From c3cfd3a5cedd1645175966ee97ee990c6f5c831d Mon Sep 17 00:00:00 2001 From: weikeng Date: Tue, 27 Oct 2020 20:06:13 -0700 Subject: [PATCH] use individual opening challenges by default --- src/data_structures.rs | 3 - src/ipa_pc/mod.rs | 57 +++--- src/lib.rs | 444 ++++++++++++++++++++--------------------- src/marlin_pc/mod.rs | 174 +--------------- src/sonic_pc/mod.rs | 57 +++--- 5 files changed, 291 insertions(+), 444 deletions(-) diff --git a/src/data_structures.rs b/src/data_structures.rs index ca57c63f..5ced1a23 100644 --- a/src/data_structures.rs +++ b/src/data_structures.rs @@ -29,9 +29,6 @@ pub trait PCCommitterKey: Clone + core::fmt::Debug { /// Defines the minimal interface of verifier keys for any polynomial /// commitment scheme. pub trait PCVerifierKey: Clone + core::fmt::Debug { - /// The prepared version of the key - type PreparedKey; - /// Outputs the maximum degree supported by the universal parameters /// `Self` was derived from. fn max_degree(&self) -> usize; diff --git a/src/ipa_pc/mod.rs b/src/ipa_pc/mod.rs index 9eff61c5..36c1285d 100644 --- a/src/ipa_pc/mod.rs +++ b/src/ipa_pc/mod.rs @@ -88,7 +88,7 @@ impl InnerProductArgPC { point: G::ScalarField, values: impl IntoIterator, proof: &Proof, - opening_challenge: G::ScalarField, + opening_challenges: &dyn Fn(u64) -> G::ScalarField, ) -> Option> { let check_time = start_timer!(|| "Succinct checking"); @@ -100,7 +100,10 @@ impl InnerProductArgPC { let mut combined_commitment_proj = G::Projective::zero(); let mut combined_v = G::ScalarField::zero(); - let mut cur_challenge = opening_challenge; + let mut opening_challenge_counter = 0; + let mut cur_challenge = opening_challenges(opening_challenge_counter); + opening_challenge_counter += 1; + let labeled_commitments = commitments.into_iter(); let values = values.into_iter(); @@ -108,7 +111,8 @@ impl InnerProductArgPC { let commitment = labeled_commitment.commitment(); combined_v += &(cur_challenge * &value); combined_commitment_proj += &labeled_commitment.commitment().comm.mul(cur_challenge); - cur_challenge *= &opening_challenge; + cur_challenge = opening_challenges(opening_challenge_counter); + opening_challenge_counter += 1; let degree_bound = labeled_commitment.degree_bound(); assert_eq!(degree_bound.is_some(), commitment.shifted_comm.is_some()); @@ -119,7 +123,8 @@ impl InnerProductArgPC { combined_commitment_proj += &commitment.shifted_comm.unwrap().mul(cur_challenge); } - cur_challenge *= &opening_challenge; + cur_challenge = opening_challenges(opening_challenge_counter); + opening_challenge_counter += 1; } let mut combined_commitment = combined_commitment_proj.into_affine(); @@ -441,12 +446,12 @@ impl PolynomialCommitment for InnerPr Ok((comms, rands)) } - fn open<'a>( + fn open_individual_opening_challenges<'a>( ck: &Self::CommitterKey, labeled_polynomials: impl IntoIterator>, commitments: impl IntoIterator>, point: G::ScalarField, - opening_challenge: G::ScalarField, + opening_challenges: &dyn Fn(u64) -> G::ScalarField, rands: impl IntoIterator, rng: Option<&mut dyn RngCore>, ) -> Result @@ -465,7 +470,11 @@ impl PolynomialCommitment for InnerPr let comms_iter = commitments.into_iter(); let combine_time = start_timer!(|| "Combining polynomials, randomness, and commitments."); - let mut cur_challenge = opening_challenge; + + let mut opening_challenge_counter = 0; + let mut cur_challenge = opening_challenges(opening_challenge_counter); + opening_challenge_counter += 1; + for (labeled_polynomial, (labeled_commitment, randomness)) in polys_iter.zip(comms_iter.zip(rands_iter)) { @@ -486,7 +495,8 @@ impl PolynomialCommitment for InnerPr combined_rand += &(cur_challenge * &randomness.rand); } - cur_challenge *= &opening_challenge; + cur_challenge = opening_challenges(opening_challenge_counter); + opening_challenge_counter += 1; let has_degree_bound = degree_bound.is_some(); @@ -519,7 +529,8 @@ impl PolynomialCommitment for InnerPr } } - cur_challenge *= &opening_challenge; + cur_challenge = opening_challenges(opening_challenge_counter); + opening_challenge_counter += 1; } end_timer!