diff --git a/common/src/gadgets/ec/mod.rs b/common/src/gadgets/ec/mod.rs new file mode 100644 index 0000000..6f71d69 --- /dev/null +++ b/common/src/gadgets/ec/mod.rs @@ -0,0 +1,115 @@ +use crate::domain::Domain; +use crate::gadgets::booleanity::BitColumn; +use crate::{Column, FieldColumn}; +use ark_ec::{AffineRepr, CurveGroup}; +use ark_ff::{FftField, Field}; +use ark_serialize::{CanonicalDeserialize, CanonicalSerialize}; +use ark_std::marker::PhantomData; +use ark_std::vec::Vec; + +pub mod sw_cond_add; +pub mod te_cond_add; + +// A vec of affine points from the prime-order subgroup of the curve whose base field enables FFTs, +// and its convenience representation as columns of coordinates over the curve's base field. +#[derive(Clone, CanonicalSerialize, CanonicalDeserialize)] +pub struct AffineColumn> { + points: Vec

, + pub xs: FieldColumn, + pub ys: FieldColumn, +} + +impl> AffineColumn { + fn column(points: Vec

, domain: &Domain, hidden: bool) -> Self { + assert!(points.iter().all(|p| !p.is_zero())); + let (xs, ys) = points.iter().map(|p| p.xy().unwrap()).unzip(); + let xs = domain.column(xs, hidden); + let ys = domain.column(ys, hidden); + Self { points, xs, ys } + } + pub fn private_column(points: Vec

, domain: &Domain) -> Self { + Self::column(points, domain, true) + } + + pub fn public_column(points: Vec

, domain: &Domain) -> Self { + Self::column(points, domain, false) + } + + pub fn evaluate(&self, z: &F) -> (F, F) { + (self.xs.evaluate(z), self.ys.evaluate(z)) + } +} + +// Conditional affine addition: +// if the bit is set for a point, add the point to the acc and store, +// otherwise copy the acc value +pub struct CondAdd> { + bitmask: BitColumn, + points: AffineColumn, + // The polynomial `X - w^{n-1}` in the Lagrange basis + not_last: FieldColumn, + // Accumulates the (conditional) rolling sum of the points + pub acc: AffineColumn, + pub result: P, +} + +impl> CondAdd +where + F: FftField, +{ + // Populates the acc column starting from the supplied seed (as 0 doesn't have an affine SW representation). + // As the SW addition formula used is not complete, the seed must be selected in a way that would prevent + // exceptional cases (doublings or adding the opposite point). + // The last point of the input column is ignored, as adding it would made the acc column overflow due the initial point. + pub fn init( + bitmask: BitColumn, + points: AffineColumn, + seed: P, + domain: &Domain, + ) -> Self { + assert_eq!(bitmask.bits.len(), domain.capacity - 1); + assert_eq!(points.points.len(), domain.capacity - 1); + let not_last = domain.not_last_row.clone(); + let acc = bitmask + .bits + .iter() + .zip(points.points.iter()) + .scan(seed, |acc, (&b, point)| { + if b { + *acc = (*acc + point).into_affine(); + } + Some(*acc) + }); + let acc: Vec<_> = ark_std::iter::once(seed).chain(acc).collect(); + let init_plus_result = acc.last().unwrap(); + let result = init_plus_result.into_group() - seed.into_group(); + let result = result.into_affine(); + let acc = AffineColumn::private_column(acc, domain); + + Self { + bitmask, + points, + acc, + not_last, + result, + } + } + + fn evaluate_assignment(&self, z: &F) -> CondAddValues { + CondAddValues { + bitmask: self.bitmask.evaluate(z), + points: self.points.evaluate(z), + not_last: self.not_last.evaluate(z), + acc: self.acc.evaluate(z), + _phantom: PhantomData, + } + } +} + +pub struct CondAddValues> { + pub bitmask: F, + pub points: (F, F), + pub not_last: F, + pub acc: (F, F), + pub _phantom: PhantomData

, +} diff --git a/common/src/gadgets/sw_cond_add.rs b/common/src/gadgets/ec/sw_cond_add.rs similarity index 58% rename from common/src/gadgets/sw_cond_add.rs rename to common/src/gadgets/ec/sw_cond_add.rs index a0fdb3d..ab84645 100644 --- a/common/src/gadgets/sw_cond_add.rs +++ b/common/src/gadgets/ec/sw_cond_add.rs @@ -1,118 +1,12 @@ use ark_ec::short_weierstrass::{Affine, SWCurveConfig}; -use ark_ec::{AffineRepr, CurveGroup}; use ark_ff::{FftField, Field}; use ark_poly::univariate::DensePolynomial; use ark_poly::{Evaluations, GeneralEvaluationDomain}; -use ark_serialize::{CanonicalDeserialize, CanonicalSerialize}; use ark_std::{vec, vec::Vec}; -use crate::domain::Domain; -use crate::gadgets::booleanity::BitColumn; +use crate::gadgets::ec::{CondAdd, CondAddValues}; use crate::gadgets::{ProverGadget, VerifierGadget}; -use crate::{const_evals, Column, FieldColumn}; - -// A vec of affine points from the prime-order subgroup of the curve whose base field enables FFTs, -// and its convenience representation as columns of coordinates over the curve's base field. -#[derive(Clone, CanonicalSerialize, CanonicalDeserialize)] -pub struct AffineColumn> { - points: Vec

