From 3bc248d26a48aa4fd51cc500bf2384f63f84c769 Mon Sep 17 00:00:00 2001
From: Jun-Hee-Lee <kkami920523@gmail.com>
Date: Thu, 17 Aug 2023 02:17:31 +0900
Subject: [PATCH 1/6] Refine comments

---
 src/spartan/mod.rs        | 2 +-
 src/spartan/polynomial.rs | 4 ++--
 src/spartan/ppsnark.rs    | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/spartan/mod.rs b/src/spartan/mod.rs
index a03c1893c..d9911ff5d 100644
--- a/src/spartan/mod.rs
+++ b/src/spartan/mod.rs
@@ -1,7 +1,7 @@
 //! This module implements RelaxedR1CSSNARKTrait using Spartan that is generic
 //! over the polynomial commitment and evaluation argument (i.e., a PCS)
 //! We provide two implementations, one in snark.rs (which does not use any preprocessing)
-//! and another in ppsnark.rs (which uses preprocessing to keep the verifier's state small if the PCS scheme provides a succinct verifier)
+//! and another in ppsnark.rs (which uses preprocessing to keep the verifier's state small if the PCS provides a succinct verifier)
 //! We also provide direct.rs that allows proving a step circuit directly with either of the two SNARKs.
 //!
 //! In polynomial.rs we also provide foundational types and functions for manipulating multilinear polynomials.
diff --git a/src/spartan/polynomial.rs b/src/spartan/polynomial.rs
index 93136b85a..bdfb9dffe 100644
--- a/src/spartan/polynomial.rs
+++ b/src/spartan/polynomial.rs
@@ -16,7 +16,7 @@ use crate::spartan::math::Math;
 ///
 /// The polynomial is defined by the formula:
 /// $$
-/// \tilde{eq}(x, e) = \prod_{i=0}^m(e_i * x_i + (1 - e_i) * (1 - x_i))
+/// \tilde{eq}(x, e) = \prod_{i=1}^m(e_i * x_i + (1 - e_i) * (1 - x_i))
 /// $$
 ///
 /// Each element in the vector `r` corresponds to a component $e_i$, representing a bit from the binary representation of an input value $e$.
@@ -88,7 +88,7 @@ impl<Scalar: PrimeField> EqPolynomial<Scalar> {
 ///
 /// The implementation follows
 /// $$
-/// \tilde{Z}(x_1, ..., x_m) = \sum_{e\in {0,1}^m}Z(e)\cdot \prod_{i=0}^m(x_i\cdot e_i)\cdot (1-e_i)
+/// \tilde{Z}(x_1, ..., x_m) = \sum_{e\in {0,1}^m}Z(e) \cdot \prod_{i=1}^m(x_i \cdot e_i + (1-x_i) \cdot (1-e_i))
 /// $$
 ///
 /// Vector $Z$ indicates $Z(e)$ where $e$ ranges from $0$ to $2^m-1$.
diff --git a/src/spartan/ppsnark.rs b/src/spartan/ppsnark.rs
index 1fb913fe2..476bf32a4 100644
--- a/src/spartan/ppsnark.rs
+++ b/src/spartan/ppsnark.rs
@@ -288,7 +288,7 @@ pub trait SumcheckEngine<G: Group> {
   /// the size of the polynomials
   fn size(&self) -> usize;
 
-  /// returns evaluation points at 0, 2, d-1 (where d is the degree of the sum-check polynomial)
+  /// returns evaluation points at 0, 2, 3 (where 3 is the degree of the sum-check polynomial)
   fn evaluation_points(&self) -> Vec<Vec<G::Scalar>>;
 
   /// bounds a variable in the constituent polynomials

From b8e4208992079b559d47d1096187a584f25409bb Mon Sep 17 00:00:00 2001
From: Jun-Hee-Lee <kkami920523@gmail.com>
Date: Thu, 17 Aug 2023 02:25:14 +0900
Subject: [PATCH 2/6] Eliminate redundant computation

