Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make code to match the last Plonk paper #830

Merged
merged 11 commits into from
Aug 8, 2024
Prev Previous commit
Next Next commit
Rename wire 'o' to 'c'
xevisalle committed Jul 3, 2024
commit e3f8a7e2b0c6371da047bfd50ce7750b73536970
16 changes: 8 additions & 8 deletions src/commitment_scheme/kzg10/key.rs
Original file line number Diff line number Diff line change
@@ -485,13 +485,13 @@ mod test {
let poly_b = Polynomial::rand(26 + 1, &mut OsRng);
let poly_b_eval = poly_b.evaluate(&point);

let poly_o = Polynomial::rand(27, &mut OsRng);
let poly_o_eval = poly_o.evaluate(&point);
let poly_c = Polynomial::rand(27, &mut OsRng);
let poly_c_eval = poly_c.evaluate(&point);

open_multiple(
&ck,
&[poly_a, poly_b, poly_o],
vec![poly_a_eval, poly_b_eval, poly_o_eval],
&[poly_a, poly_b, poly_c],
vec![poly_a_eval, poly_b_eval, poly_c_eval],
&point,
&mut Transcript::new(b"agg_flatten"),
)?
@@ -525,16 +525,16 @@ mod test {
let poly_b = Polynomial::rand(26, &mut OsRng);
let poly_b_eval = poly_b.evaluate(&point_a);

let poly_o = Polynomial::rand(27, &mut OsRng);
let poly_o_eval = poly_o.evaluate(&point_a);
let poly_c = Polynomial::rand(27, &mut OsRng);
let poly_c_eval = poly_c.evaluate(&point_a);

let poly_d = Polynomial::rand(28, &mut OsRng);
let poly_d_eval = poly_d.evaluate(&point_b);

let aggregated_proof = open_multiple(
&ck,
&[poly_a, poly_b, poly_o],
vec![poly_a_eval, poly_b_eval, poly_o_eval],
&[poly_a, poly_b, poly_c],
vec![poly_a_eval, poly_b_eval, poly_c_eval],
&point_a,
&mut Transcript::new(b"agg_batch"),
)?;
24 changes: 12 additions & 12 deletions src/compiler/prover.rs
Original file line number Diff line number Diff line change
@@ -256,32 +256,32 @@ impl Prover {
// convert wires to padded scalars
let mut a_w_scalar = vec![BlsScalar::zero(); size];
let mut b_w_scalar = vec![BlsScalar::zero(); size];
let mut o_w_scalar = vec![BlsScalar::zero(); size];
let mut c_w_scalar = vec![BlsScalar::zero(); size];
let mut d_w_scalar = vec![BlsScalar::zero(); size];

prover.constraints.iter().enumerate().for_each(|(i, c)| {
a_w_scalar[i] = prover[c.w_a];
b_w_scalar[i] = prover[c.w_b];
o_w_scalar[i] = prover[c.w_o];
c_w_scalar[i] = prover[c.w_o];
d_w_scalar[i] = prover[c.w_d];
});

let a_w_poly = Self::blind_poly(rng, &a_w_scalar, 1, &domain);
let b_w_poly = Self::blind_poly(rng, &b_w_scalar, 1, &domain);
let o_w_poly = Self::blind_poly(rng, &o_w_scalar, 1, &domain);
let c_w_poly = Self::blind_poly(rng, &c_w_scalar, 1, &domain);
let d_w_poly = Self::blind_poly(rng, &d_w_scalar, 1, &domain);

// commit to wire polynomials
// ([a(x)]_1, [b(x)]_1, [c(x)]_1, [d(x)]_1)
let a_w_poly_commit = self.commit_key.commit(&a_w_poly)?;
let b_w_poly_commit = self.commit_key.commit(&b_w_poly)?;
let o_w_poly_commit = self.commit_key.commit(&o_w_poly)?;
let c_w_poly_commit = self.commit_key.commit(&c_w_poly)?;
let d_w_poly_commit = self.commit_key.commit(&d_w_poly)?;

// Add wire polynomial commitments to transcript
transcript.append_commitment(b"a_w", &a_w_poly_commit);
transcript.append_commitment(b"b_w", &b_w_poly_commit);
transcript.append_commitment(b"o_w", &o_w_poly_commit);
transcript.append_commitment(b"c_w", &c_w_poly_commit);
transcript.append_commitment(b"d_w", &d_w_poly_commit);

// round 2
@@ -299,7 +299,7 @@ impl Prover {
let wires = [
a_w_scalar.as_slice(),
b_w_scalar.as_slice(),
o_w_scalar.as_slice(),
c_w_scalar.as_slice(),
d_w_scalar.as_slice(),
];
let permutation = prover
@@ -327,7 +327,7 @@ impl Prover {
let pi_poly = Polynomial::from_coefficients_vec(pi_poly);

