diff --git a/spartan_parallel/src/custom_dense_mlpoly.rs b/spartan_parallel/src/custom_dense_mlpoly.rs index 547304c7..728d8b35 100644 --- a/spartan_parallel/src/custom_dense_mlpoly.rs +++ b/spartan_parallel/src/custom_dense_mlpoly.rs @@ -1,7 +1,7 @@ #![allow(clippy::too_many_arguments)] use std::cmp::min; -use crate::dense_mlpoly::DensePolynomial; +use multilinear_extensions::mle::DenseMultilinearExtension; use crate::math::Math; use ff_ext::ExtensionField; use rayon::prelude::*; @@ -366,30 +366,31 @@ impl DensePolynomialPqx { return cl.index(0, 0, 0, 0); } - // Convert to a (p, q_rev, x_rev) regular dense poly of form (p, q, x) - pub fn to_dense_poly(&self) -> DensePolynomial { - let ZERO = E::ZERO; - - let p_space = self.num_vars_p.pow2(); - let q_space = self.num_vars_q.pow2(); - let w_space = self.num_vars_w.pow2(); - let x_space = self.num_vars_x.pow2(); - - let mut Z_poly = vec![ZERO; p_space * q_space * w_space * x_space]; - for p in 0..self.num_instances { - for q in 0..self.num_proofs[p] { - for w in 0..self.num_witness_secs { - for x in 0..self.num_inputs[p][w] { - Z_poly[ - p * q_space * w_space * x_space - + q * w_space * x_space - + w * x_space - + x - ] = self.Z[p][q][w][x]; - } - } - } - } - DensePolynomial::new(Z_poly) - } + // _debug + // // Convert to a (p, q_rev, x_rev) regular dense poly of form (p, q, x) + // pub fn to_dense_poly(&self) -> DensePolynomial { + // let ZERO = E::ZERO; + + // let p_space = self.num_vars_p.pow2(); + // let q_space = self.num_vars_q.pow2(); + // let w_space = self.num_vars_w.pow2(); + // let x_space = self.num_vars_x.pow2(); + + // let mut Z_poly = vec![ZERO; p_space * q_space * w_space * x_space]; + // for p in 0..self.num_instances { + // for q in 0..self.num_proofs[p] { + // for w in 0..self.num_witness_secs { + // for x in 0..self.num_inputs[p][w] { + // Z_poly[ + // p * q_space * w_space * x_space + // + q * w_space * x_space + // + w * x_space + // + x + // ] = self.Z[p][q][w][x]; + // } + // } + // } + // } + // DensePolynomial::new(Z_poly) + // } } \ No newline at end of file diff --git a/spartan_parallel/src/dense_mlpoly.rs b/spartan_parallel/src/dense_mlpoly.rs index 78385690..544f3998 100644 --- a/spartan_parallel/src/dense_mlpoly.rs +++ b/spartan_parallel/src/dense_mlpoly.rs @@ -11,12 +11,15 @@ use rayon::{iter::ParallelIterator, slice::ParallelSliceMut}; use serde::{Deserialize, Serialize}; use std::cmp::min; +// _debug +/* #[derive(Debug, Clone)] pub struct DensePolynomial { num_vars: usize, // the number of variables in the multilinear polynomial len: usize, Z: Vec, // evaluations of the polynomial in all the 2^num_vars Boolean inputs } +*/ pub struct EqPolynomial { r: Vec, @@ -112,6 +115,8 @@ impl IdentityPolynomial { } } +// _debug +/* impl DensePolynomial { pub fn new(mut Z: Vec) -> Self { // If length of Z is not a power of 2, append Z with 0 @@ -352,7 +357,10 @@ impl DensePolynomial { DenseMultilinearExtension::from_evaluation_vec_smart(self.num_vars, self.Z.clone()) } } +*/ +// _debug +/* impl Index for DensePolynomial { type Output = E; @@ -361,6 +369,7 @@ impl Index for DensePolynomial { &(self.Z[_index]) } } +*/ /* #[cfg(test)] diff --git a/spartan_parallel/src/lib.rs b/spartan_parallel/src/lib.rs index 05444dbd..0df1e78f 100644 --- a/spartan_parallel/src/lib.rs +++ b/spartan_parallel/src/lib.rs @@ -42,12 +42,11 @@ use std::{ io::Write, marker::PhantomData, }; -use dense_mlpoly::DensePolynomial; +use multilinear_extensions::mle::{DenseMultilinearExtension, MultilinearExtension}; use errors::{ProofVerifyError, R1CSError}; use instance::Instance; use itertools::Itertools; use math::Math; -use multilinear_extensions::mle::DenseMultilinearExtension; use mpcs::{PolynomialCommitmentScheme, ProverParam}; use r1csinstance::{R1CSCommitment, R1CSDecommitment, R1CSEvalProof, R1CSInstance}; use r1csproof::R1CSProof; @@ -155,7 +154,7 @@ struct IOProofs> { impl> IOProofs { // Given the polynomial in execution order, generate all proofs fn prove( - exec_poly_inputs: &DensePolynomial, + exec_poly_inputs: &DenseMultilinearExtension, num_ios: usize, num_inputs_unpadded: usize, @@ -334,8 +333,8 @@ struct ShiftProofs> { impl> ShiftProofs { fn prove( - orig_polys: Vec<&DensePolynomial>, - shifted_polys: Vec<&DensePolynomial>, + orig_polys: Vec<&DenseMultilinearExtension>, + shifted_polys: Vec<&DenseMultilinearExtension>, // For each orig_poly, how many entries at the front of proof 0 are non-zero? header_len_list: Vec, transcript: &mut Transcript, @@ -346,11 +345,11 @@ impl> ShiftProofs assert_eq!