(combine_time); @@ -679,13 +690,13 @@ impl PolynomialCommitment for InnerPr }) } - fn check<'a>( + fn check_individual_opening_challenges<'a>( vk: &Self::VerifierKey, commitments: impl IntoIterator>, point: G::ScalarField, values: impl IntoIterator, proof: &Self::Proof, - opening_challenge: G::ScalarField, + opening_challenges: &dyn Fn(u64) -> G::ScalarField, _rng: Option<&mut dyn RngCore>, ) -> Result where @@ -709,7 +720,7 @@ impl PolynomialCommitment for InnerPr } let check_poly = - Self::succinct_check(vk, commitments, point, values, proof, opening_challenge); + Self::succinct_check(vk, commitments, point, values, proof, opening_challenges); if check_poly.is_none() { return Ok(false); @@ -730,13 +741,13 @@ impl PolynomialCommitment for InnerPr Ok(true) } - fn batch_check<'a, R: RngCore>( + fn batch_check_individual_opening_challenges<'a, R: RngCore>( vk: &Self::VerifierKey, commitments: impl IntoIterator>, query_set: &QuerySet, values: &Evaluations, proof: &Self::BatchProof, - opening_challenge: G::ScalarField, + opening_challenges: &dyn Fn(u64) -> G::ScalarField, rng: &mut R, ) -> Result where @@ -785,7 +796,7 @@ impl PolynomialCommitment for InnerPr *point, vals.into_iter(), p, - opening_challenge, + opening_challenges, ); if check_poly.is_none() { @@ -817,13 +828,13 @@ impl PolynomialCommitment for InnerPr Ok(true) } - fn open_combinations<'a>( + fn open_combinations_individual_opening_challenges<'a>( ck: &Self::CommitterKey, lc_s: impl IntoIterator>, polynomials: impl IntoIterator>, commitments: impl IntoIterator>, query_set: &QuerySet, - opening_challenge: G::ScalarField, + opening_challenges: &dyn Fn(u64) -> G::ScalarField, rands: impl IntoIterator, rng: Option<&mut dyn RngCore>, ) -> Result, Self::Error> @@ -912,12 +923,12 @@ impl PolynomialCommitment for InnerPr let lc_commitments = Self::construct_labeled_commitments(&lc_info, &lc_commitments); - let proof = Self::batch_open( + let proof = Self::batch_open_individual_opening_challenges( ck, lc_polynomials.iter(), lc_commitments.iter(), &query_set, - opening_challenge, + opening_challenges, lc_randomness.iter(), rng, )?; @@ -926,14 +937,14 @@ impl PolynomialCommitment for InnerPr /// Checks that `values` are the true evaluations at `query_set` of the polynomials /// committed in `labeled_commitments`. - fn check_combinations<'a, R: RngCore>( + fn check_combinations_individual_opening_challenges<'a, R: RngCore>( vk: &Self::VerifierKey, lc_s: impl IntoIterator>, commitments: impl IntoIterator>, query_set: &QuerySet, evaluations: &Evaluations, proof: &BatchLCProof, - opening_challenge: G::ScalarField, + opening_challenges: &dyn Fn(u64) -> G::ScalarField, rng: &mut R, ) -> Result where @@ -1000,13 +1011,13 @@ impl PolynomialCommitment for InnerPr let lc_commitments = Self::construct_labeled_commitments(&lc_info, &lc_commitments); - Self::batch_check( + Self::batch_check_individual_opening_challenges( vk, &lc_commitments, &query_set, &evaluations, proof, - opening_challenge, + opening_challenges, rng, ) } diff --git a/src/lib.rs b/src/lib.rs index 718eb847..87260ce6 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -193,7 +193,19 @@ pub trait PolynomialCommitment: Sized { ) -> Result where Self::Randomness: 'a, - Self::Commitment: 'a; + Self::Commitment: 'a, + { + let opening_challenges = |pow| opening_challenge.pow(&[pow]); + Self::open_individual_opening_challenges( + ck, + labeled_polynomials, + commitments, + point, + &opening_challenges, + rands, + rng, + ) + } /// On input a list of labeled polynomials and a query set, `open` outputs a proof of evaluation /// of the polynomials at the points in the query set. @@ -210,64 +222,16 @@ pub trait PolynomialCommitment: Sized { Self::Randomness: 'a, Self::Commitment: 'a, { - let rng = &mut crate::optional_rng::OptionalRng(rng); - let poly_rand_comm: BTreeMap<_, _> = labeled_polynomials - .into_iter() - .zip(rands) - .zip(commitments.into_iter()) - .map(|((poly, r), comm)| (poly.label(), (poly, r, comm))) - .collect(); - - let open_time = start_timer!(|| format!