From 05acc9597d72161c5c5541f9a76bfe6b967209f0 Mon Sep 17 00:00:00 2001
From: Chao Ma <mc8305@gmail.com>
Date: Wed, 27 Nov 2024 17:56:27 +0700
Subject: [PATCH 01/15] add pcs trait

---
 Cargo.toml          |  3 ++
 rust-toolchain.toml |  2 +
 src/errors.rs       | 29 ++++++++++++++
 src/lib.rs          |  1 +
 src/whir/mod.rs     | 98 +++++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 133 insertions(+)
 create mode 100644 rust-toolchain.toml
 create mode 100644 src/errors.rs

diff --git a/Cargo.toml b/Cargo.toml
index cf6e503..4fddcd1 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -27,6 +27,9 @@ nimue-pow = { git = "https://github.com/arkworks-rs/nimue" }
 lazy_static = "1.4"
 rayon = { version = "1.10.0", optional = true }
 
+goldilocks = { git = "https://github.com/scroll-tech/ceno-Goldilocks" }
+thiserror = "1"
+
 [profile.release]
 debug = true
 
diff --git a/rust-toolchain.toml b/rust-toolchain.toml
new file mode 100644
index 0000000..5d1274a
--- /dev/null
+++ b/rust-toolchain.toml
@@ -0,0 +1,2 @@
+[toolchain]
+channel = "nightly-2024-10-03"
diff --git a/src/errors.rs b/src/errors.rs
new file mode 100644
index 0000000..be6ba8a
--- /dev/null
+++ b/src/errors.rs
@@ -0,0 +1,29 @@
+use std::convert::From;
+use std::fmt::Debug;
+
+#[derive(Debug)]
+pub struct ProofError(nimue::ProofError);
+
+#[derive(Debug, thiserror::Error)]
+pub enum Error {
+    #[error(transparent)]
+    ProofError(#[from] ProofError),
+}
+
+impl From<nimue::ProofError> for ProofError {
+    fn from(value: nimue::ProofError) -> Self {
+        Self(value)
+    }
+}
+
+impl std::fmt::Display for ProofError {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        write!(f, "{}", self.0)
+    }
+}
+
+impl std::error::Error for ProofError {
+    fn source(&self) -> Option<&(dyn std::error::Error + 'static)> {
+        Some(&self.0)
+    }
+}
diff --git a/src/lib.rs b/src/lib.rs
index 7bb62c1..f5d3f17 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -1,6 +1,7 @@
 pub mod cmdline_utils;
 pub mod crypto; // Crypto utils
 pub mod domain; // Domain that we are evaluating over
+pub mod errors;
 pub mod fs_utils;
 pub mod ntt;
 pub mod parameters;
diff --git a/src/whir/mod.rs b/src/whir/mod.rs
index 51bab88..cd06a03 100644
--- a/src/whir/mod.rs
+++ b/src/whir/mod.rs
@@ -1,6 +1,10 @@
 use ark_crypto_primitives::merkle_tree::{Config, MultiPath};
 use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
+use goldilocks::ExtensionField;
+use serde::{de::DeserializeOwned, Serialize};
+use std::fmt::Debug;
 
+use crate::errors::Error;
 use crate::poly_utils::MultilinearPoint;
 
 pub mod committer;
@@ -34,6 +38,100 @@ where
     transcript.len() + whir_proof.serialized_size(ark_serialize::Compress::Yes)
 }
 
+pub trait PolynomialCommitmentScheme<E: ExtensionField>: Clone + Debug {
+    type Param: Clone + Debug + Serialize + DeserializeOwned;
+    type ProverParam: Clone + Debug + Serialize + DeserializeOwned;
+    type VerifierParam: Clone + Debug + Serialize + DeserializeOwned;
+    type CommitmentWithData: Clone + Debug + Default + Serialize + DeserializeOwned;
+    type Commitment: Clone + Debug + Default + Serialize + DeserializeOwned;
+    type CommitmentChunk: Clone + Debug + Default;
+    type Proof: Clone + Debug + Serialize + DeserializeOwned;
+    type Poly: Clone + Debug;
+    type Transcript: Clone + Debug;
+
+    fn setup(poly_size: usize) -> Result<Self::Param, Error>;
+
+    fn trim(
+        param: Self::Param,
+        poly_size: usize,
+    ) -> Result<(Self::ProverParam, Self::VerifierParam), Error>;
+
+    fn commit(pp: &Self::ProverParam, poly: &Self::Poly)
+        -> Result<Self::CommitmentWithData, Error>;
+
+    fn commit_and_write(
+        pp: &Self::ProverParam,
+        poly: &Self::Poly,
+        transcript: &mut Self::Transcript,
+    ) -> Result<Self::CommitmentWithData, Error> {
+        let comm = Self::commit(pp, poly)?;
+        Self::write_commitment(&Self::get_pure_commitment(&comm), transcript)?;
+        Ok(comm)
+    }
+
+    fn write_commitment(
+        comm: &Self::Commitment,
+        transcript: &mut Self::Transcript,
+    ) -> Result<(), Error>;
+
+    fn get_pure_commitment(comm: &Self::CommitmentWithData) -> Self::Commitment;
+
+    fn batch_commit(
+        pp: &Self::ProverParam,
+        polys: &[Self::Poly],
+    ) -> Result<Self::CommitmentWithData, Error>;
+
+    fn batch_commit_and_write(
+        pp: &Self::ProverParam,
+        polys: &[Self::Poly],
+        transcript: &mut Self::Transcript,
+    ) -> Result<Self::CommitmentWithData, Error> {
+        let comm = Self::batch_commit(pp, polys)?;
+        Self::write_commitment(&Self::get_pure_commitment(&comm), transcript)?;
+        Ok(comm)
+    }
+
+    fn open(
+        pp: &Self::ProverParam,
+        poly: &Self::Poly,
+        comm: &Self::CommitmentWithData,
+        point: &[E],
+        eval: &E,
+        transcript: &mut Self::Transcript,
+    ) -> Result<Self::Proof, Error>;
+
+    /// This is a simple version of batch open:
+    /// 1. Open at one point
+    /// 2. All the polynomials share the same commitment.
+    /// 3. The point is already a random point generated by a sum-check.
+    fn batch_open(
+        pp: &Self::ProverParam,
+        polys: &[Self::Poly],
+        comm: &Self::CommitmentWithData,
+        point: &[E],
+        evals: &[E],
+        transcript: &mut Self::Transcript,
+    ) -> Result<Self::Proof, Error>;
+
+    fn verify(
+        vp: &Self::VerifierParam,
+        comm: &Self::Commitment,
+        point: &[E],
+        eval: &E,
+        proof: &Self::Proof,
+        transcript: &mut Self::Transcript,
+    ) -> Result<(), Error>;
+
+    fn batch_verify(
+        vp: &Self::VerifierParam,
+        comm: &Self::Commitment,
+        point: &[E],
+        evals: &[E],
+        proof: &Self::Proof,
+        transcript: &mut Self::Transcript,
+    ) -> Result<(), Error>;
+}
+
 #[cfg(test)]
 mod tests {
     use nimue::{DefaultHash, IOPattern};

From 15d8b62328e947d13bb992d049a1093a083a1af7 Mon Sep 17 00:00:00 2001
From: Chao Ma <mc8305@gmail.com>
Date: Sat, 30 Nov 2024 15:56:53 +0700
Subject: [PATCH 02/15] (wip) modify pcs trait

---
 src/whir/mod.rs |  28 +++++------
 src/whir/pcs.rs | 126 ++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 138 insertions(+), 16 deletions(-)
 create mode 100644 src/whir/pcs.rs

diff --git a/src/whir/mod.rs b/src/whir/mod.rs
index cd06a03..a8c5d24 100644
--- a/src/whir/mod.rs
+++ b/src/whir/mod.rs
@@ -10,6 +10,7 @@ use crate::poly_utils::MultilinearPoint;
 pub mod committer;
 pub mod iopattern;
 pub mod parameters;
+pub mod pcs;
 pub mod prover;
 pub mod verifier;
 mod fs_utils;
@@ -21,7 +22,7 @@ pub struct Statement<F> {
 }
 
 // Only includes the authentication paths
-#[derive(Clone, CanonicalSerialize, CanonicalDeserialize)]
+#[derive(Clone, Debug, CanonicalSerialize, CanonicalDeserialize)]
 pub struct WhirProof<MerkleConfig, F>(Vec<(MultiPath<MerkleConfig>, Vec<Vec<F>>)>)
 where
     MerkleConfig: Config<Leaf = [F]>,
@@ -38,24 +39,19 @@ where
     transcript.len() + whir_proof.serialized_size(ark_serialize::Compress::Yes)
 }
 
-pub trait PolynomialCommitmentScheme<E: ExtensionField>: Clone + Debug {
-    type Param: Clone + Debug + Serialize + DeserializeOwned;
-    type ProverParam: Clone + Debug + Serialize + DeserializeOwned;
-    type VerifierParam: Clone + Debug + Serialize + DeserializeOwned;
-    type CommitmentWithData: Clone + Debug + Default + Serialize + DeserializeOwned;
-    type Commitment: Clone + Debug + Default + Serialize + DeserializeOwned;
-    type CommitmentChunk: Clone + Debug + Default;
-    type Proof: Clone + Debug + Serialize + DeserializeOwned;
-    type Poly: Clone + Debug;
-    type Transcript: Clone + Debug;
+pub trait PolynomialCommitmentScheme<E: ExtensionField>: Clone {
+    type Param: Clone;
+    type ProverParam: Clone;
+    type VerifierParam: Clone;
+    type CommitmentWithData;
+    type Commitment: Clone + Default + CanonicalSerialize + CanonicalDeserialize;
+    type CommitmentChunk: Clone + Default;
+    type Proof: Clone + CanonicalSerialize + CanonicalDeserialize;
+    type Poly: Clone;
+    type Transcript: Clone;
 
     fn setup(poly_size: usize) -> Result<Self::Param, Error>;
 
