diff --git a/src/spartan/mod.rs b/src/spartan/mod.rs index a03c1893c..d9911ff5d 100644 --- a/src/spartan/mod.rs +++ b/src/spartan/mod.rs @@ -1,7 +1,7 @@ //! This module implements RelaxedR1CSSNARKTrait using Spartan that is generic //! over the polynomial commitment and evaluation argument (i.e., a PCS) //! We provide two implementations, one in snark.rs (which does not use any preprocessing) -//! and another in ppsnark.rs (which uses preprocessing to keep the verifier's state small if the PCS scheme provides a succinct verifier) +//! and another in ppsnark.rs (which uses preprocessing to keep the verifier's state small if the PCS provides a succinct verifier) //! We also provide direct.rs that allows proving a step circuit directly with either of the two SNARKs. //! //! In polynomial.rs we also provide foundational types and functions for manipulating multilinear polynomials. diff --git a/src/spartan/polynomial.rs b/src/spartan/polynomial.rs index 93136b85a..169a5e92f 100644 --- a/src/spartan/polynomial.rs +++ b/src/spartan/polynomial.rs @@ -16,7 +16,7 @@ use crate::spartan::math::Math; /// /// The polynomial is defined by the formula: /// $$ -/// \tilde{eq}(x, e) = \prod_{i=0}^m(e_i * x_i + (1 - e_i) * (1 - x_i)) +/// \tilde{eq}(x, e) = \prod_{i=1}^m(e_i * x_i + (1 - e_i) * (1 - x_i)) /// $$ /// /// Each element in the vector `r` corresponds to a component $e_i$, representing a bit from the binary representation of an input value $e$. @@ -88,7 +88,7 @@ impl EqPolynomial { /// /// The implementation follows /// $$ -/// \tilde{Z}(x_1, ..., x_m) = \sum_{e\in {0,1}^m}Z(e)\cdot \prod_{i=0}^m(x_i\cdot e_i)\cdot (1-e_i) +/// \tilde{Z}(x_1, ..., x_m) = \sum_{e\in {0,1}^m}Z(e) \cdot \prod_{i=1}^m(x_i \cdot e_i + (1-x_i) \cdot (1-e_i)) /// $$ /// /// Vector $Z$ indicates $Z(e)$ where $e$ ranges from $0$ to $2^m-1$. @@ -134,7 +134,6 @@ impl MultilinearPolynomial { let n = self.len() / 2; let (left, right) = self.Z.split_at_mut(n); - let (right, _) = right.split_at(n); left .par_iter_mut() diff --git a/src/spartan/ppsnark.rs b/src/spartan/ppsnark.rs index 1fb913fe2..a9e4c18af 100644 --- a/src/spartan/ppsnark.rs +++ b/src/spartan/ppsnark.rs @@ -47,8 +47,14 @@ impl IdentityPolynomial { pub fn evaluate(&self, r: &[Scalar]) -> Scalar { assert_eq!(self.ell, r.len()); + let mut power_of_two = 1_u64; (0..self.ell) - .map(|i| Scalar::from(2_usize.pow((self.ell - i - 1) as u32) as u64) * r[i]) + .rev() + .map(|i| { + let result = Scalar::from(power_of_two) * r[i]; + power_of_two *= 2; + result + }) .fold(Scalar::ZERO, |acc, item| acc + item) } }