Skip to content

Commit

Permalink
Select v_challenge according to the paper
Browse files Browse the repository at this point in the history
  • Loading branch information
@xevisalle
xevisalle committed Jul 2, 2024
1 parent 7e6e4a2 commit 6ca9317
Show file tree
Hide file tree
Showing 4 changed files with 32 additions and 22 deletions.
17 changes: 10 additions & 7 deletions src/commitment_scheme/kzg10/key.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -193,10 +193,9 @@ impl CommitKey {
pub(crate) fn compute_aggregate_witness(
polynomials: &[Polynomial],
point: &BlsScalar,
transcript: &mut Transcript,
v_challenge: &BlsScalar,
) -> Polynomial {
let v_challenge = transcript.challenge_scalar(b"v_challenge");
let powers = util::powers_of(&v_challenge, polynomials.len() - 1);
let powers = util::powers_of(v_challenge, polynomials.len() - 1);

assert_eq!(powers.len(), polynomials.len());

Expand Down Expand Up @@ -390,11 +389,13 @@ mod test {
polynomial_commitments.push(ck.commit(poly)?)
}

let v_challenge = transcript.challenge_scalar(b"v_challenge");

// Compute the aggregate witness for polynomials
let witness_poly = CommitKey::compute_aggregate_witness(
polynomials,
point,
transcript,
&v_challenge,
);

// Commit to witness polynomial
Expand Down Expand Up @@ -498,8 +499,9 @@ mod test {

// Verifier's View
let ok = {
let flattened_proof =
aggregated_proof.flatten(&mut Transcript::new(b"agg_flatten"));
let transcript = &mut Transcript::new(b"agg_flatten");
let v_challenge = transcript.challenge_scalar(b"v_challenge");
let flattened_proof = aggregated_proof.flatten(&v_challenge);
check(&opening_key, point, flattened_proof)
};

Expand Down Expand Up @@ -546,7 +548,8 @@ mod test {
// Verifier's View

let mut transcript = Transcript::new(b"agg_batch");
let flattened_proof = aggregated_proof.flatten(&mut transcript);
let v_challenge = transcript.challenge_scalar(b"v_challenge");
let flattened_proof = aggregated_proof.flatten(&v_challenge);

opening_key.batch_check(
&[point_a, point_b],
Expand Down
9 changes: 2 additions & 7 deletions src/commitment_scheme/kzg10/proof.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,12 +24,10 @@ pub(crate) struct Proof {
#[cfg(feature = "alloc")]
pub(crate) mod alloc {
use super::*;
use crate::transcript::TranscriptProtocol;
use crate::util::powers_of;
#[rustfmt::skip]
use ::alloc::vec::Vec;
use dusk_bls12_381::G1Projective;
use merlin::Transcript;
#[cfg(feature = "std")]
use rayon::prelude::*;

Expand Down Expand Up @@ -65,12 +63,9 @@ pub(crate) mod alloc {
}

/// Flattens an `AggregateProof` into a `Proof`.
/// The transcript must have the same view as the transcript that was
/// used to aggregate the witness in the proving stage.
pub(crate) fn flatten(&self, transcript: &mut Transcript) -> Proof {
let v_challenge = transcript.challenge_scalar(b"v_challenge");
pub(crate) fn flatten(&self, v_challenge: &BlsScalar) -> Proof {
let powers = powers_of(
&v_challenge,
v_challenge,
self.commitments_to_polynomials.len() - 1,
);

Expand Down
17 changes: 11 additions & 6 deletions src/compiler/prover.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -434,6 +434,9 @@ impl Prover {
transcript.append_scalar(b"z_eval", &z_eval);

// round 5
// compute the challenge 'v'
let v_challenge = transcript.challenge_scalar(b"v_challenge");

// compute linearization polynomial
let (r_poly, evaluations) = linearization_poly::compute(
&domain,
Expand Down Expand Up @@ -491,8 +494,7 @@ impl Prover {

let quot = &abc + &d;

// compute aggregate witness to polynomials evaluated at the evaluation
// challenge z. The challenge v is selected inside
// compute the opening proof polynomial 'W_z(X)'
let aggregate_witness = CommitKey::compute_aggregate_witness(
&[
quot,
Expand All @@ -506,16 +508,19 @@ impl Prover {
self.prover_key.permutation.s_sigma_3.0.clone(),
],
&z_challenge,
&mut transcript,
&v_challenge,
);
let w_z_chall_comm = self.commit_key.commit(&aggregate_witness)?;

// compute aggregate witness to polynomials evaluated at the shifted
// evaluation challenge
// compute the shifted challenge 'v'
let v_challenge_shifted =
transcript.challenge_scalar(b"v_challenge_shifted");

// compute the shifted opening proof polynomial 'W_zw(X)'
let shifted_aggregate_witness = CommitKey::compute_aggregate_witness(
&[z_poly, a_w_poly, b_w_poly, d_w_poly],
&(z_challenge * domain.group_gen),
&mut transcript,
&v_challenge_shifted,
);
let w_z_chall_w_comm =
self.commit_key.commit(&shifted_aggregate_witness)?;
Expand Down
11 changes: 9 additions & 2 deletions src/proof_system/proof.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -266,6 +266,8 @@ pub(crate) mod alloc {

transcript.append_scalar(b"z_eval", &self.evaluations.z_eval);

let v_challenge = transcript.challenge_scalar(b"v_challenge");

// Compute zero polynomial evaluated at challenge `z`
let z_h_eval = domain.evaluate_vanishing_polynomial(&z_challenge);

Expand Down Expand Up @@ -357,7 +359,7 @@ pub(crate) mod alloc {
verifier_key.permutation.s_sigma_3,
));
// Flatten proof with opening challenge
let flattened_proof_a = aggregate_proof.flatten(transcript);
let flattened_proof_a = aggregate_proof.flatten(&v_challenge);

// Compose the shifted aggregate proof
let mut shifted_aggregate_proof =
Expand All @@ -371,10 +373,15 @@ pub(crate) mod alloc {
shifted_aggregate_proof
.add_part((self.evaluations.d_next_eval, self.d_comm));

let flattened_proof_b = shifted_aggregate_proof.flatten(transcript);
let v_challenge_shifted =
transcript.challenge_scalar(b"v_challenge_shifted");
let flattened_proof_b =
shifted_aggregate_proof.flatten(&v_challenge_shifted);

// Add commitment to openings to transcript
transcript.append_commitment(b"w_z", &self.w_z_chall_comm);
transcript.append_commitment(b"w_z_w", &self.w_z_chall_w_comm);

// Batch check
if opening_key
.batch_check(
Expand Down

0 comments on commit 6ca9317

Please sign in to comment.