-
Notifications
You must be signed in to change notification settings - Fork 272
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: ultra honk on Shplemini #8886
Changes from all commits
859f33d
7dd17f0
1f5c083
763d0e1
318f98b
d3bd8a8
171aaac
b2051b7
8024311
a40cba3
81363df
09a14cf
67f20c2
2776644
49a0582
17323fc
3084532
b686854
811cdfb
fb86590
a981e6f
d610e3c
e059c3c
a2c2c99
ee0ba05
48b0bcd
ae129db
6b45f0e
85a44e8
e01bf59
1787543
07f358d
56c7c40
4ae0d4e
9ea8043
5935883
9cd6597
1b78004
2f86a49
00518e6
ac7a09b
45247a8
e363839
6824546
ea25f68
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -285,24 +285,9 @@ template <typename Curve> class ShplonkVerifier_ { | |
std::vector<Fr> inverted_denominators; | ||
inverted_denominators.reserve(num_gemini_claims); | ||
inverted_denominators.emplace_back((shplonk_eval_challenge - gemini_eval_challenge_powers[0]).invert()); | ||
size_t i = 0; | ||
for (const auto& gemini_eval_challenge_power : gemini_eval_challenge_powers) { | ||
bool is_dummy_round = i > num_gemini_claims; | ||
Fr round_inverted_denominator = (shplonk_eval_challenge + gemini_eval_challenge_power).invert(); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. because of the way these are used (in a multiplication with fold evaluations, which will be 0 for dummy rounds) it doesnt matter what values they take |
||
if constexpr (Curve::is_stdlib_type) { | ||
auto builder = shplonk_eval_challenge.get_context(); | ||
// TODO(https://github.com/AztecProtocol/barretenberg/issues/1114): insecure! | ||
stdlib::bool_t dummy_round = stdlib::bool_t(builder, is_dummy_round); | ||
Fr zero = Fr(0); | ||
zero.convert_constant_to_fixed_witness(builder); | ||
round_inverted_denominator = Fr::conditional_assign(dummy_round, zero, round_inverted_denominator); | ||
} else { | ||
if (is_dummy_round) { | ||
round_inverted_denominator = 0; | ||
} | ||
} | ||
inverted_denominators.emplace_back(round_inverted_denominator); | ||
i++; | ||
} | ||
return inverted_denominators; | ||
} | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -527,7 +527,6 @@ template <typename Curve> class ZeroMorphVerifier_ { | |
if constexpr (Curve::is_stdlib_type) { | ||
auto builder = x_challenge.get_context(); | ||
FF zero = FF(0); | ||
zero.convert_constant_to_fixed_witness(builder); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. if the dummy_round is a witness we don't have to convert the constant into a witness because the result of conditional_assign I think will be a new witness as long as one of the values is not constant |
||
stdlib::bool_t dummy_round = stdlib::witness_t(builder, is_dummy_round); | ||
// TODO(https://github.com/AztecProtocol/barretenberg/issues/1039): is it kosher to reassign like this? | ||
scalar = FF::conditional_assign(dummy_round, zero, scalar); | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Initially, I thought that making the bool_t a constant is a simplification and alright for now so I don't make a witness out of thin air (note that for this code to be somewhat secure bool_t has to be a witness tied to the
circuit_size
Given the fact that circuit size i received from transcript, it will itself be a witness). The problem with havingdummy_round
be a constant is that the logic ofconditional_assign
will result in either returning lhs or rhs based on whether dummy_round is true which changes the sigma polynomials. On the other hand, with dummy_round being a witness the scaling_factor, after applyingconditional_assign
becomes a new witness which is the output of additional gates.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks for explaining this!