-    fn trim(
-        param: Self::Param,
-        poly_size: usize,
-    ) -> Result<(Self::ProverParam, Self::VerifierParam), Error>;
-
     fn commit(pp: &Self::ProverParam, poly: &Self::Poly)
         -> Result<Self::CommitmentWithData, Error>;
 
diff --git a/src/whir/pcs.rs b/src/whir/pcs.rs
new file mode 100644
index 0000000..cb13e79
--- /dev/null
+++ b/src/whir/pcs.rs
@@ -0,0 +1,126 @@
+use crate::crypto::merkle_tree::blake3::{CompressH, MerkleTreeParams};
+use crate::whir::committer::Witness;
+use crate::whir::parameters::WhirConfig;
+use crate::whir::Error;
+use crate::whir::PolynomialCommitmentScheme;
+use crate::whir::WhirProof;
+
+use ark_crypto_primitives::crh::TwoToOneCRHScheme;
+use ark_ff::FftField;
+use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
+use goldilocks::ExtensionField;
+use std::fmt::Debug;
+use std::marker::PhantomData;
+
+#[derive(Debug, Clone)]
+pub struct Whir<E>(PhantomData<E>);
+
+type WhirPCSConfig<E> = WhirConfig<E, MerkleTreeParams<E>, ()>;
+
+impl<E> PolynomialCommitmentScheme<E> for Whir<E>
+where
+    E: FftField + ExtensionField + CanonicalSerialize + CanonicalDeserialize,
+{
+    type Param = WhirPCSConfig<E>;
+    type ProverParam = WhirPCSConfig<E>;
+    type VerifierParam = WhirPCSConfig<E>;
+    type CommitmentWithData = Witness<E, MerkleTreeParams<E>>;
+    type Commitment = <CompressH as TwoToOneCRHScheme>::Output;
+    type CommitmentChunk = <CompressH as TwoToOneCRHScheme>::Output;
+    type Proof = WhirProof<MerkleTreeParams<E>, E>;
+    type Poly = ();
+    type Transcript = ();
+
+    fn setup(_poly_size: usize) -> Result<Self::Param, Error> {
+        todo!()
+    }
+
+    fn commit(
+        _pp: &Self::ProverParam,
+        _poly: &Self::Poly,
+    ) -> Result<Self::CommitmentWithData, Error> {
+        todo!()
+    }
+
+    fn commit_and_write(
+        pp: &Self::ProverParam,
+        poly: &Self::Poly,
+        transcript: &mut Self::Transcript,
+    ) -> Result<Self::CommitmentWithData, Error> {
+        let comm = Self::commit(pp, poly)?;
+        Self::write_commitment(&Self::get_pure_commitment(&comm), transcript)?;
+        Ok(comm)
+    }
+
+    fn write_commitment(
+        _comm: &Self::Commitment,
+        _transcript: &mut Self::Transcript,
+    ) -> Result<(), Error> {
+        todo!()
+    }
+
+    fn get_pure_commitment(_comm: &Self::CommitmentWithData) -> Self::Commitment {
+        todo!()
+    }
+
+    fn batch_commit(
+        _pp: &Self::ProverParam,
+        _polys: &[Self::Poly],
+    ) -> Result<Self::CommitmentWithData, Error> {
+        todo!()
+    }
+
+    fn batch_commit_and_write(
+        pp: &Self::ProverParam,
+        polys: &[Self::Poly],
+        transcript: &mut Self::Transcript,
+    ) -> Result<Self::CommitmentWithData, Error> {
+        let comm = Self::batch_commit(pp, polys)?;
+        Self::write_commitment(&Self::get_pure_commitment(&comm), transcript)?;
+        Ok(comm)
+    }
+
+    fn open(
+        _pp: &Self::ProverParam,
+        _poly: &Self::Poly,
+        _comm: &Self::CommitmentWithData,
+        _point: &[E],
+        _eval: &E,
+        _transcript: &mut Self::Transcript,
+    ) -> Result<Self::Proof, Error> {
+        todo!()
+    }
+
+    fn batch_open(
+        _pp: &Self::ProverParam,
+        _polys: &[Self::Poly],
+        _comm: &Self::CommitmentWithData,
+        _point: &[E],
+        _evals: &[E],
+        _transcript: &mut Self::Transcript,
+    ) -> Result<Self::Proof, Error> {
+        todo!()
+    }
+
+    fn verify(
+        _vp: &Self::VerifierParam,
+        _comm: &Self::Commitment,
+        _point: &[E],
+        _eval: &E,
+        _proof: &Self::Proof,
+        _transcript: &mut Self::Transcript,
+    ) -> Result<(), Error> {
+        todo!()
+    }
+
+    fn batch_verify(
+        _vp: &Self::VerifierParam,
+        _comm: &Self::Commitment,
+        _point: &[E],
+        _evals: &[E],
+        _proof: &Self::Proof,
+        _transcript: &mut Self::Transcript,
+    ) -> Result<(), Error> {
+        todo!()
+    }
+}

From 188cc7d1797fb540974c3c1fddff27d10c31bc8a Mon Sep 17 00:00:00 2001
From: Chao Ma <mc8305@gmail.com>
Date: Sat, 30 Nov 2024 15:58:27 +0700
Subject: [PATCH 03/15] add Cargo.lock

---
 Cargo.lock | 170 ++++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 168 insertions(+), 2 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 374bd05..048ab85 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -118,7 +118,7 @@ dependencies = [
  "educe",
  "fnv",
  "hashbrown 0.15.1",
- "itertools",
+ "itertools 0.13.0",
  "num-bigint",
  "num-integer",
  "num-traits",
@@ -139,7 +139,7 @@ dependencies = [
  "arrayvec",
  "digest",
  "educe",
- "itertools",
+ "itertools 0.13.0",
  "num-bigint",
  "num-traits",
  "paste",
@@ -275,6 +275,18 @@ version = "1.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ace50bade8e6234aa140d9a2f552bbee1db4d353f69b8217bc503490fc1a9f26"
 
+[[package]]
+name = "bitvec"
+version = "1.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1bc2832c24239b0141d5674bb9174f9d68a8b5b3f2753311927c172ca46f7e9c"
+dependencies = [
+ "funty",
+ "radium",
+ "tap",
+ "wyz",
+]
+
 [[package]]
 name = "blake2"
 version = "0.10.6"
@@ -284,6 +296,17 @@ dependencies = [
  "digest",
 ]
 
+[[package]]
+name = "blake2b_simd"
+version = "1.0.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "23285ad32269793932e830392f2fe2f83e26488fd3ec778883a93c8323735780"
+dependencies = [
+ "arrayref",
+ "arrayvec",
+ "constant_time_eq",
+]
+
 [[package]]
 name = "blake3"
 version = "1.5.4"
@@ -489,12 +512,29 @@ dependencies = [
  "syn 2.0.87",
 ]
 
+[[package]]
+name = "ff"
+version = "0.13.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ded41244b729663b1e574f1b4fb731469f69f79c17667b5d776b16cda0479449"
+dependencies = [
+ "bitvec",
+ "rand_core",
+ "subtle",
+]
+
 [[package]]
 name = "fnv"
 version = "1.0.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1"
 
+[[package]]
+name = "funty"
+version = "2.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e6d5a32815ae3f33302d95fdcb2ce17862f8c65363dcfd29360480ba1001fc9c"
+
 [[package]]
 name = "generic-array"
 version = "0.14.7"
@@ -516,6 +556,50 @@ dependencies = [
  "wasi",
 ]
 
+[[package]]
+name = "goldilocks"
+version = "0.1.0"
+source = "git+https://github.com/scroll-tech/ceno-Goldilocks#29a15d186ce4375dab346a3cc9eca6e43540cb8d"
+dependencies = [
+ "ff",
+ "halo2curves",
+ "itertools 0.12.1",
+ "rand_core",
+ "serde",
+ "subtle",
+]
+
+[[package]]
+name = "group"
+version = "0.13.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63"
+dependencies = [
+ "ff",
+ "rand_core",
+ "subtle",
+]
+
+[[package]]
+name = "halo2curves"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e6b1142bd1059aacde1b477e0c80c142910f1ceae67fc619311d6a17428007ab"
+dependencies = [
+ "blake2b_simd",
+ "ff",
+ "group",
+ "lazy_static",
+ "num-bigint",
+ "num-traits",
+ "pasta_curves",
+ "paste",
+ "rand",
+ "rand_core",
+ "static_assertions",
+ "subtle",
+]
+
 [[package]]
 name = "hashbrown"
 version = "0.14.5"
@@ -552,6 +636,15 @@ version = "1.70.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7943c866cc5cd64cbc25b2e01621d07fa8eb2a1a23160ee81ce38704e97b8ecf"
 
+[[package]]
+name = "itertools"
+version = "0.12.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ba291022dbbd398a455acf126c1e341954079855bc60dfdda641363bd6922569"
+dependencies = [
+ "either",
+]
+
 [[package]]
 name = "itertools"
 version = "0.13.0"
@@ -581,6 +674,9 @@ name = "lazy_static"
 version = "1.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe"
+dependencies = [
+ "spin",
+]
 
 [[package]]
 name = "libc"
@@ -675,6 +771,21 @@ version = "1.20.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1261fe7e33c73b354eab43b1273a57c8f967d0391e80353e51f764ac02cf6775"
 
+[[package]]
+name = "pasta_curves"
+version = "0.5.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d3e57598f73cc7e1b2ac63c79c517b31a0877cd7c402cdcaa311b5208de7a095"
+dependencies = [
+ "blake2b_simd",
+ "ff",
+ "group",
+ "lazy_static",
+ "rand",
+ "static_assertions",
+ "subtle",
+]
+
 [[package]]
 name = "paste"
 version = "1.0.15"
@@ -714,6 +825,12 @@ dependencies = [
  "proc-macro2",
 ]
 
+[[package]]
+name = "radium"
+version = "0.7.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "dc33ff2d4973d518d823d61aa239014831e521c75da58e3df4840d3f47749d09"
+
 [[package]]
 name = "rand"
 version = "0.8.5"
@@ -829,6 +946,18 @@ version = "1.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64"
 
+[[package]]
+name = "spin"
+version = "0.9.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67"
+
+[[package]]
+name = "static_assertions"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f"
+
 [[package]]
 name = "strsim"
 version = "0.11.1"
@@ -863,6 +992,32 @@ dependencies = [
  "unicode-ident",
 ]
 
+[[package]]
+name = "tap"
+version = "1.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "55937e1799185b12863d447f42597ed69d9928686b8d88a1df17376a097d8369"
+
+[[package]]
+name = "thiserror"
+version = "1.0.69"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b6aaf5339b578ea85b50e080feb250a3e8ae8cfcdff9a461c9ec2904bc923f52"
+dependencies = [
+ "thiserror-impl",
+]
+
+[[package]]
+name = "thiserror-impl"
+version = "1.0.69"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4fee6c4efc90059e10f81e6d42c60a18f76588c3d74cb83a0b242a2b6c7504c1"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.87",
+]
+
 [[package]]
 name = "tracing"
 version = "0.1.40"
@@ -942,6 +1097,7 @@ dependencies = [
  "blake3",
  "clap",
  "derivative",
+ "goldilocks",
  "lazy_static",
  "nimue",
  "nimue-pow",
@@ -951,6 +1107,7 @@ dependencies = [
  "serde",
  "serde_json",
  "sha3",
+ "thiserror",
 ]
 