(num_instances, shifted_polys.len()); let max_poly_size = orig_polys .iter() - .fold(0, |m, p| if p.len() > m { p.len() } else { m }); + .fold(0, |m, p| if p.evaluations().len() > m { p.evaluations().len() } else { m }); let max_poly_size = shifted_polys .iter() - .fold(max_poly_size, |m, p| if p.len() > m { p.len() } else { m }); + .fold(max_poly_size, |m, p| if p.evaluations().len() > m { p.evaluations().len() } else { m }); // Open entry 0..header_len_list[p] - 1 for p in 0..num_instances { for _i in 0..header_len_list[p] {} @@ -368,9 +367,9 @@ impl> ShiftProofs for p in 0..num_instances { let orig_poly = orig_polys[p]; let shifted_poly = shifted_polys[p]; - let orig_eval = (0..orig_poly.len()).fold(E::ZERO, |a, b| a + orig_poly[b] * rc[b]); + let orig_eval = (0..orig_poly.evaluations().len()).fold(E::ZERO, |a, b| a + orig_poly.get_ext_field_vec()[b] * rc[b]); let shifted_eval = - (0..shifted_poly.len()).fold(E::ZERO, |a, b| a + shifted_poly[b] * rc[b]); + (0..shifted_poly.evaluations().len()).fold(E::ZERO, |a, b| a + shifted_poly.get_ext_field_vec()[b] * rc[b]); orig_evals.push(orig_eval); shifted_evals.push(shifted_eval); } @@ -2826,7 +2825,7 @@ impl> SNARK< } perm_w0.extend(vec![E::ZERO; num_ios - 2 * num_inputs_unpadded]); // create a multilinear polynomial using the supplied assignment for variables - let _perm_poly_w0 = DensePolynomial::new(perm_w0.clone()); + let _perm_poly_w0: DenseMultilinearExtension = DenseMultilinearExtension::from_evaluation_vec_smart(perm_w0.len().log_2(), perm_w0); // block_w2 let block_w2_verifier = { @@ -2989,7 +2988,7 @@ impl> SNARK< ] .concat(); // create a multilinear polynomial using the supplied assignment for variables - let _poly_init_stacks = DensePolynomial::new(init_stacks.clone()); + let _poly_init_stacks: DenseMultilinearExtension = DenseMultilinearExtension::from_evaluation_vec_smart(init_stacks.len().log_2(), init_stacks); VerifierWitnessSecInfo::new( vec![INIT_PHY_MEM_WIDTH], &vec![total_num_init_phy_mem_accesses], @@ -3024,7 +3023,7 @@ impl> SNARK< ] .concat(); // create a multilinear polynomial using the supplied assignment for variables - let _poly_init_mems = DensePolynomial::new(init_mems.clone()); + let _poly_init_mems: DenseMultilinearExtension = DenseMultilinearExtension::from_evaluation_vec_smart(init_mems.len().log_2(), init_mems); VerifierWitnessSecInfo::new( vec![INIT_VIR_MEM_WIDTH], &vec![total_num_init_vir_mem_accesses], diff --git a/spartan_parallel/src/product_tree.rs b/spartan_parallel/src/product_tree.rs index 4ec266d1..d3fe7d0f 100644 --- a/spartan_parallel/src/product_tree.rs +++ b/spartan_parallel/src/product_tree.rs @@ -1,7 +1,7 @@ #![allow(dead_code)] use ff_ext::ExtensionField; -use super::dense_mlpoly::DensePolynomial; +use multilinear_extensions::mle::{DenseMultilinearExtension, MultilinearExtension}; use super::dense_mlpoly::EqPolynomial; use super::math::Math; use super::sumcheck::SumcheckInstanceProof; @@ -10,35 +10,40 @@ use serde::{Deserialize, Serialize}; #[derive(Debug, Clone)] pub struct ProductCircuit { - left_vec: Vec>, - right_vec: Vec>, + left_vec: Vec>, + right_vec: Vec>, } impl ProductCircuit { fn compute_layer( - inp_left: &DensePolynomial, - inp_right: &DensePolynomial, - ) -> (DensePolynomial, DensePolynomial) { - let len = inp_left.len() + inp_right.len(); + inp_left: &DenseMultilinearExtension, + inp_right: &DenseMultilinearExtension, + ) -> (DenseMultilinearExtension, DenseMultilinearExtension) { + let len = inp_left.evaluations().len() + inp_right.evaluations().len(); let outp_left = (0..len / 4) - .map(|i| inp_left[i] * inp_right[i]) + .map(|i| inp_left.get_ext_field_vec()[i] * inp_right.get_ext_field_vec()[i]) .collect::>(); let outp_right = (len / 4..len / 2) - .map(|i| inp_left[i] * inp_right[i]) + .map(|i| inp_left.get_ext_field_vec()[i] * inp_right.get_ext_field_vec()[i]) .collect::>(); ( - DensePolynomial::new(outp_left), - DensePolynomial::new(outp_right), + DenseMultilinearExtension::from_evaluation_vec_smart(outp_left.len().log_2(), outp_left), + DenseMultilinearExtension::from_evaluation_vec_smart(outp_right.len().log_2(), outp_right), ) } - pub fn new(poly: &DensePolynomial) -> Self { - let mut left_vec: Vec> = Vec::new(); - let mut right_vec: Vec> = Vec::new(); + pub fn new(poly: &DenseMultilinearExtension) -> Self { + let mut left_vec: Vec> = Vec::new(); + let mut right_vec: Vec> = Vec::new(); - let num_layers = poly.len().log_2(); - let (outp_left, outp_right) = poly.split(poly.len() / 2); + let split_idx = poly.evaluations().len() / 2; + let num_layers = poly.evaluations().len().log_2(); + + let (outp_left, outp_right): (DenseMultilinearExtension, DenseMultilinearExtension) = ( + DenseMultilinearExtension::from_evaluation_vec_smart(split_idx.log_2(), poly.get_ext_field_vec()[0..split_idx].to_vec()), + DenseMultilinearExtension::from_evaluation_vec_smart(split_idx.log_2(), poly.get_ext_field_vec()[split_idx..].to_vec()) + ); left_vec.push(outp_left); right_vec.push(outp_right); @@ -57,27 +62,27 @@ impl ProductCircuit { pub fn evaluate(&self) -> E { let len = self.left_vec.len(); - assert_eq!(self.left_vec[len - 1].get_num_vars(), 0); - assert_eq!(self.right_vec[len - 1].get_num_vars(), 0); - self.left_vec[len - 1][0] * self.right_vec[len - 1][0] + assert_eq!(self.left_vec[len - 1].num_vars, 0); + assert_eq!(self.right_vec[len - 1].num_vars, 0); + self.left_vec[len - 1].get_ext_field_vec()[0] * self.right_vec[len - 1].get_ext_field_vec()[0] } } #[derive(Clone)] pub struct DotProductCircuit { - left: DensePolynomial, - right: DensePolynomial, - weight: DensePolynomial, + left: DenseMultilinearExtension, + right: DenseMultilinearExtension, + weight: DenseMultilinearExtension, } impl DotProductCircuit { pub fn new( - left: DensePolynomial, - right: DensePolynomial, - weight: DensePolynomial, + left: DenseMultilinearExtension, + right: DenseMultilinearExtension, + weight: DenseMultilinearExtension, ) -> Self { - assert_eq!