|
|
@ -1,6 +1,8 @@ |
|
|
#![allow(clippy::type_complexity)]
|
|
|
#![allow(clippy::type_complexity)]
|
|
|
#![allow(clippy::too_many_arguments)]
|
|
|
#![allow(clippy::too_many_arguments)]
|
|
|
#![allow(clippy::needless_range_loop)]
|
|
|
#![allow(clippy::needless_range_loop)]
|
|
|
|
|
|
use crate::poseidon_transcript::{AppendToPoseidon, PoseidonTranscript};
|
|
|
|
|
|
|
|
|
use super::dense_mlpoly::DensePolynomial;
|
|
|
use super::dense_mlpoly::DensePolynomial;
|
|
|
use super::dense_mlpoly::{
|
|
|
use super::dense_mlpoly::{
|
|
|
EqPolynomial, IdentityPolynomial, PolyCommitment, PolyCommitmentGens, PolyEvalProof,
|
|
|
EqPolynomial, IdentityPolynomial, PolyCommitment, PolyCommitmentGens, PolyEvalProof,
|
|
|
@ -12,10 +14,10 @@ use super::random::RandomTape; |
|
|
use super::scalar::Scalar;
|
|
|
use super::scalar::Scalar;
|
|
|
use super::timer::Timer;
|
|
|
use super::timer::Timer;
|
|
|
use super::transcript::{AppendToTranscript, ProofTranscript};
|
|
|
use super::transcript::{AppendToTranscript, ProofTranscript};
|
|
|
|
|
|
use ark_ff::{Field, One, Zero};
|
|
|
|
|
|
use ark_serialize::*;
|
|
|
use core::cmp::Ordering;
|
|
|
use core::cmp::Ordering;
|
|
|
use merlin::Transcript;
|
|
|
use merlin::Transcript;
|
|
|
use ark_serialize::*;
|
|
|
|
|
|
use ark_ff::{One, Zero, Field};
|
|
|
|
|
|
|
|
|
|
|
|
#[derive(Debug, CanonicalSerialize, CanonicalDeserialize)]
|
|
|
#[derive(Debug, CanonicalSerialize, CanonicalDeserialize)]
|
|
|
pub struct SparseMatEntry {
|
|
|
pub struct SparseMatEntry {
|
|
|
@ -87,18 +89,18 @@ impl DerefsEvalProof { |
|
|
r: &[Scalar],
|
|
|
r: &[Scalar],
|
|
|
evals: Vec<Scalar>,
|
|
|
evals: Vec<Scalar>,
|
|
|
gens: &PolyCommitmentGens,
|
|
|
gens: &PolyCommitmentGens,
|
|
|
transcript: &mut Transcript,
|
|
|
|
|
|
|
|
|
transcript: &mut PoseidonTranscript,
|
|
|
random_tape: &mut RandomTape,
|
|
|
random_tape: &mut RandomTape,
|
|
|
) -> PolyEvalProof {
|
|
|
) -> PolyEvalProof {
|
|
|
assert_eq!(joint_poly.get_num_vars(), r.len() + evals.len().log_2());
|
|
|
assert_eq!(joint_poly.get_num_vars(), r.len() + evals.len().log_2());
|
|
|
|
|
|
|
|
|
// append the claimed evaluations to transcript
|
|
|
// append the claimed evaluations to transcript
|
|
|
evals.append_to_transcript(b"evals_ops_val", transcript);
|
|
|
|
|
|
|
|
|
// evals.append_to_transcript(b"evals_ops_val", transcript);
|
|
|
|
|
|
transcript.append_scalar_vector(&evals);
|
|
|
|
|
|
|
|
|
// n-to-1 reduction
|
|
|
// n-to-1 reduction
|
|
|
let (r_joint, eval_joint) = {
|
|
|
let (r_joint, eval_joint) = {
|
|
|
let challenges =
|
|
|
|
|
|
transcript.challenge_vector(b"challenge_combine_n_to_one", evals.len().log_2());
|
|
|
|
|
|
|
|
|
let challenges = transcript.challenge_vector(evals.len().log2());
|
|
|
let mut poly_evals = DensePolynomial::new(evals);
|
|
|
let mut poly_evals = DensePolynomial::new(evals);
|
|
|
for i in (0..challenges.len()).rev() {
|
|
|
for i in (0..challenges.len()).rev() {
|
|
|
poly_evals.bound_poly_var_bot(&challenges[i]);
|
|
|
poly_evals.bound_poly_var_bot(&challenges[i]);
|
|
|
@ -112,7 +114,7 @@ impl DerefsEvalProof { |
|
|
(r_joint, joint_claim_eval)
|
|
|
(r_joint, joint_claim_eval)
|
|
|
};
|
|
|
};
|
|
|
// decommit the joint polynomial at r_joint
|
|
|
// decommit the joint polynomial at r_joint
|
|
|
eval_joint.append_to_transcript(b"joint_claim_eval", transcript);
|
|
|
|
|
|
|
|
|
transcript.append_scalar(&eval_joint);
|
|
|
let (proof_derefs, _comm_derefs_eval) = PolyEvalProof::prove(
|
|
|
let (proof_derefs, _comm_derefs_eval) = PolyEvalProof::prove(
|
|
|
joint_poly,
|
|
|
joint_poly,
|
|
|
None,
|
|
|
None,
|
|
|
@ -134,10 +136,10 @@ impl DerefsEvalProof { |
|
|
eval_col_ops_val_vec: &[Scalar],
|
|
|
eval_col_ops_val_vec: &[Scalar],
|
|
|
r: &[Scalar],
|
|
|
r: &[Scalar],
|
|
|
gens: &PolyCommitmentGens,
|
|
|
gens: &PolyCommitmentGens,
|
|
|
transcript: &mut Transcript,
|
|
|
|
|
|
|
|
|
transcript: &mut PoseidonTranscript,
|
|
|
random_tape: &mut RandomTape,
|
|
|
random_tape: &mut RandomTape,
|
|
|
) -> Self {
|
|
|
) -> Self {
|
|
|
transcript.append_protocol_name(DerefsEvalProof::protocol_name());
|
|
|
|
|
|
|
|
|
// transcript.append_protocol_name(DerefsEvalProof::protocol_name());
|
|
|
|
|
|
|
|
|
let evals = {
|
|
|
let evals = {
|
|
|
let mut evals = eval_row_ops_val_vec.to_owned();
|
|
|
let mut evals = eval_row_ops_val_vec.to_owned();
|
|
|
@ -157,14 +159,14 @@ impl DerefsEvalProof { |
|
|
r: &[Scalar],
|
|
|
r: &[Scalar],
|
|
|
evals: Vec<Scalar>,
|
|
|
evals: Vec<Scalar>,
