fiat_shamir fix

fri/src/fiat_shamir/mod.rs

@@ -7,16 +7,16 @@ use crate::utils::fields::field_to_usize;
 /// A challenge will be hash of `(x,i,last_r,g_i)`
 #[derive(Default)]
 pub struct Transcript<F: PrimeField> {
-    /// The last generated challenge
+    /// The last challenge
     last_r: F,
     /// The seed, which should be generated from the initialization step
     x: F,
-    /// The current order of query points
+    /// The current round index
     i: u64,
-    /// The last query point
+    /// The last challenge evaluation
     gi: F,
-    /// The number of remaining queries that have not been hashed
-    remain_queries: u64,
+    /// Variable to keep ROM property that same input should result in same output
+    input_changed: bool,
 }
 
 impl<F: PrimeField> Transcript<F> {
@@ -26,45 +26,41 @@ impl<F: PrimeField> Transcript<F> {
             x: F::ZERO,
             i: 0,
             gi: F::ZERO,
-            remain_queries: 0,
+            input_changed: false,
         }
     }
 
     fn check_append(&self) {
         if self.i == 0 {
-            println!("Transcript has not been appended!")
+            println!("Transcript is empty! No message was appended")
         }
     }
 
-    /// Prover use it to send a query
+    /// Change the last message g_i in the transcript
     ///
     /// # Arguments
     ///
-    /// * `merkle_root`: the query
-    pub fn append(&mut self, merkle_root: F) {
+    /// * `last_message`: last message g_i
+    pub fn insert_last_message(&mut self, last_message: F) {
         self.i += 1;
-        if self.remain_queries == 0 {
-            self.gi = merkle_root;
-        } else {
-            self.gi = CustomizedHash::hash_two(self.gi, merkle_root);
-        }
-        self.remain_queries += 1;
+        self.gi = last_message;
+        self.input_changed = true;
     }
 
-    /// Generate a single challenge
+    /// Generate a single challenge r_i
     ///
-    /// returns: F: single challenge
+    /// returns: F: single challenge r_i
     pub fn generate_a_challenge(&mut self) -> F {
         self.check_append();
-        if self.remain_queries == 0 {
+        if !self.input_changed {
             return self.last_r;
         }
         let challenge = CustomizedHash::hash_two(
             CustomizedHash::hash_two(self.x, F::from(self.i as u128)),
             CustomizedHash::hash_two(self.last_r, self.gi),
         );
         self.last_r = challenge;
-        self.remain_queries = 0;
+        self.input_changed = false;
         challenge
     }
 
@@ -75,25 +71,29 @@ impl<F: PrimeField> Transcript<F> {
     /// * `number`: the number of elements
     ///
     /// returns: Vec<F, Global>: list of challenges
+    //TODO: This is theoretically wrong, g_i should change in every step
     pub fn generate_challenge_list(&mut self, number: usize) -> Vec<F> {
         self.check_append();
         let mut challenges = Vec::<F>::new();
         let mut c = self.generate_a_challenge();
         for i in 0..number {
             challenges.push(c);
-            c = CustomizedHash::hash_two(c, F::from(i as u128))
+            c = CustomizedHash::hash_two(
+                CustomizedHash::hash_two(self.x, F::from(i as u128)),
+                CustomizedHash::hash_two(c, self.gi),
+            );
         }
 
         challenges
     }
 
     /// Similar to generate_a_challenge
-    pub fn generate_an_index(&mut self) -> usize {
+    pub fn generate_a_challenge_usize(&mut self) -> usize {
         field_to_usize(&self.generate_a_challenge())
     }
 
     /// Similar to generate_challenge_list
-    pub fn generate_index_list(&mut self, number: usize) -> Vec<usize> {
+    pub fn generate_challenge_list_usize(&mut self, number: usize) -> Vec<usize> {
         return self
             .generate_challenge_list(number)
             .iter()
@@ -115,12 +115,12 @@ mod tests {
     fn test_generate_a_challenge1() {
         let mut transcript = Transcript::<Fq>::new();
         let query = Fq::from(StdRng::from_entropy().gen::<u128>());
-        transcript.append(query);
+        transcript.insert_last_message(query);
         let c1 = transcript.generate_a_challenge();
-        // transcript.append(query);
+        transcript.insert_last_message(query);
         let c2 = transcript.generate_a_challenge();
         println!("{:?} {:?}", c1.0, c2.0);
-        assert_eq!(c1, c2);
+        assert_ne!(c1, c2);
     }
 
     #[test]
@@ -129,8 +129,8 @@ mod tests {
         let query = Fq::from(928459);
 
