diff --git a/src/spartan/batched.rs b/src/spartan/batched.rs index ebcc5508..d04017eb 100644 --- a/src/spartan/batched.rs +++ b/src/spartan/batched.rs @@ -17,7 +17,7 @@ use super::{ math::Math, polys::{eq::EqPolynomial, multilinear::MultilinearPolynomial}, powers, - snark::batch_eval_prove, + snark::batch_eval_reduce, sumcheck::SumcheckProof, PolyEvalInstance, PolyEvalWitness, }; @@ -348,7 +348,7 @@ impl> BatchedRelaxedR1CSSNARKTrait }; let (batched_u, batched_w, sc_proof_batch, claims_batch_left) = - batch_eval_prove(u_vec, &w_vec, &mut transcript)?; + batch_eval_reduce(u_vec, &w_vec, &mut transcript)?; let eval_arg = EE::prove( ck, diff --git a/src/spartan/polys/power.rs b/src/spartan/polys/power.rs index 55bd2a4a..fc0bb699 100644 --- a/src/spartan/polys/power.rs +++ b/src/spartan/polys/power.rs @@ -27,7 +27,7 @@ impl PowPolynomial { /// Create powers the following powers of `t`: /// [t^{2^0}, t^{2^1}, ..., t^{2^{ell-1}}] - pub(in crate::spartan) fn squares(t: &Scalar, ell: usize) -> Vec { + pub fn squares(t: &Scalar, ell: usize) -> Vec { successors(Some(*t), |p: &Scalar| Some(p.square())) .take(ell) .collect::>() diff --git a/src/spartan/ppsnark.rs b/src/spartan/ppsnark.rs index 711f8003..aba5a98b 100644 --- a/src/spartan/ppsnark.rs +++ b/src/spartan/ppsnark.rs @@ -584,10 +584,11 @@ impl> RelaxedR1CSSNARKTrait for Relax let u: PolyEvalInstance = PolyEvalInstance::batch(&comm_vec, tau_coords.clone(), &eval_vec, &c); - // we now need to prove three claims + // we now need to prove four claims // (1) 0 = \sum_x poly_tau(x) * (poly_Az(x) * poly_Bz(x) - poly_uCz_E(x)), and eval_Az_at_tau + r * eval_Bz_at_tau + r^2 * eval_Cz_at_tau = (Az+r*Bz+r^2*Cz)(tau) // (2) eval_Az_at_tau + c * eval_Bz_at_tau + c^2 * eval_Cz_at_tau = \sum_y L_row(y) * (val_A(y) + c * val_B(y) + c^2 * val_C(y)) * L_col(y) // (3) L_row(i) = eq(tau, row(i)) and L_col(i) = z(col(i)) + // (4) Check that the witness polynomial W is well-formed e.g., it is padded with only zeros let gamma = transcript.squeeze(b"g")?; let r = transcript.squeeze(b"r")?; diff --git a/src/spartan/snark.rs b/src/spartan/snark.rs index 3b82c3e5..a1384b89 100644 --- a/src/spartan/snark.rs +++ b/src/spartan/snark.rs @@ -250,7 +250,7 @@ impl> RelaxedR1CSSNARKTrait for Relax ]; let (batched_u, batched_w, sc_proof_batch, claims_batch_left) = - batch_eval_prove(u_vec, &w_vec, &mut transcript)?; + batch_eval_reduce(u_vec, &w_vec, &mut transcript)?; let eval_arg = EE::prove( ck, @@ -415,8 +415,8 @@ impl> RelaxedR1CSSNARKTrait for Relax } } -/// Proves a batch of polynomial evaluation claims using Sumcheck -/// reducing them to a single claim at the same point. +/// Reduces a batch of polynomial evaluation claims using Sumcheck +/// to a single claim at the same point. /// /// # Details /// @@ -429,7 +429,7 @@ impl> RelaxedR1CSSNARKTrait for Relax /// /// We allow the polynomial Pᵢ to have different sizes, by appropriately scaling /// the claims and resulting evaluations from Sumcheck. -pub(in crate::spartan) fn batch_eval_prove( +pub (in crate::spartan) fn batch_eval_reduce( u_vec: Vec>, w_vec: &[PolyEvalWitness], transcript: &mut E::TE,