|
|
|
gens: &PolyCommitmentGens,
|
|
|
gens: &PolyCommitmentGens,
|
|
|
transcript: &mut Transcript,
|
|
|
|
|
|
|
|
|
transcript: &mut PoseidonTranscript,
|
|
|
) -> Result<(), ProofVerifyError> {
|
|
|
) -> Result<(), ProofVerifyError> {
|
|
|
// append the claimed evaluations to transcript
|
|
|
// append the claimed evaluations to transcript
|
|
|
evals.append_to_transcript(b"evals_ops_val", transcript);
|
|
|
|
|
|
|
|
|
// evals.append_to_transcript(b"evals_ops_val", transcript);
|
|
|
|
|
|
transcript.append_scalar_vector(&evals);
|
|
|
|
|
|
|
|
|
// n-to-1 reduction
|
|
|
// n-to-1 reduction
|
|
|
let challenges =
|
|
|
|
|
|
transcript.challenge_vector(b"challenge_combine_n_to_one", evals.len().log_2());
|
|
|
|
|
|
|
|
|
let challenges = transcript.challenge_vector(evals.len().log2());
|
|
|
let mut poly_evals = DensePolynomial::new(evals);
|
|
|
let mut poly_evals = DensePolynomial::new(evals);
|
|
|
for i in (0..challenges.len()).rev() {
|
|
|
for i in (0..challenges.len()).rev() {
|
|
|
poly_evals.bound_poly_var_bot(&challenges[i]);
|
|
|
poly_evals.bound_poly_var_bot(&challenges[i]);
|
|
|
@ -175,7 +177,8 @@ impl DerefsEvalProof { |
|
|
r_joint.extend(r);
|
|
|
r_joint.extend(r);
|
|
|
|
|
|
|
|
|
// decommit the joint polynomial at r_joint
|
|
|
// decommit the joint polynomial at r_joint
|
|
|
joint_claim_eval.append_to_transcript(b"joint_claim_eval", transcript);
|
|
|
|
|
|
|
|
|
// joint_claim_eval.append_to_transcript(b"joint_claim_eval", transcript);
|
|
|
|
|
|
transcript.append_scalar(&joint_claim_eval);
|
|
|
|
|
|
|
|
|
proof.verify_plain(gens, transcript, &r_joint, &joint_claim_eval, comm)
|
|
|
proof.verify_plain(gens, transcript, &r_joint, &joint_claim_eval, comm)
|
|
|
}
|
|
|
}
|
|
|
@ -188,9 +191,9 @@ impl DerefsEvalProof { |
|
|
eval_col_ops_val_vec: &[Scalar],
|
|
|
eval_col_ops_val_vec: &[Scalar],
|
|
|
gens: &PolyCommitmentGens,
|
|
|
gens: &PolyCommitmentGens,
|
|
|
comm: &DerefsCommitment,
|
|
|
comm: &DerefsCommitment,
|
|
|
transcript: &mut Transcript,
|
|
|
|
|
|
|
|
|
transcript: &mut PoseidonTranscript,
|
|
|
) -> Result<(), ProofVerifyError> {
|
|
|
) -> Result<(), ProofVerifyError> {
|
|
|
transcript.append_protocol_name(DerefsEvalProof::protocol_name());
|
|
|
|
|
|
|
|
|
// transcript.append_protocol_name(DerefsEvalProof::protocol_name());
|
|
|
let mut evals = eval_row_ops_val_vec.to_owned();
|
|
|
let mut evals = eval_row_ops_val_vec.to_owned();
|
|
|
evals.extend(eval_col_ops_val_vec);
|
|
|
evals.extend(eval_col_ops_val_vec);
|
|
|
evals.resize(evals.len().next_power_of_two(), Scalar::zero());
|
|
|
evals.resize(evals.len().next_power_of_two(), Scalar::zero());
|
|
|
@ -214,6 +217,11 @@ impl AppendToTranscript for DerefsCommitment { |
|
|
}
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
impl AppendToPoseidon for DerefsCommitment {
|
|
|
|
|
|
fn append_to_poseidon(&self, transcript: &mut PoseidonTranscript) {
|
|
|
|
|
|
self.comm_ops_val.append_to_poseidon(transcript);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
struct AddrTimestamps {
|
|
|
struct AddrTimestamps {
|
|
|
ops_addr_usize: Vec<Vec<usize>>,
|
|
|
ops_addr_usize: Vec<Vec<usize>>,
|
|
|
ops_addr: Vec<DensePolynomial>,
|
|
|
ops_addr: Vec<DensePolynomial>,
|
|
|
@ -342,6 +350,16 @@ impl AppendToTranscript for SparseMatPolyCommitment { |
|
|
}
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
impl AppendToPoseidon for SparseMatPolyCommitment {
|
|
|
|
|
|
fn append_to_poseidon(&self, transcript: &mut PoseidonTranscript) {
|
|
|
|
|
|
transcript.append_u64(self.batch_size as u64);
|
|
|
|
|
|
transcript.append_u64(self.num_ops as u64);
|
|
|
|
|
|
transcript.append_u64(self.num_mem_cells as u64);
|
|
|
|
|
|
self.comm_comb_ops.append_to_poseidon(transcript);
|
|
|
|
|
|
self.comm_comb_mem.append_to_poseidon(transcript);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
impl SparseMatPolynomial {
|
|
|
impl SparseMatPolynomial {
|
|
|
pub fn new(num_vars_x: usize, num_vars_y: usize, M: Vec<SparseMatEntry>) -> Self {
|
|
|
pub fn new(num_vars_x: usize, num_vars_y: usize, M: Vec<SparseMatEntry>) -> Self {
|
|
|
SparseMatPolynomial {
|
|
|
SparseMatPolynomial {
|
|
|
@ -465,7 +483,7 @@ impl SparseMatPolynomial { |
|
|
let val = &self.M[i].val;
|
|
|
let val = &self.M[i].val;
|
|
|
(row, z[col] * val)
|
|
|
(row, z[col] * val)
|
|
|
})
|
|
|
})
|
|
|
.fold(vec![Scalar::zero(); num_rows], |mut Mz, (r, v)| {
|
|
|
|
|
|
|
|
|
.fold(vec![Scalar::zero(); num_rows], |mut Mz, (r, v)| {
|
|
|
