Use divide_with_q_and_r, rename skip_first_zero_coeffs

Co-authored-by: han0110 <[email protected]>
privacy-scaling-explorations · Jan 25, 2024 · 37c4285 · 37c4285
1 parent 586d3d2
commit 37c4285
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 15 deletions.
diff --git a/src/commitment/kzg.rs b/src/commitment/kzg.rs
@@ -13,8 +13,8 @@
 use ark_ec::{pairing::Pairing, CurveGroup, VariableBaseMSM};
 use ark_ff::PrimeField;
 use ark_poly::{
-    univariate::DensePolynomial, DenseUVPolynomial, EvaluationDomain, Evaluations,
-    GeneralEvaluationDomain, Polynomial,
+    univariate::{DenseOrSparsePolynomial, DensePolynomial},
+    DenseUVPolynomial, EvaluationDomain, Evaluations, GeneralEvaluationDomain, Polynomial,
 };
 use ark_poly_commit::kzg10::{VerifierKey, KZG10};
 use ark_std::rand::Rng;
@@ -94,7 +94,7 @@ where
         check_degree_is_too_large(polynomial.degree(), params.powers_of_g.len())?;
 
         let (num_leading_zeros, plain_coeffs) =
-            skip_leading_zeros_and_convert_to_bigints(&polynomial);
+            skip_first_zero_coeffs_and_convert_to_bigints(&polynomial);
         let commitment = <C as VariableBaseMSM>::msm_bigint(
             &params.powers_of_g[num_leading_zeros..],
             &plain_coeffs,
@@ -130,17 +130,23 @@ where
             -challenge,
             C::ScalarField::one(),
         ]);
-        let witness_poly: DensePolynomial<C::ScalarField> = &polynomial / &divisor;
+        let (witness_poly, remainder_poly) = DenseOrSparsePolynomial::from(&polynomial)
+            .divide_with_q_and_r(&DenseOrSparsePolynomial::from(&divisor))
+            // the panic inside `divide_with_q_and_r` should never be reached, since the divisor
+            // polynomial is constructed right before and is set to not be zero. And the `.unwrap`
+            // should not give an error.
+            .unwrap();
+        let evaluation = remainder_poly[0];
 
         check_degree_is_too_large(witness_poly.degree(), params.powers_of_g.len())?;
         let (num_leading_zeros, witness_coeffs) =
-            skip_leading_zeros_and_convert_to_bigints(&witness_poly);
+            skip_first_zero_coeffs_and_convert_to_bigints(&witness_poly);
         let proof = <C as VariableBaseMSM>::msm_bigint(
             &params.powers_of_g[num_leading_zeros..],
             &witness_coeffs,
         );
 
-        Ok((polynomial.evaluate(&challenge), proof))
+        Ok((evaluation, proof))
     }
 }
 
@@ -166,7 +172,7 @@ fn check_degree_is_too_large(
     }
 }
 
-fn skip_leading_zeros_and_convert_to_bigints<F: PrimeField, P: DenseUVPolynomial<F>>(
+fn skip_first_zero_coeffs_and_convert_to_bigints<F: PrimeField, P: DenseUVPolynomial<F>>(
     p: &P,
 ) -> (usize, Vec<F::BigInt>) {
     let mut num_leading_zeros = 0;

diff --git a/src/commitment/mod.rs b/src/commitment/mod.rs
@@ -47,12 +47,12 @@ mod tests {
 
     // Computes the commitment of the two vectors using the given CommitmentProver, then computes
     // their random linear combination, and returns it together with the proof of it.
-    fn commit_rlc_and_proof<C: CurveGroup, CP: CommitmentProver<C>>(
+    fn commit_rlc_and_prove<C: CurveGroup, CP: CommitmentProver<C>>(
         poseidon_config: &PoseidonConfig<C::ScalarField>,
         params: &CP::Params,
         r: C::ScalarField,
-        v_1: Vec<C::ScalarField>,
-        v_2: Vec<C::ScalarField>,
+        v_1: &[C::ScalarField],
+        v_2: &[C::ScalarField],
     ) -> Result<(C, CP::Proof), Error>
     where
         <C as ark_ec::Group>::ScalarField: Absorb,
@@ -62,7 +62,7 @@ mod tests {
 
         // random linear combination of the commitment and the witness (vector v)
         let cm_3 = cm_1 + cm_2.mul(r);
-        let v_3: Vec<C::ScalarField> = v_1.iter().zip(&v_2).map(|(a, b)| *a + (r * b)).collect();
+        let v_3: Vec<C::ScalarField> = v_1.iter().zip(v_2).map(|(a, b)| *a + (r * b)).collect();
 
         let transcript = &mut PoseidonTranscript::<C>::new(poseidon_config);
         let proof = CP::prove(params, transcript, &cm_3, &v_3, &C::ScalarField::zero()).unwrap();
@@ -88,18 +88,18 @@ mod tests {
             KZGSetup::<Bn254>::setup(rng, n);
 
         // Pedersen commit the two vectors and return their random linear combination and proof
-        let (pedersen_cm, pedersen_proof) = commit_rlc_and_proof::<G1, Pedersen<G1>>(
+        let (pedersen_cm, pedersen_proof) = commit_rlc_and_prove::<G1, Pedersen<G1>>(
             &poseidon_config,
             &pedersen_params,
             r,
-            v_1.clone(),
-            v_2.clone(),
+            &v_1,
+            &v_2,
         )
         .unwrap();
 
         // KZG commit the two vectors and return their random linear combination and proof
         let (kzg_cm, kzg_proof) =
-            commit_rlc_and_proof::<G1, KZGProver<G1>>(&poseidon_config, &kzg_pk, r, v_1, v_2)
+            commit_rlc_and_prove::<G1, KZGProver<G1>>(&poseidon_config, &kzg_pk, r, &v_1, &v_2)
                 .unwrap();
 
         // verify Pedersen