// compute quotient polynomial
let wires = (&a_w_poly, &b_w_poly, &o_w_poly, &d_w_poly);
let wires = (&a_w_poly, &b_w_poly, &c_w_poly, &d_w_poly);
let args = &(
alpha,
beta,
@@ -397,7 +397,7 @@ impl Prover {
// compute opening evaluations
let a_eval = a_w_poly.evaluate(&z_challenge);
let b_eval = b_w_poly.evaluate(&z_challenge);
let o_eval = o_w_poly.evaluate(&z_challenge);
let c_eval = c_w_poly.evaluate(&z_challenge);
let d_eval = d_w_poly.evaluate(&z_challenge);

let s_sigma_1_eval = self
@@ -424,7 +424,7 @@ impl Prover {
// add opening evaluations to transcript.
transcript.append_scalar(b"a_eval", &a_eval);
transcript.append_scalar(b"b_eval", &b_eval);
transcript.append_scalar(b"o_eval", &o_eval);
transcript.append_scalar(b"c_eval", &c_eval);
transcript.append_scalar(b"d_eval", &d_eval);

transcript.append_scalar(b"s_sigma_1_eval", &s_sigma_1_eval);
@@ -458,7 +458,7 @@ impl Prover {
&z_poly,
&a_eval,
&b_eval,
&o_eval,
&c_eval,
&d_eval,
&s_sigma_1_eval,
&s_sigma_2_eval,
@@ -501,7 +501,7 @@ impl Prover {
r_poly,
a_w_poly.clone(),
b_w_poly.clone(),
o_w_poly,
c_w_poly,
d_w_poly.clone(),
self.prover_key.permutation.s_sigma_1.0.clone(),
self.prover_key.permutation.s_sigma_2.0.clone(),
@@ -528,7 +528,7 @@ impl Prover {
let proof = Proof {
a_comm: a_w_poly_commit,
b_comm: b_w_poly_commit,
o_comm: o_w_poly_commit,
c_comm: c_w_poly_commit,
d_comm: d_w_poly_commit,

z_comm: z_poly_commit,
48 changes: 24 additions & 24 deletions src/composer/permutation.rs
Original file line number Diff line number Diff line change
@@ -223,7 +223,7 @@ impl Permutation {
let ks = vec![BlsScalar::one(), K1, K2, K3];

// Transpose wires and sigma values to get "rows" in the form [a_w_i,
// b_w_i, o_w_i, d_w_i] where each row contains the wire and sigma
// b_w_i, c_w_i, d_w_i] where each row contains the wire and sigma
// values for a single gate
let gatewise_wires = izip!(wires[0], wires[1], wires[2], wires[3])
.map(|(w0, w1, w2, w3)| vec![w0, w1, w2, w3]);
@@ -311,7 +311,7 @@ mod test {
domain: &EvaluationDomain,
a_w: &[BlsScalar],
b_w: &[BlsScalar],
o_w: &[BlsScalar],
c_w: &[BlsScalar],
d_w: &[BlsScalar],
beta: &BlsScalar,
gamma: &BlsScalar,
@@ -362,7 +362,7 @@ mod test {
let b_w_gamma: Vec<_> = b_w.iter().map(|b_w| b_w + gamma).collect();

// Compute out_wire + gamma
let o_w_gamma: Vec<_> = o_w.iter().map(|o_w| o_w + gamma).collect();
let c_w_gamma: Vec<_> = c_w.iter().map(|c_w| c_w + gamma).collect();

// Compute fourth_wire + gamma
let d_w_gamma: Vec<_> = d_w.iter().map(|d_w| d_w + gamma).collect();
@@ -372,7 +372,7 @@ mod test {
let accumulator_components_without_l1: Vec<_> = izip!(
a_w_gamma,
b_w_gamma,
o_w_gamma,
c_w_gamma,
d_w_gamma,
common_roots,
beta_roots_k1,
@@ -387,7 +387,7 @@ mod test {
|(
a_w_gamma,
b_w_gamma,
o_w_gamma,
c_w_gamma,
d_w_gamma,
beta_root,
beta_root_k1,
@@ -405,7 +405,7 @@ mod test {
let ac2 = b_w_gamma + beta_root_k1;

// w_{2n+j} + beta * K2 * root^j-1 + gamma
let ac3 = o_w_gamma + beta_root_k2;
let ac3 = c_w_gamma + beta_root_k2;

// w_{3n+j} + beta * K3 * root^j-1 + gamma
let ac4 = d_w_gamma + beta_root_k3;
@@ -417,7 +417,7 @@ mod test {
let ac6 = (b_w_gamma + beta_s_sigma_2).invert().unwrap();

// 1 / w_{2n+j} + beta * sigma(2n+j) + gamma
let ac7 = (o_w_gamma + beta_s_sigma_3).invert().unwrap();
let ac7 = (c_w_gamma + beta_s_sigma_3).invert().unwrap();