Mz[r] += v;
|
|
|
Mz[r] += v;
|
|
|
Mz
|
|
|
Mz
|
|
|
})
|
|
|
})
|
|
|
@ -732,10 +750,10 @@ impl HashLayerProof { |
|
|
dense: &MultiSparseMatPolynomialAsDense,
|
|
|
dense: &MultiSparseMatPolynomialAsDense,
|
|
|
derefs: &Derefs,
|
|
|
derefs: &Derefs,
|
|
|
gens: &SparseMatPolyCommitmentGens,
|
|
|
gens: &SparseMatPolyCommitmentGens,
|
|
|
transcript: &mut Transcript,
|
|
|
|
|
|
|
|
|
transcript: &mut PoseidonTranscript,
|
|
|
random_tape: &mut RandomTape,
|
|
|
random_tape: &mut RandomTape,
|
|
|
) -> Self {
|
|
|
) -> Self {
|
|
|
transcript.append_protocol_name(HashLayerProof::protocol_name());
|
|
|
|
|
|
|
|
|
// transcript.append_protocol_name(HashLayerProof::protocol_name());
|
|
|
|
|
|
|
|
|
let (rand_mem, rand_ops) = rand;
|
|
|
let (rand_mem, rand_ops) = rand;
|
|
|
|
|
|
|
|
|
@ -775,9 +793,8 @@ impl HashLayerProof { |
|
|
evals_ops.extend(&eval_col_read_ts_vec);
|
|
|
evals_ops.extend(&eval_col_read_ts_vec);
|
|
|
evals_ops.extend(&eval_val_vec);
|
|
|
evals_ops.extend(&eval_val_vec);
|
|
|
evals_ops.resize(evals_ops.len().next_power_of_two(), Scalar::zero());
|
|
|
evals_ops.resize(evals_ops.len().next_power_of_two(), Scalar::zero());
|
|
|
evals_ops.append_to_transcript(b"claim_evals_ops", transcript);
|
|
|
|
|
|
let challenges_ops =
|
|
|
|
|
|
transcript.challenge_vector(b"challenge_combine_n_to_one", evals_ops.len().log_2());
|
|
|
|
|
|
|
|
|
transcript.append_scalar_vector(&evals_ops);
|
|
|
|
|
|
let challenges_ops = transcript.challenge_vector(evals_ops.len().log2());
|
|
|
|
|
|
|
|
|
let mut poly_evals_ops = DensePolynomial::new(evals_ops);
|
|
|
let mut poly_evals_ops = DensePolynomial::new(evals_ops);
|
|
|
for i in (0..challenges_ops.len()).rev() {
|
|
|
for i in (0..challenges_ops.len()).rev() {
|
|
|
@ -788,7 +805,7 @@ impl HashLayerProof { |
|
|
let mut r_joint_ops = challenges_ops;
|
|
|
let mut r_joint_ops = challenges_ops;
|
|
|
r_joint_ops.extend(rand_ops);
|
|
|
r_joint_ops.extend(rand_ops);
|
|
|
debug_assert_eq!(dense.comb_ops.evaluate(&r_joint_ops), joint_claim_eval_ops);
|
|
|
debug_assert_eq!(dense.comb_ops.evaluate(&r_joint_ops), joint_claim_eval_ops);
|
|
|
joint_claim_eval_ops.append_to_transcript(b"joint_claim_eval_ops", transcript);
|
|
|
|
|
|
|
|
|
transcript.append_scalar(&joint_claim_eval_ops);
|
|
|
let (proof_ops, _comm_ops_eval) = PolyEvalProof::prove(
|
|
|
let (proof_ops, _comm_ops_eval) = PolyEvalProof::prove(
|
|
|
&dense.comb_ops,
|
|
|
&dense.comb_ops,
|
|
|
None,
|
|
|
None,
|
|
|
@ -802,9 +819,9 @@ impl HashLayerProof { |
|
|
|
|
|
|
|
|
// form a single decommitment using comb_comb_mem at rand_mem
|
|
|
// form a single decommitment using comb_comb_mem at rand_mem
|
|
|
let evals_mem: Vec<Scalar> = vec![eval_row_audit_ts, eval_col_audit_ts];
|
|
|
let evals_mem: Vec<Scalar> = vec![eval_row_audit_ts, eval_col_audit_ts];
|
|
|
evals_mem.append_to_transcript(b"claim_evals_mem", transcript);
|
|
|
|
|
|
let challenges_mem =
|
|
|
|
|
|
transcript.challenge_vector(b"challenge_combine_two_to_one", evals_mem.len().log_2());
|
|
|
|
|
|
|
|
|
// evals_mem.append_to_transcript(b"claim_evals_mem", transcript);
|
|
|
|
|
|
transcript.append_scalar_vector(&evals_mem);
|
|
|
|
|
|
let challenges_mem = transcript.challenge_vector(evals_mem.len().log2());
|
|
|
|
|
|
|
|
|
let mut poly_evals_mem = DensePolynomial::new(evals_mem);
|
|
|
let mut poly_evals_mem = DensePolynomial::new(evals_mem);
|
|
|
for i in (0..challenges_mem.len()).rev() {
|
|
|
for i in (0..challenges_mem.len()).rev() {
|
|
|
@ -815,7 +832,7 @@ impl HashLayerProof { |
|
|
let mut r_joint_mem = challenges_mem;
|
|
|
let mut r_joint_mem = challenges_mem;
|
|
|
r_joint_mem.extend(rand_mem);
|
|
|
r_joint_mem.extend(rand_mem);
|
|
|
debug_assert_eq!(dense.comb_mem.evaluate(&r_joint_mem), joint_claim_eval_mem);
|
|
|
debug_assert_eq!(dense.comb_mem.evaluate(&r_joint_mem), joint_claim_eval_mem);
|
|
|
joint_claim_eval_mem.append_to_transcript(b"joint_claim_eval_mem", transcript);
|
|
|
|
|
|
|
|
|
transcript.append_scalar(&joint_claim_eval_mem);
|
|
|
let (proof_mem, _comm_mem_eval) = PolyEvalProof::prove(
|
|
|
let (proof_mem, _comm_mem_eval) = PolyEvalProof::prove(
|
|
|
&dense.comb_mem,
|
|
|
&dense.comb_mem,
|
|
|
None,
|
|
|
None,
|
|
|
@ -902,10 +919,10 @@ impl HashLayerProof { |
|
|
ry: &[Scalar],
|
|
|
ry: &[Scalar],
|
|
|
r_hash: &Scalar,
|
|
|
r_hash: &Scalar,
|
|
|
r_multiset_check: &Scalar,
|
|
|
r_multiset_check: &Scalar,
|
|
|
transcript: &mut Transcript,
|
|
|
|
|
|
|
|
|
transcript: &mut PoseidonTranscript,