 [[package]]
@@ -1026,6 +1183,15 @@ version = "0.52.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec"
 
+[[package]]
+name = "wyz"
+version = "0.5.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "05f360fc0b24296329c78fda852a1e9ae82de9cf7b27dae4b7f62f118f77b9ed"
+dependencies = [
+ "tap",
+]
+
 [[package]]
 name = "zerocopy"
 version = "0.7.35"

From e95299e55571d12b405a34782bcf888dce81b01b Mon Sep 17 00:00:00 2001
From: Chao Ma <mc8305@gmail.com>
Date: Sat, 30 Nov 2024 16:00:38 +0700
Subject: [PATCH 04/15] cargo fmt

---
 src/crypto/merkle_tree/mock.rs      |  4 +---
 src/fs_utils.rs                     |  2 +-
 src/ntt/transpose.rs                |  5 +----
 src/sumcheck/prover_not_skipping.rs | 31 +++++++++++++++++++++--------
 src/whir/mod.rs                     |  8 ++++----
 src/whir/pcs.rs                     | 17 ++++++++--------
 src/whir/prover.rs                  | 13 ++++++------
 src/whir/verifier.rs                |  8 ++++----
 8 files changed, 49 insertions(+), 39 deletions(-)

diff --git a/src/crypto/merkle_tree/mock.rs b/src/crypto/merkle_tree/mock.rs
index 9102490..4becc42 100644
--- a/src/crypto/merkle_tree/mock.rs
+++ b/src/crypto/merkle_tree/mock.rs
@@ -60,9 +60,7 @@ pub fn default_config<F: CanonicalSerialize + Send>(
 ) {
     <LeafH<F> as CRHScheme>::setup(rng).unwrap();
     {
-        <CompressH as TwoToOneCRHScheme>::setup(rng)
-        .unwrap();
-        
+        <CompressH as TwoToOneCRHScheme>::setup(rng).unwrap();
     };
 
     ((), ())
diff --git a/src/fs_utils.rs b/src/fs_utils.rs
index d3cceaa..4cc732d 100644
--- a/src/fs_utils.rs
+++ b/src/fs_utils.rs
@@ -24,7 +24,7 @@ pub trait WhirPoWIOPattern {
     fn pow(self, bits: f64) -> Self;
 }
 
-impl <IOPattern> WhirPoWIOPattern for IOPattern
+impl<IOPattern> WhirPoWIOPattern for IOPattern
 where
     IOPattern: PoWIOPattern,
 {
diff --git a/src/ntt/transpose.rs b/src/ntt/transpose.rs
index be81ebf..ec96e52 100644
--- a/src/ntt/transpose.rs
+++ b/src/ntt/transpose.rs
@@ -85,10 +85,7 @@ fn transpose_copy_parallel<F: Sized + Copy + Send>(
 
 /// Sets `dst` to the transpose of `src`. This will panic if the sizes of `src` and `dst` are not compatible.
 /// This is the non-parallel version
-fn transpose_copy_not_parallel<F: Sized + Copy>(
-    src: MatrixMut<'_, F>,
-    mut dst: MatrixMut<'_, F>,
-) {
+fn transpose_copy_not_parallel<F: Sized + Copy>(src: MatrixMut<'_, F>, mut dst: MatrixMut<'_, F>) {
     assert_eq!(src.rows(), dst.cols());
     assert_eq!(src.cols(), dst.rows());
     if src.rows() * src.cols() > workload_size::<F>() {
diff --git a/src/sumcheck/prover_not_skipping.rs b/src/sumcheck/prover_not_skipping.rs
index 6edae62..79c9aaf 100644
--- a/src/sumcheck/prover_not_skipping.rs
+++ b/src/sumcheck/prover_not_skipping.rs
@@ -1,5 +1,8 @@
 use ark_ff::Field;
-use nimue::{plugins::ark::{FieldChallenges, FieldIOPattern, FieldWriter}, IOPattern, ProofResult};
+use nimue::{
+    plugins::ark::{FieldChallenges, FieldIOPattern, FieldWriter},
+    IOPattern, ProofResult,
+};
 use nimue_pow::{PoWChallenge, PowStrategy};
 
 use crate::{
@@ -101,7 +104,10 @@ where
 #[cfg(test)]
 mod tests {
     use ark_ff::Field;
-    use nimue::{plugins::ark::{FieldChallenges, FieldIOPattern, FieldReader}, IOPattern, Merlin, ProofResult};
+    use nimue::{
+        plugins::ark::{FieldChallenges, FieldIOPattern, FieldReader},
+        IOPattern, Merlin, ProofResult,
+    };
     use nimue_pow::blake3::Blake3PoW;
 
     use crate::{
@@ -151,8 +157,11 @@ mod tests {
             ],
         );
 
-        let folding_randomness_1 =
-            prover.compute_sumcheck_polynomials::<Blake3PoW, Merlin>(&mut merlin, folding_factor, 0.)?;
+        let folding_randomness_1 = prover.compute_sumcheck_polynomials::<Blake3PoW, Merlin>(
+            &mut merlin,
+            folding_factor,
+            0.,
+        )?;
 
         // Compute the answers
         let folded_poly_1 = polynomial.fold(&folding_randomness_1);
@@ -237,15 +246,21 @@ mod tests {
             ],
         );
 
-        let folding_randomness_1 =
-            prover.compute_sumcheck_polynomials::<Blake3PoW, Merlin>(&mut merlin, folding_factor, 0.)?;
+        let folding_randomness_1 = prover.compute_sumcheck_polynomials::<Blake3PoW, Merlin>(
+            &mut merlin,
+            folding_factor,
+            0.,
+        )?;
 
         let folded_poly_1 = polynomial.fold(&folding_randomness_1);
         let fold_eval = folded_poly_1.evaluate_at_extension(&fold_point);
         prover.add_new_equality(&[fold_point.clone()], &combination_randomness, &[fold_eval]);
 
-        let folding_randomness_2 =
-            prover.compute_sumcheck_polynomials::<Blake3PoW, Merlin>(&mut merlin, folding_factor, 0.)?;
+        let folding_randomness_2 = prover.compute_sumcheck_polynomials::<Blake3PoW, Merlin>(
+            &mut merlin,
+            folding_factor,
+            0.,
+        )?;
 
         // Compute the answers
         let folded_poly_1 = polynomial.fold(&folding_randomness_1);
diff --git a/src/whir/mod.rs b/src/whir/mod.rs
index a8c5d24..b189755 100644
--- a/src/whir/mod.rs
+++ b/src/whir/mod.rs
@@ -1,19 +1,19 @@
 use ark_crypto_primitives::merkle_tree::{Config, MultiPath};
+use ark_ff::FftField;
 use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
-use goldilocks::ExtensionField;
-use serde::{de::DeserializeOwned, Serialize};
+// use goldilocks::ExtensionField;
 use std::fmt::Debug;
 
 use crate::errors::Error;
 use crate::poly_utils::MultilinearPoint;
 
 pub mod committer;
+mod fs_utils;
 pub mod iopattern;
 pub mod parameters;
 pub mod pcs;
 pub mod prover;
 pub mod verifier;
-mod fs_utils;
 
 #[derive(Debug, Clone, Default)]
 pub struct Statement<F> {
@@ -39,7 +39,7 @@ where
     transcript.len() + whir_proof.serialized_size(ark_serialize::Compress::Yes)
 }
 
-pub trait PolynomialCommitmentScheme<E: ExtensionField>: Clone {
+pub trait PolynomialCommitmentScheme<E: FftField>: Clone {
     type Param: Clone;
     type ProverParam: Clone;
     type VerifierParam: Clone;
diff --git a/src/whir/pcs.rs b/src/whir/pcs.rs
index cb13e79..124188d 100644
--- a/src/whir/pcs.rs
+++ b/src/whir/pcs.rs
@@ -1,14 +1,13 @@
 use crate::crypto::merkle_tree::blake3::{CompressH, MerkleTreeParams};
-use crate::whir::committer::Witness;
-use crate::whir::parameters::WhirConfig;
-use crate::whir::Error;
-use crate::whir::PolynomialCommitmentScheme;
-use crate::whir::WhirProof;
+use crate::poly_utils::coeffs::CoefficientList;
+use crate::whir::{
+    committer::Witness, parameters::WhirConfig, Error, PolynomialCommitmentScheme, WhirProof,
+};
 
 use ark_crypto_primitives::crh::TwoToOneCRHScheme;
 use ark_ff::FftField;
 use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
-use goldilocks::ExtensionField;
+use nimue::{DefaultHash, IOPattern};
 use std::fmt::Debug;
 use std::marker::PhantomData;
 
@@ -19,7 +18,7 @@ type WhirPCSConfig<E> = WhirConfig<E, MerkleTreeParams<E>, ()>;
 
 impl<E> PolynomialCommitmentScheme<E> for Whir<E>
 where
-    E: FftField + ExtensionField + CanonicalSerialize + CanonicalDeserialize,
+    E: FftField + CanonicalSerialize + CanonicalDeserialize,
 {
     type Param = WhirPCSConfig<E>;
     type ProverParam = WhirPCSConfig<E>;
@@ -28,8 +27,8 @@ where
     type Commitment = <CompressH as TwoToOneCRHScheme>::Output;
     type CommitmentChunk = <CompressH as TwoToOneCRHScheme>::Output;
     type Proof = WhirProof<MerkleTreeParams<E>, E>;
-    type Poly = ();
-    type Transcript = ();
+    type Poly = CoefficientList<E>;
+    type Transcript = IOPattern<DefaultHash>;
 
     fn setup(_poly_size: usize) -> Result<Self::Param, Error> {
         todo!()
diff --git a/src/whir/prover.rs b/src/whir/prover.rs
index cc04ba7..2bc5694 100644
--- a/src/whir/prover.rs
+++ b/src/whir/prover.rs
@@ -176,7 +176,7 @@ where
                 self.0.final_queries,
                 merlin,
             )?;
-            
+
             let merkle_proof = round_state
                 .prev_merkle
                 .generate_multi_proof(final_challenge_indexes.clone())
@@ -351,11 +351,12 @@ where
                 )
             });
 
