From 4a4aed5b78e52fb225bd9421c12ed9fc3a92aa13 Mon Sep 17 00:00:00 2001
From: Duncan Tebbs <duncan.tebbs@gmail.com>
Date: Tue, 11 May 2021 16:09:17 +0100
Subject: [PATCH] scripts: assert non-sparsity of mimc polynomials

---
 scripts/mimc_constraints.sage | 41 ++++++++++++++++++++++++++---------
 1 file changed, 31 insertions(+), 10 deletions(-)

diff --git a/scripts/mimc_constraints.sage b/scripts/mimc_constraints.sage
index 8e3702af7..fb9519546 100644
--- a/scripts/mimc_constraints.sage
+++ b/scripts/mimc_constraints.sage
@@ -63,26 +63,47 @@ def output_valid_configs_and_constraints(r):
     # output_valid_config_and_constraints(r, log_2_r, 23)
 
 
+def check_polynomial(r, e):
+    """
+    Check that the polynomial representing a mimc round is not sparse (in fact,
+    it follows immediately from the binomial theorem that no coefficients can
+    be zero for r>2 prime, so this is essentially a sanity check).
+    """
+    Fr = GF(r)
+    Frx.<x,k> = PolynomialRing(Fr)
+    mimc_poly = (x + k)^e
+    coeffs = mimc_poly.coefficients()
+
+    assert len(coeffs) == e + 1
+    assert 0 not in coeffs
+    print(f"  POLYNOMIAL with e={e} has no zero coefficients")
+
+
 # BW6-761
 print("BW6-761:")
-output_valid_configs_and_constraints(
-    r=258664426012969094010652733694893533536393512754914660539884262666720468348340822774968888139573360124440321458177)
+bw6_761_r = 258664426012969094010652733694893533536393512754914660539884262666720468348340822774968888139573360124440321458177
+output_valid_configs_and_constraints(bw6_761_r)
+check_polynomial(bw6_761_r, 17)
 
 # MNT4
 print("MNT4:")
-output_valid_configs_and_constraints(
-    r=475922286169261325753349249653048451545124878552823515553267735739164647307408490559963137)
+mnt4_r = 475922286169261325753349249653048451545124878552823515553267735739164647307408490559963137
+output_valid_configs_and_constraints(mnt4_r)
+check_polynomial(mnt4_r, 17)
 
 # MNT6
 print("MNT6:")
-output_valid_configs_and_constraints(
-    r=475922286169261325753349249653048451545124879242694725395555128576210262817955800483758081)
+mnt6_r = 475922286169261325753349249653048451545124879242694725395555128576210262817955800483758081
+output_valid_configs_and_constraints(mnt6_r)
+check_polynomial(mnt6_r, 17)
 
 # BLS12-377
 print("BLS12-377:")
-output_valid_configs_and_constraints(
-    r=0x12ab655e9a2ca55660b44d1e5c37b00159aa76fed00000010a11800000000001)
+bls12_377_r = 0x12ab655e9a2ca55660b44d1e5c37b00159aa76fed00000010a11800000000001
+output_valid_configs_and_constraints(bls12_377_r)
+check_polynomial(bls12_377_r, 17)
 
 print("ALT-BN128:")
-output_valid_configs_and_constraints(
-    r=0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000001)
+alt_bn128_r = 0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000001
+output_valid_configs_and_constraints(alt_bn128_r)
+check_polynomial(alt_bn128_r, 17)