|
|
|
) -> Result<(), ProofVerifyError> {
|
|
|
) -> Result<(), ProofVerifyError> {
|
|
|
let timer = Timer::new("verify_hash_proof");
|
|
|
let timer = Timer::new("verify_hash_proof");
|
|
|
transcript.append_protocol_name(HashLayerProof::protocol_name());
|
|
|
|
|
|
|
|
|
// transcript.append_protocol_name(HashLayerProof::protocol_name());
|
|
|
|
|
|
|
|
|
let (rand_mem, rand_ops) = rand;
|
|
|
let (rand_mem, rand_ops) = rand;
|
|
|
|
|
|
|
|
|
@ -945,9 +962,9 @@ impl HashLayerProof { |
|
|
evals_ops.extend(eval_col_read_ts_vec);
|
|
|
evals_ops.extend(eval_col_read_ts_vec);
|
|
|
evals_ops.extend(eval_val_vec);
|
|
|
evals_ops.extend(eval_val_vec);
|
|
|
evals_ops.resize(evals_ops.len().next_power_of_two(), Scalar::zero());
|
|
|
evals_ops.resize(evals_ops.len().next_power_of_two(), Scalar::zero());
|
|
|
evals_ops.append_to_transcript(b"claim_evals_ops", transcript);
|
|
|
|
|
|
let challenges_ops =
|
|
|
|
|
|
transcript.challenge_vector(b"challenge_combine_n_to_one", evals_ops.len().log_2());
|
|
|
|
|
|
|
|
|
transcript.append_scalar_vector(&evals_ops);
|
|
|
|
|
|
// evals_ops.append_to_transcript(b"claim_evals_ops", transcript);
|
|
|
|
|
|
let challenges_ops = transcript.challenge_vector(evals_ops.len().log2());
|
|
|
|
|
|
|
|
|
let mut poly_evals_ops = DensePolynomial::new(evals_ops);
|
|
|
let mut poly_evals_ops = DensePolynomial::new(evals_ops);
|
|
|
for i in (0..challenges_ops.len()).rev() {
|
|
|
for i in (0..challenges_ops.len()).rev() {
|
|
|
@ -957,21 +974,24 @@ impl HashLayerProof { |
|
|
let joint_claim_eval_ops = poly_evals_ops[0];
|
|
|
let joint_claim_eval_ops = poly_evals_ops[0];
|
|
|
let mut r_joint_ops = challenges_ops;
|
|
|
let mut r_joint_ops = challenges_ops;
|
|
|
r_joint_ops.extend(rand_ops);
|
|
|
r_joint_ops.extend(rand_ops);
|
|
|
joint_claim_eval_ops.append_to_transcript(b"joint_claim_eval_ops", transcript);
|
|
|
|
|
|
self.proof_ops.verify_plain(
|
|
|
|
|
|
&gens.gens_ops,
|
|
|
|
|
|
transcript,
|
|
|
|
|
|
&r_joint_ops,
|
|
|
|
|
|
&joint_claim_eval_ops,
|
|
|
|
|
|
&comm.comm_comb_ops,
|
|
|
|
|
|
)?;
|
|
|
|
|
|
|
|
|
transcript.append_scalar(&joint_claim_eval_ops);
|
|
|
|
|
|
assert!(self
|
|
|
|
|
|
.proof_ops
|
|
|
|
|
|
.verify_plain(
|
|
|
|
|
|
&gens.gens_ops,
|
|
|
|
|
|
transcript,
|
|
|
|
|
|
&r_joint_ops,
|
|
|
|
|
|
&joint_claim_eval_ops,
|
|
|
|
|
|
&comm.comm_comb_ops
|
|
|
|
|
|
)
|
|
|
|
|
|
.is_ok());
|
|
|
|
|
|
|
|
|
// verify proof-mem using comm_comb_mem at rand_mem
|
|
|
// verify proof-mem using comm_comb_mem at rand_mem
|
|
|
// form a single decommitment using comb_comb_mem at rand_mem
|
|
|
// form a single decommitment using comb_comb_mem at rand_mem
|
|
|
let evals_mem: Vec<Scalar> = vec![*eval_row_audit_ts, *eval_col_audit_ts];
|
|
|
let evals_mem: Vec<Scalar> = vec![*eval_row_audit_ts, *eval_col_audit_ts];
|
|
|
evals_mem.append_to_transcript(b"claim_evals_mem", transcript);
|
|
|
|
|
|
let challenges_mem =
|
|
|
|
|
|
transcript.challenge_vector(b"challenge_combine_two_to_one", evals_mem.len().log_2());
|
|
|
|
|
|
|
|
|
// evals_mem.append_to_transcript(b"claim_evals_mem", transcript);
|
|
|
|
|
|
transcript.append_scalar_vector(&evals_mem);
|
|
|
|
|
|
let challenges_mem = transcript.challenge_vector(evals_mem.len().log2());
|
|
|
|
|
|
|
|
|
let mut poly_evals_mem = DensePolynomial::new(evals_mem);
|
|
|
let mut poly_evals_mem = DensePolynomial::new(evals_mem);
|
|
|
for i in (0..challenges_mem.len()).rev() {
|
|
|
for i in (0..challenges_mem.len()).rev() {
|
|
|
@ -981,7 +1001,8 @@ impl HashLayerProof { |
|
|
let joint_claim_eval_mem = poly_evals_mem[0];
|
|
|
let joint_claim_eval_mem = poly_evals_mem[0];
|
|
|
let mut r_joint_mem = challenges_mem;
|
|
|
let mut r_joint_mem = challenges_mem;
|
|
|
r_joint_mem.extend(rand_mem);
|
|
|
r_joint_mem.extend(rand_mem);
|
|
|
joint_claim_eval_mem.append_to_transcript(b"joint_claim_eval_mem", transcript);
|
|
|
|
|
|
|
|
|
// joint_claim_eval_mem.append_to_transcript(b"joint_claim_eval_mem", transcript);
|
|
|
|
|
|
transcript.append_scalar(&joint_claim_eval_mem);
|
|
|
self.proof_mem.verify_plain(
|
|
|
self.proof_mem.verify_plain(
|
|
|
&gens.gens_mem,
|
|
|
&gens.gens_mem,
|
|
|
transcript,
|
|
|
transcript,
|
|
|
@ -1042,9 +1063,9 @@ impl ProductLayerProof { |
|
|
dense: &MultiSparseMatPolynomialAsDense,
|
|
|
dense: &MultiSparseMatPolynomialAsDense,
|
|
|
derefs: &Derefs,
|
|
|
derefs: &Derefs,
|
|
|
eval: &[Scalar],
|
|
|
eval: &[Scalar],
|
|
|
transcript: &mut Transcript,
|
|
|
|
|
|
|
