alloc { // Add commitment to witness polynomials to transcript transcript.append_commitment(b"a_w", &self.a_comm); transcript.append_commitment(b"b_w", &self.b_comm); - transcript.append_commitment(b"o_w", &self.o_comm); + transcript.append_commitment(b"c_w", &self.c_comm); transcript.append_commitment(b"d_w", &self.d_comm); // Compute beta and gamma challenges @@ -248,7 +248,7 @@ pub(crate) mod alloc { // Add opening evaluations to transcript transcript.append_scalar(b"a_eval", &self.evaluations.a_eval); transcript.append_scalar(b"b_eval", &self.evaluations.b_eval); - transcript.append_scalar(b"o_eval", &self.evaluations.o_eval); + transcript.append_scalar(b"c_eval", &self.evaluations.c_eval); transcript.append_scalar(b"d_eval", &self.evaluations.d_eval); transcript.append_scalar( @@ -344,7 +344,7 @@ pub(crate) mod alloc { aggregate_proof.add_part((self.evaluations.r_poly_eval, r_comm)); aggregate_proof.add_part((self.evaluations.a_eval, self.a_comm)); aggregate_proof.add_part((self.evaluations.b_eval, self.b_comm)); - aggregate_proof.add_part((self.evaluations.o_eval, self.o_comm)); + aggregate_proof.add_part((self.evaluations.c_eval, self.c_comm)); aggregate_proof.add_part((self.evaluations.d_eval, self.d_comm)); aggregate_proof.add_part(( self.evaluations.s_sigma_1_eval, @@ -430,7 +430,7 @@ pub(crate) mod alloc { // o + beta * sigma_3 + gamma let beta_sig3 = beta * self.evaluations.s_sigma_3_eval; - let b_2 = self.evaluations.o_eval + beta_sig3 + gamma; + let b_2 = self.evaluations.c_eval + beta_sig3 + gamma; // ((d + gamma) * z_hat) * alpha_0 let b_3 = (self.evaluations.d_eval + gamma) * z_hat_eval * alpha; @@ -607,7 +607,7 @@ mod proof_tests { let proof = Proof { a_comm: Commitment::default(), b_comm: Commitment::default(), - o_comm: Commitment::default(), + c_comm: Commitment::default(), d_comm: Commitment::default(), z_comm: Commitment::default(), t_low_comm: Commitment::default(), @@ -619,7 +619,7 @@ mod proof_tests { evaluations: ProofEvaluations { a_eval: BlsScalar::random(&mut OsRng), b_eval: BlsScalar::random(&mut OsRng), - o_eval: BlsScalar::random(&mut OsRng), + c_eval: BlsScalar::random(&mut OsRng), d_eval: BlsScalar::random(&mut OsRng), a_next_eval: BlsScalar::random(&mut OsRng), b_next_eval: BlsScalar::random(&mut OsRng), diff --git a/src/proof_system/quotient_poly.rs b/src/proof_system/quotient_poly.rs index c22c6a45..e7eea787 100644 --- a/src/proof_system/quotient_poly.rs +++ b/src/proof_system/quotient_poly.rs @@ -20,7 +20,7 @@ pub(crate) fn compute( domain: &EvaluationDomain, prover_key: &ProverKey, z_poly: &Polynomial, - (a_w_poly, b_w_poly, o_w_poly, d_w_poly): ( + (a_w_poly, b_w_poly, c_w_poly, d_w_poly): ( &Polynomial, &Polynomial, &Polynomial, @@ -52,14 +52,14 @@ pub(crate) fn compute( let mut a_w_eval_8n = domain_8n.coset_fft(a_w_poly); let mut b_w_eval_8n = domain_8n.coset_fft(b_w_poly); - let o_w_eval_8n = domain_8n.coset_fft(o_w_poly); + let c_w_eval_8n = domain_8n.coset_fft(c_w_poly); let mut d_w_eval_8n = domain_8n.coset_fft(d_w_poly); for i in 0..8 { z_eval_8n.push(z_eval_8n[i]); a_w_eval_8n.push(a_w_eval_8n[i]); b_w_eval_8n.push(b_w_eval_8n[i]); - // o_w_eval_8n push not required + // c_w_eval_8n push not required d_w_eval_8n.push(d_w_eval_8n[i]); } @@ -72,14 +72,14 @@ pub(crate) fn compute( var_base_challenge, ), prover_key, - (&a_w_eval_8n, &b_w_eval_8n, &o_w_eval_8n, &d_w_eval_8n), + (&a_w_eval_8n, &b_w_eval_8n, &c_w_eval_8n, &d_w_eval_8n), public_inputs_poly, ); let t_2 = compute_permutation_checks( domain, prover_key, - (&a_w_eval_8n, &b_w_eval_8n, &o_w_eval_8n, &d_w_eval_8n), + (&a_w_eval_8n, &b_w_eval_8n, &c_w_eval_8n, &d_w_eval_8n), &z_eval_8n, (alpha, beta, gamma), ); @@ -114,7 +114,7 @@ fn compute_circuit_satisfiability_equation( var_base_challenge, ): (&BlsScalar, &BlsScalar, &BlsScalar, &BlsScalar), prover_key: &ProverKey, - (a_w_eval_8n, b_w_eval_8n, o_w_eval_8n, d_w_eval_8n): ( + (a_w_eval_8n, b_w_eval_8n, c_w_eval_8n, d_w_eval_8n): ( &[BlsScalar], &[BlsScalar], &[BlsScalar], @@ -135,7 +135,7 @@ fn compute_circuit_satisfiability_equation( .map(|i| { let a_w = &a_w_eval_8n[i]; let b_w = &b_w_eval_8n[i]; - let o_w = &o_w_eval_8n[i]; + let c_w = &c_w_eval_8n[i]; let d_w = &d_w_eval_8n[i]; let a_w_next = &a_w_eval_8n[i + 8]; let b_w_next = &b_w_eval_8n[i + 8]; @@ -144,14 +144,14 @@ fn compute_circuit_satisfiability_equation( let a = prover_key .arithmetic - .compute_quotient_i(i, a_w, b_w, o_w, d_w); + .compute_quotient_i(i, a_w, b_w, c_w, d_w); let b = prover_key.range.compute_quotient_i( i, range_challenge, a_w, b_w, - o_w, + c_w, d_w, d_w_next, ); @@ -163,7 +163,7 @@ fn compute_circuit_satisfiability_equation( a_w_next, b_w, b_w_next, - o_w, + c_w, d_w, d_w_next, ); @@ -175,7 +175,7 @@ fn compute_circuit_satisfiability_equation( a_w_next, b_w, b_w_next, - o_w, + c_w, d_w, d_w_next, ); @@ -187,7 +187,7 @@ fn compute_circuit_satisfiability_equation( a_w_next, b_w, b_w_next, - o_w, + c_w, d_w, d_w_next, ); @@ -201,7 +201,7 @@ fn compute_circuit_satisfiability_equation( fn compute_permutation_checks( domain: &EvaluationDomain, prover_key: &ProverKey, - (a_w_eval_8n, b_w_eval_8n, o_w_eval_8n, d_w_eval_8n): ( + (a_w_eval_8n, b_w_eval_8n, c_w_eval_8n, d_w_eval_8n): ( &[BlsScalar], &[BlsScalar], &[BlsScalar], @@ -227,7 +227,7 @@ fn compute_permutation_checks( i, &a_w_eval_8n[i], &b_w_eval_8n[i], - &o_w_eval_8n[i], + &c_w_eval_8n[i], &d_w_eval_8n[i], &z_eval_8n[i], &z_eval_8n[i + 8], diff --git