You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Have explicit struct members of the a,b,c polynomials currently stored as a single vector W_polys_blinded_at_secret_g1[a,b,c] in the plonk_proof class. Similarly, have explicit struct members for the q_L, q_R, q_O, q_M, a_C selector polynomials currently stored as a single vector Q_polys in the circuit struct.
Do not store the Lagrange basis L_basis explicitly (e.g. as part of the srs class and circuit_t struct). Instead compute it on-the-fly as needed. For the purpose store the domain instead (obtained through libfqfft::get_evaluation_domain<Field>()) in the srs and circuit_t and pass this as input to functions that use the L_basis parameter.
Related to 2.: create the domain once (using libfqfft::get_evaluation_domain<Field>()) and carry it around as necessary. See [BASE] Plonk #49 (comment)
In all header files: leave only functions that are externally visible to calling code. If a function is only used "internally" in the implementation then just leave it in the .tcc (and not in the .hpp), potentially in the internal namespace (to hide it from other code). See also discussion: [BASE] Plonk #49 (comment)
Move the plonk main directory from zk_proof_systems/ to zk_proof_systems/ppzksnark/ since technically Plonk is a pre-processed zk-SNARK (ppzksnark).
Make sure that all functions do not rely on the caller for allocating the correct sizes of the return parameters. Make the latter to be allocated inside the functions that compute them. See also [BASE] Plonk #49 (comment)
When throwing an exception, it should not be up to the function that throws it to decide how it should be handled. Catch and handle must be done by the caller instead, who may wish to handle it in some way other than exiting the process, like retrying. See [BASE] Plonk #49 (comment) , [BASE] Plonk #49 (comment) , [BASE] Plonk #49 (comment)
Break down the long functions plonk_prover<ppT>::round_five() and plonk_prover<ppT>::round_three() into several sub-functions for the purposes of unit testing and readability (see next). See [BASE] Plonk #49 (comment)
Compute the challenges alpha, beta, gamma, zeta, nu, u using a hash function rather than passing them as pre-computed inputs as part of the transcript_hash_t structure. The latter is done now for the purposes of unit testing. In the long run we might want something like a transcript_hasher which can accept field and group elements as they are available, and then output a digest when required. See discussion at [BASE] Plonk #49 (comment) and [BASE] Plonk #49 (comment)
Have explicit
structmembers of thea,b,cpolynomials currently stored as a single vectorW_polys_blinded_at_secret_g1[a,b,c]in theplonk_proofclass. Similarly, have explicitstructmembers for theq_L, q_R, q_O, q_M, a_Cselector polynomials currently stored as a single vectorQ_polysin thecircuitstruct.Do not store the Lagrange basis
L_basisexplicitly (e.g. as part of thesrsclass andcircuit_tstruct). Instead compute it on-the-fly as needed. For the purpose store the domain instead (obtained throughlibfqfft::get_evaluation_domain<Field>()) in thesrsandcircuit_tand pass this as input to functions that use theL_basisparameter.Related to 2.: create the
domainonce (usinglibfqfft::get_evaluation_domain<Field>()) and carry it around as necessary. See [BASE] Plonk #49 (comment)In all header files: leave only functions that are externally visible to calling code. If a function is only used "internally" in the implementation then just leave it in the
.tcc(and not in the.hpp), potentially in theinternal namespace(to hide it from other code). See also discussion: [BASE] Plonk #49 (comment)Move the
print_vectorfunction https://github.com/clearmatics/libsnark/blob/plonk/libsnark/zk_proof_systems/plonk/utils.tcc#L19-L25 tolibff/.../field_utils.hpp. (Nice print functions in libff stream operators and old serialization code libff#70)Move the
plonkmain directory fromzk_proof_systems/tozk_proof_systems/ppzksnark/since technically Plonk is a pre-processed zk-SNARK (ppzksnark).Make sure that all functions do not rely on the caller for allocating the correct sizes of the return parameters. Make the latter to be allocated inside the functions that compute them. See also [BASE] Plonk #49 (comment)
When throwing an exception, it should not be up to the function that throws it to decide how it should be handled. Catch and handle must be done by the caller instead, who may wish to handle it in some way other than exiting the process, like retrying. See [BASE] Plonk #49 (comment) , [BASE] Plonk #49 (comment) , [BASE] Plonk #49 (comment)
Break down the long functions
plonk_prover<ppT>::round_five()andplonk_prover<ppT>::round_three()into several sub-functions for the purposes of unit testing and readability (see next). See [BASE] Plonk #49 (comment)Have a separate unit test under
tests/to verify the value ofr_poly,W_zetaandW_zeta_omegainplonk_prover<ppT>::round_five(). See [BASE] Plonk #49 (comment) and [BASE] Plonk #49 (comment)Compute the challenges
alpha, beta, gamma, zeta, nu, uusing a hash function rather than passing them as pre-computed inputs as part of thetranscript_hash_tstructure. The latter is done now for the purposes of unit testing. In the long run we might want something like atranscript_hasherwhich can accept field and group elements as they are available, and then output a digest when required. See discussion at [BASE] Plonk #49 (comment) and [BASE] Plonk #49 (comment)