// 1 / w_{3n+j} + beta * sigma(3n+j) + gamma
let ac8 = (d_w_gamma + beta_s_sigma_4).invert().unwrap();
@@ -472,7 +472,7 @@ mod test {
domain: &EvaluationDomain,
a_w: I,
b_w: I,
o_w: I,
c_w: I,
d_w: I,
beta: &BlsScalar,
gamma: &BlsScalar,
@@ -522,7 +522,7 @@ mod test {
let b_w_gamma: Vec<_> = b_w.map(|w| w + gamma).collect();

// Compute out_wire + gamma
let o_w_gamma: Vec<_> = o_w.map(|w| w + gamma).collect();
let c_w_gamma: Vec<_> = c_w.map(|w| w + gamma).collect();

// Compute fourth_wire + gamma
let d_w_gamma: Vec<_> = d_w.map(|w| w + gamma).collect();
@@ -544,7 +544,7 @@ mod test {
for (
a_w_gamma,
b_w_gamma,
o_w_gamma,
c_w_gamma,
d_w_gamma,
beta_root,
beta_root_k1,
@@ -553,7 +553,7 @@ mod test {
) in izip!(
a_w_gamma.iter(),
b_w_gamma.iter(),
o_w_gamma.iter(),
c_w_gamma.iter(),
d_w_gamma.iter(),
beta_roots_iter,
beta_roots_k1_iter,
@@ -566,8 +566,8 @@ mod test {
// (b_w + beta * root * k_1 + gamma)
let prod_b = beta_root_k1 + b_w_gamma;

// (o_w + beta * root * k_2 + gamma)
let prod_c = beta_root_k2 + o_w_gamma;
// (c_w + beta * root * k_2 + gamma)
let prod_c = beta_root_k2 + c_w_gamma;

// (d_w + beta * root * k_3 + gamma)
let prod_d = beta_root_k3 + d_w_gamma;
@@ -585,7 +585,7 @@ mod test {
for (
a_w_gamma,
b_w_gamma,
o_w_gamma,
c_w_gamma,
d_w_gamma,
beta_s_sigma_1,
beta_s_sigma_2,
@@ -594,7 +594,7 @@ mod test {
) in izip!(
a_w_gamma,
b_w_gamma,
o_w_gamma,
c_w_gamma,
d_w_gamma,
beta_s_sigma_1_iter,
beta_s_sigma_2_iter,
@@ -607,8 +607,8 @@ mod test {
// (b_w + beta * s_sigma_2 + gamma)
let prod_b = beta_s_sigma_2 + b_w_gamma;

// (o_w + beta * s_sigma_3 + gamma)
let prod_c = beta_s_sigma_3 + o_w_gamma;
// (c_w + beta * s_sigma_3 + gamma)
let prod_c = beta_s_sigma_3 + c_w_gamma;

// (d_w + beta * s_sigma_4 + gamma)
let prod_d = beta_s_sigma_4 + d_w_gamma;
@@ -809,7 +809,7 @@ mod test {
BlsScalar::one(),
BlsScalar::one(),
];
let o_w = vec![
let c_w = vec![
BlsScalar::one(),
BlsScalar::one(),
BlsScalar::one(),
@@ -828,7 +828,7 @@ mod test {
&domain,
a_w,
b_w,
o_w,
c_w,
d_w,
);
}
@@ -955,7 +955,7 @@ mod test {

let a_w: Vec<_> = vec![BlsScalar::one(), BlsScalar::from(3)];
let b_w: Vec<_> = vec![BlsScalar::from(2), BlsScalar::from(2)];
let o_w: Vec<_> = vec![BlsScalar::from(3), BlsScalar::one()];
let c_w: Vec<_> = vec![BlsScalar::from(3), BlsScalar::one()];
let d_w: Vec<_> = vec![BlsScalar::one(), BlsScalar::one()];

test_correct_permutation_poly(
@@ -964,7 +964,7 @@ mod test {
&domain,
a_w,
b_w,
o_w,
c_w,
d_w,
);
}
@@ -983,7 +983,7 @@ mod test {
domain: &EvaluationDomain,
a_w: Vec<BlsScalar>,
b_w: Vec<BlsScalar>,
o_w: Vec<BlsScalar>,
c_w: Vec<BlsScalar>,
d_w: Vec<BlsScalar>,
) {
// 0. Generate beta and gamma challenges
@@ -1000,7 +1000,7 @@ mod test {
domain,
a_w.clone().into_iter(),
b_w.clone().into_iter(),
o_w.clone().into_iter(),
c_w.clone().into_iter(),
d_w.clone().into_iter(),
&beta,
&gamma,
@@ -1016,7 +1016,7 @@ mod test {
domain,
&a_w,
&b_w,
&o_w,
&c_w,
&d_w,
&beta,
&gamma,
Loading