enable defering challenge check

hero78119 · hero78119 · commit 4ca6ea096d71 · 2023-10-12T22:14:16.000+08:00
diff --git a/src/gadgets/lookup.rs b/src/gadgets/lookup.rs
@@ -11,7 +11,7 @@ use crate::gadgets::nonnative::util::Num;
 use crate::gadgets::utils::alloc_const;
 use crate::spartan::math::Math;
 use crate::traits::commitment::CommitmentEngineTrait;
-use crate::traits::commitment::CommitmentTrait;
+use crate::traits::AbsorbInROTrait;
 use crate::traits::ROCircuitTrait;
 use crate::traits::ROConstants;
 use crate::traits::ROTrait;
@@ -476,10 +476,8 @@ impl<'a, G: Group> LookupTraceBuilder<'a, G> {
     G: Group<Base = <G2 as Group>::Scalar>,
     G2: Group<Base = <G as Group>::Scalar>,
   {
-    let ro_consts = <<G2 as Group>::RO as ROTrait<
-          <G2 as Group>::Base,
-          <G2 as Group>::Scalar,
-        >>::Constants::default();
+    let ro_consts =
+      <<G as Group>::RO as ROTrait<<G as Group>::Base, <G as Group>::Scalar>>::Constants::default();
     let final_values: Vec<<G as Group>::Scalar> = final_table
       .get_table()
       .iter()
@@ -491,30 +489,18 @@ impl<'a, G: Group> LookupTraceBuilder<'a, G> {
       .map(|(_, _, counter)| *counter)
       .collect();
 
-    // final_value and final_commitment
-    let (
-      (comm_final_value_cordx, comm_final_value_cordy, comm_final_value_infinity),
-      (comm_final_counter_cordx, comm_final_counter_cordy, comm_final_counter_infinity),
-    ) = rayon::join(
-      || G::CE::commit(ck, &final_values).to_coordinates(),
-      || G::CE::commit(ck, &final_counters).to_coordinates(),
+    // final_value and final_counter
+    let (comm_final_value, comm_final_counter) = rayon::join(
+      || G::CE::commit(ck, &final_values),
+      || G::CE::commit(ck, &final_counters),
     );
 
-    let mut hasher = <G2 as Group>::RO::new(ro_consts, 7);
+    let mut hasher = <G as Group>::RO::new(ro_consts, 7);
+    let intermediate_gamma: G2::Scalar = scalar_as_base::<G>(intermediate_gamma);
     hasher.absorb(intermediate_gamma);
-    hasher.absorb(scalar_as_base::<G2>(comm_final_value_cordx));
-    hasher.absorb(scalar_as_base::<G2>(comm_final_value_cordy));
-    hasher.absorb(scalar_as_base::<G2>(G2::Scalar::from(u64::from(
-      comm_final_value_infinity,
-    ))));
-    hasher.absorb(scalar_as_base::<G2>(comm_final_counter_cordx));
-    hasher.absorb(scalar_as_base::<G2>(comm_final_counter_cordy));
-    hasher.absorb(scalar_as_base::<G2>(G2::Scalar::from(u64::from(
-      comm_final_counter_infinity,
-    ))));
-
-    let hash_bits = hasher.squeeze(NUM_CHALLENGE_BITS);
-    scalar_as_base::<G2>(hash_bits)
+    comm_final_value.absorb_in_ro(&mut hasher);
+    comm_final_counter.absorb_in_ro(&mut hasher);
+    hasher.squeeze(NUM_CHALLENGE_BITS)
   }
 }
 
diff --git a/src/lib.rs b/src/lib.rs
@@ -1747,6 +1747,7 @@ mod tests {
             G1::Scalar::from(2) * addr + G1::Scalar::from(1),
             new_left_child,
           );
+          // swap right pair
           let (new_parent_right, new_right_child) = if right_child < new_parent_left {
             (right_child, new_parent_left)
           } else {
@@ -1994,11 +1995,8 @@ mod tests {
 
     let (circuit_primaries, final_table, expected_intermediate_gamma) =
       HeapifyCircuit::new(&initial_table, ro_consts);
-    // let mut circuit_primary = TrivialTestCircuit::default();
-    // let z0_primary = vec![<G1 as Group>::Scalar::ZERO; 6];
 
     let circuit_secondary = TrivialTestCircuit::default();
-    // let mut circuit_primary = TrivialTestCircuit::default();
 
     // produce public parameters
     let pp_hint1 = Some(SPrime::<G1>::commitment_key_floor());
@@ -2016,8 +2014,7 @@ mod tests {
     );
 
     let z0_primary =
-      HeapifyCircuit::<G1, G2>::get_z0(&pp.ck_primary, &initial_table, expected_intermediate_gamma);
-    // println!("num constraints {:?}", pp.num_constraints());
+      HeapifyCircuit::<G1, G2>::get_z0(&pp.ck_primary, &final_table, expected_intermediate_gamma);
 
     // 5th is initial index.
     // +1 for index end with 0
@@ -2063,20 +2060,9 @@ mod tests {
       })
       .unwrap();
     assert!(res.is_ok());
-    /*
-       let next_gamma = &z[0];
-       let gamma = &z[1];
-       let next_R = &z[2];
-       let next_W = &z[3];
-       let next_rw_counter = &z[4];
-       let next_index = &z[5];
-    */
     let (zn_primary, _) = res.unwrap();
 
