Vinegar WIP + Docs/Cosmetics

o1-labs · Nov 23, 2023 · 363b327 · 363b327
1 parent b8ea671
commit 363b327
Show file tree

Hide file tree

Showing 4 changed files with 51 additions and 26 deletions.
diff --git a/kimchi/src/oracles.rs b/kimchi/src/oracles.rs
@@ -91,6 +91,7 @@ pub mod caml {
         let opening_prechallenges = proof
             .proof
             .prechallenges(&mut sponge)
+            .0
             .into_iter()
             .map(|x| x.0.into())
             .collect();

diff --git a/poly-commitment/src/commitment.rs b/poly-commitment/src/commitment.rs
@@ -322,17 +322,18 @@ pub fn squeeze_prechallenge<Fq: Field, G, Fr: SquareRootField, EFqSponge: FqSpon
     ScalarChallenge(sponge.challenge())
 }
 
-pub fn squeeze_challenge<
-    Fq: Field,
-    G,
-    Fr: PrimeField + SquareRootField,
-    EFqSponge: FqSponge<Fq, G, Fr>,
->(
-    endo_r: &Fr,
-    sponge: &mut EFqSponge,
-) -> Fr {
-    squeeze_prechallenge(sponge).to_field(endo_r)
-}
+// @volhovm: TODO obsolete, remove fully?
+//pub fn squeeze_challenge<
+//    Fq: Field,
+//    G,
+//    Fr: PrimeField + SquareRootField,
+//    EFqSponge: FqSponge<Fq, G, Fr>,
+//>(
+//    endo_r: &Fr,
+//    sponge: &mut EFqSponge,
+//) -> Fr {
+//    squeeze_prechallenge(sponge).to_field(endo_r)
+//}
 
 pub fn absorb_commitment<
     Fq: Field,

diff --git a/poly-commitment/src/evaluation_proof.rs b/poly-commitment/src/evaluation_proof.rs
@@ -488,40 +488,47 @@ impl<
     }
 }
 
+/// Raw scalar commitment challenges for recombining IPA rounds.
+pub struct PreChallenges<F>(pub Vec<ScalarChallenge<F>>);
+
+/// Commitment round challenges (endo mapped) and their inverses.
 pub struct Challenges<F> {
     pub chal: Vec<F>,
     pub chal_inv: Vec<F>,
 }
 
 impl<G: AffineCurve> OpeningProof<G> {
+    /// Computes a log-sized vector of scalar challenges for
+    /// recombining elements inside the IPA.
     pub fn prechallenges<EFqSponge: FqSponge<G::BaseField, G, G::ScalarField>>(
         &self,
         sponge: &mut EFqSponge,
-    ) -> Vec<ScalarChallenge<G::ScalarField>> {
+    ) -> PreChallenges<G::ScalarField> {
         let _t = sponge.challenge_fq();
-        self.lr
-            .iter()
-            .map(|(l, r)| {
-                sponge.absorb_g(&[*l]);
-                sponge.absorb_g(&[*r]);
-                squeeze_prechallenge(sponge)
-            })
-            .collect()
+        PreChallenges(
+            self.lr
+                .iter()
+                .map(|(l, r)| {
+                    sponge.absorb_g(&[*l]);
+                    sponge.absorb_g(&[*r]);
+                    squeeze_prechallenge(sponge)
+                })
+                .collect(),
+        )
     }
 
+    /// Same as `prechallenges`, but maps scalar challenges using the
+    /// provided endomorphism, and computes their inverses.
     pub fn challenges<EFqSponge: FqSponge<G::BaseField, G, G::ScalarField>>(
         &self,
         endo_r: &G::ScalarField,
         sponge: &mut EFqSponge,
     ) -> Challenges<G::ScalarField> {
         let chal: Vec<_> = self
-            .lr
+            .prechallenges(sponge)
+            .0
             .iter()
-            .map(|(l, r)| {
-                sponge.absorb_g(&[*l]);
-                sponge.absorb_g(&[*r]);
-                squeeze_challenge(endo_r, sponge)
-            })
+            .map(|x| x.to_field(endo_r))
             .collect();
 
         let chal_inv = {

diff --git a/vinegar/src/lib.rs b/vinegar/src/lib.rs
@@ -49,7 +49,15 @@ use poly_commitment::{commitment::CommitmentCurve, evaluation_proof::OpeningProo
 // - a set of IPA challenges (thought of as F-elements) corresponding to P's own inner-product argument
 
 pub struct ScalarChallenge {}
+//
+// prechals = OpeningProof::prechallenges(proof, &mut sponge)
+// mapped to a right domain:
+//        let prechals =
+//          Vector.of_list_and_length_exn
+//            (Array.map prechals ~f:Bulletproof_challenge.unpack |> Array.to_list)
+//            Tock.Rounds.n
 pub struct BulletproofChallenges {}
+pub struct ChallengePolynomialCommitments {}
 pub struct BranchData {}
 pub struct Challenge {}
 pub struct Fp {}
@@ -60,6 +68,14 @@ pub struct Digest {}
 pub struct UnfinalizedProofs {}
 pub struct PlonkVerificationKeyEvals {}
 
+//pub struct KimchiOracles {
+//    type nonrec 'f oracles =
+//  { o : 'f random_oracles
+//  ; p_eval : 'f * 'f
+//  ; opening_prechallenges : 'f array
+//  ; digest_before_evaluations : 'f
+//  }
+
 /// Challenges from the PLONK IOP. These, plus the evaluations that
 /// are already in the proof, are all that's needed to derive all the
 /// values in the [In_circuit] version below.