( - "Opening {} polynomials at query set of size {}", - poly_rand_comm.len(), - query_set.len(), - )); - - let mut query_to_labels_map = BTreeMap::new(); - - for (label, (point_label, point)) in query_set.iter() { - let labels = query_to_labels_map - .entry(point_label) - .or_insert((point, BTreeSet::new())); - labels.1.insert(label); - } - - let mut proofs = Vec::new(); - for (_point_label, (point, labels)) in query_to_labels_map.into_iter() { - let mut query_polys: Vec<&'a LabeledPolynomial<_>> = Vec::new(); - let mut query_rands: Vec<&'a Self::Randomness> = Vec::new(); - let mut query_comms: Vec<&'a LabeledCommitment> = Vec::new(); - - for label in labels { - let (polynomial, rand, comm) = - poly_rand_comm.get(label).ok_or(Error::MissingPolynomial { - label: label.to_string(), - })?; - - query_polys.push(polynomial); - query_rands.push(rand); - query_comms.push(comm); - } - - let proof_time = start_timer!(|| "Creating proof"); - let proof = Self::open( - ck, - query_polys, - query_comms, - *point, - opening_challenge, - query_rands, - Some(rng), - )?; - - end_timer!(proof_time); - - proofs.push(proof); - } - end_timer!(open_time); - - Ok(proofs.into()) + let opening_challenges = |pow| opening_challenge.pow(&[pow]); + Self::batch_open_individual_opening_challenges( + ck, + labeled_polynomials, + commitments, + query_set, + &opening_challenges, + rands, + rng, + ) } /// Verifies that `values` are the evaluations at `point` of the polynomials @@ -282,7 +246,19 @@ pub trait PolynomialCommitment: Sized { rng: Option<&mut dyn RngCore>, ) -> Result where - Self::Commitment: 'a; + Self::Commitment: 'a, + { + let opening_challenges = |pow| opening_challenge.pow(&[pow]); + Self::check_individual_opening_challenges( + vk, + commitments, + point, + values, + proof, + &opening_challenges, + rng, + ) + } /// Checks that `values` are the true evaluations at `query_set` of the polynomials /// committed in `labeled_commitments`. @@ -295,6 +271,116 @@ pub trait PolynomialCommitment: Sized { opening_challenge: F, rng: &mut R, ) -> Result + where + Self::Commitment: 'a, + { + let opening_challenges = |pow| opening_challenge.pow(&[pow]); + Self::batch_check_individual_opening_challenges( + vk, + commitments, + query_set, + evaluations, + proof, + &opening_challenges, + rng, + ) + } + + /// On input a list of polynomials, linear combinations of those polynomials, + /// and a query set, `open_combination` outputs a proof of evaluation of + /// the combinations at the points in the query set. + fn open_combinations<'a>( + ck: &Self::CommitterKey, + linear_combinations: impl IntoIterator>, + polynomials: impl IntoIterator>, + commitments: impl IntoIterator>, + query_set: &QuerySet, + opening_challenge: F, + rands: impl IntoIterator, + rng: Option<&mut dyn RngCore>, + ) -> Result, Self::Error> + where + Self::Randomness: 'a, + Self::Commitment: 'a, + { + let opening_challenges = |pow| opening_challenge.pow(&[pow]); + Self::open_combinations_individual_opening_challenges( + ck, + linear_combinations, + polynomials, + commitments, + query_set, + &opening_challenges, + rands, + rng, + ) + } + + /// Checks that `evaluations` are the true evaluations at `query_set` of the + /// linear combinations of polynomials committed in `commitments`. + fn check_combinations<'a, R: RngCore>( + vk: &Self::VerifierKey, + linear_combinations: impl IntoIterator>, + commitments: impl IntoIterator>, + eqn_query_set: &QuerySet, + eqn_evaluations: &Evaluations, + proof: &BatchLCProof, + opening_challenge: F, + rng: &mut R, + ) -> Result + where + Self::Commitment: 'a, + { + let opening_challenges = |pow| opening_challenge.pow(&[pow]); + Self::check_combinations_individual_opening_challenges( + vk, + linear_combinations, + commitments, + eqn_query_set, + eqn_evaluations, + proof, + &opening_challenges, + rng, + ) + } + + /// open but with individual challenges + fn open_individual_opening_challenges<'a>( + ck: &Self::CommitterKey, + labeled_polynomials: impl IntoIterator>, + commitments: impl IntoIterator>, + point: F, + opening_challenges: &dyn Fn(u64) -> F, + rands: impl IntoIterator, + rng: Option<&mut dyn RngCore>, + ) -> Result + where + Self::Randomness: 'a, + Self::Commitment: 'a; + + /// check but with individual challenges + fn check_individual_opening_challenges<'a>( + vk: &Self::VerifierKey, + commitments: impl IntoIterator>, + point: F, + values: impl IntoIterator, + proof: &Self::Proof, + opening_challenges: &dyn Fn(u64) -> F, + rng: Option<&mut dyn RngCore>, + ) -> Result + where + Self::Commitment: 'a; + + /// batch_check but with individual challenges + fn batch_check_individual_opening_challenges<'a, R: RngCore>( + vk: &Self::VerifierKey, + commitments: impl IntoIterator>, + query_set: &QuerySet, + evaluations: &Evaluations, + proof: &Self::BatchProof, + opening_challenges: &dyn Fn(u64) -> F, + rng: &mut R, + ) -> Result where Self::Commitment: 'a, { @@ -334,13 +420,13 @@ pub trait PolynomialCommitment: Sized { } let proof_time = start_timer!