Fix 'Can only multiply linear terms' error#6
Closed
vezenovm wants to merge 3 commits intomv/squeezefrom
Closed
Conversation
Owner
|
Thanks for hunting down the cause of this error. I'm going to close this PR for the reasons mentioned in #4 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
So after a little more debugging it looks like we only compute the XOR directly during ACIR generation when the bit size is 1. If either the left hand side or the right hand side of the XOR op is found to be non-linear we fail with this error. Otherwise, we simply generate witnesses for the respective expressions and result to create an XOR gate. This XOR gate is then later solved by the PartialWitnessGenerator which uses our
noir_fieldmethods and fills in the witnesses.To show a quick fix, I simply changed all the arrays from using u1 values to using u2 values. Perhaps with this change, as well as the heavy number of additional constraints from working with bit arrays, it may be worth it to consider switching to using u64s sooner rather than later. However, rather than making large changes it may be worth it to just merge this up, test further with the current code, and make sure it correct. Then can worry about optimizing the algorithm later.
I was not able to generate a successful proof yet with these changes, but I can compile the circuit. I am building off of this PR.