|
|
transcript: &mut PoseidonTranscript,
|
|
|
) -> (Self, Vec<Scalar>, Vec<Scalar>) {
|
|
|
) -> (Self, Vec<Scalar>, Vec<Scalar>) {
|
|
|
transcript.append_protocol_name(ProductLayerProof::protocol_name());
|
|
|
|
|
|
|
|
|
// transcript.append_protocol_name(ProductLayerProof::protocol_name());
|
|
|
|
|
|
|
|
|
let row_eval_init = row_prod_layer.init.evaluate();
|
|
|
let row_eval_init = row_prod_layer.init.evaluate();
|
|
|
let row_eval_audit = row_prod_layer.audit.evaluate();
|
|
|
let row_eval_audit = row_prod_layer.audit.evaluate();
|
|
|
@ -1062,10 +1083,10 @@ impl ProductLayerProof { |
|
|
let rs: Scalar = (0..row_eval_read.len()).map(|i| row_eval_read[i]).product();
|
|
|
let rs: Scalar = (0..row_eval_read.len()).map(|i| row_eval_read[i]).product();
|
|
|
assert_eq!(row_eval_init * ws, rs * row_eval_audit);
|
|
|
assert_eq!(row_eval_init * ws, rs * row_eval_audit);
|
|
|
|
|
|
|
|
|
row_eval_init.append_to_transcript(b"claim_row_eval_init", transcript);
|
|
|
|
|
|
row_eval_read.append_to_transcript(b"claim_row_eval_read", transcript);
|
|
|
|
|
|
row_eval_write.append_to_transcript(b"claim_row_eval_write", transcript);
|
|
|
|
|
|
row_eval_audit.append_to_transcript(b"claim_row_eval_audit", transcript);
|
|
|
|
|
|
|
|
|
transcript.append_scalar(&row_eval_init);
|
|
|
|
|
|
transcript.append_scalar_vector(&row_eval_read);
|
|
|
|
|
|
transcript.append_scalar_vector(&row_eval_write);
|
|
|
|
|
|
transcript.append_scalar(&row_eval_audit);
|
|
|
|
|
|
|
|
|
let col_eval_init = col_prod_layer.init.evaluate();
|
|
|
let col_eval_init = col_prod_layer.init.evaluate();
|
|
|
let col_eval_audit = col_prod_layer.audit.evaluate();
|
|
|
let col_eval_audit = col_prod_layer.audit.evaluate();
|
|
|
@ -1083,10 +1104,10 @@ impl ProductLayerProof { |
|
|
let rs: Scalar = (0..col_eval_read.len()).map(|i| col_eval_read[i]).product();
|
|
|
let rs: Scalar = (0..col_eval_read.len()).map(|i| col_eval_read[i]).product();
|
|
|
assert_eq!(col_eval_init * ws, rs * col_eval_audit);
|
|
|
assert_eq!(col_eval_init * ws, rs * col_eval_audit);
|
|
|
|
|
|
|
|
|
col_eval_init.append_to_transcript(b"claim_col_eval_init", transcript);
|
|
|
|
|
|
col_eval_read.append_to_transcript(b"claim_col_eval_read", transcript);
|
|
|
|
|
|
col_eval_write.append_to_transcript(b"claim_col_eval_write", transcript);
|
|
|
|
|
|
col_eval_audit.append_to_transcript(b"claim_col_eval_audit", transcript);
|
|
|
|
|
|
|
|
|
transcript.append_scalar(&col_eval_init);
|
|
|
|
|
|
transcript.append_scalar_vector(&col_eval_read);
|
|
|
|
|
|
transcript.append_scalar_vector(&col_eval_write);
|
|
|
|
|
|
transcript.append_scalar(&col_eval_audit);
|
|
|
|
|
|
|
|
|
// prepare dotproduct circuit for batching then with ops-related product circuits
|
|
|
// prepare dotproduct circuit for batching then with ops-related product circuits
|
|
|
assert_eq!(eval.len(), derefs.row_ops_val.len());
|
|
|
assert_eq!(eval.len(), derefs.row_ops_val.len());
|
|
|
@ -1109,8 +1130,10 @@ impl ProductLayerProof { |
|
|
let (eval_dotp_left, eval_dotp_right) =
|
|
|
let (eval_dotp_left, eval_dotp_right) =
|
|
|
(dotp_circuit_left.evaluate(), dotp_circuit_right.evaluate());
|
|
|
(dotp_circuit_left.evaluate(), dotp_circuit_right.evaluate());
|
|
|
|
|
|
|
|
|
eval_dotp_left.append_to_transcript(b"claim_eval_dotp_left", transcript);
|
|
|
|
|
|
eval_dotp_right.append_to_transcript(b"claim_eval_dotp_right", transcript);
|
|
|
|
|
|
|
|
|
// eval_dotp_left.append_to_transcript(b"claim_eval_dotp_left", transcript);
|
|
|
|
|
|
// eval_dotp_right.append_to_transcript(b"claim_eval_dotp_right", transcript);
|
|
|
|
|
|
transcript.append_scalar(&eval_dotp_left);
|
|
|
|
|
|
transcript.append_scalar(&eval_dotp_right);
|
|
|
assert_eq!(eval_dotp_left + eval_dotp_right, eval[i]);
|
|
|
assert_eq!(eval_dotp_left + eval_dotp_right, eval[i]);
|
|
|
eval_dotp_left_vec.push(eval_dotp_left);
|
|
|
eval_dotp_left_vec.push(eval_dotp_left);
|
|
|
eval_dotp_right_vec.push(eval_dotp_right);
|
|
|
eval_dotp_right_vec.push(eval_dotp_right);
|
|
|
@ -1207,7 +1230,9 @@ impl ProductLayerProof { |
|
|
};
|
|
|
};
|
|
|
|
|
|
|
|
|
let mut product_layer_proof_encoded: Vec<u8> = Vec::new();
|
|
|
let mut product_layer_proof_encoded: Vec<u8> = Vec::new();
|
|
|
product_layer_proof.serialize(&mut product_layer_proof_encoded).unwrap();
|
|
|
|
|
|
|
|
|
product_layer_proof
|
|
|
|
|
|
.serialize(&mut product_layer_proof_encoded)
|
|
|
|
|
|
.unwrap();
|
|
|
let msg = format!(
|
|
|
let msg = format!(
|
|
|
"len_product_layer_proof {:?}",
