microsoft · srinathsetty · Mar 7, 2024 · Mar 7, 2024
diff --git a/src/spartan/polys/power.rs b/src/spartan/polys/power.rs
@@ -27,7 +27,7 @@ impl<Scalar: PrimeField> PowPolynomial<Scalar> {
 
   /// Create powers the following powers of `t`:
   /// [t^{2^0}, t^{2^1}, ..., t^{2^{ell-1}}]
-  pub(in crate::spartan) fn squares(t: &Scalar, ell: usize) -> Vec<Scalar> {
+  pub fn squares(t: &Scalar, ell: usize) -> Vec<Scalar> {
     successors(Some(*t), |p: &Scalar| Some(p.square()))
       .take(ell)
       .collect::<Vec<_>>()

diff --git a/src/spartan/ppsnark.rs b/src/spartan/ppsnark.rs
@@ -19,7 +19,7 @@ use crate::{
       univariate::{CompressedUniPoly, UniPoly},
     },
     powers,
-    sumcheck::SumcheckProof,
+    sumcheck::{SumcheckEngine, SumcheckProof},
     PolyEvalInstance, PolyEvalWitness, SparsePolynomial,
   },
   traits::{
@@ -174,7 +174,7 @@ impl<E: Engine> R1CSShapeSparkRepr<E> {
     }
   }
 
-  pub(in crate::spartan) fn commit(&self, ck: &CommitmentKey<E>) -> R1CSShapeSparkCommitment<E> {
+  fn commit(&self, ck: &CommitmentKey<E>) -> R1CSShapeSparkCommitment<E> {
     let comm_vec: Vec<Commitment<E>> = [
       &self.row,
       &self.col,
@@ -237,27 +237,6 @@ impl<E: Engine> R1CSShapeSparkRepr<E> {
   }
 }
 
-/// Defines a trait for implementing sum-check in a generic manner
-pub trait SumcheckEngine<E: Engine>: Send + Sync {
-  /// returns the initial claims
-  fn initial_claims(&self) -> Vec<E::Scalar>;
-
-  /// degree of the sum-check polynomial
-  fn degree(&self) -> usize;
-
-  /// the size of the polynomials
-  fn size(&self) -> usize;
-
-  /// returns evaluation points at 0, 2, d-1 (where d is the degree of the sum-check polynomial)
-  fn evaluation_points(&self) -> Vec<Vec<E::Scalar>>;
-
-  /// bounds a variable in the constituent polynomials
-  fn bound(&mut self, r: &E::Scalar);
-
-  /// returns the final claims
-  fn final_claims(&self) -> Vec<Vec<E::Scalar>>;
-}
-
 /// The [WitnessBoundSumcheck] ensures that the witness polynomial W defined over n = log(N) variables,
 /// is zero outside of the first `num_vars = 2^m` entries.
 ///
@@ -272,13 +251,13 @@ pub trait SumcheckEngine<E: Engine>: Send + Sync {
 /// It is equivalent to the expression
 ///  `0 = ∑_{2^m≤i<2^n} eq[i] * W[i]`
 /// Since `eq` is random, the instance is only satisfied if `W[2^{m}..] = 0`.
-pub(in crate::spartan) struct WitnessBoundSumcheck<E: Engine> {
+pub struct WitnessBoundSumcheck<E: Engine> {
   poly_W: MultilinearPolynomial<E::Scalar>,
   poly_masked_eq: MultilinearPolynomial<E::Scalar>,
 }
 
 impl<E: Engine> WitnessBoundSumcheck<E> {
-  pub fn new(tau: E::Scalar, poly_W_padded: Vec<E::Scalar>, num_vars: usize) -> Self {
+  fn new(tau: E::Scalar, poly_W_padded: Vec<E::Scalar>, num_vars: usize) -> Self {
     let num_vars_log = num_vars.log_2();
     // When num_vars = num_rounds, we shouldn't have to prove anything
     // but we still want this instance to compute the evaluation of W
@@ -336,7 +315,7 @@ impl<E: Engine> SumcheckEngine<E> for WitnessBoundSumcheck<E> {
   }
 }
 
-pub(in crate::spartan) struct MemorySumcheckInstance<E: Engine> {
+struct MemorySumcheckInstance<E: Engine> {
   // row
   w_plus_r_row: MultilinearPolynomial<E::Scalar>,
   t_plus_r_row: MultilinearPolynomial<E::Scalar>,
@@ -1193,10 +1172,11 @@ impl<E: Engine, EE: EvaluationEngineTrait<E>> RelaxedR1CSSNARKTrait<E> for Relax
     let w: PolyEvalWitness<E> = PolyEvalWitness::batch(&poly_vec, &c);
     let u: PolyEvalInstance<E> = PolyEvalInstance::batch(&comm_vec, &tau_coords, &eval_vec, &c);
 
