From e30e6753e1c810368a71ec56a6f216178cfbe10a Mon Sep 17 00:00:00 2001 From: Alex Xiong Date: Mon, 5 Aug 2024 22:40:35 +0800 Subject: [PATCH] feat: append G2 point from SRS to transcript (#647) * append G2 point from SRS to transcript * use powers_of_h[1] instead of beta_h --- plonk/src/transcript/mod.rs | 8 ++++++++ plonk/src/transcript/solidity.rs | 15 +++++++++++++++ 2 files changed, 23 insertions(+) diff --git a/plonk/src/transcript/mod.rs b/plonk/src/transcript/mod.rs index ab455fe27..b58333e4c 100644 --- a/plonk/src/transcript/mod.rs +++ b/plonk/src/transcript/mod.rs @@ -67,6 +67,14 @@ pub trait PlonkTranscript { vk.num_inputs.to_le_bytes().as_ref(), )?; + // include [x]_2 G2 point from SRS + // all G1 points from SRS are implicit reflected in committed polys + >::append_message( + self, + b"SRS G2 element", + &to_bytes!(&vk.open_key.powers_of_h[1])?, + )?; + for ki in vk.k.iter() { >::append_message( self, diff --git a/plonk/src/transcript/solidity.rs b/plonk/src/transcript/solidity.rs index 7458ef116..a658c55b3 100644 --- a/plonk/src/transcript/solidity.rs +++ b/plonk/src/transcript/solidity.rs @@ -18,6 +18,7 @@ use ark_ec::{ use ark_ff::{BigInteger, PrimeField}; use ark_std::vec::Vec; use jf_pcs::prelude::Commitment; +use jf_utils::to_bytes; use sha3::{Digest, Keccak256}; /// Transcript with `keccak256` hash function. @@ -117,6 +118,20 @@ impl PlonkTranscript for SolidityTranscript { vk.num_inputs.to_be_bytes().as_ref(), )?; + // include [x]_2 G2 point from SRS + // all G1 points from SRS are implicit reflected in committed polys + // + // Since this is a fixed value, we don't need solidity-efficient serialization, + // we simply append the `to_bytes!()` which uses compressed, little-endian form + // instead of other proof-dependent field like number of public inputs or + // concrete polynomial commitments which uses uncompressed, big-endian + // form. + >::append_message( + self, + b"SRS G2 element", + &to_bytes!(&vk.open_key.powers_of_h[1])?, + )?; + for ki in vk.k.iter() { >::append_message( self,