-        let folding_randomness = sumcheck_prover.compute_sumcheck_polynomials::<PowStrategy, Merlin>(
-            merlin,
-            self.0.folding_factor,
-            round_params.folding_pow_bits,
-        )?;
+        let folding_randomness = sumcheck_prover
+            .compute_sumcheck_polynomials::<PowStrategy, Merlin>(
+                merlin,
+                self.0.folding_factor,
+                round_params.folding_pow_bits,
+            )?;
 
         let round_state = RoundState {
             round: round_state.round + 1,
diff --git a/src/whir/verifier.rs b/src/whir/verifier.rs
index f1663a0..0061a29 100644
--- a/src/whir/verifier.rs
+++ b/src/whir/verifier.rs
@@ -4,8 +4,8 @@ use ark_crypto_primitives::merkle_tree::Config;
 use ark_ff::FftField;
 use ark_poly::EvaluationDomain;
 use nimue::{
-    plugins::ark::{FieldChallenges, FieldReader}
-    , ByteChallenges, ByteReader, ProofError, ProofResult,
+    plugins::ark::{FieldChallenges, FieldReader},
+    ByteChallenges, ByteReader, ProofError, ProofResult,
 };
 use nimue_pow::{self, PoWChallenge};
 
@@ -28,14 +28,14 @@ where
 }
 
 #[derive(Clone)]
-struct ParsedCommitment<F, D> {
+pub struct ParsedCommitment<F, D> {
     root: D,
     ood_points: Vec<F>,
     ood_answers: Vec<F>,
 }
 
 #[derive(Clone)]
-struct ParsedProof<F> {
+pub struct ParsedProof<F> {
     initial_combination_randomness: Vec<F>,
     initial_sumcheck_rounds: Vec<(SumcheckPolynomial<F>, F)>,
     rounds: Vec<ParsedRound<F>>,

From 57e24d8236f2acf28a1bcde30674b3962f9bbd4d Mon Sep 17 00:00:00 2001
From: Chao Ma <mc8305@gmail.com>
Date: Sat, 30 Nov 2024 20:32:35 +0700
Subject: [PATCH 05/15] simplify pcs trait

---
 src/whir/committer.rs |  2 +-
 src/whir/mod.rs       | 31 -------------------------------
 src/whir/pcs.rs       | 38 +-------------------------------------
 3 files changed, 2 insertions(+), 69 deletions(-)

diff --git a/src/whir/committer.rs b/src/whir/committer.rs
index 800ddf4..684ce2b 100644
--- a/src/whir/committer.rs
+++ b/src/whir/committer.rs
@@ -9,7 +9,7 @@ use ark_ff::FftField;
 use ark_poly::EvaluationDomain;
 use nimue::{
     plugins::ark::{FieldChallenges, FieldWriter},
-    ByteWriter, Merlin, ProofResult,
+    ByteWriter, ProofResult,
 };
 
 #[cfg(feature = "parallel")]
diff --git a/src/whir/mod.rs b/src/whir/mod.rs
index b189755..7b9c860 100644
--- a/src/whir/mod.rs
+++ b/src/whir/mod.rs
@@ -44,8 +44,6 @@ pub trait PolynomialCommitmentScheme<E: FftField>: Clone {
     type ProverParam: Clone;
     type VerifierParam: Clone;
     type CommitmentWithData;
-    type Commitment: Clone + Default + CanonicalSerialize + CanonicalDeserialize;
-    type CommitmentChunk: Clone + Default;
     type Proof: Clone + CanonicalSerialize + CanonicalDeserialize;
     type Poly: Clone;
     type Transcript: Clone;
@@ -55,38 +53,11 @@ pub trait PolynomialCommitmentScheme<E: FftField>: Clone {
     fn commit(pp: &Self::ProverParam, poly: &Self::Poly)
         -> Result<Self::CommitmentWithData, Error>;
 
-    fn commit_and_write(
-        pp: &Self::ProverParam,
-        poly: &Self::Poly,
-        transcript: &mut Self::Transcript,
-    ) -> Result<Self::CommitmentWithData, Error> {
-        let comm = Self::commit(pp, poly)?;
-        Self::write_commitment(&Self::get_pure_commitment(&comm), transcript)?;
-        Ok(comm)
-    }
-
-    fn write_commitment(
-        comm: &Self::Commitment,
-        transcript: &mut Self::Transcript,
-    ) -> Result<(), Error>;
-
-    fn get_pure_commitment(comm: &Self::CommitmentWithData) -> Self::Commitment;
-
     fn batch_commit(
         pp: &Self::ProverParam,
         polys: &[Self::Poly],
     ) -> Result<Self::CommitmentWithData, Error>;
 
-    fn batch_commit_and_write(
-        pp: &Self::ProverParam,
-        polys: &[Self::Poly],
-        transcript: &mut Self::Transcript,
-    ) -> Result<Self::CommitmentWithData, Error> {
-        let comm = Self::batch_commit(pp, polys)?;
-        Self::write_commitment(&Self::get_pure_commitment(&comm), transcript)?;
-        Ok(comm)
-    }
-
     fn open(
         pp: &Self::ProverParam,
         poly: &Self::Poly,
@@ -111,7 +82,6 @@ pub trait PolynomialCommitmentScheme<E: FftField>: Clone {
 
     fn verify(
         vp: &Self::VerifierParam,
-        comm: &Self::Commitment,
         point: &[E],
         eval: &E,
         proof: &Self::Proof,
@@ -120,7 +90,6 @@ pub trait PolynomialCommitmentScheme<E: FftField>: Clone {
 
     fn batch_verify(
         vp: &Self::VerifierParam,
-        comm: &Self::Commitment,
         point: &[E],
         evals: &[E],
         proof: &Self::Proof,
diff --git a/src/whir/pcs.rs b/src/whir/pcs.rs
index 124188d..c1fcd17 100644
--- a/src/whir/pcs.rs
+++ b/src/whir/pcs.rs
@@ -1,10 +1,9 @@
-use crate::crypto::merkle_tree::blake3::{CompressH, MerkleTreeParams};
+use crate::crypto::merkle_tree::blake3::MerkleTreeParams;
 use crate::poly_utils::coeffs::CoefficientList;
 use crate::whir::{
     committer::Witness, parameters::WhirConfig, Error, PolynomialCommitmentScheme, WhirProof,
 };
 
-use ark_crypto_primitives::crh::TwoToOneCRHScheme;
 use ark_ff::FftField;
 use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
 use nimue::{DefaultHash, IOPattern};
@@ -24,8 +23,6 @@ where
     type ProverParam = WhirPCSConfig<E>;
     type VerifierParam = WhirPCSConfig<E>;
     type CommitmentWithData = Witness<E, MerkleTreeParams<E>>;
-    type Commitment = <CompressH as TwoToOneCRHScheme>::Output;
-    type CommitmentChunk = <CompressH as TwoToOneCRHScheme>::Output;
     type Proof = WhirProof<MerkleTreeParams<E>, E>;
     type Poly = CoefficientList<E>;
     type Transcript = IOPattern<DefaultHash>;
@@ -41,27 +38,6 @@ where
         todo!()
     }
 
-    fn commit_and_write(
-        pp: &Self::ProverParam,
-        poly: &Self::Poly,
-        transcript: &mut Self::Transcript,
-    ) -> Result<Self::CommitmentWithData, Error> {
-        let comm = Self::commit(pp, poly)?;
-        Self::write_commitment(&Self::get_pure_commitment(&comm), transcript)?;
-        Ok(comm)
-    }
-
-    fn write_commitment(
-        _comm: &Self::Commitment,
-        _transcript: &mut Self::Transcript,
-    ) -> Result<(), Error> {
-        todo!()
-    }
-
-    fn get_pure_commitment(_comm: &Self::CommitmentWithData) -> Self::Commitment {
-        todo!()
-    }
-
     fn batch_commit(
         _pp: &Self::ProverParam,
         _polys: &[Self::Poly],
@@ -69,16 +45,6 @@ where
         todo!()
     }
 
-    fn batch_commit_and_write(
-        pp: &Self::ProverParam,
-        polys: &[Self::Poly],
-        transcript: &mut Self::Transcript,
-    ) -> Result<Self::CommitmentWithData, Error> {
-        let comm = Self::batch_commit(pp, polys)?;
-        Self::write_commitment(&Self::get_pure_commitment(&comm), transcript)?;
-        Ok(comm)
-    }
-
     fn open(
         _pp: &Self::ProverParam,
         _poly: &Self::Poly,
@@ -103,7 +69,6 @@ where
 
     fn verify(
         _vp: &Self::VerifierParam,
-        _comm: &Self::Commitment,
         _point: &[E],
         _eval: &E,
         _proof: &Self::Proof,
@@ -114,7 +79,6 @@ where
 
     fn batch_verify(
         _vp: &Self::VerifierParam,
-        _comm: &Self::Commitment,
         _point: &[E],
         _evals: &[E],
         _proof: &Self::Proof,

From 03b4de9631665afd4677c2e78780290d90e86a67 Mon Sep 17 00:00:00 2001
From: Chao Ma <mc8305@gmail.com>
Date: Sat, 30 Nov 2024 21:23:39 +0700
Subject: [PATCH 06/15] add fn setup

---
 src/whir/mod.rs |  2 +-
 src/whir/pcs.rs | 35 +++++++++++++++++++++++++++++++----
 2 files changed, 32 insertions(+), 5 deletions(-)

diff --git a/src/whir/mod.rs b/src/whir/mod.rs
index 7b9c860..7e0a8fe 100644
--- a/src/whir/mod.rs
+++ b/src/whir/mod.rs
@@ -48,7 +48,7 @@ pub trait PolynomialCommitmentScheme<E: FftField>: Clone {
     type Poly: Clone;
     type Transcript: Clone;
 
-    fn setup(poly_size: usize) -> Result<Self::Param, Error>;
+    fn setup(poly_size: usize) -> Self::Param;
 
     fn commit(pp: &Self::ProverParam, poly: &Self::Poly)
         -> Result<Self::CommitmentWithData, Error>;
diff --git a/src/whir/pcs.rs b/src/whir/pcs.rs
index c1fcd17..9a772c2 100644
--- a/src/whir/pcs.rs
+++ b/src/whir/pcs.rs
@@ -1,4 +1,7 @@
-use crate::crypto::merkle_tree::blake3::MerkleTreeParams;
+use crate::crypto::merkle_tree::blake3::{self as mt, MerkleTreeParams};
+use crate::parameters::{
+    default_max_pow, FoldType, MultivariateParameters, SoundnessType, WhirParameters,
+};
 use crate::poly_utils::coeffs::CoefficientList;
 use crate::whir::{
     committer::Witness, parameters::WhirConfig, Error, PolynomialCommitmentScheme, WhirProof,
@@ -7,13 +10,18 @@ use crate::whir::{
 use ark_ff::FftField;
 use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
 use nimue::{DefaultHash, IOPattern};
+use nimue_pow::blake3::Blake3PoW;
+use rand::prelude::*;
+use rand_chacha::ChaCha8Rng;
 use std::fmt::Debug;
 use std::marker::PhantomData;
 
