Fix minor issues

src/circuit.rs

@@ -246,6 +246,9 @@ where
 {
     /// Circuit identifier associated constant.
     const CIRCUIT_ID: [u8; 32];
+    /// Extra size needed for the circuit parameters. + 6 because adding the
+    /// blinding factors requires some extra elements for the SRS
+    const PARAMS_EXTRA_SIZE: usize = 6;
 
     /// Gadget implementation used to fill the composer.
     fn gadget(&mut self, composer: &mut TurboComposer) -> Result<(), Error>;
@@ -257,7 +260,8 @@ where
         pub_params: &PublicParameters,
     ) -> Result<(ProverKey, VerifierData), Error> {
         // Setup PublicParams
-        let (ck, _) = pub_params.trim(self.padded_gates() + 6)?;
+        let (ck, _) =
+            pub_params.trim(self.padded_gates() + Self::PARAMS_EXTRA_SIZE)?;
 
         // Generate & save `ProverKey` with some random values.
         let mut prover = Prover::new(b"CircuitCompilation");
@@ -296,9 +300,10 @@ where
         pub_params: &PublicParameters,
         prover_key: &ProverKey,
         transcript_init: &'static [u8],
-        mut rng: &mut R,
+        rng: &mut R,
     ) -> Result<Proof, Error> {
-        let (ck, _) = pub_params.trim(self.padded_gates() + 6)?;
+        let (ck, _) =
+            pub_params.trim(self.padded_gates() + Self::PARAMS_EXTRA_SIZE)?;
 
         // New Prover instance
         let mut prover = Prover::new(transcript_init);
@@ -308,7 +313,7 @@ where
 
         // Add ProverKey to Prover
         prover.prover_key = Some(prover_key.clone());
-        prover.prove(&ck, &mut rng)
+        prover.prove(&ck, rng)
     }
 
     /// Verify the provided proof for the compiled verifier data

src/permutation.rs

@@ -219,7 +219,7 @@ impl Permutation {
         beta: &BlsScalar,
         gamma: &BlsScalar,
         sigma_polys: [&Polynomial; 4],
-    ) -> Vec<dusk_bls12_381::BlsScalar> {
+    ) -> Vec<BlsScalar> {
         let n = domain.size();
 
         // Constants defining cosets H, k1H, k2H, etc
@@ -308,7 +308,7 @@ impl Permutation {
         h_2: &[BlsScalar],
         delta: &BlsScalar,
         epsilon: &BlsScalar,
-    ) -> Vec<dusk_bls12_381::BlsScalar> {
+    ) -> Vec<BlsScalar> {
         let n = domain.size();
 
         assert_eq!(f.len(), domain.size());

src/proof_system/preprocess.rs

@@ -121,6 +121,10 @@ impl TurboComposer {
         let (_, selectors, preprocessed_table, domain) =
             self.preprocess_shared(commit_key, transcript)?;
 
+        // The polynomial needs an evaluation domain of 4n.
+        // Plus, adding the blinding factors translates to
+        // the polynomial not fitting in 4n, so now we need
+        // 8n, the next power of 2
         let domain_8n = EvaluationDomain::new(8 * domain.size())?;
         let q_m_eval_8n = Evaluations::from_vec_and_domain(
             domain_8n.coset_fft(&selectors.q_m),

src/proof_system/prover.rs

@@ -149,26 +149,27 @@ impl Prover {
 
     /// Adds the blinding scalars to a given vector. Always the same elements
     /// of 'w_vec' are modified at the beginning of it, and appended at the end:
-    /// if hiding degree = 1: (b2*X(n+1) + b1*X^n - b2*X - b1) + w_vec
-    /// if hiding degree = 2: (b3*X^(n+2) + b2*X(n+1) + b1*X^n - b3*X^2 - b2*X
+    /// if hiding degree = 1: (b2*X^(n+1) + b1*X^n - b2*X - b1) + w_vec
+    /// if hiding degree = 2: (b3*X^(n+2) + b2*X^(n+1) + b1*X^n - b3*X^2 - b2*X
     /// - b1) + w_vec
     pub(crate) fn blind_poly<R: RngCore + CryptoRng>(
-        w_vec: &Vec<dusk_bls12_381::BlsScalar>,
+        w_vec: &Vec<BlsScalar>,
         hiding_degree: usize,
         domain: &EvaluationDomain,
-        mut rng: &mut R,
+        rng: &mut R,
     ) -> Polynomial {
-        let mut w_vec_i = domain.ifft(w_vec);
+        let mut w_vec_inverse = domain.ifft(w_vec);
 
         for i in 0..hiding_degree + 1 {
             // we declare and randomly select a blinding scalar
-            let blinding_scalar = util::random_scalar(&mut rng);
-            w_vec_i[i] = w_vec_i[i] - blinding_scalar; // modify the first elements of the vector
-            w_vec_i.push(blinding_scalar); // append last elements at the end of
-                                           // the vector
+            let blinding_scalar = util::random_scalar(rng);
+            // modify the first elements of the vector
+            w_vec_inverse[i] = w_vec_inverse[i] - blinding_scalar;
+            // append last elements at the end of the vector
+            w_vec_inverse.push(blinding_scalar);
         }
 