(left.len(), right.len()); - assert_eq!(left.len(), weight.len()); + assert_eq!(left.evaluations().len(), right.evaluations().len()); + assert_eq!(left.evaluations().len(), weight.evaluations().len()); DotProductCircuit { left, right, @@ -86,17 +91,28 @@ impl DotProductCircuit { } pub fn evaluate(&self) -> E { - (0..self.left.len()) - .map(|i| self.left[i] * self.right[i] * self.weight[i]) + (0..self.left.evaluations().len()) + .map(|i| self.left.get_ext_field_vec()[i] * self.right.get_ext_field_vec()[i] * self.weight.get_ext_field_vec()[i]) .sum() } pub fn split(&mut self) -> (DotProductCircuit, DotProductCircuit) { - let idx = self.left.len() / 2; - assert_eq!(idx * 2, self.left.len()); - let (l1, l2) = self.left.split(idx); - let (r1, r2) = self.right.split(idx); - let (w1, w2) = self.weight.split(idx); + let idx = self.left.evaluations().len() / 2; + assert_eq!(idx * 2, self.left.evaluations().len()); + + let (l1, l2): (DenseMultilinearExtension, DenseMultilinearExtension) = ( + DenseMultilinearExtension::from_evaluation_vec_smart(idx.log_2(), self.left.get_ext_field_vec()[0..idx].to_vec()), + DenseMultilinearExtension::from_evaluation_vec_smart(idx.log_2(), self.left.get_ext_field_vec()[idx..].to_vec()) + ); + let (r1, r2): (DenseMultilinearExtension, DenseMultilinearExtension) = ( + DenseMultilinearExtension::from_evaluation_vec_smart(idx.log_2(), self.right.get_ext_field_vec()[0..idx].to_vec()), + DenseMultilinearExtension::from_evaluation_vec_smart(idx.log_2(), self.right.get_ext_field_vec()[idx..].to_vec()) + ); + let (w1, w2): (DenseMultilinearExtension, DenseMultilinearExtension) = ( + DenseMultilinearExtension::from_evaluation_vec_smart(idx.log_2(), self.weight.get_ext_field_vec()[0..idx].to_vec()), + DenseMultilinearExtension::from_evaluation_vec_smart(idx.log_2(), self.weight.get_ext_field_vec()[idx..].to_vec()) + ); + ( DotProductCircuit { left: l1, @@ -179,12 +195,13 @@ impl ProductCircuitEvalProof { let mut claim = circuit.evaluate(); let mut rand = Vec::new(); for layer_id in (0..num_layers).rev() { - let len = circuit.left_vec[layer_id].len() + circuit.right_vec[layer_id].len(); + let len = circuit.left_vec[layer_id].evaluations().len() + circuit.right_vec[layer_id].evaluations().len(); - let mut poly_C = DensePolynomial::new(EqPolynomial::new(rand.clone()).evals()); - assert_eq!(poly_C.len(), len / 2); + let poly_c_evals = EqPolynomial::new(rand.clone()).evals(); + let mut poly_C = DenseMultilinearExtension::from_evaluation_vec_smart(poly_c_evals.len().log_2(), poly_c_evals); + assert_eq!(poly_C.evaluations().len(), len / 2); - let num_rounds_prod = poly_C.len().log_2(); + let num_rounds_prod = poly_C.evaluations().len().log_2(); let comb_func_prod = |poly_A_comp: &E, poly_B_comp: &E, poly_C_comp: &E| -> E { *poly_A_comp * *poly_B_comp * *poly_C_comp }; @@ -269,19 +286,20 @@ impl ProductCircuitEvalProofBatched { let mut rand = Vec::new(); for layer_id in (0..num_layers).rev() { // prepare paralell instance that share poly_C first - let len = prod_circuit_vec[0].left_vec[layer_id].len() - + prod_circuit_vec[0].right_vec[layer_id].len(); + let len = prod_circuit_vec[0].left_vec[layer_id].evaluations().len() + + prod_circuit_vec[0].right_vec[layer_id].evaluations().len(); - let mut poly_C_par = DensePolynomial::new(EqPolynomial::new(rand.clone()).evals()); - assert_eq!(poly_C_par.len(), len / 2); + let poly_c_par_evals = EqPolynomial::new(rand.clone()).evals(); + let mut poly_C_par = DenseMultilinearExtension::from_evaluation_vec_smart(poly_c_par_evals.len().log_2(), poly_c_par_evals); + assert_eq!(poly_C_par.evaluations().len(), len / 2); - let num_rounds_prod = poly_C_par.len().log_2(); + let num_rounds_prod = poly_C_par.evaluations().len().log_2(); let comb_func_prod = |poly_A_comp: &E, poly_B_comp: &E, poly_C_comp: &E| -> E { *poly_A_comp * *poly_B_comp * *poly_C_comp }; - let mut poly_A_batched_par: Vec<&mut DensePolynomial> = Vec::new(); - let mut poly_B_batched_par: Vec<&mut DensePolynomial> = Vec::new(); + let mut poly_A_batched_par: Vec<&mut DenseMultilinearExtension> = Vec::new(); + let mut poly_B_batched_par: Vec<&mut DenseMultilinearExtension> = Vec::new(); for prod_circuit in prod_circuit_vec.iter_mut() { poly_A_batched_par.push(&mut prod_circuit.left_vec[layer_id]); poly_B_batched_par.push(&mut prod_circuit.right_vec[layer_id]) @@ -293,16 +311,16 @@ impl ProductCircuitEvalProofBatched { ); // prepare sequential instances that don't share poly_C - let mut poly_A_batched_seq: Vec<&mut DensePolynomial> = Vec::new(); - let mut poly_B_batched_seq: Vec<&mut DensePolynomial> = Vec::new(); - let mut poly_C_batched_seq: Vec<&mut DensePolynomial> = Vec::new(); + let mut poly_A_batched_seq: Vec<&mut DenseMultilinearExtension> = Vec::new(); + let mut poly_B_batched_seq: Vec<&mut DenseMultilinearExtension> = Vec::new(); + let mut poly_C_batched_seq: Vec<&mut DenseMultilinearExtension> = Vec::new(); if layer_id == 0 && !dotp_circuit_vec.is_empty() { // add additional claims for item in dotp_circuit_vec.iter() { claims_to_verify.push(item.evaluate()); - assert_eq!