 #[derive(Debug, Clone)]
 pub struct Whir<E>(PhantomData<E>);
 
-type WhirPCSConfig<E> = WhirConfig<E, MerkleTreeParams<E>, ()>;
+type MerkleConfig<E> = MerkleTreeParams<E>;
+type PowStrategy = Blake3PoW;
+type WhirPCSConfig<E> = WhirConfig<E, MerkleConfig<E>, PowStrategy>;
 
 impl<E> PolynomialCommitmentScheme<E> for Whir<E>
 where
@@ -27,8 +35,27 @@ where
     type Poly = CoefficientList<E>;
     type Transcript = IOPattern<DefaultHash>;
 
-    fn setup(_poly_size: usize) -> Result<Self::Param, Error> {
-        todo!()
+    fn setup(poly_size: usize) -> Self::Param {
+        let mv_params = MultivariateParameters::<E>::new(poly_size);
+        let starting_rate = 1;
+        let pow_bits = default_max_pow(poly_size, starting_rate);
+        let mut rng = ChaCha8Rng::from_seed([0u8; 32]);
+
+        let (leaf_hash_params, two_to_one_params) = mt::default_config::<E>(&mut rng);
+
+        let whir_params = WhirParameters::<MerkleConfig<E>, PowStrategy> {
+            initial_statement: true,
+            security_level: 100,
+            pow_bits,
+            folding_factor: 4,
+            leaf_hash_params,
+            two_to_one_params,
+            soundness_type: SoundnessType::ConjectureList,
+            fold_optimisation: FoldType::ProverHelps,
+            _pow_parameters: Default::default(),
+            starting_log_inv_rate: starting_rate,
+        };
+        WhirConfig::<E, MerkleConfig<E>, PowStrategy>::new(mv_params, whir_params)
     }
 
     fn commit(

From 6dabac82cabd70a3b521da0130a671e262d1e9d3 Mon Sep 17 00:00:00 2001
From: Chao Ma <mc8305@gmail.com>
Date: Mon, 2 Dec 2024 09:54:00 +0700
Subject: [PATCH 07/15] add commit; (TODO) support commit of extension fields

---
 src/whir/pcs.rs | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/src/whir/pcs.rs b/src/whir/pcs.rs
index 9a772c2..e46c7d1 100644
--- a/src/whir/pcs.rs
+++ b/src/whir/pcs.rs
@@ -4,7 +4,10 @@ use crate::parameters::{
 };
 use crate::poly_utils::coeffs::CoefficientList;
 use crate::whir::{
-    committer::Witness, parameters::WhirConfig, Error, PolynomialCommitmentScheme, WhirProof,
+    committer::{Committer, Witness},
+    iopattern::WhirIOPattern,
+    parameters::WhirConfig,
+    Error, PolynomialCommitmentScheme, WhirProof,
 };
 
 use ark_ff::FftField;
@@ -32,7 +35,8 @@ where
     type VerifierParam = WhirPCSConfig<E>;
     type CommitmentWithData = Witness<E, MerkleTreeParams<E>>;
     type Proof = WhirProof<MerkleTreeParams<E>, E>;
-    type Poly = CoefficientList<E>;
+    // TODO: support both base and extension fields
+    type Poly = CoefficientList<E::BasePrimeField>;
     type Transcript = IOPattern<DefaultHash>;
 
     fn setup(poly_size: usize) -> Self::Param {
@@ -59,10 +63,17 @@ where
     }
 
     fn commit(
-        _pp: &Self::ProverParam,
-        _poly: &Self::Poly,
+        pp: &Self::ProverParam,
+        poly: &Self::Poly,
     ) -> Result<Self::CommitmentWithData, Error> {
-        todo!()
+        let io = IOPattern::<DefaultHash>::new("🌪️")
+            .commit_statement(&pp)
+            .add_whir_proof(&pp);
+
+        let mut merlin = io.to_merlin();
+        let committer = Committer::new(pp.clone());
+        let witness = committer.commit(&mut merlin, poly.clone()).unwrap();
+        Ok(witness)
     }
 
     fn batch_commit(

From 7c5357c42fe2f391f45d8fd922b3d01768b84d01 Mon Sep 17 00:00:00 2001
From: Chao Ma <mc8305@gmail.com>
Date: Mon, 2 Dec 2024 10:33:40 +0700
Subject: [PATCH 08/15] simplify error conversion

---
 src/errors.rs   | 24 +-----------------------
 src/whir/pcs.rs |  7 ++++++-
 2 files changed, 7 insertions(+), 24 deletions(-)

diff --git a/src/errors.rs b/src/errors.rs
index be6ba8a..bde83ba 100644
--- a/src/errors.rs
+++ b/src/errors.rs
@@ -1,29 +1,7 @@
-use std::convert::From;
 use std::fmt::Debug;
 
-#[derive(Debug)]
-pub struct ProofError(nimue::ProofError);
-
 #[derive(Debug, thiserror::Error)]
 pub enum Error {
     #[error(transparent)]
-    ProofError(#[from] ProofError),
-}
-
-impl From<nimue::ProofError> for ProofError {
-    fn from(value: nimue::ProofError) -> Self {
-        Self(value)
-    }
-}
-
-impl std::fmt::Display for ProofError {
-    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        write!(f, "{}", self.0)
-    }
-}
-
-impl std::error::Error for ProofError {
-    fn source(&self) -> Option<&(dyn std::error::Error + 'static)> {
-        Some(&self.0)
-    }
+    ProofError(#[from] nimue::ProofError),
 }
diff --git a/src/whir/pcs.rs b/src/whir/pcs.rs
index e46c7d1..a9e72e7 100644
--- a/src/whir/pcs.rs
+++ b/src/whir/pcs.rs
@@ -72,7 +72,7 @@ where
 
         let mut merlin = io.to_merlin();
         let committer = Committer::new(pp.clone());
-        let witness = committer.commit(&mut merlin, poly.clone()).unwrap();
+        let witness = committer.commit(&mut merlin, poly.clone())?;
         Ok(witness)
     }
 
@@ -91,6 +91,11 @@ where
         _eval: &E,
         _transcript: &mut Self::Transcript,
     ) -> Result<Self::Proof, Error> {
+        //        let prover = Prover(params.clone());
+        //
+        //        let proof = prover
+        //            .prove(&mut merlin, Statement::default(), witness)
+        //            .unwrap();
         todo!()
     }
 

From 409a87537e74e531548c60468d2fe2cf4402f2f8 Mon Sep 17 00:00:00 2001
From: Chao Ma <mc8305@gmail.com>
Date: Mon, 2 Dec 2024 10:54:36 +0700
Subject: [PATCH 09/15] add fn open

---
 src/whir/mod.rs |  5 ++---
 src/whir/pcs.rs | 32 +++++++++++++++++---------------
 2 files changed, 19 insertions(+), 18 deletions(-)

diff --git a/src/whir/mod.rs b/src/whir/mod.rs
index 7e0a8fe..8d639d3 100644
--- a/src/whir/mod.rs
+++ b/src/whir/mod.rs
@@ -60,8 +60,7 @@ pub trait PolynomialCommitmentScheme<E: FftField>: Clone {
 
     fn open(
         pp: &Self::ProverParam,
-        poly: &Self::Poly,
-        comm: &Self::CommitmentWithData,
+        comm: Self::CommitmentWithData,
         point: &[E],
         eval: &E,
         transcript: &mut Self::Transcript,
@@ -74,7 +73,7 @@ pub trait PolynomialCommitmentScheme<E: FftField>: Clone {
     fn batch_open(
         pp: &Self::ProverParam,
         polys: &[Self::Poly],
-        comm: &Self::CommitmentWithData,
+        comm: Self::CommitmentWithData,
         point: &[E],
         evals: &[E],
         transcript: &mut Self::Transcript,
diff --git a/src/whir/pcs.rs b/src/whir/pcs.rs
index a9e72e7..ac11239 100644
--- a/src/whir/pcs.rs
+++ b/src/whir/pcs.rs
@@ -2,12 +2,13 @@ use crate::crypto::merkle_tree::blake3::{self as mt, MerkleTreeParams};
 use crate::parameters::{
     default_max_pow, FoldType, MultivariateParameters, SoundnessType, WhirParameters,
 };
-use crate::poly_utils::coeffs::CoefficientList;
+use crate::poly_utils::{coeffs::CoefficientList, MultilinearPoint};
 use crate::whir::{
     committer::{Committer, Witness},
     iopattern::WhirIOPattern,
     parameters::WhirConfig,
-    Error, PolynomialCommitmentScheme, WhirProof,
+    prover::Prover,
+    Error, PolynomialCommitmentScheme, Statement, WhirProof,
 };
 
 use ark_ff::FftField;
@@ -84,25 +85,26 @@ where
     }
 
     fn open(
-        _pp: &Self::ProverParam,
-        _poly: &Self::Poly,
-        _comm: &Self::CommitmentWithData,
-        _point: &[E],
-        _eval: &E,
-        _transcript: &mut Self::Transcript,
+        pp: &Self::ProverParam,
+        witness: Self::CommitmentWithData,
+        point: &[E],
+        eval: &E,
+        transcript: &mut Self::Transcript,
     ) -> Result<Self::Proof, Error> {
-        //        let prover = Prover(params.clone());
-        //
-        //        let proof = prover
-        //            .prove(&mut merlin, Statement::default(), witness)
-        //            .unwrap();
-        todo!()
+        let prover = Prover(pp.clone());
+        let mut merlin = transcript.clone().to_merlin();
+        let statement = Statement {
+            points: vec![MultilinearPoint(point.to_vec())],
+            evaluations: vec![eval.clone()],
+        };
+        let proof = prover.prove(&mut merlin, statement, witness)?;
+        Ok(proof)
     }
 
     fn batch_open(
         _pp: &Self::ProverParam,
         _polys: &[Self::Poly],
-        _comm: &Self::CommitmentWithData,
+        _comm: Self::CommitmentWithData,
         _point: &[E],
         _evals: &[E],
         _transcript: &mut Self::Transcript,

