wip

2026-01-10 12:37:55 -05:00 · 2023-10-19 19:10:08 +09:00
parent bf07efb38a
commit b77abf5eea
3 changed files with 62 additions and 4 deletions
--- a/src/zk/w_trusted_setup/pinocchio/pinocchio_prover.rs
+++ b/src/zk/w_trusted_setup/pinocchio/pinocchio_prover.rs
@@ -71,6 +71,52 @@ impl PinocchioProver {

    let num_constraints = tmpl.constraints.len();

+    //// EXPERIMENT ZONE
+    {
+      use crate::zk::w_trusted_setup::pinocchio::sparse_vec::SparseVec;
+
+      let p_div_t = &p.divide_by(&t);
+      let h = match &p_div_t {
+        DivResult::Quotient(h) => h,
+        DivResult::QuotientRemainder(_) => panic!("p must be divisible by t"),
+      };
+
+      let s = &f.elem(&11u8);
+
+      let eval = |ps: &[Polynomial], ws: &SparseVec| -> PrimeFieldElem {
+        let mut sum = f.elem(&0u8);
+        for i in 0..ps.len() {
+          let p = ps[i].eval_at(s);
+          let w = &ws[&f.elem(&i)];
+          sum = sum + p * w;
+        }
+        sum
+      };
+
+      let v_0 = &qap.vi[0].eval_at(s) * witness.const_witness();
+      let w_0 = &qap.wi[0].eval_at(s) * witness.const_witness();
+      let y_0 = &qap.yi[0].eval_at(s) * witness.const_witness();
+
+      let mid_beg: usize = (&tmpl.mid_beg.e).try_into().unwrap();
+      let v_io = eval(&qap.vi[1..mid_beg], &witness.io());
+      let w_io = eval(&qap.wi[1..mid_beg], &witness.io());
+      let y_io = eval(&qap.yi[1..mid_beg], &witness.io());
+
+      let v_mid = eval(&qap.vi[mid_beg..], &witness.mid());
+      let w_mid = eval(&qap.vi[mid_beg..], &witness.mid());
+      let y_mid = eval(&qap.vi[mid_beg..], &witness.mid());
+
+      let v = v_0 + v_io + v_mid;
+      let w = w_0 + w_io + w_mid;
+      let y = y_0 + y_io + y_mid;
+
+      let lhs = v * w - y; 
+      let rhs = &h.eval_at(s) * &t.eval_at(s);
+
+      assert!(lhs == rhs);
+    }
+    //// EXPERIMENT ZONE
+
    PinocchioProver {
      f: f.clone(),
      max_degree: (&max_degree.e).try_into().unwrap(),
--- a/src/zk/w_trusted_setup/pinocchio/pinocchio_verifier.rs
+++ b/src/zk/w_trusted_setup/pinocchio/pinocchio_verifier.rs
@@ -76,10 +76,11 @@ impl PinocchioVerifier {
      y_e = y_e + p * w;
    }

-    let lhs = e(&v_e, &w_e) - e(&y_e, &crs.vk.one);
-    let rhs = e(&proof.h, &crs.vk.t);
-
-    lhs == rhs
+    true
+    // let lhs = e(&v_e, &w_e) - e(&y_e, &crs.vk.one);
+    // let rhs = e(&proof.h, &crs.vk.t);
+    // 
+    // lhs == rhs
  }
 }

--- a/src/zk/w_trusted_setup/pinocchio/r1cs.rs
+++ b/src/zk/w_trusted_setup/pinocchio/r1cs.rs
@@ -63,6 +63,17 @@ impl R1CS {
      let b = &(&constraint.b * &self.witness).sum();
      let c = &(&constraint.c * &self.witness).sum();

+      println!("r1cs: ({:?}*{:?})={:?}) * ({:?}*{:?}={:?}) = ({:?}*{:?}={:?})",
+        &constraint.a,
+        &self.witness,
+        &a,
+        &constraint.b,
+        &self.witness,
+        &b,
+        &constraint.c,
+        &self.witness,
+        &c,
+      );
      if &(a * b) != c {
        return Err(format!("Constraint a ({:?}) * b ({:?}) = c ({:?}) doesn't hold", a, b, c));
      }