diff --git a/halo2_backend/src/plonk/evaluation.rs b/halo2_backend/src/plonk/evaluation.rs index ef5c05f1c4..09d8b452d3 100644 --- a/halo2_backend/src/plonk/evaluation.rs +++ b/halo2_backend/src/plonk/evaluation.rs @@ -408,8 +408,16 @@ impl Evaluator { let chunk_len = pk.vk.cs.degree() - 2; let delta_start = beta * C::Scalar::ZETA; - let first_set = sets.first().unwrap(); - let last_set = sets.last().unwrap(); + let permutation_product_cosets: Vec< + Polynomial, + > = sets + .iter() + .map(|set| domain.coeff_to_extended(set.permutation_product_poly.clone())) + .collect(); + + let first_set_permutation_product_coset = + permutation_product_cosets.first().unwrap(); + let last_set_permutation_product_coset = permutation_product_cosets.last().unwrap(); // Permutation constraints parallelize(&mut values, |values, start| { @@ -422,22 +430,21 @@ impl Evaluator { // Enforce only for the first set. // l_0(X) * (1 - z_0(X)) = 0 *value = *value * y - + ((one - first_set.permutation_product_coset[idx]) * l0[idx]); + + ((one - first_set_permutation_product_coset[idx]) * l0[idx]); // Enforce only for the last set. // l_last(X) * (z_l(X)^2 - z_l(X)) = 0 *value = *value * y - + ((last_set.permutation_product_coset[idx] - * last_set.permutation_product_coset[idx] - - last_set.permutation_product_coset[idx]) + + ((last_set_permutation_product_coset[idx] + * last_set_permutation_product_coset[idx] + - last_set_permutation_product_coset[idx]) * l_last[idx]); // Except for the first set, enforce. // l_0(X) * (z_i(X) - z_{i-1}(\omega^(last) X)) = 0 - for (set_idx, set) in sets.iter().enumerate() { + for set_idx in 0..sets.len() { if set_idx != 0 { *value = *value * y - + ((set.permutation_product_coset[idx] - - permutation.sets[set_idx - 1].permutation_product_coset - [r_last]) + + ((permutation_product_cosets[set_idx][idx] + - permutation_product_cosets[set_idx - 1][r_last]) * l0[idx]); } } @@ -447,12 +454,13 @@ impl Evaluator { // - z_i(X) \prod_j (p(X) + \delta^j \beta X + \gamma) // ) let mut current_delta = delta_start * beta_term; - for ((set, columns), cosets) in sets - .iter() - .zip(p.columns.chunks(chunk_len)) - .zip(pk.permutation.cosets.chunks(chunk_len)) + for ((permutation_product_coset, columns), cosets) in + permutation_product_cosets + .iter() + .zip(p.columns.chunks(chunk_len)) + .zip(pk.permutation.cosets.chunks(chunk_len)) { - let mut left = set.permutation_product_coset[r_next]; + let mut left = permutation_product_coset[r_next]; for (values, permutation) in columns .iter() .map(|&column| match column.column_type { @@ -465,7 +473,7 @@ impl Evaluator { left *= values[idx] + beta * permutation[idx] + gamma; } - let mut right = set.permutation_product_coset[idx]; + let mut right = permutation_product_coset[idx]; for values in columns.iter().map(|&column| match column.column_type { Any::Advice => &advice[column.index], Any::Fixed => &fixed[column.index], diff --git a/halo2_backend/src/plonk/permutation/prover.rs b/halo2_backend/src/plonk/permutation/prover.rs index c80ce2102d..585fa3ab47 100644 --- a/halo2_backend/src/plonk/permutation/prover.rs +++ b/halo2_backend/src/plonk/permutation/prover.rs @@ -13,7 +13,7 @@ use crate::{ plonk::{self, permutation::ProvingKey, ChallengeBeta, ChallengeGamma, ChallengeX, Error}, poly::{ commitment::{Blind, Params}, - Coeff, ExtendedLagrangeCoeff, LagrangeCoeff, Polynomial, ProverQuery, + Coeff, LagrangeCoeff, Polynomial, ProverQuery, }, transcript::{EncodedChallenge, TranscriptWrite}, }; @@ -25,7 +25,6 @@ use halo2_middleware::poly::Rotation; pub(crate) struct