From 5fc93beaa2b057dafa123fe3e66a16a78ccdd55e Mon Sep 17 00:00:00 2001
From: Chao Ma <mc8305@gmail.com>
Date: Mon, 2 Dec 2024 11:06:20 +0700
Subject: [PATCH 10/15] add verify

---
 src/whir/pcs.rs | 31 +++++++++++++++++++++++++------
 1 file changed, 25 insertions(+), 6 deletions(-)

diff --git a/src/whir/pcs.rs b/src/whir/pcs.rs
index ac11239..ef5e05f 100644
--- a/src/whir/pcs.rs
+++ b/src/whir/pcs.rs
@@ -8,6 +8,7 @@ use crate::whir::{
     iopattern::WhirIOPattern,
     parameters::WhirConfig,
     prover::Prover,
+    verifier::Verifier,
     Error, PolynomialCommitmentScheme, Statement, WhirProof,
 };
 
@@ -113,13 +114,31 @@ where
     }
 
     fn verify(
-        _vp: &Self::VerifierParam,
-        _point: &[E],
-        _eval: &E,
-        _proof: &Self::Proof,
-        _transcript: &mut Self::Transcript,
+        vp: &Self::VerifierParam,
+        point: &[E],
+        eval: &E,
+        proof: &Self::Proof,
+        transcript: &mut Self::Transcript,
     ) -> Result<(), Error> {
-        todo!()
+        // TODO: determine reps by security bits
+        let reps = 1000;
+        let verifier = Verifier::new(vp.clone());
+        // TODO: simplify vp, pp
+        let io = IOPattern::<DefaultHash>::new("🌪️")
+            .commit_statement(&vp)
+            .add_whir_proof(&vp);
+
+        let statement = Statement {
+            points: vec![MultilinearPoint(point.to_vec())],
+            evaluations: vec![eval.clone()],
+        };
+
+        let merlin = transcript.clone().to_merlin();
+        for _ in 0..reps {
+            let mut arthur = io.to_arthur(merlin.transcript());
+            verifier.verify(&mut arthur, &statement, proof)?;
+        }
+        Ok(())
     }
 
     fn batch_verify(

From 9910310be4626834398403360349d0f7a812e510 Mon Sep 17 00:00:00 2001
From: Chao Ma <mc8305@gmail.com>
Date: Mon, 2 Dec 2024 11:53:39 +0700
Subject: [PATCH 11/15] add single point unit test

---
 src/whir/mod.rs | 23 +++++++--------
 src/whir/pcs.rs | 74 ++++++++++++++++++++++++++++++++++---------------
 2 files changed, 63 insertions(+), 34 deletions(-)

diff --git a/src/whir/mod.rs b/src/whir/mod.rs
index 8d639d3..ac1a438 100644
--- a/src/whir/mod.rs
+++ b/src/whir/mod.rs
@@ -41,25 +41,26 @@ where
 
 pub trait PolynomialCommitmentScheme<E: FftField>: Clone {
     type Param: Clone;
-    type ProverParam: Clone;
-    type VerifierParam: Clone;
     type CommitmentWithData;
     type Proof: Clone + CanonicalSerialize + CanonicalDeserialize;
     type Poly: Clone;
-    type Transcript: Clone;
+    type Transcript;
 
     fn setup(poly_size: usize) -> Self::Param;
 
-    fn commit(pp: &Self::ProverParam, poly: &Self::Poly)
-        -> Result<Self::CommitmentWithData, Error>;
+    fn commit_and_write(
+        pp: &Self::Param,
+        poly: &Self::Poly,
+        transcript: &mut Self::Transcript,
+    ) -> Result<Self::CommitmentWithData, Error>;
 
     fn batch_commit(
-        pp: &Self::ProverParam,
+        pp: &Self::Param,
         polys: &[Self::Poly],
     ) -> Result<Self::CommitmentWithData, Error>;
 
     fn open(
-        pp: &Self::ProverParam,
+        pp: &Self::Param,
         comm: Self::CommitmentWithData,
         point: &[E],
         eval: &E,
@@ -71,7 +72,7 @@ pub trait PolynomialCommitmentScheme<E: FftField>: Clone {
     /// 2. All the polynomials share the same commitment.
     /// 3. The point is already a random point generated by a sum-check.
     fn batch_open(
-        pp: &Self::ProverParam,
+        pp: &Self::Param,
         polys: &[Self::Poly],
         comm: Self::CommitmentWithData,
         point: &[E],
@@ -80,15 +81,15 @@ pub trait PolynomialCommitmentScheme<E: FftField>: Clone {
     ) -> Result<Self::Proof, Error>;
 
     fn verify(
-        vp: &Self::VerifierParam,
+        vp: &Self::Param,
         point: &[E],
         eval: &E,
         proof: &Self::Proof,
-        transcript: &mut Self::Transcript,
+        transcript: &Self::Transcript,
     ) -> Result<(), Error>;
 
     fn batch_verify(
-        vp: &Self::VerifierParam,
+        vp: &Self::Param,
         point: &[E],
         evals: &[E],
         proof: &Self::Proof,
diff --git a/src/whir/pcs.rs b/src/whir/pcs.rs
index ef5e05f..62b149d 100644
--- a/src/whir/pcs.rs
+++ b/src/whir/pcs.rs
@@ -14,7 +14,7 @@ use crate::whir::{
 
 use ark_ff::FftField;
 use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
-use nimue::{DefaultHash, IOPattern};
+use nimue::{DefaultHash, IOPattern, Merlin};
 use nimue_pow::blake3::Blake3PoW;
 use rand::prelude::*;
 use rand_chacha::ChaCha8Rng;
@@ -33,13 +33,11 @@ where
     E: FftField + CanonicalSerialize + CanonicalDeserialize,
 {
     type Param = WhirPCSConfig<E>;
-    type ProverParam = WhirPCSConfig<E>;
-    type VerifierParam = WhirPCSConfig<E>;
     type CommitmentWithData = Witness<E, MerkleTreeParams<E>>;
     type Proof = WhirProof<MerkleTreeParams<E>, E>;
     // TODO: support both base and extension fields
     type Poly = CoefficientList<E::BasePrimeField>;
-    type Transcript = IOPattern<DefaultHash>;
+    type Transcript = Merlin<DefaultHash>;
 
     fn setup(poly_size: usize) -> Self::Param {
         let mv_params = MultivariateParameters::<E>::new(poly_size);
@@ -64,46 +62,42 @@ where
         WhirConfig::<E, MerkleConfig<E>, PowStrategy>::new(mv_params, whir_params)
     }
 
-    fn commit(
-        pp: &Self::ProverParam,
+    fn commit_and_write(
+        pp: &Self::Param,
         poly: &Self::Poly,
+        transcript: &mut Self::Transcript,
     ) -> Result<Self::CommitmentWithData, Error> {
-        let io = IOPattern::<DefaultHash>::new("🌪️")
-            .commit_statement(&pp)
-            .add_whir_proof(&pp);
-
-        let mut merlin = io.to_merlin();
         let committer = Committer::new(pp.clone());
-        let witness = committer.commit(&mut merlin, poly.clone())?;
+        let witness = committer.commit(transcript, poly.clone())?;
         Ok(witness)
     }
 
     fn batch_commit(
-        _pp: &Self::ProverParam,
+        _pp: &Self::Param,
         _polys: &[Self::Poly],
     ) -> Result<Self::CommitmentWithData, Error> {
         todo!()
     }
 
     fn open(
-        pp: &Self::ProverParam,
+        pp: &Self::Param,
         witness: Self::CommitmentWithData,
         point: &[E],
         eval: &E,
         transcript: &mut Self::Transcript,
     ) -> Result<Self::Proof, Error> {
         let prover = Prover(pp.clone());
-        let mut merlin = transcript.clone().to_merlin();
         let statement = Statement {
             points: vec![MultilinearPoint(point.to_vec())],
             evaluations: vec![eval.clone()],
         };
-        let proof = prover.prove(&mut merlin, statement, witness)?;
+
+        let proof = prover.prove(transcript, statement, witness)?;
         Ok(proof)
     }
 
     fn batch_open(
-        _pp: &Self::ProverParam,
+        _pp: &Self::Param,
         _polys: &[Self::Poly],
         _comm: Self::CommitmentWithData,
         _point: &[E],
@@ -114,16 +108,15 @@ where
     }
 
     fn verify(
-        vp: &Self::VerifierParam,
+        vp: &Self::Param,
         point: &[E],
         eval: &E,
         proof: &Self::Proof,
-        transcript: &mut Self::Transcript,
+        transcript: &Self::Transcript,
     ) -> Result<(), Error> {
         // TODO: determine reps by security bits
         let reps = 1000;
         let verifier = Verifier::new(vp.clone());
-        // TODO: simplify vp, pp
         let io = IOPattern::<DefaultHash>::new("🌪️")
             .commit_statement(&vp)
             .add_whir_proof(&vp);
@@ -133,16 +126,15 @@ where
             evaluations: vec![eval.clone()],
         };
 
-        let merlin = transcript.clone().to_merlin();
         for _ in 0..reps {
-            let mut arthur = io.to_arthur(merlin.transcript());
+            let mut arthur = io.to_arthur(transcript.transcript());
             verifier.verify(&mut arthur, &statement, proof)?;
         }
         Ok(())
     }
 
     fn batch_verify(
-        _vp: &Self::VerifierParam,
+        _vp: &Self::Param,
         _point: &[E],
         _evals: &[E],
         _proof: &Self::Proof,
@@ -151,3 +143,39 @@ where
         todo!()
     }
 }
+
+#[cfg(test)]
+mod tests {
+    use ark_ff::Field;
+    use rand::Rng;
+
+    use super::*;
+    use crate::crypto::fields::Field64_2 as F;
+
+    #[test]
+    fn single_point_verify() {
+        let poly_size = 10;
+        let num_coeffs = 1 << poly_size;
+        let pp = Whir::<F>::setup(poly_size);
+
+        let poly = CoefficientList::new(
+            (0..num_coeffs)
+                .map(<F as Field>::BasePrimeField::from)
+                .collect(),
+        );
+
+        let io = IOPattern::<DefaultHash>::new("🌪️")
+            .commit_statement(&pp)
+            .add_whir_proof(&pp);
+        let mut merlin = io.to_merlin();
+
+        let witness = Whir::<F>::commit_and_write(&pp, &poly, &mut merlin).unwrap();
+
+        let mut rng = rand::thread_rng();
+        let point: Vec<F> = (0..poly_size).map(|_| F::from(rng.gen::<u64>())).collect();
+        let eval = poly.evaluate_at_extension(&MultilinearPoint(point.clone()));
+
+        let proof = Whir::<F>::open(&pp, witness, &point, &eval, &mut merlin).unwrap();
+        Whir::<F>::verify(&pp, &point, &eval, &proof, &merlin).unwrap();
+    }
+}