|
|
|
"len_product_layer_proof {:?}",
|
|
|
product_layer_proof_encoded.len()
|
|
|
product_layer_proof_encoded.len()
|
|
|
@ -1222,7 +1247,7 @@ impl ProductLayerProof { |
|
|
num_ops: usize,
|
|
|
num_ops: usize,
|
|
|
num_cells: usize,
|
|
|
num_cells: usize,
|
|
|
eval: &[Scalar],
|
|
|
eval: &[Scalar],
|
|
|
transcript: &mut Transcript,
|
|
|
|
|
|
|
|
|
transcript: &mut PoseidonTranscript,
|
|
|
) -> Result<
|
|
|
) -> Result<
|
|
|
(
|
|
|
(
|
|
|
Vec<Scalar>,
|
|
|
Vec<Scalar>,
|
|
|
@ -1233,7 +1258,7 @@ impl ProductLayerProof { |
|
|
),
|
|
|
),
|
|
|
ProofVerifyError,
|
|
|
ProofVerifyError,
|
|
|
> {
|
|
|
> {
|
|
|
transcript.append_protocol_name(ProductLayerProof::protocol_name());
|
|
|
|
|
|
|
|
|
// transcript.append_protocol_name(ProductLayerProof::protocol_name());
|
|
|
|
|
|
|
|
|
let timer = Timer::new("verify_prod_proof");
|
|
|
let timer = Timer::new("verify_prod_proof");
|
|
|
let num_instances = eval.len();
|
|
|
let num_instances = eval.len();
|
|
|
@ -1246,12 +1271,17 @@ impl ProductLayerProof { |
|
|
.map(|i| row_eval_write[i])
|
|
|
.map(|i| row_eval_write[i])
|
|
|
.product();
|
|
|
.product();
|
|
|
let rs: Scalar = (0..row_eval_read.len()).map(|i| row_eval_read[i]).product();
|
|
|
let rs: Scalar = (0..row_eval_read.len()).map(|i| row_eval_read[i]).product();
|
|
|
assert_eq!( ws * row_eval_init , rs * row_eval_audit);
|
|
|
|
|
|
|
|
|
assert_eq!(ws * row_eval_init, rs * row_eval_audit);
|
|
|
|
|
|
|
|
|
|
|
|
// row_eval_init.append_to_transcript(b"claim_row_eval_init", transcript);
|
|
|
|
|
|
// row_eval_read.append_to_transcript(b"claim_row_eval_read", transcript);
|
|
|
|
|
|
// row_eval_write.append_to_transcript(b"claim_row_eval_write", transcript);
|
|
|
|
|
|
// row_eval_audit.append_to_transcript(b"claim_row_eval_audit", transcript);
|
|
|
|
|
|
|
|
|
row_eval_init.append_to_transcript(b"claim_row_eval_init", transcript);
|
|
|
|
|
|
row_eval_read.append_to_transcript(b"claim_row_eval_read", transcript);
|
|
|
|
|
|
row_eval_write.append_to_transcript(b"claim_row_eval_write", transcript);
|
|
|
|
|
|
row_eval_audit.append_to_transcript(b"claim_row_eval_audit", transcript);
|
|
|
|
|
|
|
|
|
transcript.append_scalar(row_eval_init);
|
|
|
|
|
|
transcript.append_scalar_vector(row_eval_read);
|
|
|
|
|
|
transcript.append_scalar_vector(row_eval_write);
|
|
|
|
|
|
transcript.append_scalar(row_eval_audit);
|
|
|
|
|
|
|
|
|
// subset check
|
|
|
// subset check
|
|
|
let (col_eval_init, col_eval_read, col_eval_write, col_eval_audit) = &self.eval_col;
|
|
|
let (col_eval_init, col_eval_read, col_eval_write, col_eval_audit) = &self.eval_col;
|
|
|
@ -1263,10 +1293,15 @@ impl ProductLayerProof { |
|
|
let rs: Scalar = (0..col_eval_read.len()).map(|i| col_eval_read[i]).product();
|
|
|
let rs: Scalar = (0..col_eval_read.len()).map(|i| col_eval_read[i]).product();
|
|
|
assert_eq!(ws * col_eval_init, rs * col_eval_audit);
|
|
|
assert_eq!(ws * col_eval_init, rs * col_eval_audit);
|
|
|
|
|
|
|
|
|
col_eval_init.append_to_transcript(b"claim_col_eval_init", transcript);
|
|
|
|
|
|
col_eval_read.append_to_transcript(b"claim_col_eval_read", transcript);
|
|
|
|
|
|
col_eval_write.append_to_transcript(b"claim_col_eval_write", transcript);
|
|
|
|
|
|
col_eval_audit.append_to_transcript(b"claim_col_eval_audit", transcript);
|
|
|
|
|
|
|
|
|
// col_eval_init.append_to_transcript(b"claim_col_eval_init", transcript);
|
|
|
|
|
|
// col_eval_read.append_to_transcript(b"claim_col_eval_read", transcript);
|
|
|
|
|
|
// col_eval_write.append_to_transcript(b"claim_col_eval_write", transcript);
|
|
|
|
|
|
// col_eval_audit.append_to_transcript(b"claim_col_eval_audit", transcript);
|
|
|
|
|
|
|
|
|
|
|
|
transcript.append_scalar(col_eval_init);
|
|
|
|
|
|
transcript.append_scalar_vector(col_eval_read);
|
|
|
|
|
|
transcript.append_scalar_vector(col_eval_write);
|
|
|
|
|
|
transcript.append_scalar(col_eval_audit);
|
|
|
|
|
|
|
|
|
// verify the evaluation of the sparse polynomial
|
|
|
// verify the evaluation of the sparse polynomial
|
|
|
let (eval_dotp_left, eval_dotp_right) = &self.eval_val;
|
|
|
let (eval_dotp_left, eval_dotp_right) = &self.eval_val;
|
|
|
@ -1275,8 +1310,10 @@ impl ProductLayerProof { |
|
|
let mut claims_dotp_circuit: Vec<Scalar> = Vec::new();
|
|
|
let mut claims_dotp_circuit: Vec<Scalar> = Vec::new();
|
|
|
for i in 0..num_instances {
|
|
|
for i in 0..num_instances {
|
|
|
assert_eq!(eval_dotp_left[i] + eval_dotp_right[i], eval[i]);
|
|
|