(|| "Checking per-query proof"); - result &= Self::check( + result &= Self::check_individual_opening_challenges( vk, comms, *point, values, &proof, - opening_challenge, + opening_challenges, Some(rng), )?; end_timer!(proof_time); @@ -348,16 +434,14 @@ pub trait PolynomialCommitment: Sized { Ok(result) } - /// On input a list of polynomials, linear combinations of those polynomials, - /// and a query set, `open_combination` outputs a proof of evaluation of - /// the combinations at the points in the query set. - fn open_combinations<'a>( + /// open_combinations but with individual challenges + fn open_combinations_individual_opening_challenges<'a>( ck: &Self::CommitterKey, linear_combinations: impl IntoIterator>, polynomials: impl IntoIterator>, commitments: impl IntoIterator>, query_set: &QuerySet, - opening_challenge: F, + opening_challenges: &dyn Fn(u64) -> F, rands: impl IntoIterator, rng: Option<&mut dyn RngCore>, ) -> Result, Self::Error> @@ -370,12 +454,12 @@ pub trait PolynomialCommitment: Sized { let poly_query_set = lc_query_set_to_poly_query_set(linear_combinations.iter().copied(), query_set); let poly_evals = evaluate_query_set(polynomials.iter().copied(), &poly_query_set); - let proof = Self::batch_open( + let proof = Self::batch_open_individual_opening_challenges( ck, polynomials, commitments, &poly_query_set, - opening_challenge, + opening_challenges, rands, rng, )?; @@ -385,16 +469,15 @@ pub trait PolynomialCommitment: Sized { }) } - /// Checks that `evaluations` are the true evaluations at `query_set` of the - /// linear combinations of polynomials committed in `commitments`. - fn check_combinations<'a, R: RngCore>( + /// check_combinations with individual challenges + fn check_combinations_individual_opening_challenges<'a, R: RngCore>( vk: &Self::VerifierKey, linear_combinations: impl IntoIterator>, commitments: impl IntoIterator>, eqn_query_set: &QuerySet, eqn_evaluations: &Evaluations, proof: &BatchLCProof, - opening_challenge: F, + opening_challenges: &dyn Fn(u64) -> F, rng: &mut R, ) -> Result where @@ -440,13 +523,13 @@ pub trait PolynomialCommitment: Sized { } } - let pc_result = Self::batch_check( + let pc_result = Self::batch_check_individual_opening_challenges( vk, commitments, &poly_query_set, &poly_evals, proof, - opening_challenge, + opening_challenges, rng, )?; if !pc_result { @@ -457,173 +540,78 @@ pub trait PolynomialCommitment: Sized { Ok(true) } - /// open but with individual challenges - /// the non-individual version `open` should call this method with - /// `opening_challenges = |pow| opening_challenge.pow(&[pow]);`, - /// i.e., the same impl as in MarlinKZG. - fn open_individual_opening_challenges<'a>( + /// batch_open with individual challenges + fn batch_open_individual_opening_challenges<'a>( ck: &Self::CommitterKey, labeled_polynomials: impl IntoIterator>, commitments: impl IntoIterator>, - point: F, - opening_challenges: &dyn Fn(usize) -> F, + query_set: &QuerySet, + opening_challenges: &dyn Fn(u64) -> F, rands: impl IntoIterator, rng: Option<&mut dyn RngCore>, - ) -> Result + ) -> Result where Self::Randomness: 'a, Self::Commitment: 'a, { - Self::open( - ck, - labeled_polynomials, - commitments, - point, - opening_challenges(0), - rands, - rng, - ) - } + let rng = &mut crate::optional_rng::OptionalRng(rng); + let poly_rand_comm: BTreeMap<_, _> = labeled_polynomials + .into_iter() + .zip(rands) + .zip(commitments.into_iter()) + .map(|((poly, r), comm)| (poly.label(), (poly, r, comm))) + .collect(); - /// check but with individual challenges - /// The non-individual version `check` should call this method with - /// `opening_challenges = |pow| opening_challenge.pow(&[pow]);`, - /// i.e., the same impl as in MarlinKZG. - fn check_individual_opening_challenges<'a>( - vk: &Self::VerifierKey, - commitments: impl IntoIterator>, - point: F, - values: impl IntoIterator, - proof: &Self::Proof, - opening_challenges: &dyn Fn(usize) -> F, - rng: Option<&mut dyn RngCore>, - ) -> Result - where - Self::Commitment: 'a, - { - Self::check( - vk, - commitments, - point, - values, - proof, - opening_challenges(0), - rng, - ) - } + let open_time = start_timer!