From baea63a9a094eb1f7574c8b3225c3dd1130f6a9b Mon Sep 17 00:00:00 2001
From: Chao Ma <mc8305@gmail.com>
Date: Thu, 5 Dec 2024 15:59:38 +0700
Subject: [PATCH 12/15] revert cargo fmt

---
 src/crypto/merkle_tree/mock.rs      |  4 +++-
 src/fs_utils.rs                     |  2 +-
 src/ntt/transpose.rs                |  5 ++++-
 src/sumcheck/prover_not_skipping.rs | 31 ++++++++---------------------
 src/whir/mod.rs                     |  1 -
 src/whir/prover.rs                  | 13 ++++++------
 src/whir/verifier.rs                |  8 ++++----
 7 files changed, 26 insertions(+), 38 deletions(-)

diff --git a/src/crypto/merkle_tree/mock.rs b/src/crypto/merkle_tree/mock.rs
index 4becc42..9102490 100644
--- a/src/crypto/merkle_tree/mock.rs
+++ b/src/crypto/merkle_tree/mock.rs
@@ -60,7 +60,9 @@ pub fn default_config<F: CanonicalSerialize + Send>(
 ) {
     <LeafH<F> as CRHScheme>::setup(rng).unwrap();
     {
-        <CompressH as TwoToOneCRHScheme>::setup(rng).unwrap();
+        <CompressH as TwoToOneCRHScheme>::setup(rng)
+        .unwrap();
+        
     };
 
     ((), ())
diff --git a/src/fs_utils.rs b/src/fs_utils.rs
index 4cc732d..d3cceaa 100644
--- a/src/fs_utils.rs
+++ b/src/fs_utils.rs
@@ -24,7 +24,7 @@ pub trait WhirPoWIOPattern {
     fn pow(self, bits: f64) -> Self;
 }
 
-impl<IOPattern> WhirPoWIOPattern for IOPattern
+impl <IOPattern> WhirPoWIOPattern for IOPattern
 where
     IOPattern: PoWIOPattern,
 {
diff --git a/src/ntt/transpose.rs b/src/ntt/transpose.rs
index ec96e52..be81ebf 100644
--- a/src/ntt/transpose.rs
+++ b/src/ntt/transpose.rs
@@ -85,7 +85,10 @@ fn transpose_copy_parallel<F: Sized + Copy + Send>(
 
 /// Sets `dst` to the transpose of `src`. This will panic if the sizes of `src` and `dst` are not compatible.
 /// This is the non-parallel version
-fn transpose_copy_not_parallel<F: Sized + Copy>(src: MatrixMut<'_, F>, mut dst: MatrixMut<'_, F>) {
+fn transpose_copy_not_parallel<F: Sized + Copy>(
+    src: MatrixMut<'_, F>,
+    mut dst: MatrixMut<'_, F>,
+) {
     assert_eq!(src.rows(), dst.cols());
     assert_eq!(src.cols(), dst.rows());
     if src.rows() * src.cols() > workload_size::<F>() {
diff --git a/src/sumcheck/prover_not_skipping.rs b/src/sumcheck/prover_not_skipping.rs
index 79c9aaf..6edae62 100644
--- a/src/sumcheck/prover_not_skipping.rs
+++ b/src/sumcheck/prover_not_skipping.rs
@@ -1,8 +1,5 @@
 use ark_ff::Field;
-use nimue::{
-    plugins::ark::{FieldChallenges, FieldIOPattern, FieldWriter},
-    IOPattern, ProofResult,
-};
+use nimue::{plugins::ark::{FieldChallenges, FieldIOPattern, FieldWriter}, IOPattern, ProofResult};
 use nimue_pow::{PoWChallenge, PowStrategy};
 
 use crate::{
@@ -104,10 +101,7 @@ where
 #[cfg(test)]
 mod tests {
     use ark_ff::Field;
-    use nimue::{
-        plugins::ark::{FieldChallenges, FieldIOPattern, FieldReader},
-        IOPattern, Merlin, ProofResult,
-    };
+    use nimue::{plugins::ark::{FieldChallenges, FieldIOPattern, FieldReader}, IOPattern, Merlin, ProofResult};
     use nimue_pow::blake3::Blake3PoW;
 
     use crate::{
@@ -157,11 +151,8 @@ mod tests {
             ],
         );
 
-        let folding_randomness_1 = prover.compute_sumcheck_polynomials::<Blake3PoW, Merlin>(
-            &mut merlin,
-            folding_factor,
-            0.,
-        )?;
+        let folding_randomness_1 =
+            prover.compute_sumcheck_polynomials::<Blake3PoW, Merlin>(&mut merlin, folding_factor, 0.)?;
 
         // Compute the answers
         let folded_poly_1 = polynomial.fold(&folding_randomness_1);
@@ -246,21 +237,15 @@ mod tests {
             ],
         );
 
-        let folding_randomness_1 = prover.compute_sumcheck_polynomials::<Blake3PoW, Merlin>(
-            &mut merlin,
-            folding_factor,
-            0.,
-        )?;
+        let folding_randomness_1 =
+            prover.compute_sumcheck_polynomials::<Blake3PoW, Merlin>(&mut merlin, folding_factor, 0.)?;
 
         let folded_poly_1 = polynomial.fold(&folding_randomness_1);
         let fold_eval = folded_poly_1.evaluate_at_extension(&fold_point);
         prover.add_new_equality(&[fold_point.clone()], &combination_randomness, &[fold_eval]);
 
-        let folding_randomness_2 = prover.compute_sumcheck_polynomials::<Blake3PoW, Merlin>(
-            &mut merlin,
-            folding_factor,
-            0.,
-        )?;
+        let folding_randomness_2 =
+            prover.compute_sumcheck_polynomials::<Blake3PoW, Merlin>(&mut merlin, folding_factor, 0.)?;
 
         // Compute the answers
         let folded_poly_1 = polynomial.fold(&folding_randomness_1);
diff --git a/src/whir/mod.rs b/src/whir/mod.rs
index ac1a438..c0de8e5 100644
--- a/src/whir/mod.rs
+++ b/src/whir/mod.rs
@@ -1,7 +1,6 @@
 use ark_crypto_primitives::merkle_tree::{Config, MultiPath};
 use ark_ff::FftField;
 use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
-// use goldilocks::ExtensionField;
 use std::fmt::Debug;
 
 use crate::errors::Error;
diff --git a/src/whir/prover.rs b/src/whir/prover.rs
index 2bc5694..cc04ba7 100644
--- a/src/whir/prover.rs
+++ b/src/whir/prover.rs
@@ -176,7 +176,7 @@ where
                 self.0.final_queries,
                 merlin,
             )?;
-
+            
             let merkle_proof = round_state
                 .prev_merkle
                 .generate_multi_proof(final_challenge_indexes.clone())
@@ -351,12 +351,11 @@ where
                 )
             });
 
-        let folding_randomness = sumcheck_prover
-            .compute_sumcheck_polynomials::<PowStrategy, Merlin>(
-                merlin,
-                self.0.folding_factor,
-                round_params.folding_pow_bits,
-            )?;
+        let folding_randomness = sumcheck_prover.compute_sumcheck_polynomials::<PowStrategy, Merlin>(
+            merlin,
+            self.0.folding_factor,
+            round_params.folding_pow_bits,
+        )?;
 
         let round_state = RoundState {
             round: round_state.round + 1,
diff --git a/src/whir/verifier.rs b/src/whir/verifier.rs
index 0061a29..f1663a0 100644
--- a/src/whir/verifier.rs
+++ b/src/whir/verifier.rs
@@ -4,8 +4,8 @@ use ark_crypto_primitives::merkle_tree::Config;
 use ark_ff::FftField;
 use ark_poly::EvaluationDomain;
 use nimue::{
-    plugins::ark::{FieldChallenges, FieldReader},
-    ByteChallenges, ByteReader, ProofError, ProofResult,
+    plugins::ark::{FieldChallenges, FieldReader}
+    , ByteChallenges, ByteReader, ProofError, ProofResult,
 };
 use nimue_pow::{self, PoWChallenge};
 
@@ -28,14 +28,14 @@ where
 }
 
 #[derive(Clone)]
-pub struct ParsedCommitment<F, D> {
+struct ParsedCommitment<F, D> {
     root: D,
     ood_points: Vec<F>,
     ood_answers: Vec<F>,
 }
 
 #[derive(Clone)]
-pub struct ParsedProof<F> {
+struct ParsedProof<F> {
     initial_combination_randomness: Vec<F>,
     initial_sumcheck_rounds: Vec<(SumcheckPolynomial<F>, F)>,
     rounds: Vec<ParsedRound<F>>,

From 82deaaf1df477bddd77689166f5b89914c03385f Mon Sep 17 00:00:00 2001
From: Chao Ma <mc8305@gmail.com>
Date: Thu, 5 Dec 2024 16:33:21 +0700
Subject: [PATCH 13/15] move ceno pcs to ceno_binding module

---
 Cargo.toml                               |  6 +--
 src/{errors.rs => ceno_binding/error.rs} |  0
 src/ceno_binding/mod.rs                  | 65 ++++++++++++++++++++++++
 src/{whir => ceno_binding}/pcs.rs        |  3 +-
 src/lib.rs                               |  3 +-
 src/whir/committer.rs                    |  2 +-
 src/whir/mod.rs                          | 61 ----------------------
 7 files changed, 72 insertions(+), 68 deletions(-)
 rename src/{errors.rs => ceno_binding/error.rs} (100%)
 create mode 100644 src/ceno_binding/mod.rs
 rename src/{whir => ceno_binding}/pcs.rs (98%)

diff --git a/Cargo.toml b/Cargo.toml
index 4fddcd1..ab8c041 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -34,8 +34,7 @@ thiserror = "1"
 debug = true
 
