From 9128f5ef55cc1a469eed42f199e2b742bf171ddf Mon Sep 17 00:00:00 2001 From: kilic Date: Mon, 25 Sep 2023 13:28:42 +0300 Subject: [PATCH 1/2] remove `G_0_prime` from proof` merge small msm into larger one --- plonkish_backend/src/pcs/multilinear/ipa.rs | 21 ++++++++------------- 1 file changed, 8 insertions(+), 13 deletions(-) diff --git a/plonkish_backend/src/pcs/multilinear/ipa.rs b/plonkish_backend/src/pcs/multilinear/ipa.rs index bda66786..5bcb08c6 100644 --- a/plonkish_backend/src/pcs/multilinear/ipa.rs +++ b/plonkish_backend/src/pcs/multilinear/ipa.rs @@ -235,7 +235,6 @@ where zs.truncate(mid); } - transcript.write_commitment(&bases[0])?; transcript.write_field_element(&coeffs[0])?; Ok(()) @@ -289,25 +288,21 @@ where .collect::, _>>()? .into_iter() .multiunzip::<(Vec<_>, Vec<_>, Vec<_>)>(); - let g_k = transcript.read_commitment()?; - let c = transcript.read_field_element()?; + let neg_c = -transcript.read_field_element()?; let xi_invs = { let mut xi_invs = xis.clone(); xi_invs.iter_mut().batch_invert(); xi_invs }; - let eval_prime = xi_0 * eval; - let c_k = variable_base_msm( - chain![&xi_invs, &xis, Some(&eval_prime)], - chain![&ls, &rs, Some(vp.h())], - ) + comm.0; let h = MultilinearPolynomial::new(h_coeffs(&xis)); - - (c_k == variable_base_msm(&[c, c * h.evaluate(point) * xi_0], [&g_k, vp.h()]) - && g_k == variable_base_msm(h.evals(), vp.g()).to_affine()) - .then_some(()) - .ok_or_else(|| Error::InvalidPcsOpen("Invalid multilinear IPA open".to_string())) + let hc = h.evals().iter().map(|h| *h * neg_c).collect_vec(); + let u = &(xi_0 * (neg_c * h.evaluate(point) + eval)); + let scalars = chain![&xi_invs, &xis, &hc, Some(u)]; + let bases = chain![&ls, &rs, vp.g(), Some(vp.h())]; + bool::from((variable_base_msm(scalars, bases) + comm.0).is_identity()) + .then_some(()) + .ok_or_else(|| Error::InvalidPcsOpen("Invalid multilinear IPA open".to_string())) } fn batch_verify<'a>( From c862fad2bacd8d057b0b9c4c9e88c359936e223f Mon Sep 17 00:00:00 2001 From: kilic Date: Wed, 27 Sep 2023 05:24:51 +0300 Subject: [PATCH 2/2] commit suggestion: compute scaled h poly --- plonkish_backend/src/pcs/multilinear/ipa.rs | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/plonkish_backend/src/pcs/multilinear/ipa.rs b/plonkish_backend/src/pcs/multilinear/ipa.rs index 5bcb08c6..e59dc6a8 100644 --- a/plonkish_backend/src/pcs/multilinear/ipa.rs +++ b/plonkish_backend/src/pcs/multilinear/ipa.rs @@ -295,10 +295,9 @@ where xi_invs.iter_mut().batch_invert(); xi_invs }; - let h = MultilinearPolynomial::new(h_coeffs(&xis)); - let hc = h.evals().iter().map(|h| *h * neg_c).collect_vec(); - let u = &(xi_0 * (neg_c * h.evaluate(point) + eval)); - let scalars = chain![&xi_invs, &xis, &hc, Some(u)]; + let neg_c_h = MultilinearPolynomial::new(h_coeffs(neg_c, &xis)); + let u = &(xi_0 * (neg_c_h.evaluate(point) + eval)); + let scalars = chain![&xi_invs, &xis, neg_c_h.evals(), Some(u)]; let bases = chain![&ls, &rs, vp.g(), Some(vp.h())]; bool::from((variable_base_msm(scalars, bases) + comm.0).is_identity()) .then_some(()) @@ -317,11 +316,11 @@ where } } -fn h_coeffs(xi: &[F]) -> Vec { +fn h_coeffs(scalar: F, xi: &[F]) -> Vec { assert!(!xi.is_empty()); let mut coeffs = vec![F::ZERO; 1 << xi.len()]; - coeffs[0] = F::ONE; + coeffs[0] = scalar; for (len, xi) in xi.iter().rev().enumerate().map(|(i, xi)| (1 << i, xi)) { let (left, right) = coeffs.split_at_mut(len);