simplify

iakovenkos · iakovenkos · commit b4f8d442e1dd · 2026-03-15T12:10:04.000Z
diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/commitment_key.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/commitment_key.hpp
@@ -138,52 +138,29 @@ template <class Curve> class CommitmentKey {
         CommitmentKey* key;
         RefVector<Polynomial<Fr>> wires;
         std::vector<std::string> labels;
+        std::vector<const Polynomial<Fr>*> tail_polys; // optional ZK masking tails (parallel to wires)
 
-        /**
-         * @brief Batch-commit all wires, adjust commitments for masked polys using tail polynomials
-         * from MaskingTailData, and send to verifier.
-         *
-         * @param transcript The transcript to send commitments to.
-         * @param masking_tail_data If non-null, iterates masked polys and adjusts matching
-         *        commitments: C' = C_short + commit(tail_poly).
-         * @param prover_polys ProverPolynomials reference for pointer matching (needed when
-         *        masking_tail_data is provided).
-         */
-        template <typename MaskingTailDataT = std::nullptr_t, typename ProverPolynomials = std::nullptr_t>
         std::vector<Commitment> commit_and_send_to_verifier(auto transcript,
-                                                            size_t max_batch_size = std::numeric_limits<size_t>::max(),
-                                                            MaskingTailDataT* masking_tail_data = nullptr,
-                                                            ProverPolynomials* prover_polys = nullptr)
+                                                            size_t max_batch_size = std::numeric_limits<size_t>::max())
         {
             std::vector<Commitment> commitments = key->batch_commit(wires, max_batch_size);
 
-            // Adjust commitments for masked polys: C' = C_short + commit(tail_poly)
-            if constexpr (!std::is_same_v<MaskingTailDataT, std::nullptr_t>) {
-                if (masking_tail_data != nullptr && prover_polys != nullptr && masking_tail_data->is_active()) {
-                    auto masked_polys = prover_polys->get_masked();
-                    auto masked_tails = masking_tail_data->tails.get_masked();
-                    for (size_t m = 0; m < masked_polys.size(); ++m) {
-                        for (size_t i = 0; i < wires.size(); ++i) {
-                            if (wires[i].data() == masked_polys[m].data()) {
-                                commitments[i] = commitments[i] + key->commit(masked_tails[m]);
-                                break;
-                            }
-                        }
-                    }
-                }
-            }
-
+            // Adjust commitments for wires with masking tails: C' = C_short + commit(tail)
             for (size_t i = 0; i < commitments.size(); ++i) {
+                if (i < tail_polys.size() && tail_polys[i] != nullptr && !tail_polys[i]->is_empty()) {
+                    commitments[i] = commitments[i] + key->commit(*tail_polys[i]);
+                }
                 transcript->send_to_verifier(labels[i], commitments[i]);
             }
 
             return commitments;
         }
 
-        void add_to_batch(Polynomial<Fr>& poly, const std::string& label)
+        void add_to_batch(Polynomial<Fr>& poly, const std::string& label, const Polynomial<Fr>* tail = nullptr)
         {
             wires.push_back(poly);
             labels.push_back(label);
+            tail_polys.push_back(tail);
         }
     };
 
diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp
@@ -68,11 +68,11 @@ void ECCVMProver::execute_wire_commitments_round()
     key->masking_tail_data.register_all_masked_polys(key->polynomials);
 
     auto batch = key->commitment_key.start_batch();
-    for (const auto& [wire, label] : zip_view(key->polynomials.get_wires(), commitment_labels.get_wires())) {
-        batch.add_to_batch(wire, label);
+    for (const auto& [wire, tail, label] : zip_view(
+             key->polynomials.get_wires(), key->masking_tail_data.tails.get_wires(), commitment_labels.get_wires())) {
+        batch.add_to_batch(wire, label, &tail);
     }
-    batch.commit_and_send_to_verifier(
-        transcript, std::numeric_limits<size_t>::max(), &key->masking_tail_data, &key->polynomials);
+    batch.commit_and_send_to_verifier(transcript);
 }
 
 /**
@@ -110,7 +110,10 @@ void ECCVMProver::execute_log_derivative_commitments_round()
                                   typename Flavor::LookupRelation,
                                   typename Flavor::ProverPolynomials,
                                   true>(key->polynomials, relation_parameters, unmasked_witness_size);
-    commit_to_witness_polynomial(key->polynomials.lookup_inverses, commitment_labels.lookup_inverses);
+    auto& li = key->polynomials.lookup_inverses;
+    transcript->send_to_verifier(commitment_labels.lookup_inverses,
+                                 key->commitment_key.commit(li) +
+                                     key->commitment_key.commit(key->masking_tail_data.tails.lookup_inverses));
 }
 
