fix: remove endianness shenanigans

Author: huitseeker

src/provider/non_hiding_zeromorph.rs

@@ -189,7 +189,7 @@ where
     }
 
     debug_assert_eq!(Self::commit(pp, poly).unwrap().0, comm.0);
-    debug_assert_eq!(poly.evaluate_BE(point), eval.0);
+    debug_assert_eq!(poly.evaluate(point), eval.0);
 
     let (quotients, remainder) = quotients(poly, point);
     debug_assert_eq!(remainder, eval.0);
@@ -325,15 +325,15 @@ where
 /// (n - k) variables at, respectively, point'' = (point_k + 1, point_{k+1}, ..., point_{n-1}) and
 /// point' = (point_k, ..., point_{n-1}).
 fn quotients<F: PrimeField>(poly: &MultilinearPolynomial<F>, point: &[F]) -> (Vec<Vec<F>>, F) {
-  assert_eq!(poly.get_num_vars(), point.len());
+  let num_var  = poly.get_num_vars();
+  assert_eq!(num_var, point.len());
 
   let mut remainder = poly.Z.to_vec();
   let mut quotients = point
-    .iter()
+    .iter() // assume polynomial variables come in LE form
     .enumerate()
-    .rev()
-    .map(|(num_var, x_i)| {
-      let (remainder_lo, remainder_hi) = remainder.split_at_mut(1 << num_var);
+    .map(|(idx, x_i)| {
+      let (remainder_lo, remainder_hi) = remainder.split_at_mut(1 << (num_var - 1 - idx));
       let mut quotient = vec![F::ZERO; remainder_lo.len()];
 
       quotient
@@ -350,7 +350,7 @@ fn quotients<F: PrimeField>(poly: &MultilinearPolynomial<F>, point: &[F]) -> (Ve
           *r_lo += (*r_hi - r_lo as &_) * x_i;
         });
 
-      remainder.truncate(1 << num_var);
+      remainder.truncate(1 << (num_var - 1 - idx));
 
       quotient
     })
@@ -361,8 +361,8 @@ fn quotients<F: PrimeField>(poly: &MultilinearPolynomial<F>, point: &[F]) -> (Ve
 }
 
 // TODO : move this somewhere else
-fn eval_and_quotient_scalars<F: Field>(y: F, x: F, z: F, u: &[F]) -> (F, Vec<F>) {
-  let num_vars = u.len();
+fn eval_and_quotient_scalars<F: Field>(y: F, x: F, z: F, point: &[F]) -> (F, Vec<F>) {
+  let num_vars = point.len();
 
   let squares_of_x = iter::successors(Some(x), |&x| Some(x.square()))
     .take(num_vars + 1)
@@ -397,7 +397,7 @@ fn eval_and_quotient_scalars<F: Field>(y: F, x: F, z: F, u: &[F]) -> (F, Vec<F>)
     .zip(squares_of_x)
     .zip(&vs)
     .zip(&vs[1..])
-    .zip(u)
+    .zip(point.iter().rev()) // assume variables come in LE form
     .map(
       |(((((power_of_y, offset_of_x), square_of_x), v_i), v_j), u_i)| {
         -(power_of_y * offset_of_x + z * (square_of_x * v_j - *u_i * v_i))
@@ -437,18 +437,8 @@ where
     // TODO: the following two lines will need to change base
     let polynomial = MultilinearPolynomial::new(poly.to_vec());
 
-    // Nova evaluates in lower endian, the implementation assumes big endian
-    let rev_point = point.iter().rev().cloned().collect::<Vec<_>>();
-
     let evaluation = ZMEvaluation(*eval);
-    ZMPCS::open(
-      pk,
-      &commitment,
-      &polynomial,
-      &rev_point,
-      &evaluation,
-      transcript,
-    )
+    ZMPCS::open(pk, &commitment, &polynomial, point, &evaluation, transcript)
   }
 
   fn verify(
@@ -462,18 +452,8 @@ where
     let commitment = ZMCommitment::from(UVKZGCommitment::from(*comm));
     let evaluation = ZMEvaluation(*eval);
 
-    // Nova evaluates in lower endian, the implementation assumes big endian
-    let rev_point = point.iter().rev().cloned().collect::<Vec<_>>();
-
     // TODO: this clone is unsightly!
-    ZMPCS::verify(
-      vk,
-      transcript,
-      &commitment,
-      &rev_point,
-      &evaluation,
-      arg.clone(),
-    )?;
+    ZMPCS::verify(vk, transcript, &commitment, point, &evaluation, arg.clone())?;
     Ok(())
   }
 }
@@ -527,7 +507,7 @@ mod test {
       let point = iter::from_fn(|| transcript.squeeze(b"pt").ok())
         .take(num_vars)
         .collect::<Vec<_>>();
-      let eval = ZMEvaluation(poly.evaluate_BE(&point));
+      let eval = ZMEvaluation(poly.evaluate(&point));
 
       let mut transcript_prover = Keccak256Transcript::<E::G1>::new(b"test");
       let proof = ZMPCS::open(&pp, &comm, &poly, &point, &eval, &mut transcript_prover).unwrap();
@@ -577,11 +557,11 @@ mod test {
     }
     let (_quotients, remainder) = quotients(&poly, &point);
     assert_eq!(
-      poly.evaluate_BE(&point),
+      poly.evaluate(&point),
       remainder,
       "point: {:?}, \n eval: {:?}, remainder:{:?}",
       point,
-      poly.evaluate_BE(&point),
+      poly.evaluate(&point),
       remainder
     );
   }

src/spartan/polys/multilinear.rs

@@ -130,32 +130,6 @@ impl<Scalar: PrimeField> MultilinearPolynomial<Scalar> {
     }
     new_poly
   }
-
-  /// Evaluate the dense MLE at the given point. The MLE is assumed to be in
-  /// monomial basis.
-  ///
-  /// # Example
-  /// ```
-  /// use pasta_curves::pallas::Scalar as Fr;
-  /// use nova_snark::spartan::polys::multilinear::MultilinearPolynomial;
-  ///
-  /// // The two-variate polynomial x_1 + 3 * x_0 * x_1 + 2 evaluates to [2, 3, 2, 6]
-  /// // in the lagrange basis: 2*(1 - x_0)(1 - x_1) + 3*(1-x_0)(x_1) + 2*(x_0)(1-x_1) + 6*(x_0)(x_1)
-  /// let mle = MultilinearPolynomial::new(
-  ///     vec![2, 3, 2, 6].iter().map(|x| Fr::from(*x as u64)).collect()
-  /// );
-  ///
-  /// // By the uniqueness of MLEs, `mle` is precisely the above polynomial, which
-  /// // takes the value 54 at the point (x_1 = 1, x_0 = 17)
-  /// let eval = mle.evaluate_BE(&[Fr::one(), Fr::from(17)]);
-  /// assert_eq!(eval, Fr::from(54));
-  /// ```
-  pub fn evaluate_BE(&self, point: &[Scalar]) -> Scalar {
-    assert_eq!(self.num_vars, point.len());
-    // evaluate requires "lower endian"
-    let revp = point.iter().cloned().rev().collect::<Vec<_>>();
-    self.evaluate(&revp)
-  }
 }
 
 impl<Scalar: PrimeField> Index<usize> for MultilinearPolynomial<Scalar> {