assert_eq!(eval_dotp_left[i] + eval_dotp_right[i], eval[i]);
|
|
|
eval_dotp_left[i].append_to_transcript(b"claim_eval_dotp_left", transcript);
|
|
|
|
|
|
eval_dotp_right[i].append_to_transcript(b"claim_eval_dotp_right", transcript);
|
|
|
|
|
|
|
|
|
// eval_dotp_left[i].append_to_transcript(b"claim_eval_dotp_left", transcript);
|
|
|
|
|
|
// eval_dotp_right[i].append_to_transcript(b"claim_eval_dotp_right", transcript)
|
|
|
|
|
|
transcript.append_scalar(&eval_dotp_left[i]);
|
|
|
|
|
|
transcript.append_scalar(&eval_dotp_right[i]);
|
|
|
|
|
|
|
|
|
claims_dotp_circuit.push(eval_dotp_left[i]);
|
|
|
claims_dotp_circuit.push(eval_dotp_left[i]);
|
|
|
claims_dotp_circuit.push(eval_dotp_right[i]);
|
|
|
claims_dotp_circuit.push(eval_dotp_right[i]);
|
|
|
@ -1330,10 +1367,10 @@ impl PolyEvalNetworkProof { |
|
|
derefs: &Derefs,
|
|
|
derefs: &Derefs,
|
|
|
evals: &[Scalar],
|
|
|
evals: &[Scalar],
|
|
|
gens: &SparseMatPolyCommitmentGens,
|
|
|
gens: &SparseMatPolyCommitmentGens,
|
|
|
transcript: &mut Transcript,
|
|
|
|
|
|
|
|
|
transcript: &mut PoseidonTranscript,
|
|
|
random_tape: &mut RandomTape,
|
|
|
random_tape: &mut RandomTape,
|
|
|
) -> Self {
|
|
|
) -> Self {
|
|
|
transcript.append_protocol_name(PolyEvalNetworkProof::protocol_name());
|
|
|
|
|
|
|
|
|
// transcript.append_protocol_name(PolyEvalNetworkProof::protocol_name());
|
|
|
|
|
|
|
|
|
let (proof_prod_layer, rand_mem, rand_ops) = ProductLayerProof::prove(
|
|
|
let (proof_prod_layer, rand_mem, rand_ops) = ProductLayerProof::prove(
|
|
|
&mut network.row_layers.prod_layer,
|
|
|
&mut network.row_layers.prod_layer,
|
|
|
@ -1370,10 +1407,10 @@ impl PolyEvalNetworkProof { |
|
|
ry: &[Scalar],
|
|
|
ry: &[Scalar],
|
|
|
r_mem_check: &(Scalar, Scalar),
|
|
|
r_mem_check: &(Scalar, Scalar),
|
|
|
nz: usize,
|
|
|
nz: usize,
|
|
|
transcript: &mut Transcript,
|
|
|
|
|
|
|
|
|
transcript: &mut PoseidonTranscript,
|
|
|
) -> Result<(), ProofVerifyError> {
|
|
|
) -> Result<(), ProofVerifyError> {
|
|
|
let timer = Timer::new("verify_polyeval_proof");
|
|
|
let timer = Timer::new("verify_polyeval_proof");
|
|
|
transcript.append_protocol_name(PolyEvalNetworkProof::protocol_name());
|
|
|
|
|
|
|
|
|
// transcript.append_protocol_name(PolyEvalNetworkProof::protocol_name());
|
|
|
|
|
|
|
|
|
let num_instances = evals.len();
|
|
|
let num_instances = evals.len();
|
|
|
let (r_hash, r_multiset_check) = r_mem_check;
|
|
|
let (r_hash, r_multiset_check) = r_mem_check;
|
|
|
@ -1459,10 +1496,10 @@ impl SparseMatPolyEvalProof { |
|
|
ry: &[Scalar],
|
|
|
ry: &[Scalar],
|
|
|
evals: &[Scalar], // a vector evaluation of \widetilde{M}(r = (rx,ry)) for each M
|
|
|
evals: &[Scalar], // a vector evaluation of \widetilde{M}(r = (rx,ry)) for each M
|
|
|
gens: &SparseMatPolyCommitmentGens,
|
|
|
gens: &SparseMatPolyCommitmentGens,
|
|
|
transcript: &mut Transcript,
|
|
|
|
|
|
|
|
|
transcript: &mut PoseidonTranscript,
|
|
|
random_tape: &mut RandomTape,
|
|
|
random_tape: &mut RandomTape,
|
|
|
) -> SparseMatPolyEvalProof {
|
|
|
) -> SparseMatPolyEvalProof {
|
|
|
transcript.append_protocol_name(SparseMatPolyEvalProof::protocol_name());
|
|
|
|
|
|
|
|
|
// transcript.append_protocol_name(SparseMatPolyEvalProof::protocol_name());
|
|
|
|
|
|
|
|
|
// ensure there is one eval for each polynomial in dense
|
|
|
// ensure there is one eval for each polynomial in dense
|
|
|
assert_eq!(evals.len(), dense.batch_size);
|
|
|
assert_eq!(evals.len(), dense.batch_size);
|
|
|
@ -1481,14 +1518,14 @@ impl SparseMatPolyEvalProof { |
|
|
let timer_commit = Timer::new("commit_nondet_witness");
|
|
|
let timer_commit = Timer::new("commit_nondet_witness");
|
|
|
let comm_derefs = {
|
|
|
let comm_derefs = {
|
|
|
let comm = derefs.commit(&gens.gens_derefs);
|
|
|
let comm = derefs.commit(&gens.gens_derefs);
|
|
|
comm.append_to_transcript(b"comm_poly_row_col_ops_val", transcript);
|
|
|
|
|
|
|
|
|
comm.append_to_poseidon(transcript);
|
|
|
comm
|
|
|
comm
|
|
|
};
|
|
|
};
|
|
|
timer_commit.stop();
|
|
|
timer_commit.stop();
|
|
|
|
|
|
|
|
|
let poly_eval_network_proof = {
|
|
|
let poly_eval_network_proof = {
|
|
|
// produce a random element from the transcript for hash function
|
|
|
// produce a random element from the transcript for hash function
|
|
|
let r_mem_check = transcript.challenge_vector(b"challenge_r_hash", 2);
|
|
|
|
|
|
|
|
|
let r_mem_check = transcript.challenge_vector(2);
|
|
|
|
|
|
|
|
|
// build a network to evaluate the sparse polynomial
|
|
|
// build a network to evaluate the sparse polynomial