(|| format!( + "Opening {} polynomials at query set of size {}", + poly_rand_comm.len(), + query_set.len(), + )); - /// batch_check but with individual challenges - /// The non-individual version `batch_check` should call this method with - /// `opening_challenges = |pow| opening_challenge.pow(&[pow]);`, - /// i.e., the same impl as in MarlinKZG. - fn batch_check_individual_opening_challenges<'a, R: RngCore>( - vk: &Self::VerifierKey, - commitments: impl IntoIterator>, - query_set: &QuerySet, - evaluations: &Evaluations, - proof: &Self::BatchProof, - opening_challenges: &dyn Fn(usize) -> F, - rng: &mut R, - ) -> Result - where - Self::Commitment: 'a, - { - Self::batch_check( - vk, - commitments, - query_set, - evaluations, - proof, - opening_challenges(0), - rng, - ) - } + let mut query_to_labels_map = BTreeMap::new(); - /// open_combinations but with individual challenges - /// The non-individual version `open_combinations` should call this method with - /// `opening_challenges = |pow| opening_challenge.pow(&[pow]);`, - /// i.e., the same impl as in MarlinKZG. - fn open_combinations_individual_opening_challenges<'a>( - ck: &Self::CommitterKey, - lc_s: impl IntoIterator>, - polynomials: impl IntoIterator>, - commitments: impl IntoIterator>, - query_set: &QuerySet, - opening_challenges: &dyn Fn(usize) -> F, - rands: impl IntoIterator, - rng: Option<&mut dyn RngCore>, - ) -> Result, Self::Error> - where - Self::Randomness: 'a, - Self::Commitment: 'a, - { - Self::open_combinations( - ck, - lc_s, - polynomials, - commitments, - query_set, - opening_challenges(0), - rands, - rng, - ) - } + for (label, (point_label, point)) in query_set.iter() { + let labels = query_to_labels_map + .entry(point_label) + .or_insert((point, BTreeSet::new())); + labels.1.insert(label); + } - /// check_combinations but with individual challenges - /// The non-individual version `check_combinations` should call this method with - /// `opening_challenges = |pow| opening_challenge.pow(&[pow]);`, - /// i.e., the same impl as in MarlinKZG. - fn check_combinations_individual_opening_challenges<'a, R: RngCore>( - vk: &Self::VerifierKey, - lc_s: impl IntoIterator>, - commitments: impl IntoIterator>, - query_set: &QuerySet, - evaluations: &Evaluations, - proof: &BatchLCProof, - opening_challenges: &dyn Fn(usize) -> F, - rng: &mut R, - ) -> Result - where - Self::Commitment: 'a, - { - Self::check_combinations( - vk, - lc_s, - commitments, - query_set, - evaluations, - proof, - opening_challenges(0), - rng, - ) - } + let mut proofs = Vec::new(); + for (_point_label, (point, labels)) in query_to_labels_map.into_iter() { + let mut query_polys: Vec<&'a LabeledPolynomial<_>> = Vec::new(); + let mut query_rands: Vec<&'a Self::Randomness> = Vec::new(); + let mut query_comms: Vec<&'a LabeledCommitment> = Vec::new(); - /// batch_open but with individual challenges - /// The non-individual version `batch_open` should call this method with - /// `opening_challenges = |pow| opening_challenge.pow(&[pow]);`, - /// i.e., the same impl as in MarlinKZG. - fn batch_open_individual_opening_challenges<'a>( - ck: &Self::CommitterKey, - labeled_polynomials: impl IntoIterator>, - commitments: impl IntoIterator>, - query_set: &QuerySet, - opening_challenges: &dyn Fn(usize) -> F, - rands: impl IntoIterator, - rng: Option<&mut dyn RngCore>, - ) -> Result - where - Self::Randomness: 'a, - Self::Commitment: 'a, - { - Self::batch_open( - ck, - labeled_polynomials, - commitments, - query_set, - opening_challenges(0), - rands, - rng, - ) + for label in labels { + let (polynomial, rand, comm) = + poly_rand_comm.get(label).ok_or(Error::MissingPolynomial { + label: label.to_string(), + })?; + + query_polys.push(polynomial); + query_rands.push(rand); + query_comms.push(comm); + } + + let proof_time = start_timer!