-    // we now need to prove three claims
+    // we now need to prove four claims
     // (1) 0 = \sum_x poly_tau(x) * (poly_Az(x) * poly_Bz(x) - poly_uCz_E(x)), and eval_Az_at_tau + r * eval_Bz_at_tau + r^2 * eval_Cz_at_tau = (Az+r*Bz+r^2*Cz)(tau)
     // (2) eval_Az_at_tau + c * eval_Bz_at_tau + c^2 * eval_Cz_at_tau = \sum_y L_row(y) * (val_A(y) + c * val_B(y) + c^2 * val_C(y)) * L_col(y)
     // (3) L_row(i) = eq(tau, row(i)) and L_col(i) = z(col(i))
+    // (4) Check that the witness polynomial W is well-formed e.g., it is padded with only zeros
     let gamma = transcript.squeeze(b"g")?;
     let r = transcript.squeeze(b"r")?;
 

diff --git a/src/spartan/snark.rs b/src/spartan/snark.rs
@@ -245,7 +245,7 @@ impl<E: Engine, EE: EvaluationEngineTrait<E>> RelaxedR1CSSNARKTrait<E> for Relax
     ];
 
     let (batched_u, batched_w, sc_proof_batch, claims_batch_left) =
-      batch_eval_prove(u_vec, w_vec, &mut transcript)?;
+      batch_eval_reduce(u_vec, w_vec, &mut transcript)?;
 
     let eval_arg = EE::prove(
       ck,
@@ -410,8 +410,8 @@ impl<E: Engine, EE: EvaluationEngineTrait<E>> RelaxedR1CSSNARKTrait<E> for Relax
   }
 }
 
-/// Proves a batch of polynomial evaluation claims using Sumcheck
-/// reducing them to a single claim at the same point.
+/// Reduces a batch of polynomial evaluation claims using Sumcheck
+/// to a single claim at the same point.
 ///
 /// # Details
 ///
@@ -424,7 +424,7 @@ impl<E: Engine, EE: EvaluationEngineTrait<E>> RelaxedR1CSSNARKTrait<E> for Relax
 ///
 /// We allow the polynomial Pᵢ to have different sizes, by appropriately scaling
 /// the claims and resulting evaluations from Sumcheck.
-pub(in crate::spartan) fn batch_eval_prove<E: Engine>(
+fn batch_eval_reduce<E: Engine>(
   u_vec: Vec<PolyEvalInstance<E>>,
   w_vec: Vec<PolyEvalWitness<E>>,
   transcript: &mut E::TE,
@@ -498,7 +498,7 @@ pub(in crate::spartan) fn batch_eval_prove<E: Engine>(
 
 /// Verifies a batch of polynomial evaluation claims using Sumcheck
 /// reducing them to a single claim at the same point.
-pub(in crate::spartan) fn batch_eval_verify<E: Engine>(
+fn batch_eval_verify<E: Engine>(
   u_vec: Vec<PolyEvalInstance<E>>,
   transcript: &mut E::TE,
   sc_proof_batch: &SumcheckProof<E>,

diff --git a/src/spartan/sumcheck.rs b/src/spartan/sumcheck.rs
@@ -9,6 +9,27 @@ use itertools::Itertools as _;
 use rayon::prelude::*;
 use serde::{Deserialize, Serialize};
 
+/// Defines a trait for implementing sum-check in a generic manner
+pub trait SumcheckEngine<E: Engine>: Send + Sync {
+  /// returns the initial claims
+  fn initial_claims(&self) -> Vec<E::Scalar>;
+
+  /// degree of the sum-check polynomial
+  fn degree(&self) -> usize;
+
+  /// the size of the polynomials
+  fn size(&self) -> usize;
+
+  /// returns evaluation points at 0, 2, d-1 (where d is the degree of the sum-check polynomial)
+  fn evaluation_points(&self) -> Vec<Vec<E::Scalar>>;
+
+  /// bounds a variable in the constituent polynomials
+  fn bound(&mut self, r: &E::Scalar);
+
+  /// returns the final claims
+  fn final_claims(&self) -> Vec<Vec<E::Scalar>>;
+}
+
 #[derive(Clone, Debug, Serialize, Deserialize)]
 #[serde(bound = "")]
 pub(crate) struct SumcheckProof<E: Engine> {
@@ -298,7 +319,7 @@ impl<E: Engine> SumcheckProof<E> {
   }
 
   #[inline]
-  pub(in crate::spartan) fn compute_eval_points_cubic<F>(
+  pub fn compute_eval_points_cubic<F>(
     poly_A: &MultilinearPolynomial<E::Scalar>,
     poly_B: &MultilinearPolynomial<E::Scalar>,
     poly_C: &MultilinearPolynomial<E::Scalar>,
@@ -342,7 +363,7 @@ impl<E: Engine> SumcheckProof<E> {
   }
 
   #[inline]
-  pub(in crate::spartan) fn compute_eval_points_cubic_with_additive_term<F>(
+  pub fn compute_eval_points_cubic_with_additive_term<F>(
     poly_A: &MultilinearPolynomial<E::Scalar>,
     poly_B: &MultilinearPolynomial<E::Scalar>,
     poly_C: &MultilinearPolynomial<E::Scalar>,