(len / 2, item.left.len()); - assert_eq!(len / 2, item.right.len()); - assert_eq!(len / 2, item.weight.len()); + assert_eq!(len / 2, item.left.evaluations().len()); + assert_eq!(len / 2, item.right.evaluations().len()); + assert_eq!(len / 2, item.weight.evaluations().len()); } for dotp_circuit in dotp_circuit_vec.iter_mut() { diff --git a/spartan_parallel/src/r1csinstance.rs b/spartan_parallel/src/r1csinstance.rs index 87c001a3..0f1fbaeb 100644 --- a/spartan_parallel/src/r1csinstance.rs +++ b/spartan_parallel/src/r1csinstance.rs @@ -8,7 +8,7 @@ use ff_ext::ExtensionField; use crate::transcript::{Transcript, append_field_to_transcript}; use super::custom_dense_mlpoly::DensePolynomialPqx; -use super::dense_mlpoly::DensePolynomial; +use multilinear_extensions::mle::{DenseMultilinearExtension, MultilinearExtension}; use super::errors::ProofVerifyError; use super::math::Math; use super::random::RandomTape; @@ -456,9 +456,12 @@ impl R1CSInstance { c_evals.push(evals[2]); } // Bind A, B, C to rp - let a_eval = DensePolynomial::new(a_evals).evaluate(rp); - let b_eval = DensePolynomial::new(b_evals).evaluate(rp); - let c_eval = DensePolynomial::new(c_evals).evaluate(rp); + let a_poly = DenseMultilinearExtension::from_evaluation_vec_smart(a_evals.len().log_2(), a_evals); + let b_poly = DenseMultilinearExtension::from_evaluation_vec_smart(b_evals.len().log_2(), b_evals); + let c_poly = DenseMultilinearExtension::from_evaluation_vec_smart(c_evals.len().log_2(), c_evals); + let a_eval = a_poly.evaluate(rp); + let b_eval = b_poly.evaluate(rp); + let c_eval = c_poly.evaluate(rp); let eval_bound_rp = (a_eval, b_eval, c_eval); (eval_list, eval_bound_rp) diff --git a/spartan_parallel/src/r1csproof.rs b/spartan_parallel/src/r1csproof.rs index c4dcc51e..d018de22 100644 --- a/spartan_parallel/src/r1csproof.rs +++ b/spartan_parallel/src/r1csproof.rs @@ -1,6 +1,7 @@ #![allow(clippy::too_many_arguments)] use super::custom_dense_mlpoly::DensePolynomialPqx; -use super::dense_mlpoly::{DensePolynomial, EqPolynomial}; +use super::dense_mlpoly::EqPolynomial; +use multilinear_extensions::mle::{DenseMultilinearExtension, MultilinearExtension}; use super::errors::ProofVerifyError; use super::math::Math; use super::r1csinstance::R1CSInstance; @@ -65,9 +66,9 @@ impl> R1CSPr num_rounds_p: usize, num_proofs: &Vec, num_cons: &Vec, - evals_tau_p: &mut DensePolynomial, - evals_tau_q: &mut DensePolynomial, - evals_tau_x: &mut DensePolynomial, + evals_tau_p: &mut DenseMultilinearExtension, + evals_tau_q: &mut DenseMultilinearExtension, + evals_tau_x: &mut DenseMultilinearExtension, evals_Az: &mut DensePolynomialPqx, evals_Bz: &mut DensePolynomialPqx, evals_Cz: &mut DensePolynomialPqx, @@ -108,7 +109,7 @@ impl> R1CSPr num_witness_secs: usize, num_inputs: Vec>, claim: &E, - evals_eq: &mut DensePolynomial, + evals_eq: &mut DenseMultilinearExtension, evals_ABC: &mut DensePolynomialPqx, evals_z: &mut DensePolynomialPqx, transcript: &mut Transcript, @@ -242,9 +243,12 @@ impl> R1CSPr let tau_x = challenge_vector(transcript, b"challenge_tau_x", num_rounds_x); // compute the initial evaluation table for R(\tau, x) - let mut poly_tau_p = DensePolynomial::new(EqPolynomial::new(tau_p).evals()); - let mut poly_tau_q = DensePolynomial::new(EqPolynomial::new(tau_q).evals()); - let mut poly_tau_x = DensePolynomial::new(EqPolynomial::new(tau_x).evals()); + let tau_p_evals = EqPolynomial::new(tau_p).evals(); + let tau_q_evals = EqPolynomial::new(tau_q).evals(); + let tau_x_evals = EqPolynomial::new(tau_x).evals(); + let mut poly_tau_p = DenseMultilinearExtension::from_evaluation_vec_smart(tau_p_evals.len().log_2(), tau_p_evals); + let mut poly_tau_q = DenseMultilinearExtension::from_evaluation_vec_smart(tau_q_evals.len().log_2(), tau_q_evals); + let mut poly_tau_x = DenseMultilinearExtension::from_evaluation_vec_smart(tau_x_evals.len().log_2(), tau_x_evals); let (mut poly_Az, mut poly_Bz, mut poly_Cz) = inst.multiply_vec_block( num_instances, num_proofs.clone(), @@ -274,9 +278,9 @@ impl> R1CSPr transcript, ); - assert_eq!(poly_tau_p.len(), 1); - assert_eq!(poly_tau_q.len(), 1); - assert_eq!(poly_tau_x.len(), 1); + assert_eq!(poly_tau_p.evaluations().len(), 1); + assert_eq!(poly_tau_q.evaluations().len(), 1); + assert_eq!(poly_tau_x.evaluations().len(), 1); assert_eq!(poly_Az.len(), 1); assert_eq!(poly_Bz.len(), 1); assert_eq!(poly_Cz.len(), 1); @@ -284,7 +288,7 @@ impl> R1CSPr timer_sc_proof_phase1.stop(); let (_tau_claim, Az_claim, Bz_claim, Cz_claim) = ( - &(poly_tau_p[0] * poly_tau_q[0] * poly_tau_x[0]), + &(poly_tau_p.get_ext_field_vec()[0] * poly_tau_q.get_ext_field_vec()[0] * poly_tau_x.get_ext_field_vec()[0]), &poly_Az.index(0, 0, 0, 0), &poly_Bz.index(0, 0, 0, 0), &poly_Cz.index(0, 0, 0, 0), @@ -355,7 +359,8 @@ impl> R1CSPr timer_tmp.stop(); // An Eq function to match p with rp - let mut eq_p_rp_poly = DensePolynomial::new(EqPolynomial::new(rp).evals()); + let rp_evals = EqPolynomial::new(rp).evals(); + let mut eq_p_rp_poly = DenseMultilinearExtension::from_evaluation_vec_smart(rp_evals.len().log_2(), rp_evals); // Sumcheck 2: (rA + rB + rC) * Z * eq(p) = e let timer_tmp = Timer::new("prove_sum_check"); @@ -532,7 +537,7 @@ impl> R1CSPr } timer_polyeval.stop(); - let poly_vars = DensePolynomial::new(eval_vars_comb_list); + let poly_vars = DenseMultilinearExtension::from_evaluation_vec_smart(eval_vars_comb_list.len().log_2(), eval_vars_comb_list); let eval_vars_at_ry = poly_vars.evaluate(&rp); // prove the final step of sum-check #2 // Deferred to verifier diff --git a/spartan_parallel/src/sparse_mlpoly.rs b/spartan_parallel/src/sparse_mlpoly.rs index 9cb22f6e..0b927de8 100644 --- a/spartan_parallel/src/sparse_mlpoly.rs +++ b/spartan_parallel/src/sparse_mlpoly.rs @@ -4,7 +4,6 @@ use ff_ext::ExtensionField; use mpcs::PolynomialCommitmentScheme; use multilinear_extensions::mle::{DenseMultilinearExtension, MultilinearExtension}; -use super::dense_mlpoly::DensePolynomial; use super::dense_mlpoly::{EqPolynomial, IdentityPolynomial}; use super::errors::ProofVerifyError; use super::math::Math; @@ -36,9 +35,9 @@ pub struct SparseMatPolynomial { } pub struct Derefs { - row_ops_val: Vec>, - col_ops_val: Vec>, - comb: DensePolynomial, + row_ops_val: Vec>, + col_ops_val: Vec>, + comb: DenseMultilinearExtension, } #[derive(Debug, Serialize, Deserialize)] @@ -47,7 +46,7 @@ pub struct DerefsCommitment Derefs { - pub fn new(row_ops_val: Vec>, col_ops_val: Vec>) -> Self { + pub fn new(row_ops_val: Vec>, col_ops_val: Vec>) -> Self { assert_eq!(row_ops_val.len(), col_ops_val.len()); let ret_row_ops_val = row_ops_val.clone(); @@ -55,7 +54,10 @@ impl Derefs { let derefs = { // combine all polynomials into a single polynomial (used below to produce a single commitment) - let comb = DensePolynomial::merge(row_ops_val.into_iter().chain(col_ops_val.into_iter())); + let mut comb = row_ops_val[0].clone(); + for p in row_ops_val.into_iter().skip(1).chain(col_ops_val.into_iter()) { + comb.merge(p); + } Derefs { row_ops_val: ret_row_ops_val, @@ -70,10 +72,10 @@ impl Derefs { impl> DerefsCommitment { pub fn commit(derefs: &Derefs) -> DerefsCommitment { - let l = derefs.comb.len(); + let l = derefs.comb.evaluations().len(); let param = Pcs::setup(l).unwrap(); let (pp, _vp) = Pcs::trim(param, l).unwrap(); - let comm_ops_val = Pcs::get_pure_commitment(&Pcs::commit(&pp, &derefs.comb.to_ceno_mle()).expect("Commitment should not fail")); + let comm_ops_val = Pcs::get_pure_commitment(&Pcs::commit(&pp, &derefs.comb).expect("Commitment should not fail")); DerefsCommitment { comm_ops_val } } } @@ -90,13 +92,13 @@ impl> DerefsEvalProof, + joint_poly: &DenseMultilinearExtension, r: &[E], evals: Vec, transcript: &mut Transcript, random_tape: &mut RandomTape, ) -> Self { - assert_eq!(joint_poly.get_num_vars(), r.len() + evals.len().log_2()); + assert_eq!(joint_poly.num_vars, r.len() + evals.len().log_2()); // append the claimed evaluations to transcript append_field_vector_to_transcript(b"evals_ops_val", transcript, &evals); @@ -105,12 +107,11 @@ impl> DerefsEvalProof> DerefsEvalProof> DerefsEvalProof> DerefsEvalProof { ops_addr_usize: Vec>, - ops_addr: Vec>, - read_ts: Vec>, - audit_ts: DensePolynomial, + ops_addr: Vec>, + read_ts: Vec>, + audit_ts: DenseMultilinearExtension, } impl AddrTimestamps { @@ -225,8 +224,8 @@ impl AddrTimestamps { } let mut audit_ts = vec![0usize; num_cells]; - let mut ops_addr_vec: Vec> = Vec::new(); - let mut read_ts_vec: Vec> = Vec::new(); + let mut ops_addr_vec: Vec> = Vec::new(); + let mut read_ts_vec: Vec> = Vec::new(); for ops_addr_inst in ops_addr.iter() { let mut read_ts = vec![0usize; num_ops]; @@ -242,39 +241,43 @@ impl AddrTimestamps { audit_ts[addr] = w_ts; } - ops_addr_vec.push(DensePolynomial::from_usize(ops_addr_inst)); - read_ts_vec.push(DensePolynomial::from_usize(&read_ts)); + let ops_addr_inst_evals = ops_addr_inst.into_iter().map(|&n| E::from_u128(n as u128)).collect::>(); + let read_ts_evals = read_ts.into_iter().map(|n| E::from_u128(n as u128)).collect::>(); + ops_addr_vec.push(DenseMultilinearExtension::from_evaluation_vec_smart(ops_addr_inst_evals.len().log_2(), ops_addr_inst_evals)); + read_ts_vec.push(DenseMultilinearExtension::from_evaluation_vec_smart(read_ts_evals.len().log_2(), read_ts_evals)); } + let audit_ts_evals = audit_ts.into_iter().map(|n| E::from_u128(n as u128)).collect::>(); + AddrTimestamps { ops_addr: ops_addr_vec, ops_addr_usize: ops_addr, read_ts: read_ts_vec, - audit_ts: DensePolynomial::from_usize(&audit_ts), + audit_ts: DenseMultilinearExtension::from_evaluation_vec_smart(audit_ts_evals.len().log_2(), audit_ts_evals), } } - fn deref_mem(addr: &[usize], mem_val: &[E]) -> DensePolynomial { - DensePolynomial::new( - (0..addr.len()) - .map(|i| { - let a = addr[i]; - mem_val[a] - }) - .collect::>(), - ) + fn deref_mem(addr: &[usize], mem_val: &[E]) -> DenseMultilinearExtension { + let evals = (0..addr.len()) + .map(|i| { + let a = addr[i]; + mem_val[a] + }) + .collect::>(); + + DenseMultilinearExtension::from_evaluation_vec_smart(evals.len().log_2(), evals) } - pub fn deref(&self, mem_val: &[E]) -> Vec> { + pub fn deref(&self, mem_val: &[E]) -> Vec> { (0..self.ops_addr.len()) .map(|i| AddrTimestamps::deref_mem(&self.ops_addr_usize[i], mem_val)) - .collect::>>() + .collect::>>() } } pub struct MultiSparseMatPolynomialAsDense { batch_size: usize, - val: Vec>, + val: Vec>, row: AddrTimestamps, col: AddrTimestamps, comb_ops_ceno_mle: DenseMultilinearExtension, @@ -342,12 +345,12 @@ impl SparseMatPolynomial { let mut ops_row_vec: Vec> = Vec::new(); let mut ops_col_vec: Vec> = Vec::new(); - let mut val_vec: Vec> = Vec::new(); + let mut val_vec: Vec> = Vec::new(); for poly in sparse_polys { let (ops_row, ops_col, val) = poly.sparse_to_dense_vecs(N); ops_row_vec.push(ops_row); ops_col_vec.push(ops_col); - val_vec.push(DensePolynomial::new(val)); + val_vec.push(DenseMultilinearExtension::from_evaluation_vec_smart(val.len().log_2(), val)); } let any_poly = &sparse_polys[0]; @@ -366,28 +369,29 @@ impl SparseMatPolynomial { let ret_val_vec = val_vec.clone(); // combine polynomials into a single polynomial for commitment purposes - let comb_ops = DensePolynomial::merge( - row - .ops_addr - .into_iter() - .chain(row.read_ts.into_iter()) - .chain(col.ops_addr.into_iter()) - .chain(col.read_ts.into_iter()) - .chain(val_vec.into_iter()), - ); - let mut comb_mem = row.audit_ts.clone(); - comb_mem.extend(&col.audit_ts); + let mut comb_ops = row.ops_addr[0].clone(); + for p in + row.ops_addr + .into_iter() + .skip(1) + .chain(row.read_ts.into_iter()) + .chain(col.ops_addr.into_iter()) + .chain(col.read_ts.into_iter()) + .chain(val_vec.into_iter()) + { + comb_ops.merge(p); + } - let comb_ops_ceno_mle = comb_ops.clone().to_ceno_mle(); - let comb_mem_ceno_mle = comb_mem.clone().to_ceno_mle(); + let mut comb_mem = row.audit_ts.clone(); + comb_mem.merge(col.audit_ts); MultiSparseMatPolynomialAsDense { batch_size: sparse_polys.len(), row: ret_row, col: ret_col, val: ret_val_vec, - comb_ops_ceno_mle, - comb_mem_ceno_mle, + comb_ops_ceno_mle: comb_ops, + comb_mem_ceno_mle: comb_mem, } } @@ -510,8 +514,8 @@ impl> SparseMatPolyCommitm ( SparseMatPolyCommitment { batch_size, - num_mem_cells: dense.row.audit_ts.len(), - num_ops: dense.row.read_ts[0].len(), + num_mem_cells: dense.row.audit_ts.evaluations().len(), + num_ops: dense.row.read_ts[0].evaluations().len(), comm_comb_ops, comm_comb_mem, _phantom: E::ZERO, @@ -545,16 +549,16 @@ struct Layers { impl Layers { fn build_hash_layer( eval_table: &[E], - addrs_vec: &[DensePolynomial], - derefs_vec: &[DensePolynomial], - read_ts_vec: &[DensePolynomial], - audit_ts: &DensePolynomial, + addrs_vec: &[DenseMultilinearExtension], + derefs_vec: &[DenseMultilinearExtension], + read_ts_vec: &[DenseMultilinearExtension], + audit_ts: &DenseMultilinearExtension, r_mem_check: &(E, E), ) -> ( - DensePolynomial, - Vec>, - Vec>, - DensePolynomial, + DenseMultilinearExtension, + Vec>, + Vec>, + DenseMultilinearExtension, ) { let (r_hash, r_multiset_check) = r_mem_check; @@ -564,49 +568,45 @@ impl Layers { // hash init and audit that does not depend on #instances let num_mem_cells = eval_table.len(); - let poly_init_hashed = DensePolynomial::new( - (0..num_mem_cells) - .map(|i| { - // at init time, addr is given by i, init value is given by eval_table, and ts = 0 - hash_func(&E::from(i as u64), &eval_table[i], &E::ZERO) - *r_multiset_check - }) - .collect::>(), - ); - let poly_audit_hashed = DensePolynomial::new( - (0..num_mem_cells) - .map(|i| { - // at audit time, addr is given by i, value is given by eval_table, and ts is given by audit_ts - hash_func(&E::from(i as u64), &eval_table[i], &audit_ts[i]) - *r_multiset_check - }) - .collect::>(), - ); + let poly_init_hashed_evals = (0..num_mem_cells) + .map(|i| { + // at init time, addr is given by i, init value is given by eval_table, and ts = 0 + hash_func(&E::from(i as u64), &eval_table[i], &E::ZERO) - *r_multiset_check + }) + .collect::>(); + let poly_init_hashed = DenseMultilinearExtension::from_evaluation_vec_smart(poly_init_hashed_evals.len().log_2(), poly_init_hashed_evals); + let poly_audit_hashed_evals = (0..num_mem_cells) + .map(|i| { + // at audit time, addr is given by i, value is given by eval_table, and ts is given by audit_ts + hash_func(&E::from(i as u64), &eval_table[i], &audit_ts.get_ext_field_vec()[i]) - *r_multiset_check + }) + .collect::>(); + let poly_audit_hashed = DenseMultilinearExtension::from_evaluation_vec_smart(poly_audit_hashed_evals.len().log_2(), poly_audit_hashed_evals); // hash read and write that depends on #instances - let mut poly_read_hashed_vec: Vec> = Vec::new(); - let mut poly_write_hashed_vec: Vec> = Vec::new(); + let mut poly_read_hashed_vec: Vec> = Vec::new(); + let mut poly_write_hashed_vec: Vec> = Vec::new(); for i in 0..addrs_vec.len() { let (addrs, derefs, read_ts) = (&addrs_vec[i], &derefs_vec[i], &read_ts_vec[i]); - assert_eq!(addrs.len(), derefs.len()); - assert_eq!(addrs.len(), read_ts.len()); - let num_ops = addrs.len(); - let poly_read_hashed = DensePolynomial::new( - (0..num_ops) - .map(|i| { - // at read time, addr is given by addrs, value is given by derefs, and ts is given by read_ts - hash_func(&addrs[i], &derefs[i], &read_ts[i]) - *r_multiset_check - }) - .collect::>(), - ); + assert_eq!(addrs.evaluations().len(), derefs.evaluations().len()); + assert_eq!