From 3eb151e73ecf694cc5f93f689b697d5a1c4aa56a Mon Sep 17 00:00:00 2001
From: Cesar199999 <cesar.descalzo2@gmail.com>
Date: Mon, 10 Jun 2024 10:58:57 +0200
Subject: [PATCH] Reorder Hyrax checks
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Antonio Mejías Gil <anmegi.95@gmail.com>
---
 poly-commit/src/hyrax/mod.rs | 25 +++++++++++++------------
 1 file changed, 13 insertions(+), 12 deletions(-)

diff --git a/poly-commit/src/hyrax/mod.rs b/poly-commit/src/hyrax/mod.rs
index b1c04294..cf46c97d 100644
--- a/poly-commit/src/hyrax/mod.rs
+++ b/poly-commit/src/hyrax/mod.rs
@@ -470,12 +470,6 @@ where
                 });
             }
 
-            // Computing t_prime with a multi-exponentiation
-            let l_bigint = cfg_iter!(l)
-                .map(|chi| chi.into_bigint())
-                .collect::<Vec<_>>();
-            let t_prime: G = <G::Group as VariableBaseMSM>::msm_bigint(&row_coms, &l_bigint).into();
-
             // Absorbing public parameters
             sponge.absorb(
                 &Blake2s256::digest(serialize_to_vec!(*vk).map_err(|_| Error::TranscriptError)?)
@@ -499,15 +493,22 @@ where
             // it from the transcript.
             let c: G::ScalarField = sponge.squeeze_field_elements(1)[0];
 
-            // First check
-            let com_z_zd = (Self::pedersen_commit(&vk.com_key, z) + vk.h * z_d).into();
-            if com_z_zd != (t_prime.mul(c) + com_d).into() {
+            // Second check from the paper (figure 6, equation (14))
+            // Moved here for potential early return
+            let com_dp = (vk.com_key[0] * inner_product(&r, z) + vk.h * z_b).into();
+            if com_dp != (com_eval.mul(c) + com_b).into() {
                 return Ok(false);
             }
 
-            // Second check
-            let com_dp = (vk.com_key[0] * inner_product(&r, z) + vk.h * z_b).into();
-            if com_dp != (com_eval.mul(c) + com_b).into() {
+            // Computing t_prime with a multi-exponentiation
+            let l_bigint = cfg_iter!(l)
+                .map(|chi| chi.into_bigint())
+                .collect::<Vec<_>>();
+            let t_prime: G = <G::Group as VariableBaseMSM>::msm_bigint(&row_coms, &l_bigint).into();
+
+            // First check from the paper (figure 6, equation (13))
+            let com_z_zd = (Self::pedersen_commit(&vk.com_key, z) + vk.h * z_d).into();
+            if com_z_zd != (t_prime.mul(c) + com_d).into() {
                 return Ok(false);
             }
         }