Reduce the number of rounds in ROM checking to 2. (#204)

It was spuriously three because of imprecise dependency tracking

examples/circ.rs

@@ -322,6 +322,10 @@ fn main() {
                 println!("R1CS stats: {:#?}", r1cs.stats());
             }
             let (prover_data, verifier_data) = r1cs.finalize(cs);
+            println!(
+                "Final R1cs rounds: {}",
+                prover_data.precompute.stage_sizes().count() - 1
+            );
             match action {
                 ProofAction::Count => (),
                 #[cfg(feature = "bellman")]

src/ir/opt/mem/ram/checker.rs

@@ -257,7 +257,7 @@ pub fn haboeck_range_check(
     let ns = ns.subspace("range");
     let f_sort = Sort::Field(f.clone());
     let haystack: Vec<Term> = f_sort.elems_iter().take(n).collect();
-    assertions.push(rom::lookup(c, ns, haystack, values));
+    assertions.push(rom::lookup(c, ns, haystack, values, None));
 }
 
 /// Ensure that each element of `values` is in `[0, n)`.

src/ir/opt/mem/ram/checker/rom.rs

@@ -16,7 +16,16 @@ use log::debug;
 ///
 /// Takes haystack, needles, and returns a term which should be asserted to ensure that each needle
 /// is in haystack.
-pub fn lookup(c: &mut Computation, ns: Namespace, haystack: Vec<Term>, needles: Vec<Term>) -> Term {
+///
+/// If `original_data` is set, then the keys will be independent of it; otherwise, of
+/// needles/haystack.
+pub fn lookup(
+    c: &mut Computation,
+    ns: Namespace,
+    haystack: Vec<Term>,
+    needles: Vec<Term>,
+    original_data: Option<Vec<Term>>,
+) -> Term {
     debug!(
         "Haboeck lookup haystack {}, needles {}",
         haystack.len(),
@@ -45,12 +54,14 @@ pub fn lookup(c: &mut Computation, ns: Namespace, haystack: Vec<Term>, needles:
         .collect();
     let key = term(
         Op::new_chall(ns.fqn("key"), f.clone()),
-        haystack
-            .iter()
-            .chain(&needles)
-            .chain(&counts)
-            .cloned()
-            .collect(),
+        original_data.unwrap_or_else(|| {
+            haystack
+                .iter()
+                .chain(&needles)
+                .chain(&counts)
+                .cloned()
+                .collect()
+        }),
     );
     // x_i + k
     let needle_shifts: Vec<Term> = needles
@@ -137,13 +148,15 @@ pub fn check_covering_rom(c: &mut Computation, ns: Namespace, ram: Ram) -> Term
         }
     }
     assert!(!writes.is_empty());
-    let uhf = UniversalHasher::new(
-        ns.fqn("uhf_key"),
-        f,
-        reads.iter().chain(&writes).flatten().cloned().collect(),
-        writes[0].len(),
-    );
+    let inputs: Vec<_> = reads.iter().chain(&writes).flatten().cloned().collect();
+    let uhf = UniversalHasher::new(ns.fqn("uhf_key"), f, inputs.clone(), writes[0].len());
     let write_hashes = writes.into_iter().map(|a| uhf.hash(a)).collect();
     let read_hashes = reads.into_iter().map(|a| uhf.hash(a)).collect();
-    lookup(c, ns.subspace("scalar"), write_hashes, read_hashes)
+    lookup(
+        c,
+        ns.subspace("scalar"),
+        write_hashes,
+        read_hashes,
+        Some(inputs),
+    )
 }

src/ir/opt/mem/ram/set.rs

@@ -50,6 +50,7 @@ pub fn apply(c: &mut Computation) {
             ns.subspace(format!("setmem{}", i)),
             haystack,
             keys,
+            None,
         ));
     }
     to_assert.push(c.outputs[0].clone());