From 6a8895fa9abadf3067aa84975aa5cc63c1f448d8 Mon Sep 17 00:00:00 2001 From: Andy Leiserson Date: Wed, 20 Nov 2024 15:07:53 -0800 Subject: [PATCH] Clarify `z_right` handling in tests --- ipa-core/src/protocol/context/dzkp_field.rs | 30 ++++++++++--------- .../src/protocol/context/dzkp_validator.rs | 15 ++-------- .../ipa_prf/malicious_security/prover.rs | 2 -- .../ipa_prf/malicious_security/verifier.rs | 2 -- 4 files changed, 19 insertions(+), 30 deletions(-) diff --git a/ipa-core/src/protocol/context/dzkp_field.rs b/ipa-core/src/protocol/context/dzkp_field.rs index 34d707373..a864a0c82 100644 --- a/ipa-core/src/protocol/context/dzkp_field.rs +++ b/ipa-core/src/protocol/context/dzkp_field.rs @@ -421,9 +421,9 @@ pub mod tests { impl MultiplicationInputsBlock { /// Rotate the "right" values into the "left" values, setting the right values - /// to zero. _z_ is not modified. If the input represents a prover's block of - /// intermediates, the output represents the intermediates that the verifier on - /// the right shares with that prover. + /// to zero. If the input represents a prover's block of intermediates, the + /// output represents the intermediates that the verifier on the prover's right + /// shares with it. #[must_use] pub fn rotate_left(&self) -> Self { Self { @@ -433,16 +433,22 @@ pub mod tests { x_right: [0u8; 32].into(), y_right: [0u8; 32].into(), prss_right: [0u8; 32].into(), - z_right: self.z_right, + z_right: [0u8; 32].into(), } } /// Rotate the "left" values into the "right" values, setting the left values to - /// zero. _z_ is not modified. If the input represents a prover's block of - /// intermediates, the output represents the intermediates that the verifier on - /// the left shares with that prover. + /// zero. `z_right` is calculated to be consistent with the other values. If the + /// input represents a prover's block of intermediates, the output represents + /// the intermediates that the verifier on the prover's left shares with it. #[must_use] pub fn rotate_right(&self) -> Self { + let z_right = (self.x_left & self.y_left) + ^ (self.x_left & self.y_right) + ^ (self.x_right & self.y_left) + ^ self.prss_left + ^ self.prss_right; + Self { x_right: self.x_left, y_right: self.y_left, @@ -450,7 +456,7 @@ pub mod tests { x_left: [0u8; 32].into(), y_left: [0u8; 32].into(), prss_left: [0u8; 32].into(), - z_right: self.z_right, + z_right, } } } @@ -458,17 +464,13 @@ pub mod tests { #[test] fn batch_convert() { run_random(|mut rng| async move { - // This generates all the intermediates except _z_ randomly, and calculates - // _z_ from the others. let block = rng.gen::(); - // check consistency of the polynomials + // When verifying, we rotate the intermediates to match what each prover + // would have. `rotate_right` also calculates z_right from the others. assert_convert( block.table_indices_prover(), - // flip inputs right to left since it is checked against itself and not party on the left - // z_right is set to match z_left block.rotate_right().table_indices_from_right_prover(), - // flip inputs right to left since it is checked against itself and not party on the left block.rotate_left().table_indices_from_left_prover(), ); }); diff --git a/ipa-core/src/protocol/context/dzkp_validator.rs b/ipa-core/src/protocol/context/dzkp_validator.rs index 1cfc09784..bb0fea1ab 100644 --- a/ipa-core/src/protocol/context/dzkp_validator.rs +++ b/ipa-core/src/protocol/context/dzkp_validator.rs @@ -169,25 +169,16 @@ impl MultiplicationInputsBlock { #[cfg(any(test, feature = "enable-benches"))] impl rand::prelude::Distribution for rand::distributions::Standard { fn sample(&self, rng: &mut R) -> MultiplicationInputsBlock { - // Generate a random valid block of muliplication intermediates. "Valid" means - // that the _z_ intermediate is computed from the other intermediates as an - // honest helper would. let sample = >::sample; - let mut block = MultiplicationInputsBlock { + MultiplicationInputsBlock { x_left: sample(self, rng).into(), x_right: sample(self, rng).into(), y_left: sample(self, rng).into(), y_right: sample(self, rng).into(), prss_left: sample(self, rng).into(), prss_right: sample(self, rng).into(), - z_right: [0u8; 32].into(), - }; - block.z_right = (block.x_left & block.y_left) - ^ (block.x_left & block.y_right) - ^ (block.x_right & block.y_left) - ^ block.prss_left - ^ block.prss_right; - block + z_right: sample(self, rng).into(), + } } } diff --git a/ipa-core/src/protocol/ipa_prf/malicious_security/prover.rs b/ipa-core/src/protocol/ipa_prf/malicious_security/prover.rs index f3e8db322..a310d4956 100644 --- a/ipa-core/src/protocol/ipa_prf/malicious_security/prover.rs +++ b/ipa-core/src/protocol/ipa_prf/malicious_security/prover.rs @@ -815,8 +815,6 @@ mod test { const FPL: usize = FirstProofGenerator::PROOF_LENGTH; const FLL: usize = FirstProofGenerator::LAGRANGE_LENGTH; - // This generates all the intermediates except _z_ randomly, and calculates - // _z_ from the others. let block = rng.gen::(); // Test equivalence for extrapolate_y_values diff --git a/ipa-core/src/protocol/ipa_prf/malicious_security/verifier.rs b/ipa-core/src/protocol/ipa_prf/malicious_security/verifier.rs index e5f2fb8ba..35e4fd3e5 100644 --- a/ipa-core/src/protocol/ipa_prf/malicious_security/verifier.rs +++ b/ipa-core/src/protocol/ipa_prf/malicious_security/verifier.rs @@ -562,8 +562,6 @@ mod test { #[test] fn verifier_table_indices_equivalence() { run_random(|mut rng| async move { - // This generates all the intermediates except _z_ randomly, and calculates - // _z_ from the others. let block = rng.gen::(); let denominator = CanonicalLagrangeDenominator::new();