---
 src/spartan/polynomial.rs | 1 -
 src/spartan/ppsnark.rs    | 9 +++++++--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/spartan/polynomial.rs b/src/spartan/polynomial.rs
index bdfb9dffe..169a5e92f 100644
--- a/src/spartan/polynomial.rs
+++ b/src/spartan/polynomial.rs
@@ -134,7 +134,6 @@ impl<Scalar: PrimeField> MultilinearPolynomial<Scalar> {
     let n = self.len() / 2;
 
     let (left, right) = self.Z.split_at_mut(n);
-    let (right, _) = right.split_at(n);
 
     left
       .par_iter_mut()
diff --git a/src/spartan/ppsnark.rs b/src/spartan/ppsnark.rs
index 476bf32a4..4b7a86ee6 100644
--- a/src/spartan/ppsnark.rs
+++ b/src/spartan/ppsnark.rs
@@ -47,8 +47,13 @@ impl<Scalar: PrimeField> IdentityPolynomial<Scalar> {
 
   pub fn evaluate(&self, r: &[Scalar]) -> Scalar {
     assert_eq!(self.ell, r.len());
-    (0..self.ell)
-      .map(|i| Scalar::from(2_usize.pow((self.ell - i - 1) as u32) as u64) * r[i])
+    let mut power_of_two = 1_u64;
+    (0..self.ell).rev()
+      .map(|i| {
+        let result = Scalar::from(power_of_two) * r[i];
+        power_of_two *= 2;
+        result
+      })
       .fold(Scalar::ZERO, |acc, item| acc + item)
   }
 }

From 5971b755806fc541c852fa4949c0214dbf8cbd0f Mon Sep 17 00:00:00 2001
From: Jun-Hee-Lee <kkami920523@gmail.com>
Date: Thu, 17 Aug 2023 07:23:35 +0900
Subject: [PATCH 3/6] 3bc248d26a48aa4fd51cc500bf2384f63f84c769 Revert "Refine
 comments"

This reverts commit 3bc248d26a48aa4fd51cc500bf2384f63f84c769.
---
 src/spartan/mod.rs        | 2 +-
 src/spartan/polynomial.rs | 4 ++--
 src/spartan/ppsnark.rs    | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/spartan/mod.rs b/src/spartan/mod.rs
index d9911ff5d..a03c1893c 100644
--- a/src/spartan/mod.rs
+++ b/src/spartan/mod.rs
@@ -1,7 +1,7 @@
 //! This module implements RelaxedR1CSSNARKTrait using Spartan that is generic
 //! over the polynomial commitment and evaluation argument (i.e., a PCS)
 //! We provide two implementations, one in snark.rs (which does not use any preprocessing)
-//! and another in ppsnark.rs (which uses preprocessing to keep the verifier's state small if the PCS provides a succinct verifier)
+//! and another in ppsnark.rs (which uses preprocessing to keep the verifier's state small if the PCS scheme provides a succinct verifier)
 //! We also provide direct.rs that allows proving a step circuit directly with either of the two SNARKs.
 //!
 //! In polynomial.rs we also provide foundational types and functions for manipulating multilinear polynomials.
diff --git a/src/spartan/polynomial.rs b/src/spartan/polynomial.rs
index 169a5e92f..8aa122f27 100644
--- a/src/spartan/polynomial.rs
+++ b/src/spartan/polynomial.rs
@@ -16,7 +16,7 @@ use crate::spartan::math::Math;
 ///
 /// The polynomial is defined by the formula:
 /// $$
-/// \tilde{eq}(x, e) = \prod_{i=1}^m(e_i * x_i + (1 - e_i) * (1 - x_i))
+/// \tilde{eq}(x, e) = \prod_{i=0}^m(e_i * x_i + (1 - e_i) * (1 - x_i))
 /// $$
 ///
 /// Each element in the vector `r` corresponds to a component $e_i$, representing a bit from the binary representation of an input value $e$.
@@ -88,7 +88,7 @@ impl<Scalar: PrimeField> EqPolynomial<Scalar> {
 ///
 /// The implementation follows
 /// $$
-/// \tilde{Z}(x_1, ..., x_m) = \sum_{e\in {0,1}^m}Z(e) \cdot \prod_{i=1}^m(x_i \cdot e_i + (1-x_i) \cdot (1-e_i))
+/// \tilde{Z}(x_1, ..., x_m) = \sum_{e\in {0,1}^m}Z(e)\cdot \prod_{i=0}^m(x_i\cdot e_i)\cdot (1-e_i)
 /// $$
 ///
 /// Vector $Z$ indicates $Z(e)$ where $e$ ranges from $0$ to $2^m-1$.
diff --git a/src/spartan/ppsnark.rs b/src/spartan/ppsnark.rs
index 4b7a86ee6..f145b82fd 100644
--- a/src/spartan/ppsnark.rs
+++ b/src/spartan/ppsnark.rs
@@ -293,7 +293,7 @@ pub trait SumcheckEngine<G: Group> {
   /// the size of the polynomials
   fn size(&self) -> usize;
 
