Clarify z_right handling in tests

ipa-core/src/protocol/context/dzkp_field.rs

@@ -421,9 +421,9 @@ pub mod tests {
 
     impl MultiplicationInputsBlock {
         /// Rotate the "right" values into the "left" values, setting the right values
-        /// to zero. _z_ is not modified. If the input represents a prover's block of
-        /// intermediates, the output represents the intermediates that the verifier on
-        /// the right shares with that prover.
+        /// to zero. If the input represents a prover's block of intermediates, the
+        /// output represents the intermediates that the verifier on the prover's right
+        /// shares with it.
         #[must_use]
         pub fn rotate_left(&self) -> Self {
             Self {
@@ -433,42 +433,44 @@ pub mod tests {
                 x_right: [0u8; 32].into(),
                 y_right: [0u8; 32].into(),
                 prss_right: [0u8; 32].into(),
-                z_right: self.z_right,
+                z_right: [0u8; 32].into(),
             }
         }
 
         /// Rotate the "left" values into the "right" values, setting the left values to
-        /// zero. _z_ is not modified. If the input represents a prover's block of
-        /// intermediates, the output represents the intermediates that the verifier on
-        /// the left shares with that prover.
+        /// zero. `z_right` is calculated to be consistent with the other values. If the
+        /// input represents a prover's block of intermediates, the output represents
+        /// the intermediates that the verifier on the prover's left shares with it.
         #[must_use]
         pub fn rotate_right(&self) -> Self {
+            let z_right = (self.x_left & self.y_left)
+                ^ (self.x_left & self.y_right)
+                ^ (self.x_right & self.y_left)
+                ^ self.prss_left
+                ^ self.prss_right;
+
             Self {
                 x_right: self.x_left,
                 y_right: self.y_left,
                 prss_right: self.prss_left,
                 x_left: [0u8; 32].into(),
                 y_left: [0u8; 32].into(),
                 prss_left: [0u8; 32].into(),
-                z_right: self.z_right,
+                z_right,
             }
         }
     }
 
     #[test]
     fn batch_convert() {
         run_random(|mut rng| async move {
-            // This generates all the intermediates except _z_ randomly, and calculates
-            // _z_ from the others.
             let block = rng.gen::<MultiplicationInputsBlock>();
 
-            // check consistency of the polynomials
+            // When verifying, we rotate the intermediates to match what each prover
+            // would have. `rotate_right` also calculates z_right from the others.
             assert_convert(
                 block.table_indices_prover(),
-                // flip inputs right to left since it is checked against itself and not party on the left
-                // z_right is set to match z_left
                 block.rotate_right().table_indices_from_right_prover(),
-                // flip inputs right to left since it is checked against itself and not party on the left
                 block.rotate_left().table_indices_from_left_prover(),
             );
         });

ipa-core/src/protocol/context/dzkp_validator.rs

@@ -169,25 +169,16 @@ impl MultiplicationInputsBlock {
 #[cfg(any(test, feature = "enable-benches"))]
 impl rand::prelude::Distribution<MultiplicationInputsBlock> for rand::distributions::Standard {
     fn sample<R: rand::Rng + ?Sized>(&self, rng: &mut R) -> MultiplicationInputsBlock {
-        // Generate a random valid block of muliplication intermediates. "Valid" means
-        // that the _z_ intermediate is computed from the other intermediates as an
-        // honest helper would.
         let sample = <Self as rand::prelude::Distribution<[u8; 32]>>::sample;
-        let mut block = MultiplicationInputsBlock {
+        MultiplicationInputsBlock {
             x_left: sample(self, rng).into(),
             x_right: sample(self, rng).into(),
             y_left: sample(self, rng).into(),
             y_right: sample(self, rng).into(),
             prss_left: sample(self, rng).into(),
             prss_right: sample(self, rng).into(),
-            z_right: [0u8; 32].into(),
-        };
-        block.z_right = (block.x_left & block.y_left)
-            ^ (block.x_left & block.y_right)
-            ^ (block.x_right & block.y_left)
-            ^ block.prss_left
-            ^ block.prss_right;
-        block
+            z_right: sample(self, rng).into(),
+        }
     }
 }
 

ipa-core/src/protocol/ipa_prf/malicious_security/prover.rs

@@ -815,8 +815,6 @@ mod test {
             const FPL: usize = FirstProofGenerator::PROOF_LENGTH;
             const FLL: usize = FirstProofGenerator::LAGRANGE_LENGTH;
 
-            // This generates all the intermediates except _z_ randomly, and calculates
-            // _z_ from the others.
             let block = rng.gen::<MultiplicationInputsBlock>();
 
             // Test equivalence for extrapolate_y_values

ipa-core/src/protocol/ipa_prf/malicious_security/verifier.rs

@@ -562,8 +562,6 @@ mod test {
     #[test]
     fn verifier_table_indices_equivalence() {
         run_random(|mut rng| async move {
-            // This generates all the intermediates except _z_ randomly, and calculates
-            // _z_ from the others.
             let block = rng.gen::<MultiplicationInputsBlock>();
 
             let denominator = CanonicalLagrangeDenominator::new();