CommittedSet { pub(crate) permutation_product_poly: Polynomial, - pub(crate) permutation_product_coset: Polynomial, permutation_product_blind: Blind, } @@ -33,17 +32,8 @@ pub(crate) struct Committed { pub(crate) sets: Vec>, } -pub(crate) struct ConstructedSet { - permutation_product_poly: Polynomial, - permutation_product_blind: Blind, -} - -pub(crate) struct Constructed { - sets: Vec>, -} - pub(crate) struct Evaluated { - constructed: Constructed, + constructed: Committed, } #[allow(clippy::too_many_arguments)] @@ -177,17 +167,13 @@ pub(in crate::plonk) fn permutation_commit< .commit_lagrange(&engine.msm_backend, &z, blind) .to_affine(); let permutation_product_blind = blind; - let z = domain.lagrange_to_coeff(z); - let permutation_product_poly = z.clone(); - - let permutation_product_coset = domain.coeff_to_extended(z); + let permutation_product_poly = domain.lagrange_to_coeff(z); // Hash the permutation product commitment transcript.write_point(permutation_product_commitment)?; sets.push(CommittedSet { permutation_product_poly, - permutation_product_coset, permutation_product_blind, }); } @@ -195,21 +181,6 @@ pub(in crate::plonk) fn permutation_commit< Ok(Committed { sets }) } -impl Committed { - pub(in crate::plonk) fn construct(self) -> Constructed { - Constructed { - sets: self - .sets - .iter() - .map(|set| ConstructedSet { - permutation_product_poly: set.permutation_product_poly.clone(), - permutation_product_blind: set.permutation_product_blind, - }) - .collect(), - } - } -} - impl super::ProvingKey { pub(in crate::plonk) fn open( &self, @@ -236,7 +207,7 @@ impl super::ProvingKey { } } -impl Constructed { +impl Committed { pub(in crate::plonk) fn evaluate, T: TranscriptWrite>( self, pk: &plonk::ProvingKey, diff --git a/halo2_backend/src/plonk/prover.rs b/halo2_backend/src/plonk/prover.rs index 2e4bc173d5..009298ed73 100644 --- a/halo2_backend/src/plonk/prover.rs +++ b/halo2_backend/src/plonk/prover.rs @@ -804,9 +804,7 @@ impl< let permutations_evaluated: Vec> = permutations_commited .into_iter() - .map(|permutation| -> Result<_, _> { - permutation.construct().evaluate(pk, x, self.transcript) - }) + .map(|permutation| -> Result<_, _> { permutation.evaluate(pk, x, self.transcript) }) .collect::, _>>()?; // Evaluate the lookups, if any, at omega^i x. diff --git a/halo2_backend/src/plonk/vanishing/prover.rs b/halo2_backend/src/plonk/vanishing/prover.rs index fb0e5b5e76..96ce797ee4 100644 --- a/halo2_backend/src/plonk/vanishing/prover.rs +++ b/halo2_backend/src/plonk/vanishing/prover.rs @@ -131,18 +131,20 @@ impl Committed { .collect(); // Compute commitments to each h(X) piece - let h_commitments_projective: Vec<_> = h_pieces - .iter() - .zip(h_blinds.iter()) - .map(|(h_piece, blind)| params.commit(&engine.msm_backend, h_piece, *blind)) - .collect(); - let mut h_commitments = vec![C::identity(); h_commitments_projective.len()]; - C::Curve::batch_normalize(&h_commitments_projective, &mut h_commitments); - let h_commitments = h_commitments; + let h_commitments = { + let h_commitments_projective: Vec<_> = h_pieces + .iter() + .zip(h_blinds.iter()) + .map(|(h_piece, blind)| params.commit(&engine.msm_backend, h_piece, *blind)) + .collect(); + let mut h_commitments = vec![C::identity(); h_commitments_projective.len()]; + C::Curve::batch_normalize(&h_commitments_projective, &mut h_commitments); + h_commitments + }; // Hash each h(X) piece - for c in h_commitments.iter() { - transcript.write_point(*c)?; + for c in h_commitments { + transcript.write_point(c)?; } Ok(Constructed {