Questions

scroll-tech · Feb 7, 2025 · db61286 · db61286
1 parent 5e24594
commit db61286
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 0 deletions.
diff --git a/spartan_parallel/src/r1csproof.rs b/spartan_parallel/src/r1csproof.rs
@@ -19,6 +19,7 @@ use rayon::prelude::*;
 pub struct R1CSProof<S: SpartanExtensionField> {
   sc_proof_phase1: SumcheckInstanceProof<S>,
   sc_proof_phase2: SumcheckInstanceProof<S>,
+  // TODO(Matthias): do we need a fourth claim here?  For 'Dz'?
   claims_phase2: (S, S, S),
   // Need to commit vars for short and long witnesses separately
   // The long version must exist, the short version might not
@@ -43,10 +44,13 @@ impl<S: SpartanExtensionField + Send + Sync> R1CSProof<S> {
     evals_Cz: &mut DensePolynomialPqx<S>,
     transcript: &mut Transcript,
   ) -> (SumcheckInstanceProof<S>, Vec<S>, Vec<S>) {
+    // Ok, this looks like f in the issue.  We are adding a g term.
     let comb_func = |poly_A_comp: &S, poly_B_comp: &S, poly_C_comp: &S, poly_D_comp: &S| -> S {
       *poly_A_comp * (*poly_B_comp * *poly_C_comp - *poly_D_comp)
     };
 
+    // Do we need to change the output terms here?
+    // Do we need to extent the called fuction, or write another function?
     let (sc_proof_phase_one, r, claims) =
       SumcheckInstanceProof::<S>::prove_cubic_with_additive_term_disjoint_rounds(
         &S::field_zero(), // claim is zero
@@ -59,6 +63,8 @@ impl<S: SpartanExtensionField + Send + Sync> R1CSProof<S> {
         evals_tau_p,
         evals_tau_q,
         evals_tau_x,
+        // TODO(Matthias): the letters in our local variable names and the names of the arguments of
+        // prove_cubic_with_additive_term_disjoint_rounds are not consistent.  Is this a problem?
         evals_Az,
         evals_Bz,
         evals_Cz,
@@ -554,6 +560,7 @@ impl<S: SpartanExtensionField + Send + Sync> R1CSProof<S> {
 
     let (claim_post_phase_1, rx_rev) = self.sc_proof_phase1.verify(
       ZERO,
+      // OK, here we are talking about rounds.  The issue also mentions round numbers. 
       num_rounds_x + num_rounds_q + num_rounds_p,
       3,
       transcript,
@@ -580,6 +587,7 @@ impl<S: SpartanExtensionField + Send + Sync> R1CSProof<S> {
 
 
     // perform the intermediate sum-check test with claimed Az, Bz, and Cz
+    // TODO(Matthias): ok, I assume we also need a claimed Dz?
     let (Az_claim, Bz_claim, Cz_claim) = self.claims_phase2;
     S::append_field_to_transcript(b"Az_claim", transcript, Az_claim);
     S::append_field_to_transcript(b"Bz_claim", transcript, Bz_claim);

diff --git a/spartan_parallel/src/sumcheck.rs b/spartan_parallel/src/sumcheck.rs
@@ -29,6 +29,8 @@ impl<S: SpartanExtensionField> SumcheckInstanceProof<S> {
     SumcheckInstanceProof { compressed_polys }
   }
 
+  // TODO(Matthias): ok, how does `verify` have to change?
+  // OK, this verify might not have to change at all?
   pub fn verify(
     &self,
     claim: S,
@@ -44,6 +46,10 @@ impl<S: SpartanExtensionField> SumcheckInstanceProof<S> {
     for i in 0..self.compressed_polys.len() {
       let poly = self.compressed_polys[i].decompress(&e);
 
+      // TODO(Matthias): this shouldn't actually be an assert_eq?  We would just want to return an error?
+      // Or is this the recursive verification?
+      // OK, ignore this for now.
+
       // verify degree bound
       assert_eq!(poly.degree(), degree_bound);
 
@@ -500,6 +506,11 @@ impl<S: SpartanExtensionField> SumcheckInstanceProof<S> {
     )
   }
 
+  // Does this function need to change?
+  // Perhaps because it looks like we are going rfom
+  // |a, b, c, d| a * (b * c - d)
+  // to
+  // |a, b, c, d, e| a * (b * c + e^7 - d)
   pub fn prove_cubic_with_additive_term_disjoint_rounds<F>(
     claim: &S,
     num_rounds: usize,
@@ -514,6 +525,9 @@ impl<S: SpartanExtensionField> SumcheckInstanceProof<S> {
     poly_B: &mut DensePolynomialPqx<S>,
     poly_C: &mut DensePolynomialPqx<S>,
     poly_D: &mut DensePolynomialPqx<S>,
+    // why do we have this?
+    // We only ever call this function with comb_func = |a, b, c, d| a * (b * c - d)
+    // Why the extra unused flexibility?
     comb_func: F,
     transcript: &mut Transcript,
   ) -> (Self, Vec<S>, Vec<S>)
@@ -652,10 +666,12 @@ impl<S: SpartanExtensionField> SumcheckInstanceProof<S> {
             eval_point_3,
           ];
           let poly = UniPoly::from_evals(&evals);
+          // TODO(Matthias): we send this one to the verifier.
           poly
         } else {
           // Singlecore evaluation in other Modes
           let mut eval_point_0 = ZERO;
+          // TODO(Matthias): we get eval_point_1 later.
           let mut eval_point_2 = ZERO;
           let mut eval_point_3 = ZERO;
 

diff --git a/spartan_parallel/src/unipoly.rs b/spartan_parallel/src/unipoly.rs
@@ -12,6 +12,8 @@ pub struct UniPoly<S: SpartanExtensionField> {
 
 // ax^2 + bx + c stored as vec![c,a]
 // ax^3 + bx^2 + cx + d stored as vec![d,b,a]
+// TODO(Matthias): looks like we need to do something here to store our x^7 term?
+// Are the first two lines above talking about either/or, or about storing both of these?
 #[derive(Serialize, Deserialize, Debug)]
 pub struct CompressedUniPoly<S: SpartanExtensionField> {
   coeffs_except_linear_term: Vec<S>,