-    // TODO move below check to LookupSNARK
-    // assert_eq!(zn_primary[0], zn_primary[1]); // challenge == pre_compute_challenge
-
-    assert_eq!(<G1 as Group>::Scalar::from(1).neg(), zn_primary[5]); // last index == -1
+    assert_eq!(<G1 as Group>::Scalar::from(1).neg(), zn_primary[5]);
 
     let number_of_iterated_nodes = (heap_size - 4) / 2 + 1;
     assert_eq!(
diff --git a/src/spartan/lookupsnark.rs b/src/spartan/lookupsnark.rs
@@ -18,7 +18,7 @@ use crate::{
   traits::{
     commitment::{CommitmentEngineTrait, CommitmentTrait},
     evaluation::EvaluationEngineTrait,
-    Group, ROTrait, TranscriptEngineTrait,
+    AbsorbInROTrait, Group, ROTrait, TranscriptEngineTrait,
   },
   Commitment, CommitmentKey, CompressedCommitment,
 };
@@ -83,7 +83,6 @@ impl<G: Group, EE: EvaluationEngineTrait<G>> VerifierKey<G, EE> {
 
 impl<G: Group, EE: EvaluationEngineTrait<G>> SimpleDigestible for VerifierKey<G, EE> {}
 
-#[allow(unused)]
 /// LookupSNARK
 pub struct LookupSNARK<G: Group, EE: EvaluationEngineTrait<G>> {
   a: PhantomData<(G, EE)>,
@@ -187,8 +186,6 @@ where
       final_table.iter().map(|(_, value, _)| *value).collect();
     let final_counters: Vec<<G as Group>::Scalar> =
       final_table.iter().map(|(_, _, counter)| *counter).collect();
-    // TODO add comm_final_value, comm_final_counter to gamma challange
-    // which means we need to move final_values, final_counters commitment at earlier
     let comm_init_value = pk.comm_init_value;
     let (comm_final_value, comm_final_counter) = rayon::join(
       || G::CE::commit(ck, &final_values),
@@ -560,7 +557,6 @@ where
     })
   }
 
-  #[allow(unused)]
   fn verify_challenge<G2: Group>(
     comm_final_value: <<G as Group>::CE as CommitmentEngineTrait<G>>::Commitment,
     comm_final_counter: <<G as Group>::CE as CommitmentEngineTrait<G>>::Commitment,
@@ -571,35 +567,19 @@ where
     G: Group<Base = <G2 as Group>::Scalar>,
     G2: Group<Base = <G as Group>::Scalar>,
   {
-    // verify fingerprint
-    let ro_consts = <<G2 as Group>::RO as ROTrait<
-          <G2 as Group>::Base,
-          <G2 as Group>::Scalar,
-        >>::Constants::default();
-
-    let (
-      (comm_final_value_cordx, comm_final_value_cordy, comm_final_value_infinity),
-      (comm_final_counter_cordx, comm_final_counter_cordy, comm_final_counter_infinity),
-    ) = rayon::join(
-      || comm_final_value.to_coordinates(),
-      || comm_final_counter.to_coordinates(),
-    );
+    // verify fingerprint challenge
+    let ro_consts =
+      <<G as Group>::RO as ROTrait<<G as Group>::Base, <G as Group>::Scalar>>::Constants::default();
+
+    // final_value and final_counter
 
-    let mut hasher = <G2 as Group>::RO::new(ro_consts, 7);
+    let mut hasher = <G as Group>::RO::new(ro_consts, 7);
+    let fingerprint_intermediate_gamma: G2::Scalar =
+      scalar_as_base::<G>(fingerprint_intermediate_gamma);
     hasher.absorb(fingerprint_intermediate_gamma);
-    hasher.absorb(scalar_as_base::<G2>(comm_final_value_cordx));
-    hasher.absorb(scalar_as_base::<G2>(comm_final_value_cordy));
-    hasher.absorb(scalar_as_base::<G2>(G2::Scalar::from(u64::from(
-      comm_final_value_infinity,
-    ))));
-    hasher.absorb(scalar_as_base::<G2>(comm_final_counter_cordx));
-    hasher.absorb(scalar_as_base::<G2>(comm_final_counter_cordy));
-    hasher.absorb(scalar_as_base::<G2>(G2::Scalar::from(u64::from(
-      comm_final_counter_infinity,
-    ))));
-
-    let hash_bits = hasher.squeeze(NUM_CHALLENGE_BITS);
-    let computed_gamma = scalar_as_base::<G2>(hash_bits);
+    comm_final_value.absorb_in_ro(&mut hasher);
+    comm_final_counter.absorb_in_ro(&mut hasher);
+    let computed_gamma = hasher.squeeze(NUM_CHALLENGE_BITS);
     if fingerprint_gamma != computed_gamma {
       println!(
         "fingerprint_gamma {:?} != computed_gamma {:?},,,fingerprint_intermediate_gamma",
@@ -614,7 +594,7 @@ where
   pub fn verify<G2: Group>(
     &self,
     vk: &VerifierKey<G, EE>,
-    _fingerprint_intermediate_gamma: G::Scalar,
+    fingerprint_intermediate_gamma: G::Scalar,
     fingerprint_gamma: G::Scalar,
   ) -> Result<(), NovaError>
   where
@@ -625,12 +605,12 @@ where
     let comm_final_counter = Commitment::<G>::decompress(&self.comm_final_counter)?;
 
     // TODO enable verify challenge
-    // Self::verify_challenge::<G2>(
-    //   comm_final_value,
-    //   comm_final_counter,
-    //   fingerprint_intermediate_gamma,
-    //   fingerprint_gamma,
-    // )?;
+    Self::verify_challenge::<G2>(
+      comm_final_value,
+      comm_final_counter,
+      fingerprint_intermediate_gamma,
+      fingerprint_gamma,
+    )?;
 
     let mut transcript = G::TE::new(b"LookupSNARK");
     let mut u_vec: Vec<PolyEvalInstance<G>> = Vec::new();