         let mut transcript2 = Transcript::<Fq>::new();
-        transcript.append(query);
-        transcript2.append(query);
+        transcript.insert_last_message(query);
+        transcript2.insert_last_message(query);
         let c1 = transcript.generate_a_challenge();
         // transcript.append(query);
         let c2 = transcript2.generate_a_challenge();
@@ -143,8 +143,8 @@ mod tests {
         let mut transcript = Transcript::<Fq>::new();
         let mut transcript2 = Transcript::<Fq>::new();
         let size = 5;
-        transcript.append(Fq::from(31313213));
-        transcript2.append(Fq::from(31313213));
+        transcript.insert_last_message(Fq::from(31313213));
+        transcript2.insert_last_message(Fq::from(31313213));
         let g = transcript.generate_challenge_list(size);
         let g2 = transcript2.generate_challenge_list(size);
         println!("g {:?}", g);
@@ -162,7 +162,7 @@ mod tests {
     fn test_generate_challenge_list1() {
         let mut transcript = Transcript::<Fq>::new();
         let size = 5;
-        transcript.append(Fq::from(StdRng::from_entropy().gen::<u128>()));
+        transcript.insert_last_message(Fq::from(StdRng::from_entropy().gen::<u128>()));
         let g = transcript.generate_challenge_list(size);
         let g2 = transcript.generate_challenge_list(size);
         println!("g {:?}", g);
@@ -179,9 +179,9 @@ mod tests {
     #[test]
     fn test_generate_an_index() {
         let mut t = Transcript::<Fq>::new();
-        t.append(Fq::from(182887487));
-        let g1 = t.generate_an_index();
-        let g2 = t.generate_an_index();
+        t.insert_last_message(Fq::from(182887487));
+        let g1 = t.generate_a_challenge();
+        let g2 = t.generate_a_challenge();
         println!("{} {}", g1, g2);
         assert_eq!(g1, g2);
     }
@@ -190,9 +190,9 @@ mod tests {
     fn test_generate_index_list() {
         let mut transcript = Transcript::<Fq>::new();
         let size = 5;
-        transcript.append(Fq::from(StdRng::from_entropy().gen::<u128>()));
-        let g = transcript.generate_index_list(size);
-        let g2 = transcript.generate_index_list(size);
+        transcript.insert_last_message(Fq::from(StdRng::from_entropy().gen::<u128>()));
+        let g = transcript.generate_challenge_list_usize(size);
+        let g2 = transcript.generate_challenge_list_usize(size);
         println!("{:?} {:?}", g, g2);
         assert_eq!(g, g2);
         assert_eq!(g.len(), size);

fri/src/prover.rs

@@ -57,7 +57,7 @@ pub fn commit_phase<F: PrimeField>(
     let mut current_layer = FriLayer::new(&cur_poly, &cur_coset, cur_domain_size);
 
     fri_layers.push(current_layer.clone());
-    transcript.append(current_layer.merkle_tree.root);
+    transcript.insert_last_message(current_layer.merkle_tree.root);
 
     for _ in 1..number_layers {
         let random_r = transcript.generate_a_challenge();
@@ -68,15 +68,15 @@ pub fn commit_phase<F: PrimeField>(
         cur_poly = fold_polynomial(&cur_poly, &random_r);
         current_layer = FriLayer::new(&cur_poly, &cur_coset, cur_domain_size);
         fri_layers.push(current_layer.clone());
-        transcript.append(current_layer.merkle_tree.root);
+        transcript.insert_last_message(current_layer.merkle_tree.root);
     }
 
     // the constant commitment
     let random_r = transcript.generate_a_challenge();
     let last_poly = fold_polynomial(&cur_poly, &random_r);
     let const_value = last_poly.coeffs.first().cloned().unwrap_or(F::ZERO);
 
-    transcript.append(const_value);
+    transcript.insert_last_message(const_value);
     (const_value, transcript, fri_layers)
 }
 
@@ -88,7 +88,7 @@ pub fn query_phase<F: PrimeField>(
 ) -> (Vec<Decommitment<F>>, Vec<usize>) {
     if !fri_layers.is_empty() {
         let challenge_list = transcript
-            .generate_index_list(number_of_queries)
+            .generate_challenge_list_usize(number_of_queries)
             .iter()
             .map(|v| *v % domain_size)
             .collect::<Vec<usize>>();
@@ -200,8 +200,7 @@ mod tests {
         let poly = DensePolynomial::from_coefficients_vec(coeff);
         let number_of_layers: usize = 2;
         let coset = Fq::GENERATOR;
-        let (_const_val, _transcript, fri_layers) =
-            commit_phase(&poly, coset, 4, number_of_layers);
+        let (_const_val, _transcript, fri_layers) = commit_phase(&poly, coset, 4, number_of_layers);
 
         assert_eq!(fri_layers[1].coset, Fq::from(49));
         assert_eq!(fri_layers[1].domain_size, 2);
@@ -217,7 +216,7 @@ mod tests {
             commit_phase(&poly, coset, 4, number_of_layers);
         let (decommitment_list, challenge_list) = query_phase(1, 4, &mut transcript, &fri_layers);
         let validate_challenge_list = transcript
-            .generate_index_list(1)
+            .generate_challenge_list_usize(1)
             .iter()
             .map(|v| *v % 4)
             .collect::<Vec<usize>>();

fri/src/verifier.rs

@@ -12,15 +12,15 @@ pub fn verify<F: PrimeField>(proof: Proof<F>) -> Result<(), String> {
     let random_r_list = merkle_roots
         .into_iter()
         .map(|root| {
-            transcript.append(root);
+            transcript.insert_last_message(root);
             transcript.generate_a_challenge()
         })
         .collect::<Vec<F>>();
-    transcript.append(proof.const_val);
+    transcript.insert_last_message(proof.const_val);
 
     // regenerate challenge list
     let new_challenge_list = transcript
-        .generate_index_list(proof.number_of_queries)
+        .generate_challenge_list_usize(proof.number_of_queries)
         .iter()
         .map(|v| *v % proof.domain_size)
         .collect::<Vec<usize>>();