(addrs.evaluations().len(), read_ts.evaluations().len()); + let num_ops = addrs.evaluations().len(); + let poly_read_hashed_evals = (0..num_ops) + .map(|i| { + // at read time, addr is given by addrs, value is given by derefs, and ts is given by read_ts + hash_func(&addrs.get_ext_field_vec()[i], &derefs.get_ext_field_vec()[i], &read_ts.get_ext_field_vec()[i]) - *r_multiset_check + }) + .collect::>(); + let poly_read_hashed = DenseMultilinearExtension::from_evaluation_vec_smart(poly_read_hashed_evals.len().log_2(), poly_read_hashed_evals); poly_read_hashed_vec.push(poly_read_hashed); - let poly_write_hashed = DensePolynomial::new( - (0..num_ops) - .map(|i| { - // at write time, addr is given by addrs, value is given by derefs, and ts is given by write_ts = read_ts + 1 - hash_func(&addrs[i], &derefs[i], &(read_ts[i] + E::ONE)) - *r_multiset_check - }) - .collect::>(), - ); + let poly_write_hashed_evals = (0..num_ops) + .map(|i| { + // at write time, addr is given by addrs, value is given by derefs, and ts is given by write_ts = read_ts + 1 + hash_func(&addrs.get_ext_field_vec()[i], &derefs.get_ext_field_vec()[i], &(read_ts.get_ext_field_vec()[i] + E::ONE)) - *r_multiset_check + }) + .collect::>(); + let poly_write_hashed = DenseMultilinearExtension::from_evaluation_vec_smart(poly_write_hashed_evals.len().log_2(), poly_write_hashed_evals); poly_write_hashed_vec.push(poly_write_hashed); } @@ -621,7 +621,7 @@ impl Layers { pub fn new( eval_table: &[E], addr_timestamps: &AddrTimestamps, - poly_ops_val: &[DensePolynomial], + poly_ops_val: &[DenseMultilinearExtension], r_mem_check: &(E, E), ) -> Self { let (poly_init_hashed, poly_read_hashed_vec, poly_write_hashed_vec, poly_audit_hashed) = @@ -786,15 +786,15 @@ impl> HashLayerProof> HashLayerProof = vec![eval_row_audit_ts, eval_col_audit_ts]; append_field_vector_to_transcript(b"claim_evals_mem", transcript, &evals_mem); + let num_vars_mem = evals_mem.len().log_2(); let challenges_mem = - challenge_vector(transcript, b"challenge_combine_two_to_one", evals_mem.len().log_2()); + challenge_vector(transcript, b"challenge_combine_two_to_one", num_vars_mem); - let mut poly_evals_mem = DensePolynomial::new(evals_mem); - for i in (0..challenges_mem.len()).rev() { - poly_evals_mem.bound_poly_var_bot(&challenges_mem[i]); - } - assert_eq!(poly_evals_mem.len(), 1); - let joint_claim_eval_mem = poly_evals_mem[0]; + let mut poly_evals_mem = DenseMultilinearExtension::from_evaluation_vec_smart(num_vars_mem, evals_mem); + // _debug: variable order + poly_evals_mem.fix_variables_in_place(&challenges_mem); + assert_eq!(poly_evals_mem.evaluations().len(), 1); + let joint_claim_eval_mem = poly_evals_mem.get_ext_field_vec()[0]; let mut r_joint_mem = challenges_mem; r_joint_mem.extend(rand_mem); debug_assert_eq!(dense.comb_mem_ceno_mle.evaluate(&r_joint_mem), joint_claim_eval_mem); @@ -946,20 +946,19 @@ impl> HashLayerProof> HashLayerProof = vec![*eval_row_audit_ts, *eval_col_audit_ts]; append_field_vector_to_transcript(b"claim_evals_mem", transcript, &evals_mem); + let num_vars_mem = evals_mem.len().log_2(); let challenges_mem = - challenge_vector(transcript, b"challenge_combine_two_to_one", evals_mem.len().log_2()); + challenge_vector(transcript, b"challenge_combine_two_to_one", num_vars_mem); - let mut poly_evals_mem = DensePolynomial::new(evals_mem); - for i in (0..challenges_mem.len()).rev() { - poly_evals_mem.bound_poly_var_bot(&challenges_mem[i]); - } - assert_eq!(poly_evals_mem.len(), 1); - let joint_claim_eval_mem = poly_evals_mem[0]; + let mut poly_evals_mem = DenseMultilinearExtension::from_evaluation_vec_smart(num_vars_mem, evals_mem); + poly_evals_mem.fix_variables_in_place(&challenges_mem); + assert_eq!(poly_evals_mem.evaluations().len(), 1); + let joint_claim_eval_mem = poly_evals_mem.get_ext_field_vec()[0]; let mut r_joint_mem = challenges_mem; r_joint_mem.extend(rand_mem); append_field_to_transcript(b"joint_claim_eval_mem", transcript, joint_claim_eval_mem); - let l: usize = 1 << poly_evals_mem.get_num_vars(); + let l: usize = 1 << poly_evals_mem.num_vars; let (_pp, vp) = Pcs::trim(Pcs::setup(l).expect("Param setup should not fail."), l).expect("Param trim should not fail."); Pcs::verify(&vp, &Pcs::get_pure_commitment(&self.comm_mem), &r_joint_mem, &joint_claim_eval_mem, &self.proof_mem, transcript).map_err(|e| ProofVerifyError::InternalError)?; diff --git a/spartan_parallel/src/sumcheck.rs b/spartan_parallel/src/sumcheck.rs index 1f134c82..69eaa995 100644 --- a/spartan_parallel/src/sumcheck.rs +++ b/spartan_parallel/src/sumcheck.rs @@ -4,7 +4,7 @@ use crate::custom_dense_mlpoly::DensePolynomialPqx; use crate::math::Math; use ff_ext::ExtensionField; -use super::dense_mlpoly::DensePolynomial; +use multilinear_extensions::mle::{DenseMultilinearExtension, MultilinearExtension}; use super::errors::ProofVerifyError; use super::transcript::{Transcript, challenge_scalar}; use super::unipoly::{CompressedUniPoly, UniPoly}; @@ -69,12 +69,14 @@ impl SumcheckInstanceProof { } impl SumcheckInstanceProof { + // _debug: remove native sumcheck prover + /* pub fn prove_cubic( claim: &E, num_rounds: usize, - poly_A: &mut DensePolynomial, - poly_B: &mut DensePolynomial, - poly_C: &mut DensePolynomial, + poly_A: &mut DenseMultilinearExtension, + poly_B: &mut DenseMultilinearExtension, + poly_C: &mut DenseMultilinearExtension, comb_func: F, transcript: &mut Transcript, ) -> (Self, Vec, Vec) @@ -89,7 +91,7 @@ impl SumcheckInstanceProof { let mut eval_point_2 = E::ZERO; let mut eval_point_3 = E::ZERO; - let len = poly_A.len() / 2; + let len = poly_A.evaluations().len() / 2; for i in 0..len { // eval 0: bound_func is A(low) eval_point_0 += comb_func(&poly_A[i], &poly_B[i], &poly_C[i]); @@ -146,14 +148,14 @@ impl SumcheckInstanceProof { claim: &E, num_rounds: usize, poly_vec_par: ( - &mut Vec<&mut DensePolynomial>, - &mut Vec<&mut DensePolynomial>, - &mut DensePolynomial, + &mut Vec<&mut DenseMultilinearExtension>, + &mut Vec<&mut DenseMultilinearExtension>, + &mut DenseMultilinearExtension, ), poly_vec_seq: ( - &mut Vec<&mut DensePolynomial>, - &mut Vec<&mut DensePolynomial>, - &mut Vec<&mut DensePolynomial>, + &mut Vec<&mut DenseMultilinearExtension>, + &mut Vec<&mut DenseMultilinearExtension>, + &mut Vec<&mut DenseMultilinearExtension>, ), coeffs: &[E], comb_func: F, @@ -316,7 +318,8 @@ impl SumcheckInstanceProof { claims_dotp, ) } - + */ + pub fn prove_cubic_disjoint_rounds( claim: &E, num_rounds: usize, @@ -326,7 +329,7 @@ impl SumcheckInstanceProof { single_inst: bool, // indicates whether poly_B only has one instance num_witness_secs: usize, mut num_inputs: Vec>, - poly_A: &mut DensePolynomial, + poly_A: &mut DenseMultilinearExtension, poly_B: &mut DensePolynomialPqx, poly_C: &mut DensePolynomialPqx, comb_func: F, @@ -418,10 +421,11 @@ impl SumcheckInstanceProof { } for y in 0..num_inputs[p][w] { // evaluate A, B, C on p, w, y + let poly_A_vec = poly_A.get_ext_field_vec(); let (poly_A_low, poly_A_high) = match mode { - MODE_X => (poly_A[p], poly_A[p]), - MODE_W => (poly_A[p], poly_A[p]), - MODE_P => (poly_A[2 * p], poly_A[2 * p + 1]), + MODE_X => (poly_A_vec[p], poly_A_vec[p]), + MODE_W => (poly_A_vec[p], poly_A_vec[p]), + MODE_P => (poly_A_vec[2 * p], poly_A_vec[2 * p + 1]), _ => unreachable!() }; let poly_B_low = poly_B.index_low(p_inst, 0, w, y, mode); @@ -477,7 +481,7 @@ impl SumcheckInstanceProof { // bound all tables to the verifier's challenege if mode == MODE_P { - poly_A.bound_poly_var_bot(&r_j); + poly_A.fix_variables_in_place(&[r_j]); } if mode != MODE_P || !single_inst { poly_B.bound_poly(&r_j, mode); @@ -491,7 +495,7 @@ impl SumcheckInstanceProof { SumcheckInstanceProof::new(polys), r, vec![ - poly_A[0], + poly_A.get_ext_field_vec()[0], poly_B.index(0, 0, 0, 0), poly_C.index(0, 0, 0, 0), ], @@ -507,9 +511,9 @@ impl SumcheckInstanceProof { num_rounds_p: usize, mut num_proofs: Vec, mut num_cons: Vec, - poly_Ap: &mut DensePolynomial, - poly_Aq: &mut DensePolynomial, - poly_Ax: &mut DensePolynomial, + poly_Ap: &mut DenseMultilinearExtension, + poly_Aq: &mut DenseMultilinearExtension, + poly_Ax: &mut DenseMultilinearExtension, poly_B: &mut DensePolynomialPqx, poly_C: &mut DensePolynomialPqx, poly_D: &mut DensePolynomialPqx, @@ -596,8 +600,11 @@ impl SumcheckInstanceProof { let mut eval_point_3 = ZERO; for x in 0..num_cons[p] { // evaluate A, B, C, D on p, q, x - let poly_A_low = poly_Ap[p] * poly_Aq[q] * poly_Ax[2 * x]; - let poly_A_high = poly_Ap[p] * poly_Aq[q] * poly_Ax[2 * x + 1]; + let poly_Ap_vec = poly_Ap.get_ext_field_vec(); + let poly_Aq_vec = poly_Aq.get_ext_field_vec(); + let poly_Ax_vec = poly_Ax.get_ext_field_vec(); + let poly_A_low = poly_Ap_vec[p] * poly_Aq_vec[q] * poly_Ax_vec[2 * x]; + let poly_A_high = poly_Ap_vec[p] * poly_Aq_vec[q] * poly_Ax_vec[2 * x + 1]; let poly_B_low = poly_B.index_low(p, q, 0, x, mode); let poly_B_high = poly_B.index_high(p, q, 0, x, mode); let poly_C_low = poly_C.index_low(p, q, 0, x, mode); @@ -666,14 +673,17 @@ impl SumcheckInstanceProof { for q in 0..num_proofs[p] { for x in 0..num_cons[p] { // evaluate A, B, C, D on p, q, x + let poly_Ap_vec = poly_Ap.get_ext_field_vec(); + let poly_Aq_vec = poly_Aq.get_ext_field_vec(); + let poly_Ax_vec = poly_Ax.get_ext_field_vec(); let (poly_A_low, poly_A_high) = match mode { MODE_Q => ( - poly_Ap[p] * poly_Aq[2 * q] * poly_Ax[x], - poly_Ap[p] * poly_Aq[2 * q + 1] * poly_Ax[x], + poly_Ap_vec[p] * poly_Aq_vec[2 * q] * poly_Ax_vec[x], + poly_Ap_vec[p] * poly_Aq_vec[2 * q + 1] * poly_Ax_vec[x], ), MODE_P => ( - poly_Ap[2 * p] * poly_Aq[q] * poly_Ax[x], - poly_Ap[2 * p + 1] * poly_Aq[q] * poly_Ax[x], + poly_Ap_vec[2 * p] * poly_Aq_vec[q] * poly_Ax_vec[x], + poly_Ap_vec[2 * p + 1] * poly_Aq_vec[q] * poly_Ax_vec[x], ), _ => unreachable!() }; @@ -742,11 +752,11 @@ impl SumcheckInstanceProof { // bound all tables to the verifier's challenege if mode == MODE_X { - poly_Ax.bound_poly_var_bot(&r_j); + poly_Ax.fix_variables_in_place(&[r_j]); } else if mode == MODE_Q { - poly_Aq.bound_poly_var_bot(&r_j); + poly_Aq.fix_variables_in_place(&[r_j]); } else if mode == MODE_P { - poly_Ap.bound_poly_var_bot(&r_j); + poly_Ap.fix_variables_in_place(&[r_j]); } else { unreachable!() } @@ -761,7 +771,7 @@ impl SumcheckInstanceProof { SumcheckInstanceProof::new(polys), r, vec![ - poly_Ap[0] * poly_Aq[0] * poly_Ax[0], + poly_Ap.get_ext_field_vec()[0] * poly_Aq.get_ext_field_vec()[0] * poly_Ax.get_ext_field_vec()[0], poly_B.index(0, 0, 0, 0), poly_C.index(0, 0, 0, 0), poly_D.index(0, 0, 0, 0),