 [features]
-default = ["parallel"]
-#default = []
+default = ["parallel", "ceno"]
 parallel = [
     "dep:rayon",
     "ark-poly/parallel",
@@ -43,5 +42,4 @@ parallel = [
     "ark-crypto-primitives/parallel",
 ]
 rayon = ["dep:rayon"]
-
-
+ceno = []
diff --git a/src/errors.rs b/src/ceno_binding/error.rs
similarity index 100%
rename from src/errors.rs
rename to src/ceno_binding/error.rs
diff --git a/src/ceno_binding/mod.rs b/src/ceno_binding/mod.rs
new file mode 100644
index 0000000..1262c74
--- /dev/null
+++ b/src/ceno_binding/mod.rs
@@ -0,0 +1,65 @@
+mod error;
+mod pcs;
+
+use ark_ff::FftField;
+use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
+
+pub use error::Error;
+
+pub trait PolynomialCommitmentScheme<E: FftField>: Clone {
+    type Param: Clone;
+    type CommitmentWithData;
+    type Proof: Clone + CanonicalSerialize + CanonicalDeserialize;
+    type Poly: Clone;
+    type Transcript;
+
+    fn setup(poly_size: usize) -> Self::Param;
+
+    fn commit_and_write(
+        pp: &Self::Param,
+        poly: &Self::Poly,
+        transcript: &mut Self::Transcript,
+    ) -> Result<Self::CommitmentWithData, Error>;
+
+    fn batch_commit(
+        pp: &Self::Param,
+        polys: &[Self::Poly],
+    ) -> Result<Self::CommitmentWithData, Error>;
+
+    fn open(
+        pp: &Self::Param,
+        comm: Self::CommitmentWithData,
+        point: &[E],
+        eval: &E,
+        transcript: &mut Self::Transcript,
+    ) -> Result<Self::Proof, Error>;
+
+    /// This is a simple version of batch open:
+    /// 1. Open at one point
+    /// 2. All the polynomials share the same commitment.
+    /// 3. The point is already a random point generated by a sum-check.
+    fn batch_open(
+        pp: &Self::Param,
+        polys: &[Self::Poly],
+        comm: Self::CommitmentWithData,
+        point: &[E],
+        evals: &[E],
+        transcript: &mut Self::Transcript,
+    ) -> Result<Self::Proof, Error>;
+
+    fn verify(
+        vp: &Self::Param,
+        point: &[E],
+        eval: &E,
+        proof: &Self::Proof,
+        transcript: &Self::Transcript,
+    ) -> Result<(), Error>;
+
+    fn batch_verify(
+        vp: &Self::Param,
+        point: &[E],
+        evals: &[E],
+        proof: &Self::Proof,
+        transcript: &mut Self::Transcript,
+    ) -> Result<(), Error>;
+}
diff --git a/src/whir/pcs.rs b/src/ceno_binding/pcs.rs
similarity index 98%
rename from src/whir/pcs.rs
rename to src/ceno_binding/pcs.rs
index 62b149d..94dcb16 100644
--- a/src/whir/pcs.rs
+++ b/src/ceno_binding/pcs.rs
@@ -1,3 +1,4 @@
+use super::{error::Error, PolynomialCommitmentScheme};
 use crate::crypto::merkle_tree::blake3::{self as mt, MerkleTreeParams};
 use crate::parameters::{
     default_max_pow, FoldType, MultivariateParameters, SoundnessType, WhirParameters,
@@ -9,7 +10,7 @@ use crate::whir::{
     parameters::WhirConfig,
     prover::Prover,
     verifier::Verifier,
-    Error, PolynomialCommitmentScheme, Statement, WhirProof,
+    Statement, WhirProof,
 };
 
 use ark_ff::FftField;
diff --git a/src/lib.rs b/src/lib.rs
index f5d3f17..9ba03f1 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -1,7 +1,8 @@
+#[cfg(feature = "ceno")]
+pub mod ceno_binding; // Connect whir with ceno
 pub mod cmdline_utils;
 pub mod crypto; // Crypto utils
 pub mod domain; // Domain that we are evaluating over
-pub mod errors;
 pub mod fs_utils;
 pub mod ntt;
 pub mod parameters;
diff --git a/src/whir/committer.rs b/src/whir/committer.rs
index 684ce2b..800ddf4 100644
--- a/src/whir/committer.rs
+++ b/src/whir/committer.rs
@@ -9,7 +9,7 @@ use ark_ff::FftField;
 use ark_poly::EvaluationDomain;
 use nimue::{
     plugins::ark::{FieldChallenges, FieldWriter},
-    ByteWriter, ProofResult,
+    ByteWriter, Merlin, ProofResult,
 };
 
 #[cfg(feature = "parallel")]
diff --git a/src/whir/mod.rs b/src/whir/mod.rs
index c0de8e5..d1724d2 100644
--- a/src/whir/mod.rs
+++ b/src/whir/mod.rs
@@ -1,16 +1,13 @@
 use ark_crypto_primitives::merkle_tree::{Config, MultiPath};
-use ark_ff::FftField;
 use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
 use std::fmt::Debug;
 
-use crate::errors::Error;
 use crate::poly_utils::MultilinearPoint;
 
 pub mod committer;
 mod fs_utils;
 pub mod iopattern;
 pub mod parameters;
-pub mod pcs;
 pub mod prover;
 pub mod verifier;
 
@@ -38,64 +35,6 @@ where
     transcript.len() + whir_proof.serialized_size(ark_serialize::Compress::Yes)
 }
 
-pub trait PolynomialCommitmentScheme<E: FftField>: Clone {
-    type Param: Clone;
-    type CommitmentWithData;
-    type Proof: Clone + CanonicalSerialize + CanonicalDeserialize;
-    type Poly: Clone;
-    type Transcript;
-
-    fn setup(poly_size: usize) -> Self::Param;
-
-    fn commit_and_write(
-        pp: &Self::Param,
-        poly: &Self::Poly,
-        transcript: &mut Self::Transcript,
-    ) -> Result<Self::CommitmentWithData, Error>;
-
-    fn batch_commit(
-        pp: &Self::Param,
-        polys: &[Self::Poly],
-    ) -> Result<Self::CommitmentWithData, Error>;
-
-    fn open(
-        pp: &Self::Param,
-        comm: Self::CommitmentWithData,
-        point: &[E],
-        eval: &E,
-        transcript: &mut Self::Transcript,
-    ) -> Result<Self::Proof, Error>;
-
-    /// This is a simple version of batch open:
-    /// 1. Open at one point
-    /// 2. All the polynomials share the same commitment.
-    /// 3. The point is already a random point generated by a sum-check.
-    fn batch_open(
-        pp: &Self::Param,
-        polys: &[Self::Poly],
-        comm: Self::CommitmentWithData,
-        point: &[E],
-        evals: &[E],
-        transcript: &mut Self::Transcript,
-    ) -> Result<Self::Proof, Error>;
-
-    fn verify(
-        vp: &Self::Param,
-        point: &[E],
-        eval: &E,
-        proof: &Self::Proof,
-        transcript: &Self::Transcript,
-    ) -> Result<(), Error>;
-
-    fn batch_verify(
-        vp: &Self::Param,
-        point: &[E],
-        evals: &[E],
-        proof: &Self::Proof,
-        transcript: &mut Self::Transcript,
-    ) -> Result<(), Error>;
-}
-
 #[cfg(test)]
 mod tests {
     use nimue::{DefaultHash, IOPattern};

From 0324dffa8e05f421486125f60f42c0873191271d Mon Sep 17 00:00:00 2001
From: Chao Ma <mc8305@gmail.com>
Date: Thu, 5 Dec 2024 16:38:05 +0700
Subject: [PATCH 14/15] remove error.rs

---
 src/ceno_binding/error.rs | 7 -------
 src/ceno_binding/mod.rs   | 8 ++++++--
 src/ceno_binding/pcs.rs   | 2 +-
 3 files changed, 7 insertions(+), 10 deletions(-)
 delete mode 100644 src/ceno_binding/error.rs

diff --git a/src/ceno_binding/error.rs b/src/ceno_binding/error.rs
deleted file mode 100644
index bde83ba..0000000
--- a/src/ceno_binding/error.rs
+++ /dev/null
@@ -1,7 +0,0 @@
-use std::fmt::Debug;
-
-#[derive(Debug, thiserror::Error)]
-pub enum Error {
-    #[error(transparent)]
-    ProofError(#[from] nimue::ProofError),
-}
diff --git a/src/ceno_binding/mod.rs b/src/ceno_binding/mod.rs
index 1262c74..5d7e5f4 100644
--- a/src/ceno_binding/mod.rs
+++ b/src/ceno_binding/mod.rs
@@ -1,10 +1,14 @@
-mod error;
 mod pcs;
 
 use ark_ff::FftField;
 use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
+use std::fmt::Debug;
 
-pub use error::Error;
+#[derive(Debug, thiserror::Error)]
+pub enum Error {
+    #[error(transparent)]
+    ProofError(#[from] nimue::ProofError),
+}
 
 pub trait PolynomialCommitmentScheme<E: FftField>: Clone {
     type Param: Clone;
diff --git a/src/ceno_binding/pcs.rs b/src/ceno_binding/pcs.rs
index 94dcb16..12d1496 100644
--- a/src/ceno_binding/pcs.rs
+++ b/src/ceno_binding/pcs.rs
@@ -1,4 +1,4 @@
-use super::{error::Error, PolynomialCommitmentScheme};
+use super::{Error, PolynomialCommitmentScheme};
 use crate::crypto::merkle_tree::blake3::{self as mt, MerkleTreeParams};
 use crate::parameters::{
     default_max_pow, FoldType, MultivariateParameters, SoundnessType, WhirParameters,

From 54cc657798bbd2afde0b1c5efb9b2d3687693e5d Mon Sep 17 00:00:00 2001
From: Chao Ma <mc8305@gmail.com>
Date: Thu, 5 Dec 2024 16:41:52 +0700
Subject: [PATCH 15/15] revert minor changes in whir::mod.rs

---
 src/whir/mod.rs | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/whir/mod.rs b/src/whir/mod.rs
index d1724d2..7db951b 100644
--- a/src/whir/mod.rs
+++ b/src/whir/mod.rs
@@ -1,15 +1,14 @@
 use ark_crypto_primitives::merkle_tree::{Config, MultiPath};
 use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
-use std::fmt::Debug;
 
 use crate::poly_utils::MultilinearPoint;
 
 pub mod committer;
-mod fs_utils;
 pub mod iopattern;
 pub mod parameters;
 pub mod prover;
 pub mod verifier;
+pub mod fs_utils;
 
 #[derive(Debug, Clone, Default)]
 pub struct Statement<F> {
@@ -18,7 +17,7 @@ pub struct Statement<F> {
 }
 
 // Only includes the authentication paths
-#[derive(Clone, Debug, CanonicalSerialize, CanonicalDeserialize)]
+#[derive(Clone, CanonicalSerialize, CanonicalDeserialize)]
 pub struct WhirProof<MerkleConfig, F>(Vec<(MultiPath<MerkleConfig>, Vec<Vec<F>>)>)
 where
     MerkleConfig: Config<Leaf = [F]>,