(|| "Creating proof"); + let proof = Self::open_individual_opening_challenges( + ck, + query_polys, + query_comms, + *point, + opening_challenges, + query_rands, + Some(rng), + )?; + + end_timer!(proof_time); + + proofs.push(proof); + } + end_timer!(open_time); + + Ok(proofs.into()) } } diff --git a/src/marlin_pc/mod.rs b/src/marlin_pc/mod.rs index 2808bb0e..36b927fc 100644 --- a/src/marlin_pc/mod.rs +++ b/src/marlin_pc/mod.rs @@ -5,7 +5,7 @@ use crate::{LabeledCommitment, LabeledPolynomial, LinearCombination}; use crate::{PCRandomness, PCUniversalParams, Polynomial, PolynomialCommitment}; use ark_ec::{AffineCurve, PairingEngine, ProjectiveCurve}; -use ark_ff::{Field, One, Zero}; +use ark_ff::{One, Zero}; use ark_std::vec; use core::{convert::TryInto, marker::PhantomData}; use rand_core::RngCore; @@ -116,7 +116,7 @@ impl MarlinKZG10 { vk: &VerifierKey, commitments: impl IntoIterator>>, values: impl IntoIterator, - opening_challenges: &dyn Fn(usize) -> E::Fr, + opening_challenges: &dyn Fn(u64) -> E::Fr, ) -> Result<(E::G1Projective, E::Fr), Error> { let acc_time = start_timer!(|| "Accumulating commitments and values"); let mut combined_comm = E::G1Projective::zero(); @@ -342,171 +342,13 @@ impl PolynomialCommitment for MarlinKZG10 { Ok((commitments, randomness)) } - /// On input a polynomial `p` and a point `point`, outputs a proof for the same. - fn open<'a>( - ck: &Self::CommitterKey, - labeled_polynomials: impl IntoIterator>, - commitments: impl IntoIterator>, - point: E::Fr, - opening_challenge: E::Fr, - rands: impl IntoIterator, - rng: Option<&mut dyn RngCore>, - ) -> Result - where - Self::Randomness: 'a, - Self::Commitment: 'a, - { - let opening_challenges = |j| opening_challenge.pow([j as u64]); - Self::open_individual_opening_challenges( - ck, - labeled_polynomials, - commitments, - point, - &opening_challenges, - rands, - rng, - ) - } - - /// Verifies that `value` is the evaluation at `x` of the polynomial - /// committed inside `comm`. - fn check<'a>( - vk: &Self::VerifierKey, - commitments: impl IntoIterator>, - point: E::Fr, - values: impl IntoIterator, - proof: &Self::Proof, - opening_challenge: E::Fr, - rng: Option<&mut dyn RngCore>, - ) -> Result - where - Self::Commitment: 'a, - { - let opening_challenges = |j| opening_challenge.pow([j as u64]); - Self::check_individual_opening_challenges( - vk, - commitments, - point, - values, - proof, - &opening_challenges, - rng, - ) - } - - fn batch_check<'a, R: RngCore>( - vk: &Self::VerifierKey, - commitments: impl IntoIterator>, - query_set: &QuerySet, - evaluations: &Evaluations, - proof: &Self::BatchProof, - opening_challenge: E::Fr, - rng: &mut R, - ) -> Result - where - Self::Commitment: 'a, - { - let opening_challenges = |j| opening_challenge.pow([j as u64]); - Self::batch_check_individual_opening_challenges( - vk, - commitments, - query_set, - evaluations, - proof, - &opening_challenges, - rng, - ) - } - - fn open_combinations<'a>( - ck: &Self::CommitterKey, - lc_s: impl IntoIterator>, - polynomials: impl IntoIterator>, - commitments: impl IntoIterator>, - query_set: &QuerySet, - opening_challenge: E::Fr, - rands: impl IntoIterator, - rng: Option<&mut dyn RngCore>, - ) -> Result, Self::Error> - where - Self::Randomness: 'a, - Self::Commitment: 'a, - { - let opening_challenges = |j| opening_challenge.pow([j as u64]); - Self::open_combinations_individual_opening_challenges( - ck, - lc_s, - polynomials, - commitments, - query_set, - &opening_challenges, - rands, - rng, - ) - } - - /// Checks that `values` are the true evaluations at `query_set` of the polynomials - /// committed in `labeled_commitments`. - fn check_combinations<'a, R: RngCore>( - vk: &Self::VerifierKey, - lc_s: impl IntoIterator>, - commitments: impl IntoIterator>, - query_set: &QuerySet, - evaluations: &Evaluations, - proof: &BatchLCProof, - opening_challenge: E::Fr, - rng: &mut R, - ) -> Result - where - Self::Commitment: 'a, - { - let opening_challenges = |j| opening_challenge.pow([j as u64]); - Self::check_combinations_individual_opening_challenges( - vk, - lc_s, - commitments, - query_set, - evaluations, - proof, - &opening_challenges, - rng, - ) - } - - // On input a list of labeled polynomials and a query set, `open` outputs a proof of evaluation - /// of the polynomials at the points in the query set. - fn batch_open<'a>( - ck: &Self::CommitterKey, - labeled_polynomials: impl IntoIterator>, - commitments: impl IntoIterator>, - query_set: &QuerySet, - opening_challenge: E::Fr, - rands: impl IntoIterator, - rng: Option<&mut dyn RngCore>, - ) -> Result - where - Self::Randomness: 'a, - Self::Commitment: 'a, - { - let opening_challenges = |j| opening_challenge.pow([j as u64]); - Self::batch_open_individual_opening_challenges( - ck, - labeled_polynomials, - commitments, - query_set, - &opening_challenges, - rands, - rng, - ) - } - /// On input a polynomial `p` and a point `point`, outputs a proof for the same. fn open_individual_opening_challenges<'a>( ck: &CommitterKey, labeled_polynomials: impl IntoIterator>, _commitments: impl IntoIterator>>, point: E::Fr, - opening_challenges: &dyn Fn(usize) -> E::Fr, + opening_challenges: &dyn Fn(u64) -> E::Fr, rands: impl IntoIterator>, _rng: Option<&mut dyn RngCore>, ) -> Result, Error> @@ -602,7 +444,7 @@ impl PolynomialCommitment for MarlinKZG10 { point: E::Fr, values: impl IntoIterator, proof: &kzg10::Proof, - opening_challenges: &dyn Fn(usize) -> E::Fr, + opening_challenges: &dyn Fn(u64) -> E::Fr, _rng: Option<&mut dyn RngCore>, ) -> Result where @@ -628,7 +470,7 @@ impl PolynomialCommitment for MarlinKZG10 { query_set: &QuerySet, evaluations: &Evaluations, proof: &Vec>, - opening_challenges: &dyn Fn(usize) -> E::Fr, + opening_challenges: &dyn Fn(u64) -> E::Fr, rng: &mut R, ) -> Result where @@ -712,7 +554,7 @@ impl PolynomialCommitment for MarlinKZG10 { polynomials: impl IntoIterator>, commitments: impl IntoIterator>>, query_set: &QuerySet, - opening_challenges: &dyn Fn(usize) -> E::Fr, + opening_challenges: &dyn Fn(u64) -> E::Fr, rands: impl IntoIterator>, rng: Option<&mut dyn RngCore>, ) -> Result, Error> @@ -810,7 +652,7 @@ impl PolynomialCommitment for MarlinKZG10 { query_set: &QuerySet, evaluations: &Evaluations, proof: &BatchLCProof, - opening_challenges: &dyn Fn(usize) -> E::Fr, + opening_challenges: &dyn Fn(u64) -> E::Fr, rng: &mut R, ) -> Result where @@ -893,7 +735,7 @@ impl PolynomialCommitment for MarlinKZG10 { labeled_polynomials: impl IntoIterator>, commitments: impl IntoIterator>>, query_set: &QuerySet, - opening_challenges: &dyn Fn(usize) -> E::Fr, + opening_challenges: &dyn Fn(u64) -> E::Fr, rands: impl IntoIterator>, rng: Option<&mut dyn RngCore>, ) -> Result>, Error> diff --git a/src/sonic_pc/mod.rs b/src/sonic_pc/mod.rs index 50793c7e..4cd90306 100644 --- a/src/sonic_pc/mod.rs +++ b/src/sonic_pc/mod.rs @@ -28,7 +28,7 @@ pub struct SonicKZG10 { } impl SonicKZG10 { - fn accumulate_elems<'a>( + fn accumulate_elems_individual_opening_challenges<'a>( combined_comms: &mut BTreeMap, E::G1Projective>, combined_witness: &mut E::G1Projective, combined_adjusted_witness: &mut E::G1Projective, @@ -37,11 +37,14 @@ impl SonicKZG10 { point: E::Fr, values: impl IntoIterator, proof: &kzg10::Proof, - opening_challenge: E::Fr, + opening_challenges: &dyn Fn(u64) -> E::Fr, randomizer: Option, ) { let acc_time = start_timer!(|| "Accumulating elements"); - let mut curr_challenge = opening_challenge; + + let mut opening_challenge_counter = 0; + let mut curr_challenge = opening_challenges(opening_challenge_counter); + opening_challenge_counter += 1; // Keeps track of running combination of values let mut combined_values = E::Fr::zero(); @@ -64,7 +67,8 @@ impl SonicKZG10 { *combined_comms .entry(degree_bound) .or_insert(E::G1Projective::zero()) += &comm_with_challenge; - curr_challenge *= &opening_challenge; + curr_challenge = opening_challenges(opening_challenge_counter); + opening_challenge_counter += 1; } // Push expected results into list of elems. Power will be the negative of the expected power @@ -329,12 +333,12 @@ impl PolynomialCommitment for SonicKZG10 { Ok((labeled_comms, randomness)) } - fn open<'a>( + fn open_individual_opening_challenges<'a>( ck: &Self::CommitterKey, labeled_polynomials: impl IntoIterator>, _commitments: impl IntoIterator>, point: E::Fr, - opening_challenge: E::Fr, + opening_challenges: &dyn Fn(u64) -> E::Fr, rands: impl IntoIterator, _rng: Option<&mut dyn RngCore>, ) -> Result @@ -344,7 +348,11 @@ impl PolynomialCommitment