-  /// returns evaluation points at 0, 2, 3 (where 3 is the degree of the sum-check polynomial)
+  /// returns evaluation points at 0, 2, d-1 (where d is the degree of the sum-check polynomial)
   fn evaluation_points(&self) -> Vec<Vec<G::Scalar>>;
 
   /// bounds a variable in the constituent polynomials

From d0879d4b8947e1179051d6010d726542e04ddc78 Mon Sep 17 00:00:00 2001
From: Jun-Hee-Lee <kkami920523@gmail.com>
Date: Thu, 17 Aug 2023 07:29:55 +0900
Subject: [PATCH 4/6] Revert "Eliminate redundant computation"

This reverts commit b8e4208992079b559d47d1096187a584f25409bb.
---
 src/spartan/polynomial.rs | 1 +
 src/spartan/ppsnark.rs    | 9 ++-------
 2 files changed, 3 insertions(+), 7 deletions(-)

diff --git a/src/spartan/polynomial.rs b/src/spartan/polynomial.rs
index 8aa122f27..93136b85a 100644
--- a/src/spartan/polynomial.rs
+++ b/src/spartan/polynomial.rs
@@ -134,6 +134,7 @@ impl<Scalar: PrimeField> MultilinearPolynomial<Scalar> {
     let n = self.len() / 2;
 
     let (left, right) = self.Z.split_at_mut(n);
+    let (right, _) = right.split_at(n);
 
     left
       .par_iter_mut()
diff --git a/src/spartan/ppsnark.rs b/src/spartan/ppsnark.rs
index f145b82fd..1fb913fe2 100644
--- a/src/spartan/ppsnark.rs
+++ b/src/spartan/ppsnark.rs
@@ -47,13 +47,8 @@ impl<Scalar: PrimeField> IdentityPolynomial<Scalar> {
 
   pub fn evaluate(&self, r: &[Scalar]) -> Scalar {
     assert_eq!(self.ell, r.len());
-    let mut power_of_two = 1_u64;
-    (0..self.ell).rev()
-      .map(|i| {
-        let result = Scalar::from(power_of_two) * r[i];
-        power_of_two *= 2;
-        result
-      })
+    (0..self.ell)
+      .map(|i| Scalar::from(2_usize.pow((self.ell - i - 1) as u32) as u64) * r[i])
       .fold(Scalar::ZERO, |acc, item| acc + item)
   }
 }

From 8c7e5eff9b91cdef68d4626ede6566ee87db13e2 Mon Sep 17 00:00:00 2001
From: Jun-Hee-Lee <kkami920523@gmail.com>
Date: Thu, 17 Aug 2023 07:38:28 +0900
Subject: [PATCH 5/6] Fix comments typos