a/src/proof_system/widget/arithmetic/proverkey.rs b/src/proof_system/widget/arithmetic/proverkey.rs index 3bb5d943..da573311 100644 --- a/src/proof_system/widget/arithmetic/proverkey.rs +++ b/src/proof_system/widget/arithmetic/proverkey.rs @@ -45,7 +45,7 @@ impl ProverKey { index: usize, a_w_i: &BlsScalar, b_w_i: &BlsScalar, - o_w_i: &BlsScalar, + c_w_i: &BlsScalar, d_w_i: &BlsScalar, ) -> BlsScalar { let q_m_i = &self.q_m.1[index]; @@ -56,13 +56,13 @@ impl ProverKey { let q_c_i = &self.q_c.1[index]; let q_arith_i = &self.q_arith.1[index]; - // (a(x)b(x)q_M(x) + a(x)q_L(x) + b(X)q_R(x) + o(X)q_O(X) + d(x)q_4(X) + + // (a(x)b(x)q_M(x) + a(x)q_L(x) + b(X)q_R(x) + c(X)q_O(X) + d(x)q_4(X) + // Q_C(X)) * Q_Arith(X) // let a_1 = a_w_i * b_w_i * q_m_i; let a_2 = a_w_i * q_l_i; let a_3 = b_w_i * q_r_i; - let a_4 = o_w_i * q_o_i; + let a_4 = c_w_i * q_o_i; let a_5 = d_w_i * q_4_i; let a_6 = q_c_i; (a_1 + a_2 + a_3 + a_4 + a_5 + a_6) * q_arith_i @@ -72,7 +72,7 @@ impl ProverKey { &self, a_eval: &BlsScalar, b_eval: &BlsScalar, - o_eval: &BlsScalar, + c_eval: &BlsScalar, d_eval: &BlsScalar, q_arith_eval: &BlsScalar, ) -> Polynomial { @@ -83,7 +83,7 @@ impl ProverKey { let q_4_poly = &self.q_4.0; let q_c_poly = &self.q_c.0; - // (a_eval * b_eval * q_m_poly + a_eval * q_l + b_eval * q_r + o_eval + // (a_eval * b_eval * q_m_poly + a_eval * q_l + b_eval * q_r + c_eval // * q_o + d_eval * q_4 + q_c) * q_arith_eval // // a_eval * b_eval * q_m_poly @@ -96,8 +96,8 @@ impl ProverKey { // b_eval * q_r let a_2 = q_r_poly * b_eval; - //o_eval * q_o - let a_3 = q_o_poly * o_eval; + //c_eval * q_o + let a_3 = q_o_poly * c_eval; // d_eval * q_4 let a_4 = q_4_poly * d_eval; diff --git a/src/proof_system/widget/arithmetic/verifierkey.rs b/src/proof_system/widget/arithmetic/verifierkey.rs index d8d28c6a..b67c3457 100644 --- a/src/proof_system/widget/arithmetic/verifierkey.rs +++ b/src/proof_system/widget/arithmetic/verifierkey.rs @@ -107,7 +107,7 @@ mod alloc { scalars.push(evaluations.b_eval * q_arith_eval); points.push(self.q_r.0); - scalars.push(evaluations.o_eval * q_arith_eval); + scalars.push(evaluations.c_eval * q_arith_eval); points.push(self.q_o.0); scalars.push(evaluations.d_eval * q_arith_eval); diff --git a/src/proof_system/widget/ecc/curve_addition/proverkey.rs b/src/proof_system/widget/ecc/curve_addition/proverkey.rs index a8c40d58..e1ded404 100644 --- a/src/proof_system/widget/ecc/curve_addition/proverkey.rs +++ b/src/proof_system/widget/ecc/curve_addition/proverkey.rs @@ -37,7 +37,7 @@ impl ProverKey { a_w_i_next: &BlsScalar, // x_3 b_w_i: &BlsScalar, // y_1 b_w_i_next: &BlsScalar, // y_3 - o_w_i: &BlsScalar, // x_2 + c_w_i: &BlsScalar, // x_2 d_w_i: &BlsScalar, // y_2 d_w_i_next: &BlsScalar, // x_1 * y_2 ) -> BlsScalar { @@ -49,7 +49,7 @@ impl ProverKey { let x_3 = a_w_i_next; let y_1 = b_w_i; let y_3 = b_w_i_next; - let x_2 = o_w_i; + let x_2 = c_w_i; let y_2 = d_w_i; let x1_y2 = d_w_i_next; @@ -84,7 +84,7 @@ impl ProverKey { a_next_eval: &BlsScalar, b_eval: &BlsScalar, b_next_eval: &BlsScalar, - o_eval: &BlsScalar, + c_eval: &BlsScalar, d_eval: &BlsScalar, d_next_eval: &BlsScalar, ) -> Polynomial { @@ -96,7 +96,7 @@ impl ProverKey { let x_3 = a_next_eval; let y_1 = b_eval; let y_3 = b_next_eval; - let x_2 = o_eval; + let x_2 = c_eval; let y_2 = d_eval; let x1_y2 = d_next_eval; diff --git a/src/proof_system/widget/ecc/curve_addition/verifierkey.rs b/src/proof_system/widget/ecc/curve_addition/verifierkey.rs index 52187883..b9ba063d 100644 --- a/src/proof_system/widget/ecc/curve_addition/verifierkey.rs +++ b/src/proof_system/widget/ecc/curve_addition/verifierkey.rs @@ -49,7 +49,7 @@ mod alloc { let x_3 = evaluations.a_next_eval; let y_1 = evaluations.b_eval; let y_3 = evaluations.b_next_eval; - let x_2 = evaluations.o_eval; + let x_2 = evaluations.c_eval; let y_2 = evaluations.d_eval; let x1_y2 = evaluations.d_next_eval; diff --git a/src/proof_system/widget/ecc/scalar_mul/fixed_base/proverkey.rs b/src/proof_system/widget/ecc/scalar_mul/fixed_base/proverkey.rs index fbf4c8ad..30f0d734 100644 --- a/src/proof_system/widget/ecc/scalar_mul/fixed_base/proverkey.rs +++ b/src/proof_system/widget/ecc/scalar_mul/fixed_base/proverkey.rs @@ -43,7 +43,7 @@ impl ProverKey { a_w_i_next: &BlsScalar, // // next_x b_w_i: &BlsScalar, // acc_y or curr_y b_w_i_next: &BlsScalar, // next_y - o_w_i: &BlsScalar, // xy_alpha + c_w_i: &BlsScalar, // xy_alpha d_w_i: &BlsScalar, // accumulated_bit d_w_i_next: &BlsScalar, // accumulated_bit_next ) -> BlsScalar { @@ -62,7 +62,7 @@ impl ProverKey { let acc_y = b_w_i; let acc_y_next = b_w_i_next; - let xy_alpha = o_w_i; + let xy_alpha = c_w_i; let accumulated_bit = d_w_i; let accumulated_bit_next = d_w_i_next; @@ -108,7 +108,7 @@ impl ProverKey { a_next_eval: &BlsScalar, b_eval: &BlsScalar, b_next_eval: &BlsScalar, - o_eval: &BlsScalar, + c_eval: &BlsScalar, d_eval: &BlsScalar, d_next_eval: &BlsScalar, q_l_eval: &BlsScalar, @@ -129,7 +129,7 @@ impl ProverKey { let acc_y = b_eval; let acc_y_next = b_next_eval; - let xy_alpha = o_eval; + let xy_alpha = c_eval; let accumulated_bit = d_eval; let accumulated_bit_next = d_next_eval; diff --git a/src/proof_system/widget/ecc/scalar_mul/fixed_base/verifierkey.rs b/src/proof_system/widget/ecc/scalar_mul/fixed_base/verifierkey.rs index 05c7fdfe..8b0adbea 100644 --- a/src/proof_system/widget/ecc/scalar_mul/fixed_base/verifierkey.rs +++ b/src/proof_system/widget/ecc/scalar_mul/fixed_base/verifierkey.rs @@ -62,7 +62,7 @@ mod alloc { let acc_y = evaluations.b_eval; let acc_y_next = evaluations.b_next_eval; - let xy_alpha = evaluations.o_eval; + let xy_alpha = evaluations.c_eval; let accumulated_bit = evaluations.d_eval; let accumulated_bit_next = evaluations.d_next_eval; diff --git a/src/proof_system/widget/logic/proverkey.rs b/src/proof_system/widget/logic/proverkey.rs index be2b070a..4a77070c 100644 --- a/src/proof_system/widget/logic/proverkey.rs +++ b/src/proof_system/widget/logic/proverkey.rs @@ -39,7 +39,7 @@ impl ProverKey { a_w_i_next: &BlsScalar, b_w_i: &BlsScalar, b_w_i_next: &BlsScalar, - o_w_i: &BlsScalar, + c_w_i: &BlsScalar, d_w_i: &BlsScalar, d_w_i_next: &BlsScalar, ) -> BlsScalar { @@ -62,7 +62,7 @@ impl ProverKey { let d = d_w_i_next - four * d_w_i; let o_2 = delta(d) * kappa_sq; - let w = o_w_i; + let w = c_w_i; let o_3 = (w - a * b) * kappa_cu; let o_4 = delta_xor_and(&a, &b, w, &d, q_c_i) * kappa_qu; @@ -77,7 +77,7 @@ impl ProverKey { a_next_eval: &BlsScalar, b_eval: &BlsScalar, b_next_eval: &BlsScalar, - o_eval: &BlsScalar, + c_eval: &BlsScalar, d_eval: &BlsScalar, d_next_eval: &BlsScalar, q_c_eval: &BlsScalar, @@ -99,7 +99,7 @@ impl ProverKey { let d = d_next_eval - four * d_eval; let o_2 = delta(d) * kappa_sq; - let w = o_eval; + let w = c_eval; let o_3 = (w - a * b) * kappa_cu; let o_4 = delta_xor_and(&a, &b, w, &d, q_c_eval) * kappa_qu; diff --git a/src/proof_system/widget/logic/verifierkey.rs b/src/proof_system/widget/logic/verifierkey.rs index 77604d52..22773ad4 100644 --- a/src/proof_system/widget/logic/verifierkey.rs +++ b/src/proof_system/widget/logic/verifierkey.rs @@ -61,7 +61,7 @@ mod alloc { let d = evaluations.d_next_eval - four * evaluations.d_eval; let o_2 = delta(d) * kappa_sq; - let o = evaluations.o_eval; + let o = evaluations.c_eval; let o_3 = (o - a * b) * kappa_cu; let o_4 = diff --git a/src/proof_system/widget/permutation/proverkey.rs b/src/proof_system/widget/permutation/proverkey.rs index 8f1d0d3c..47ed6841 100644 --- a/src/proof_system/widget/permutation/proverkey.rs +++ b/src/proof_system/widget/permutation/proverkey.rs @@ -48,7 +48,7 @@ impl ProverKey { index: usize, a_w_i: &BlsScalar, b_w_i: &BlsScalar, - o_w_i: &BlsScalar, + c_w_i: &BlsScalar, d_w_i: &BlsScalar, z_i: &BlsScalar, z_i_next: &BlsScalar, @@ -58,10 +58,10 @@ impl ProverKey { gamma: &BlsScalar, ) -> BlsScalar { let a = self.compute_quotient_identity_range_check_i( - index, a_w_i, b_w_i, o_w_i, d_w_i, z_i, alpha, beta, gamma, + index, a_w_i, b_w_i, c_w_i, d_w_i, z_i, alpha, beta, gamma, ); let b = self.compute_quotient_copy_range_check_i( - index, a_w_i, b_w_i, o_w_i, d_w_i, z_i_next, alpha, beta, gamma, + index, a_w_i, b_w_i, c_w_i, d_w_i, z_i_next, alpha, beta, gamma, ); let c = self.compute_quotient_term_check_one_i(z_i, l1_alpha_sq); a + b + c @@ -73,7 +73,7 @@ impl ProverKey { index: usize, a_w_i: &BlsScalar, b_w_i: &BlsScalar, - o_w_i: &BlsScalar, + c_w_i: &BlsScalar, d_w_i: &BlsScalar, z_i: &BlsScalar, alpha: &BlsScalar, @@ -84,7 +84,7 @@ impl ProverKey { (a_w_i + (beta * x) + gamma) * (b_w_i + (beta * K1 * x) + gamma) - * (o_w_i + (beta * K2 * x) + gamma) + * (c_w_i + (beta * K2 * x) + gamma) * (d_w_i + (beta * K3 * x) + gamma) * z_i * alpha @@ -97,7 +97,7 @@ impl ProverKey { index: usize, a_w_i: &BlsScalar, b_w_i: &BlsScalar, - o_w_i: &BlsScalar, + c_w_i: &BlsScalar, d_w_i: &BlsScalar, z_i_next: &BlsScalar, alpha: &BlsScalar, @@ -111,7 +111,7 @@ impl ProverKey { let product = (a_w_i + (beta * s_sigma_1_eval) + gamma) * (b_w_i + (beta * s_sigma_2_eval) + gamma) - * (o_w_i + (beta * s_sigma_3_eval) + gamma) + * (c_w_i + (beta * s_sigma_3_eval) + gamma) * (d_w_i + (beta * s_sigma_4_eval) + gamma) * z_i_next * alpha; @@ -131,7 +131,7 @@ impl ProverKey { &self, z_challenge: &BlsScalar, (alpha, beta, gamma): (&BlsScalar, &BlsScalar, &BlsScalar), - (a_eval, b_eval, o_eval, d_eval): ( + (a_eval, b_eval, c_eval, d_eval): ( &BlsScalar, &BlsScalar, &BlsScalar, @@ -146,13 +146,13 @@ impl ProverKey { z_poly: &Polynomial, ) -> Polynomial { let a = self.compute_linearizer_identity_range_check( - (a_eval, b_eval, o_eval, d_eval), + (a_eval, b_eval, c_eval, d_eval), z_challenge, (alpha, beta, gamma), z_poly, ); let b = self.compute_linearizer_copy_range_check( - (a_eval, b_eval, o_eval), + (a_eval, b_eval, c_eval), z_eval, sigma_1_eval, sigma_2_eval, @@ -172,10 +172,10 @@ impl ProverKey { &(&a + &b) + &c } // (a_eval + beta * z_challenge + gamma)(b_eval + beta * K1 * z_challenge + - // gamma)(o_eval + beta * K2 * z_challenge + gamma) * alpha z(X) + // gamma)(c_eval + beta * K2 * z_challenge + gamma) * alpha z(X) fn compute_linearizer_identity_range_check( &self, - (a_eval, b_eval, o_eval, d_eval): ( + (a_eval, b_eval, c_eval, d_eval): ( &BlsScalar, &BlsScalar, &BlsScalar, @@ -196,9 +196,9 @@ impl ProverKey { let mut a_1 = b_eval + beta_z_k1; a_1 += gamma; - // o_eval + beta * K2 * z_challenge + gamma + // c_eval + beta * K2 * z_challenge + gamma let beta_z_k2 = K2 * beta_z; - let mut a_2 = o_eval + beta_z_k2; + let mut a_2 = c_eval + beta_z_k2; a_2 += gamma; // d_eval + beta * K3 * z_challenge + gamma @@ -210,17 +210,17 @@ impl ProverKey { a *= a_2; a *= a_3; a *= alpha; // (a_eval + beta * z_challenge + gamma)(b_eval + beta * K1 * - // z_challenge + gamma)(o_eval + beta * K2 * z_challenge + gamma)(d_eval + // z_challenge + gamma)(c_eval + beta * K2 * z_challenge + gamma)(d_eval // + beta * K3 * z_challenge + gamma) * alpha z_poly * &a // (a_eval + beta * z_challenge + gamma)(b_eval + beta * K1 - // * z_challenge + gamma)(o_eval + beta * K2 * z_challenge + + // * z_challenge + gamma)(c_eval + beta * K2 * z_challenge + // gamma) * alpha z(X) } // -(a_eval + beta * sigma_1 + gamma)(b_eval + beta * sigma_2 + gamma) - // (o_eval + beta * sigma_3 + gamma) * beta *z_eval * alpha^2 * Sigma_4(X) + // (c_eval + beta * sigma_3 + gamma) * beta *z_eval * alpha^2 * Sigma_4(X) fn compute_linearizer_copy_range_check( &self, - (a_eval, b_eval, o_eval): (&BlsScalar, &BlsScalar, &BlsScalar), + (a_eval, b_eval, c_eval): (&BlsScalar, &BlsScalar, &BlsScalar), z_eval: &BlsScalar, sigma_1_eval: &BlsScalar, sigma_2_eval: &BlsScalar, @@ -238,9 +238,9 @@ impl ProverKey { let mut a_1 = b_eval + beta_sigma_2; a_1 += gamma; - // o_eval + beta * sigma_3 + gamma + // c_eval + beta * sigma_3 + gamma let beta_sigma_3 = beta * sigma_3_eval; - let mut a_2 = o_eval + beta_sigma_3; + let mut a_2 = c_eval + beta_sigma_3; a_2 += gamma; let beta_z_eval = beta * z_eval; @@ -248,10 +248,10 @@ impl ProverKey { let mut a = a_0 * a_1 * a_2; a *= beta_z_eval; a *= alpha; // (a_eval + beta * sigma_1 + gamma)(b_eval + beta * sigma_2 + - // gamma)(o_eval + beta * sigma_3 + gamma) * beta * z_eval * alpha + // gamma)(c_eval + beta * sigma_3 + gamma) * beta * z_eval * alpha s_sigma_4_poly * &-a // -(a_eval + beta * sigma_1 + gamma)(b_eval + - // beta * sigma_2 + gamma) (o_eval + beta * + // beta * sigma_2 + gamma) (c_eval + beta * // sigma_3 + gamma) * beta * z_eval * alpha^2 * // Sigma_4(X) } diff --git a/src/proof_system/widget/permutation/verifierkey.rs b/src/proof_system/widget/permutation/verifierkey.rs index b1f2c5bf..e143069f 100644 --- a/src/proof_system/widget/permutation/verifierkey.rs +++ b/src/proof_system/widget/permutation/verifierkey.rs @@ -56,7 +56,7 @@ mod alloc { // (a_eval + beta * z + gamma) // * (b_eval + beta * z * k1 + gamma) - // * (o_eval + beta * k2 * z + gamma) + // * (c_eval + beta * k2 * z + gamma) // * (d_eval + beta * k3 * z + gamma) * alpha let x = { let beta_z = beta * z_challenge; @@ -66,7 +66,7 @@ mod alloc { let q_1 = evaluations.b_eval + beta_k1_z + gamma; let beta_k2_z = beta * K2 * z_challenge; - let q_2 = evaluations.o_eval + beta_k2_z + gamma; + let q_2 = evaluations.c_eval + beta_k2_z + gamma; let beta_k3_z = beta * K3 * z_challenge; let q_3 = (evaluations.d_eval + beta_k3_z + gamma) * alpha; @@ -82,7 +82,7 @@ mod alloc { // -1 * (a_eval + beta * sigma_1_eval + gamma) // * (b_eval + beta * sigma_2_eval + gamma) - // * (o_eval + beta * sigma_3_eval + gamma) + // * (c_eval + beta * sigma_3_eval + gamma) // * alpha^2 let y = { let beta_sigma_1 = beta * evaluations.s_sigma_1_eval; @@ -92,7 +92,7 @@ mod alloc { let q_1 = evaluations.b_eval + beta_sigma_2 + gamma; let beta_sigma_3 = beta * evaluations.s_sigma_3_eval; - let q_2 = evaluations.o_eval + beta_sigma_3 + gamma; + let q_2 = evaluations.c_eval + beta_sigma_3 + gamma; let q_3 = beta * evaluations.z_eval * alpha; diff --git a/src/proof_system/widget/range/proverkey.rs b/src/proof_system/widget/range/proverkey.rs index 1c54ae40..d3f6f8fd 100644 --- a/src/proof_system/widget/range/proverkey.rs +++ b/src/proof_system/widget/range/proverkey.rs @@ -34,7 +34,7 @@ impl ProverKey { range_separation_challenge: &BlsScalar, a_w_i: &BlsScalar, b_w_i: &BlsScalar, - o_w_i: &BlsScalar, + c_w_i: &BlsScalar, d_w_i: &BlsScalar, d_w_i_next: &BlsScalar, ) -> BlsScalar { @@ -48,8 +48,8 @@ impl ProverKey { // Delta([o(X) - 4 * d(X)]) + Delta([b(X) - 4 * o(X)]) + Delta([a(X) - 4 // * b(X)]) + Delta([d(Xg) - 4 * a(X)]) * Q_Range(X) // - let b_1 = delta(o_w_i - four * d_w_i); - let b_2 = delta(b_w_i - four * o_w_i) * kappa; + let b_1 = delta(c_w_i - four * d_w_i); + let b_2 = delta(b_w_i - four * c_w_i) * kappa; let b_3 = delta(a_w_i - four * b_w_i) * kappa_sq; let b_4 = delta(d_w_i_next - four * a_w_i) * kappa_cu; (b_1 + b_2 + b_3 + b_4) * q_range_i * range_separation_challenge @@ -60,7 +60,7 @@ impl ProverKey { range_separation_challenge: &BlsScalar, a_eval: &BlsScalar, b_eval: &BlsScalar, - o_eval: &BlsScalar, + c_eval: &BlsScalar, d_eval: &BlsScalar, d_next_eval: &BlsScalar, ) -> Polynomial { @@ -71,11 +71,11 @@ impl ProverKey { let kappa_sq = kappa.square(); let kappa_cu = kappa_sq * kappa; - // Delta([o_eval - 4 * d_eval]) + Delta([b_eval - 4 * o_eval]) + + // Delta([c_eval - 4 * d_eval]) + Delta([b_eval - 4 * c_eval]) + // Delta([a_eval - 4 * b_eval]) + Delta([d_next_eval - 4 * a_eval]) * // Q_Range(X) - let b_1 = delta(o_eval - four * d_eval); - let b_2 = delta(b_eval - four * o_eval) * kappa; + let b_1 = delta(c_eval - four * d_eval); + let b_2 = delta(b_eval - four * c_eval) * kappa; let b_3 = delta(a_eval - four * b_eval) * kappa_sq; let b_4 = delta(d_next_eval - four * a_eval) * kappa_cu; diff --git a/src/proof_system/widget/range/verifierkey.rs b/src/proof_system/widget/range/verifierkey.rs index 6398688a..43af8041 100644 --- a/src/proof_system/widget/range/verifierkey.rs +++ b/src/proof_system/widget/range/verifierkey.rs @@ -49,9 +49,9 @@ mod alloc { let kappa_sq = kappa.square(); let kappa_cu = kappa_sq * kappa; - let b_1 = delta(evaluations.o_eval - (four * evaluations.d_eval)); + let b_1 = delta(evaluations.c_eval - (four * evaluations.d_eval)); let b_2 = - delta(evaluations.b_eval - four * evaluations.o_eval) * kappa; + delta(evaluations.b_eval - four * evaluations.c_eval) * kappa; let b_3 = delta(evaluations.a_eval - four * evaluations.b_eval) * kappa_sq; let b_4 =