for SonicKZG10 { { let mut combined_polynomial = Polynomial::zero(); let mut combined_rand = kzg10::Randomness::empty(); - let mut curr_challenge = opening_challenge; + + let mut opening_challenge_counter = 0; + + let mut curr_challenge = opening_challenges(opening_challenge_counter); + opening_challenge_counter += 1; for (polynomial, rand) in labeled_polynomials.into_iter().zip(rands) { let enforced_degree_bounds: Option<&[usize]> = ck @@ -361,7 +369,8 @@ impl PolynomialCommitment for SonicKZG10 { combined_polynomial += (curr_challenge, polynomial.polynomial()); combined_rand += (curr_challenge, rand); - curr_challenge *= &opening_challenge; + curr_challenge = opening_challenges(opening_challenge_counter); + opening_challenge_counter += 1; } let proof_time = start_timer!(|| "Creating proof for polynomials"); @@ -371,13 +380,13 @@ impl PolynomialCommitment for SonicKZG10 { Ok(proof) } - fn check<'a>( + fn check_individual_opening_challenges<'a>( vk: &Self::VerifierKey, commitments: impl IntoIterator>, point: E::Fr, values: impl IntoIterator, proof: &Self::Proof, - opening_challenge: E::Fr, + opening_challenges: &dyn Fn(u64) -> E::Fr, _rng: Option<&mut dyn RngCore>, ) -> Result where @@ -388,7 +397,7 @@ impl PolynomialCommitment for SonicKZG10 { let mut combined_witness: E::G1Projective = E::G1Projective::zero(); let mut combined_adjusted_witness: E::G1Projective = E::G1Projective::zero(); - Self::accumulate_elems( + Self::accumulate_elems_individual_opening_challenges( &mut combined_comms, &mut combined_witness, &mut combined_adjusted_witness, @@ -397,7 +406,7 @@ impl PolynomialCommitment for SonicKZG10 { point, values, proof, - opening_challenge, + opening_challenges, None, ); @@ -411,13 +420,13 @@ impl PolynomialCommitment for SonicKZG10 { res } - fn batch_check<'a, R: RngCore>( + fn batch_check_individual_opening_challenges<'a, R: RngCore>( vk: &Self::VerifierKey, commitments: impl IntoIterator>, query_set: &QuerySet, values: &Evaluations, proof: &Self::BatchProof, - opening_challenge: E::Fr, + opening_challenges: &dyn Fn(u64) -> E::Fr, rng: &mut R, ) -> Result where @@ -459,7 +468,7 @@ impl PolynomialCommitment for SonicKZG10 { values_to_combine.push(*v_i); } - Self::accumulate_elems( + Self::accumulate_elems_individual_opening_challenges( &mut combined_comms, &mut combined_witness, &mut combined_adjusted_witness, @@ -468,7 +477,7 @@ impl PolynomialCommitment for SonicKZG10 { *point, values_to_combine.into_iter(), p, - opening_challenge, + opening_challenges, Some(randomizer), ); @@ -483,13 +492,13 @@ impl PolynomialCommitment for SonicKZG10 { ) } - fn open_combinations<'a>( + fn open_combinations_individual_opening_challenges<'a>( ck: &Self::CommitterKey, lc_s: impl IntoIterator>, polynomials: impl IntoIterator>, commitments: impl IntoIterator>, query_set: &QuerySet, - opening_challenge: E::Fr, + opening_challenges: &dyn Fn(u64) -> E::Fr, rands: impl IntoIterator, rng: Option<&mut dyn RngCore>, ) -> Result, Self::Error> @@ -563,12 +572,12 @@ impl PolynomialCommitment for SonicKZG10 { .map(|((label, d), c)| LabeledCommitment::new(label, c, d)) .collect::>(); - let proof = Self::batch_open( + let proof = Self::batch_open_individual_opening_challenges( ck, lc_polynomials.iter(), lc_commitments.iter(), &query_set, - opening_challenge, + opening_challenges, lc_randomness.iter(), rng, )?; @@ -577,14 +586,14 @@ impl PolynomialCommitment for SonicKZG10 { /// Checks that `values` are the true evaluations at `query_set` of the polynomials /// committed in `labeled_commitments`. - fn check_combinations<'a, R: RngCore>( + fn check_combinations_individual_opening_challenges<'a, R: RngCore>( vk: &Self::VerifierKey, lc_s: impl IntoIterator>, commitments: impl IntoIterator>, query_set: &QuerySet, evaluations: &Evaluations, proof: &BatchLCProof, - opening_challenge: E::Fr, + opening_challenges: &dyn Fn(u64) -> E::Fr, rng: &mut R, ) -> Result where @@ -648,13 +657,13 @@ impl PolynomialCommitment for SonicKZG10 { .map(|((label, d), c)| LabeledCommitment::new(label, c, d)) .collect::>(); - Self::batch_check( + Self::batch_check_individual_opening_challenges( vk, &lc_commitments, &query_set, &evaluations, proof, - opening_challenge, + opening_challenges, rng, ) }