 /**
@@ -122,7 +125,10 @@ void ECCVMProver::execute_grand_product_computation_round()
     BB_BENCH_NAME("ECCVMProver::execute_grand_product_computation_round");
     // Compute permutation grand product and their commitments
     compute_grand_products<Flavor>(key->polynomials, relation_parameters, unmasked_witness_size);
-    commit_to_witness_polynomial(key->polynomials.z_perm, commitment_labels.z_perm);
+    auto& zp = key->polynomials.z_perm;
+    transcript->send_to_verifier(commitment_labels.z_perm,
+                                 key->commitment_key.commit(zp) +
+                                     key->commitment_key.commit(key->masking_tail_data.tails.z_perm));
 }
 
 /**
@@ -358,12 +364,4 @@ void ECCVMProver::compute_translation_opening_claims()
  * @param polynomial
  * @param label
  */
-void ECCVMProver::commit_to_witness_polynomial(Polynomial& polynomial, const std::string& label)
-{
-    // Tail already registered in execute_wire_commitments_round via register_all_masked_polys
-    auto batch = key->commitment_key.start_batch();
-    batch.add_to_batch(polynomial, label);
-    batch.commit_and_send_to_verifier(
-        transcript, std::numeric_limits<size_t>::max(), &key->masking_tail_data, &key->polynomials);
-}
 } // namespace bb
diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.hpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.hpp
@@ -50,8 +50,6 @@ class ECCVMProver {
     Proof export_proof();
     std::pair<Proof, OpeningClaim> construct_proof();
     void compute_translation_opening_claims();
-    void commit_to_witness_polynomial(Polynomial& polynomial, const std::string& label);
-
     std::shared_ptr<Transcript> transcript;
 
     size_t unmasked_witness_size;
diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/oink_prover.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/oink_prover.cpp
@@ -76,28 +76,27 @@ template <typename Flavor> void OinkProver<Flavor>::commit_to_wires()
 {
     BB_BENCH_NAME("OinkProver::commit_to_wires");
     auto batch = commitment_key.start_batch();
+    auto& tails = prover_instance->masking_tail_data.tails;
 
     // Commit to the first three wire polynomials; w_4 is deferred until after memory records are added
-    batch.add_to_batch(prover_instance->polynomials.w_l, commitment_labels.w_l);
-    batch.add_to_batch(prover_instance->polynomials.w_r, commitment_labels.w_r);
-    batch.add_to_batch(prover_instance->polynomials.w_o, commitment_labels.w_o);
+    batch.add_to_batch(prover_instance->polynomials.w_l, commitment_labels.w_l, &tails.w_l);
+    batch.add_to_batch(prover_instance->polynomials.w_r, commitment_labels.w_r, &tails.w_r);
+    batch.add_to_batch(prover_instance->polynomials.w_o, commitment_labels.w_o, &tails.w_o);
 
     if constexpr (IsMegaFlavor<Flavor>) {
-        for (auto [polynomial, label] :
-             zip_view(prover_instance->polynomials.get_ecc_op_wires(), commitment_labels.get_ecc_op_wires())) {
-            batch.add_to_batch(polynomial, label);
+        for (auto [polynomial, tail, label] : zip_view(prover_instance->polynomials.get_ecc_op_wires(),
+                                                       tails.get_ecc_op_wires(),
+                                                       commitment_labels.get_ecc_op_wires())) {
+            batch.add_to_batch(polynomial, label, &tail);
         }
-        for (auto [polynomial, label] :
-             zip_view(prover_instance->polynomials.get_databus_entities(), commitment_labels.get_databus_entities())) {
-            batch.add_to_batch(polynomial, label);
+        for (auto [polynomial, tail, label] : zip_view(prover_instance->polynomials.get_databus_entities(),
+                                                       tails.get_databus_entities(),
+                                                       commitment_labels.get_databus_entities())) {
+            batch.add_to_batch(polynomial, label, &tail);
         }
     }
 
