fullcodec_plonk/proof_system/widget/ecc/curve_addition/
proverkey.rs

1// This Source Code Form is subject to the terms of the Mozilla Public
2// License, v. 2.0. If a copy of the MPL was not distributed with this
3// file, You can obtain one at http://mozilla.org/MPL/2.0/.
4//
5// Copyright (c) DUSK NETWORK. All rights reserved.
6
7use crate::fft::{Evaluations, Polynomial};
8use dusk_bls12_381::BlsScalar;
9use dusk_jubjub::EDWARDS_D;
10
11#[derive(Debug, Eq, PartialEq, Clone)]
12pub(crate) struct ProverKey {
13    pub(crate) q_variable_group_add: (Polynomial, Evaluations),
14}
15
16impl ProverKey {
17    pub(crate) fn compute_quotient_i(
18        &self,
19        index: usize,
20        curve_add_separation_challenge: &BlsScalar,
21        w_l_i: &BlsScalar,      // x_1
22        w_l_i_next: &BlsScalar, // x_3
23        w_r_i: &BlsScalar,      // y_1
24        w_r_i_next: &BlsScalar, // y_3
25        w_o_i: &BlsScalar,      // x_2
26        w_4_i: &BlsScalar,      // y_2
27        w_4_i_next: &BlsScalar, // x_1 * y_2
28    ) -> BlsScalar {
29        let q_variable_group_add_i = &self.q_variable_group_add.1[index];
30
31        let kappa = curve_add_separation_challenge.square();
32
33        let x_1 = w_l_i;
34        let x_3 = w_l_i_next;
35        let y_1 = w_r_i;
36        let y_3 = w_r_i_next;
37        let x_2 = w_o_i;
38        let y_2 = w_4_i;
39        let x1_y2 = w_4_i_next;
40
41        // Checks
42        //
43        // Check x1 * y2 is correct
44        let xy_consistency = x_1 * y_2 - x1_y2;
45
46        let y1_x2 = y_1 * x_2;
47        let y1_y2 = y_1 * y_2;
48        let x1_x2 = x_1 * x_2;
49
50        // Check x_3 is correct
51        let x3_lhs = x1_y2 + y1_x2;
52        let x3_rhs = x_3 + (x_3 * EDWARDS_D * x1_y2 * y1_x2);
53        let x3_consistency = (x3_lhs - x3_rhs) * kappa;
54
55        // // Check y_3 is correct
56        let y3_lhs = y1_y2 + x1_x2;
57        let y3_rhs = y_3 - y_3 * EDWARDS_D * x1_y2 * y1_x2;
58        let y3_consistency = (y3_lhs - y3_rhs) * kappa.square();
59
60        let identity = xy_consistency + x3_consistency + y3_consistency;
61
62        identity * q_variable_group_add_i * curve_add_separation_challenge
63    }
64
65    pub(crate) fn compute_linearisation(
66        &self,
67        curve_add_separation_challenge: &BlsScalar,
68        a_eval: &BlsScalar,
69        a_next_eval: &BlsScalar,
70        b_eval: &BlsScalar,
71        b_next_eval: &BlsScalar,
72        c_eval: &BlsScalar,
73        d_eval: &BlsScalar,
74        d_next_eval: &BlsScalar,
75    ) -> Polynomial {
76        let q_variable_group_add_poly = &self.q_variable_group_add.0;
77
78        let kappa = curve_add_separation_challenge.square();
79
80        let x_1 = a_eval;
81        let x_3 = a_next_eval;
82        let y_1 = b_eval;
83        let y_3 = b_next_eval;
84        let x_2 = c_eval;
85        let y_2 = d_eval;
86        let x1_y2 = d_next_eval;
87
88        // Checks
89        //
90        // Check x1 * y2 is correct
91        let xy_consistency = x_1 * y_2 - x1_y2;
92
93        let y1_x2 = y_1 * x_2;
94        let y1_y2 = y_1 * y_2;
95        let x1_x2 = x_1 * x_2;
96
97        // Check x_3 is correct
98        let x3_lhs = x1_y2 + y1_x2;
99        let x3_rhs = x_3 + (x_3 * (EDWARDS_D * x1_y2 * y1_x2));
100        let x3_consistency = (x3_lhs - x3_rhs) * kappa;
101
102        // Check y_3 is correct
103        let y3_lhs = y1_y2 + x1_x2;
104        let y3_rhs = y_3 - y_3 * EDWARDS_D * x1_y2 * y1_x2;
105        let y3_consistency = (y3_lhs - y3_rhs) * kappa.square();
106
107        let identity = xy_consistency + x3_consistency + y3_consistency;
108
109        q_variable_group_add_poly * &(identity * curve_add_separation_challenge)
110    }
111}