-        Polynomial::from_coefficients_vec(w_vec_i)
+        Polynomial::from_coefficients_vec(w_vec_inverse)
     }
 
     /// Creates a [`Proof]` that demonstrates that a circuit is satisfied.
@@ -183,7 +184,7 @@ impl Prover {
         &self,
         commit_key: &CommitKey,
         prover_key: &ProverKey,
-        mut rng: &mut R,
+        rng: &mut R,
     ) -> Result<Proof, Error> {
         // make sure the domain is big enough to handle the circuit as well as
         // the lookup table
@@ -211,10 +212,10 @@ impl Prover {
 
         // Wires are now in evaluation form, convert them to coefficients so
         // that we may commit to them
-        let a_w_poly = Prover::blind_poly(&a_w_scalar, 1, &domain, &mut rng);
-        let b_w_poly = Prover::blind_poly(&b_w_scalar, 1, &domain, &mut rng);
-        let c_w_poly = Prover::blind_poly(&c_w_scalar, 1, &domain, &mut rng);
-        let d_w_poly = Prover::blind_poly(&d_w_scalar, 1, &domain, &mut rng);
+        let a_w_poly = Prover::blind_poly(&a_w_scalar, 1, &domain, rng);
+        let b_w_poly = Prover::blind_poly(&b_w_scalar, 1, &domain, rng);
+        let c_w_poly = Prover::blind_poly(&c_w_scalar, 1, &domain, rng);
+        let d_w_poly = Prover::blind_poly(&d_w_scalar, 1, &domain, rng);
 
         // Commit to wire polynomials
         // ([a(x)]_1, [b(x)]_1, [c(x)]_1, [d(x)]_1)
@@ -289,7 +290,7 @@ impl Prover {
 
         // Compute long query poly
         let f_poly =
-            Prover::blind_poly(&compressed_f_multiset.0, 1, &domain, &mut rng);
+            Prover::blind_poly(&compressed_f_multiset.0, 1, &domain, rng);
 
         // Commit to query polynomial
         let f_poly_commit = commit_key.commit(&f_poly)?;
@@ -306,8 +307,8 @@ impl Prover {
         let (h_1, h_2) = s.halve_alternating();
 
         // Compute h polys
-        let h_1_poly = Prover::blind_poly(&h_1.0, 2, &domain, &mut rng);
-        let h_2_poly = Prover::blind_poly(&h_2.0, 1, &domain, &mut rng);
+        let h_1_poly = Prover::blind_poly(&h_1.0, 2, &domain, rng);
+        let h_2_poly = Prover::blind_poly(&h_2.0, 1, &domain, rng);
 
         // Commit to h polys
         let h_1_poly_commit = commit_key.commit(&h_1_poly).unwrap();
@@ -340,7 +341,7 @@ impl Prover {
             ),
             2,
             &domain,
-            &mut rng,
+            rng,
         );
 
         // Commit to permutation polynomial
@@ -362,7 +363,7 @@ impl Prover {
             ),
             2,
             &domain,
-            &mut rng,
+            rng,
         );
 
         // Commit to permutation polynomial
@@ -602,7 +603,7 @@ impl Prover {
     pub fn prove<R: RngCore + CryptoRng>(
         &mut self,
         commit_key: &CommitKey,
-        mut rng: &mut R,
+        rng: &mut R,
     ) -> Result<Proof, Error> {
         let prover_key: &ProverKey;
 
@@ -619,7 +620,7 @@ impl Prover {
         prover_key = self.prover_key.as_ref().unwrap();
 
         let proof =
-            self.prove_with_preprocessed(commit_key, prover_key, &mut rng)?;
+            self.prove_with_preprocessed(commit_key, prover_key, rng)?;
 
         // Clear witness and reset composer variables
         self.clear_witness();

src/proof_system/widget/permutation/proverkey.rs

@@ -142,6 +142,7 @@ impl ProverKey {
             &self.s_sigma_4.0,
         );
 
+        // the poly is increased by 2 after blinding it
         let domain = EvaluationDomain::new(z_poly.degree() - 2).unwrap();
         let c = self.compute_linearizer_check_is_one(
             &domain,