-    // MaskingTailData adjusts commitments for masked polys (tail already registered in prove())
-    auto computed_commitments = batch.commit_and_send_to_verifier(transcript,
-                                                                  std::numeric_limits<size_t>::max(),
-                                                                  &prover_instance->masking_tail_data,
-                                                                  &prover_instance->polynomials);
+    auto computed_commitments = batch.commit_and_send_to_verifier(transcript);
     prover_instance->commitments.w_l = computed_commitments[0];
     prover_instance->commitments.w_r = computed_commitments[1];
     prover_instance->commitments.w_o = computed_commitments[2];
@@ -127,13 +126,14 @@ template <typename Flavor> void OinkProver<Flavor>::commit_to_lookup_counts_and_
 
     // Commit to lookup argument polynomials and the finalized (i.e. with memory records) fourth wire polynomial
     auto batch = commitment_key.start_batch();
-    batch.add_to_batch(prover_instance->polynomials.lookup_read_counts, commitment_labels.lookup_read_counts);
-    batch.add_to_batch(prover_instance->polynomials.lookup_read_tags, commitment_labels.lookup_read_tags);
-    batch.add_to_batch(prover_instance->polynomials.w_4, commitment_labels.w_4);
-    auto computed_commitments = batch.commit_and_send_to_verifier(transcript,
-                                                                  std::numeric_limits<size_t>::max(),
-                                                                  &prover_instance->masking_tail_data,
-                                                                  &prover_instance->polynomials);
+    auto& tails = prover_instance->masking_tail_data.tails;
+    batch.add_to_batch(prover_instance->polynomials.lookup_read_counts,
+                       commitment_labels.lookup_read_counts,
+                       &tails.lookup_read_counts);
+    batch.add_to_batch(
+        prover_instance->polynomials.lookup_read_tags, commitment_labels.lookup_read_tags, &tails.lookup_read_tags);
+    batch.add_to_batch(prover_instance->polynomials.w_4, commitment_labels.w_4, &tails.w_4);
+    auto computed_commitments = batch.commit_and_send_to_verifier(transcript);
 
     prover_instance->commitments.lookup_read_counts = computed_commitments[0];
     prover_instance->commitments.lookup_read_tags = computed_commitments[1];
@@ -155,19 +155,19 @@ template <typename Flavor> void OinkProver<Flavor>::commit_to_logderiv_inverses(
     compute_logderivative_inverses(*prover_instance);
 
     auto batch = commitment_key.start_batch();
-    batch.add_to_batch(prover_instance->polynomials.lookup_inverses, commitment_labels.lookup_inverses);
+    auto& tails = prover_instance->masking_tail_data.tails;
+    batch.add_to_batch(
+        prover_instance->polynomials.lookup_inverses, commitment_labels.lookup_inverses, &tails.lookup_inverses);
 
     // If Mega, commit to the databus inverse polynomials and send
     if constexpr (IsMegaFlavor<Flavor>) {
-        for (auto [polynomial, label] :
-             zip_view(prover_instance->polynomials.get_databus_inverses(), commitment_labels.get_databus_inverses())) {
-            batch.add_to_batch(polynomial, label);
+        for (auto [polynomial, tail, label] : zip_view(prover_instance->polynomials.get_databus_inverses(),
+                                                       tails.get_databus_inverses(),
+                                                       commitment_labels.get_databus_inverses())) {
+            batch.add_to_batch(polynomial, label, &tail);
         };
     }
-    auto computed_commitments = batch.commit_and_send_to_verifier(transcript,
-                                                                  std::numeric_limits<size_t>::max(),
-                                                                  &prover_instance->masking_tail_data,
-                                                                  &prover_instance->polynomials);
+    auto computed_commitments = batch.commit_and_send_to_verifier(transcript);
 
     prover_instance->commitments.lookup_inverses = computed_commitments[0];
     if constexpr (IsMegaFlavor<Flavor>) {
@@ -189,13 +189,9 @@ template <typename Flavor> void OinkProver<Flavor>::commit_to_z_perm()
     compute_grand_product_polynomial(*prover_instance);
 
     auto& z_perm = prover_instance->polynomials.z_perm;
-    // z_perm uses CommitBatch like all other witness polys. MaskingTailData handles masking.
     auto batch = commitment_key.start_batch();
-    batch.add_to_batch(z_perm, commitment_labels.z_perm);
-    auto commitments = batch.commit_and_send_to_verifier(transcript,
-                                                         std::numeric_limits<size_t>::max(),
-                                                         &prover_instance->masking_tail_data,
-                                                         &prover_instance->polynomials);
+    batch.add_to_batch(z_perm, commitment_labels.z_perm, &prover_instance->masking_tail_data.tails.z_perm);
+    auto commitments = batch.commit_and_send_to_verifier(transcript);
     prover_instance->commitments.z_perm = commitments[0];
 }
 
