From 69f0e9440556f35165ad2538e02fa48a7a1b3978 Mon Sep 17 00:00:00 2001 From: Mara Mihali Date: Fri, 10 Mar 2023 10:26:18 +0000 Subject: [PATCH] add support for variable crs as long --- src/multilinear_pc/mod.rs | 53 +++++++++++++++++++++++++-------------- 1 file changed, 34 insertions(+), 19 deletions(-) diff --git a/src/multilinear_pc/mod.rs b/src/multilinear_pc/mod.rs index 8a562f5f..cd209ced 100644 --- a/src/multilinear_pc/mod.rs +++ b/src/multilinear_pc/mod.rs @@ -150,9 +150,15 @@ impl MultilinearPC { polynomial: &impl MultilinearExtension, ) -> Commitment { let nv = polynomial.num_vars(); + debug_assert!(nv <= ck.nv); + let scalars: Vec<_> = polynomial.to_evaluations(); - debug_assert!(scalars.len() == ck.powers_of_g[0].len()); - let g_product = ::msm(&ck.powers_of_g[0], &scalars[..]) + // powers_of_g starts with the longest crs so we need to find the + // one matching the polynomial's number of variables + let mut powers_of_g = ck.powers_of_g[ck.nv - nv].clone(); + debug_assert!(scalars.len() == powers_of_g.len()); + + let g_product = ::msm(&powers_of_g, &scalars[..]) .unwrap() .into_affine(); Commitment { nv, g_product } @@ -165,9 +171,14 @@ impl MultilinearPC { polynomial: &impl MultilinearExtension, ) -> CommitmentG2 { let nv = polynomial.num_vars(); + debug_assert!(nv <= ck.nv); + let scalars: Vec<_> = polynomial.to_evaluations(); - debug_assert!(scalars.len() == ck.powers_of_h[0].len()); - let h_product = ::msm(&ck.powers_of_h[0], &scalars[..]) + // powers_of_g starts with the longest crs so we need to find the + // one matching the polynomial's number of variables + let mut powers_of_h = ck.powers_of_h[ck.nv - nv].clone(); + debug_assert!(scalars.len() == powers_of_h.len()); + let h_product = ::msm(&powers_of_h, &scalars[..]) .unwrap() .into_affine(); CommitmentG2 { nv, h_product } @@ -179,13 +190,14 @@ impl MultilinearPC { polynomial: &impl MultilinearExtension, point: &[E::ScalarField], ) -> Proof { - assert_eq!(polynomial.num_vars(), ck.nv, "Invalid size of polynomial"); let nv = polynomial.num_vars(); + assert!(nv <= ck.nv, "Invalid size of polynomial"); let mut r: Vec> = (0..nv + 1).map(|_| Vec::new()).collect(); let mut q: Vec> = (0..nv + 1).map(|_| Vec::new()).collect(); r[nv] = polynomial.to_evaluations(); - + // adjust the crs to start from the correct number of variables + let powers_of_h = ck.powers_of_h[ck.nv - nv..].to_vec(); let mut thread_handles = vec![]; for i in 0..nv { let k = nv - i; @@ -208,8 +220,7 @@ impl MultilinearPC { .map(|x| q[k][x >> 1]) // fine .collect(); - let ph = ck.powers_of_h[i].clone(); - debug_assert!(ph.len() == scalars.len()); + let mut ph = powers_of_h[i].to_vec(); thread_handles.push(thread::spawn(move || { ::msm(&ph, &scalars[..]) .unwrap() @@ -231,15 +242,17 @@ impl MultilinearPC { polynomial: &impl MultilinearExtension, point: &[E::ScalarField], ) -> ProofG1 { - assert_eq!(polynomial.num_vars(), ck.nv, "Invalid size of polynomial"); let nv = polynomial.num_vars(); + assert!(nv <= ck.nv, "Invalid size of polynomial"); + let mut r: Vec> = (0..nv + 1).map(|_| Vec::new()).collect(); let mut q: Vec> = (0..nv + 1).map(|_| Vec::new()).collect(); r[nv] = polynomial.to_evaluations(); let mut thread_handles = vec![]; - + // adjust the crs to start from the correct number of variables + let powers_of_g = ck.powers_of_g[ck.nv - nv..].to_vec(); for i in 0..nv { let k = nv - i; let point_at_k = point[i]; @@ -257,7 +270,7 @@ impl MultilinearPC { let scalars: Vec<_> = (0..(1 << k)) .map(|x| q[k][x >> 1]) // fine .collect(); - let pg = ck.powers_of_g[i].clone(); + let mut pg = powers_of_g[i].to_vec(); thread_handles.push(thread::spawn(move || { ::msm(&pg, &scalars[..]) .unwrap() @@ -283,17 +296,18 @@ impl MultilinearPC { proof: &ProofG1, ) -> bool { let left = E::pairing(vk.g, commitment.h_product.into_group() - &vk.h.mul(value)); + let nv = point.len(); let scalar_size = ::MODULUS_BIT_SIZE; - let window_size = FixedBase::get_mul_window_size(vk.nv); + let window_size = FixedBase::get_mul_window_size(nv); let h_table = FixedBase::get_window_table(scalar_size as usize, window_size, vk.h.into_group()); let h_mul: Vec = FixedBase::msm(scalar_size as usize, window_size, &h_table, point); - - let pairing_rights: Vec<_> = (0..vk.nv) + let h_mask_random = vk.h_mask_random[vk.nv - nv..].to_vec(); + let pairing_rights: Vec<_> = (0..nv) .into_iter() - .map(|i| vk.h_mask_random[i].into_group() - &h_mul[i]) + .map(|i| h_mask_random[i].into_group() - &h_mul[i]) .collect(); let pairing_rights: Vec = E::G2::normalize_batch(&pairing_rights) .into_iter() @@ -319,16 +333,17 @@ impl MultilinearPC { proof: &Proof, ) -> bool { let left = E::pairing(commitment.g_product.into_group() - &vk.g.mul(value), vk.h); + let nv = point.len(); let scalar_size = E::ScalarField::MODULUS_BIT_SIZE as usize; - let window_size = FixedBase::get_mul_window_size(vk.nv); + let window_size = FixedBase::get_mul_window_size(nv); let g_table = FixedBase::get_window_table(scalar_size, window_size, vk.g.into_group()); let g_mul: Vec = FixedBase::msm(scalar_size, window_size, &g_table, point); - - let pairing_lefts: Vec<_> = (0..vk.nv) + let g_mask_random = vk.g_mask_random[vk.nv - nv..].to_vec(); + let pairing_lefts: Vec<_> = (0..nv) .into_iter() - .map(|i| vk.g_mask_random[i].into_group() - &g_mul[i]) + .map(|i| g_mask_random[i].into_group() - &g_mul[i]) .collect(); let pairing_lefts: Vec = E::G1::normalize_batch(&pairing_lefts); let pairing_lefts: Vec = pairing_lefts