@@ -184,17 +184,10 @@ func frToInt(x *frBls12377.Element) *big.Int {
184184 return & res
185185}
186186
187- func (p * GkrPermutations ) finalize (api frontend.API ) error {
188- if p .api != api {
189- panic ("unexpected API" )
190- }
191-
192- // register MiMC to be used as a random oracle in the GKR proof
193- stdHash .Register ("mimc" , func (api frontend.API ) (stdHash.FieldHasher , error ) {
194- m , err := mimc .NewMiMC (api )
195- return & m , err
196- })
197-
187+ // defineCircuit defines the GKR circuit for the Poseidon2 permutation over BLS12-377
188+ // insLeft and insRight are the inputs to the permutation
189+ // they must be padded to a power of 2
190+ func defineCircuit (insLeft , insRight []frontend.Variable ) (* gkr.API , constraint.GkrVariable , error ) {
198191 // variable indexes
199192 const (
200193 xI = iota
@@ -209,26 +202,15 @@ func (p *GkrPermutations) finalize(api frontend.API) error {
209202 rP := poseidon2Bls12377 .GetDefaultParameters ().NbPartialRounds
210203 halfRf := rF / 2
211204
212- // pad instances into a power of 2
213- // TODO @Tabaie the GKR API to do this automatically?
214- ins1Padded := make ([]frontend.Variable , ecc .NextPowerOfTwo (uint64 (len (p .ins1 ))))
215- ins2Padded := make ([]frontend.Variable , len (ins1Padded ))
216- copy (ins1Padded , p .ins1 )
217- copy (ins2Padded , p .ins2 )
218- for i := len (p .ins1 ); i < len (ins1Padded ); i ++ {
219- ins1Padded [i ] = 0
220- ins2Padded [i ] = 0
221- }
222-
223205 gkrApi := gkr .NewApi ()
224206
225- x , err := gkrApi .Import (ins1Padded )
207+ x , err := gkrApi .Import (insLeft )
226208 if err != nil {
227- return err
209+ return nil , - 1 , err
228210 }
229- y , err := gkrApi .Import (ins2Padded )
211+ y , err := gkrApi .Import (insRight )
230212 if err != nil {
231- return err
213+ return nil , - 1 , err
232214 }
233215
234216 // unique names for linear rounds
@@ -325,6 +307,36 @@ func (p *GkrPermutations) finalize(api frontend.API) error {
325307 gkr .Gates [gate ] = extGate {}
326308 y = gkrApi .NamedGate (gate , y , x )
327309
310+ return gkrApi , y , nil
311+ }
312+
313+ func (p * GkrPermutations ) finalize (api frontend.API ) error {
314+ if p .api != api {
315+ panic ("unexpected API" )
316+ }
317+
318+ // register MiMC to be used as a random oracle in the GKR proof
319+ stdHash .Register ("mimc" , func (api frontend.API ) (stdHash.FieldHasher , error ) {
320+ m , err := mimc .NewMiMC (api )
321+ return & m , err
322+ })
323+
324+ // pad instances into a power of 2
325+ // TODO @Tabaie the GKR API to do this automatically?
326+ ins1Padded := make ([]frontend.Variable , ecc .NextPowerOfTwo (uint64 (len (p .ins1 ))))
327+ ins2Padded := make ([]frontend.Variable , len (ins1Padded ))
328+ copy (ins1Padded , p .ins1 )
329+ copy (ins2Padded , p .ins2 )
330+ for i := len (p .ins1 ); i < len (ins1Padded ); i ++ {
331+ ins1Padded [i ] = 0
332+ ins2Padded [i ] = 0
333+ }
334+
335+ gkrApi , y , err := defineCircuit (ins1Padded , ins2Padded )
336+ if err != nil {
337+ return err
338+ }
339+
328340 // connect to output
329341 // TODO can we save 1 constraint per instance by giving the desired outputs to the gkr api?
330342 solution , err := gkrApi .Solve (api )
0 commit comments