---
 src/spartan/mod.rs        | 2 +-
 src/spartan/polynomial.rs | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/spartan/mod.rs b/src/spartan/mod.rs
index a03c1893c..d9911ff5d 100644
--- a/src/spartan/mod.rs
+++ b/src/spartan/mod.rs
@@ -1,7 +1,7 @@
 //! This module implements RelaxedR1CSSNARKTrait using Spartan that is generic
 //! over the polynomial commitment and evaluation argument (i.e., a PCS)
 //! We provide two implementations, one in snark.rs (which does not use any preprocessing)
-//! and another in ppsnark.rs (which uses preprocessing to keep the verifier's state small if the PCS scheme provides a succinct verifier)
+//! and another in ppsnark.rs (which uses preprocessing to keep the verifier's state small if the PCS provides a succinct verifier)
 //! We also provide direct.rs that allows proving a step circuit directly with either of the two SNARKs.
 //!
 //! In polynomial.rs we also provide foundational types and functions for manipulating multilinear polynomials.
diff --git a/src/spartan/polynomial.rs b/src/spartan/polynomial.rs
index 93136b85a..bdfb9dffe 100644
--- a/src/spartan/polynomial.rs
+++ b/src/spartan/polynomial.rs
@@ -16,7 +16,7 @@ use crate::spartan::math::Math;
 ///
 /// The polynomial is defined by the formula:
 /// $$
-/// \tilde{eq}(x, e) = \prod_{i=0}^m(e_i * x_i + (1 - e_i) * (1 - x_i))
+/// \tilde{eq}(x, e) = \prod_{i=1}^m(e_i * x_i + (1 - e_i) * (1 - x_i))
 /// $$
 ///
 /// Each element in the vector `r` corresponds to a component $e_i$, representing a bit from the binary representation of an input value $e$.
@@ -88,7 +88,7 @@ impl<Scalar: PrimeField> EqPolynomial<Scalar> {
 ///
 /// The implementation follows
 /// $$
-/// \tilde{Z}(x_1, ..., x_m) = \sum_{e\in {0,1}^m}Z(e)\cdot \prod_{i=0}^m(x_i\cdot e_i)\cdot (1-e_i)
+/// \tilde{Z}(x_1, ..., x_m) = \sum_{e\in {0,1}^m}Z(e) \cdot \prod_{i=1}^m(x_i \cdot e_i + (1-x_i) \cdot (1-e_i))
 /// $$
 ///
 /// Vector $Z$ indicates $Z(e)$ where $e$ ranges from $0$ to $2^m-1$.

From 4fa27e259b3491f3ffc08da78dd5b2689115e0de Mon Sep 17 00:00:00 2001
From: Jun-Hee-Lee <kkami920523@gmail.com>
Date: Thu, 17 Aug 2023 07:39:55 +0900
Subject: [PATCH 6/6] Eliminate redundant computation

---
 src/spartan/polynomial.rs | 1 -
 src/spartan/ppsnark.rs    | 8 +++++++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/spartan/polynomial.rs b/src/spartan/polynomial.rs
index bdfb9dffe..169a5e92f 100644
--- a/src/spartan/polynomial.rs
+++ b/src/spartan/polynomial.rs
@@ -134,7 +134,6 @@ impl<Scalar: PrimeField> MultilinearPolynomial<Scalar> {
     let n = self.len() / 2;
 
     let (left, right) = self.Z.split_at_mut(n);
-    let (right, _) = right.split_at(n);
 
     left
       .par_iter_mut()
diff --git a/src/spartan/ppsnark.rs b/src/spartan/ppsnark.rs
index 1fb913fe2..a9e4c18af 100644
--- a/src/spartan/ppsnark.rs
+++ b/src/spartan/ppsnark.rs
@@ -47,8 +47,14 @@ impl<Scalar: PrimeField> IdentityPolynomial<Scalar> {
 
   pub fn evaluate(&self, r: &[Scalar]) -> Scalar {
     assert_eq!(self.ell, r.len());
+    let mut power_of_two = 1_u64;
     (0..self.ell)
-      .map(|i| Scalar::from(2_usize.pow((self.ell - i - 1) as u32) as u64) * r[i])
+      .rev()
+      .map(|i| {
+        let result = Scalar::from(power_of_two) * r[i];
+        power_of_two *= 2;
+        result
+      })
       .fold(Scalar::ZERO, |acc, item| acc + item)
   }
 }