|
|
|
let timer_build_network = Timer::new("build_layered_network");
|
|
|
let timer_build_network = Timer::new("build_layered_network");
|
|
|
@ -1529,9 +1566,9 @@ impl SparseMatPolyEvalProof { |
|
|
ry: &[Scalar],
|
|
|
ry: &[Scalar],
|
|
|
evals: &[Scalar], // evaluation of \widetilde{M}(r = (rx,ry))
|
|
|
evals: &[Scalar], // evaluation of \widetilde{M}(r = (rx,ry))
|
|
|
gens: &SparseMatPolyCommitmentGens,
|
|
|
gens: &SparseMatPolyCommitmentGens,
|
|
|
transcript: &mut Transcript,
|
|
|
|
|
|
|
|
|
transcript: &mut PoseidonTranscript,
|
|
|
) -> Result<(), ProofVerifyError> {
|
|
|
) -> Result<(), ProofVerifyError> {
|
|
|
transcript.append_protocol_name(SparseMatPolyEvalProof::protocol_name());
|
|
|
|
|
|
|
|
|
// transcript.append_protocol_name(SparseMatPolyEvalProof::protocol_name());
|
|
|
|
|
|
|
|
|
// equalize the lengths of rx and ry
|
|
|
// equalize the lengths of rx and ry
|
|
|
let (rx_ext, ry_ext) = SparseMatPolyEvalProof::equalize(rx, ry);
|
|
|
let (rx_ext, ry_ext) = SparseMatPolyEvalProof::equalize(rx, ry);
|
|
|
@ -1540,12 +1577,10 @@ impl SparseMatPolyEvalProof { |
|
|
assert_eq!(rx_ext.len().pow2(), num_mem_cells);
|
|
|
assert_eq!(rx_ext.len().pow2(), num_mem_cells);
|
|
|
|
|
|
|
|
|
// add claims to transcript and obtain challenges for randomized mem-check circuit
|
|
|
// add claims to transcript and obtain challenges for randomized mem-check circuit
|
|
|
self
|
|
|
|
|
|
.comm_derefs
|
|
|
|
|
|
.append_to_transcript(b"comm_poly_row_col_ops_val", transcript);
|
|
|
|
|
|
|
|
|
self.comm_derefs.append_to_poseidon(transcript);
|
|
|
|
|
|
|
|
|
// produce a random element from the transcript for hash function
|
|
|
// produce a random element from the transcript for hash function
|
|
|
let r_mem_check = transcript.challenge_vector(b"challenge_r_hash", 2);
|
|
|
|
|
|
|
|
|
let r_mem_check = transcript.challenge_vector(2);
|
|
|
|
|
|
|
|
|
self.poly_eval_network_proof.verify(
|
|
|
self.poly_eval_network_proof.verify(
|
|
|
comm,
|
|
|
comm,
|
|
|
@ -1610,13 +1645,15 @@ impl SparsePolynomial { |
|
|
|
|
|
|
|
|
#[cfg(test)]
|
|
|
#[cfg(test)]
|
|
|
mod tests {
|
|
|
mod tests {
|
|
|
|
|
|
use crate::{commitments::MultiCommitGens, parameters::poseidon_params};
|
|
|
|
|
|
|
|
|
use super::*;
|
|
|
use super::*;
|
|
|
use ark_std::{UniformRand};
|
|
|
|
|
|
use rand::RngCore;
|
|
|
|
|
|
|
|
|
use ark_std::UniformRand;
|
|
|
|
|
|
use rand::RngCore;
|
|
|
|
|
|
|
|
|
#[test]
|
|
|
#[test]
|
|
|
fn check_sparse_polyeval_proof() {
|
|
|
fn check_sparse_polyeval_proof() {
|
|
|
let mut rng = ark_std::rand::thread_rng();
|
|
|
|
|
|
|
|
|
let mut rng = ark_std::rand::thread_rng();
|
|
|
|
|
|
|
|
|
let num_nz_entries: usize = 256;
|
|
|
let num_nz_entries: usize = 256;
|
|
|
let num_rows: usize = 256;
|
|
|
let num_rows: usize = 256;
|
|
|
@ -1628,7 +1665,7 @@ use rand::RngCore; |
|
|
|
|
|
|
|
|
for _i in 0..num_nz_entries {
|
|
|
for _i in 0..num_nz_entries {
|
|
|
M.push(SparseMatEntry::new(
|
|
|
M.push(SparseMatEntry::new(
|
|
|
(rng.next_u64()% (num_rows as u64)) as usize,
|
|
|
|
|
|
|
|
|
(rng.next_u64() % (num_rows as u64)) as usize,
|
|
|
(rng.next_u64() % (num_cols as u64)) as usize,
|
|
|
(rng.next_u64() % (num_cols as u64)) as usize,
|
|
|
Scalar::rand(&mut rng),
|
|
|
Scalar::rand(&mut rng),
|
|
|
));
|
|
|
));
|
|
|
@ -1656,8 +1693,9 @@ use rand::RngCore; |
|
|
let eval = SparseMatPolynomial::multi_evaluate(&[&poly_M], &rx, &ry);
|
|
|
let eval = SparseMatPolynomial::multi_evaluate(&[&poly_M], &rx, &ry);
|
|
|
let evals = vec![eval[0], eval[0], eval[0]];
|
|
|
let evals = vec![eval[0], eval[0], eval[0]];
|
|
|
|
|
|
|
|
|
|
|
|
let params = poseidon_params();
|
|
|
let mut random_tape = RandomTape::new(b"proof");
|
|
|
let mut random_tape = RandomTape::new(b"proof");
|
|
|
let mut prover_transcript = Transcript::new(b"example");
|
|
|
|
|
|
|
|
|
let mut prover_transcript = PoseidonTranscript::new(¶ms);
|
|
|
let proof = SparseMatPolyEvalProof::prove(
|
|
|
let proof = SparseMatPolyEvalProof::prove(
|
|
|
&dense,
|
|
|
&dense,
|
|
|
&rx,
|
|
|
&rx,
|
|
|
@ -1668,7 +1706,8 @@ use rand::RngCore; |
|
|
&mut random_tape,
|
|
|
&mut random_tape,
|
|
|
);
|
|
|
);
|
|
|
|
|
|
|
|
|
let mut verifier_transcript = Transcript::new(b"example");
|
|
|
|
|
|
|
|
|
let mut verifier_transcript = PoseidonTranscript::new(¶ms);
|
|
|
|
|
|
(b"example");
|
|
|
assert!(proof
|
|
|
assert!(proof
|
|
|
.verify(
|
|
|
.verify(
|
|
|
&poly_comm,
|
|
|
&poly_comm,
|
|
|
|
Mara Mihali
2 years ago