, - pub xs: FieldColumn, - pub ys: FieldColumn, -} - -impl> AffineColumn { - fn column(points: Vec

, domain: &Domain, hidden: bool) -> Self { - assert!(points.iter().all(|p| !p.is_zero())); - let (xs, ys) = points.iter().map(|p| p.xy().unwrap()).unzip(); - let xs = domain.column(xs, hidden); - let ys = domain.column(ys, hidden); - Self { points, xs, ys } - } - pub fn private_column(points: Vec

, domain: &Domain) -> Self { - Self::column(points, domain, true) - } - - pub fn public_column(points: Vec

, domain: &Domain) -> Self { - Self::column(points, domain, false) - } - - pub fn evaluate(&self, z: &F) -> (F, F) { - (self.xs.evaluate(z), self.ys.evaluate(z)) - } -} - -// Conditional affine addition: -// if the bit is set for a point, add the point to the acc and store, -// otherwise copy the acc value -pub struct CondAdd> { - bitmask: BitColumn, - points: AffineColumn, - // The polynomial `X - w^{n-1}` in the Lagrange basis - not_last: FieldColumn, - // Accumulates the (conditional) rolling sum of the points - pub acc: AffineColumn, - pub result: P, -} - -pub struct CondAddValues { - pub bitmask: F, - pub points: (F, F), - pub not_last: F, - pub acc: (F, F), -} - -impl CondAdd> -where - F: FftField, - Curve: SWCurveConfig, -{ - // Populates the acc column starting from the supplied seed (as 0 doesn't have an affine SW representation). - // As the SW addition formula used is not complete, the seed must be selected in a way that would prevent - // exceptional cases (doublings or adding the opposite point). - // The last point of the input column is ignored, as adding it would made the acc column overflow due the initial point. - pub fn init( - bitmask: BitColumn, - points: AffineColumn>, - seed: Affine, - domain: &Domain, - ) -> Self { - assert_eq!(bitmask.bits.len(), domain.capacity - 1); - assert_eq!(points.points.len(), domain.capacity - 1); - let not_last = domain.not_last_row.clone(); - let acc = bitmask - .bits - .iter() - .zip(points.points.iter()) - .scan(seed, |acc, (&b, point)| { - if b { - *acc = (*acc + point).into_affine(); - } - Some(*acc) - }); - let acc: Vec<_> = ark_std::iter::once(seed).chain(acc).collect(); - let init_plus_result = acc.last().unwrap(); - let result = init_plus_result.into_group() - seed.into_group(); - let result = result.into_affine(); - let acc = AffineColumn::private_column(acc, domain); - - Self { - bitmask, - points, - acc, - not_last, - result, - } - } - - fn evaluate_assignment(&self, z: &F) -> CondAddValues { - CondAddValues { - bitmask: self.bitmask.evaluate(z), - points: self.points.evaluate(z), - not_last: self.not_last.evaluate(z), - acc: self.acc.evaluate(z), - } - } -} +use crate::{const_evals, Column}; impl ProverGadget for CondAdd> where @@ -196,35 +90,7 @@ where } } -impl VerifierGadget for CondAddValues { - fn evaluate_constraints_main(&self) -> Vec { - let b = self.bitmask; - let (x1, y1) = self.acc; - let (x2, y2) = self.points; - let (x3, y3) = (F::zero(), F::zero()); - - #[rustfmt::skip] - let mut c1 = - b * ( - (x1 - x2) * (x1 - x2) * (x1 + x2 + x3) - - (y2 - y1) * (y2 - y1) - ) + (F::one() - b) * (y3 - y1); - - #[rustfmt::skip] - let mut c2 = - b * ( - (x1 - x2) * (y3 + y1) - - (y2 - y1) * (x3 - x1) - ) + (F::one() - b) * (x3 - x1); - - c1 *= self.not_last; - c2 *= self.not_last; - - vec![c1, c2] - } -} - -impl CondAddValues { +impl> CondAddValues> { pub fn acc_coeffs_1(&self) -> (F, F) { let b = self.bitmask; let (x1, _y1) = self.acc; @@ -254,15 +120,46 @@ impl CondAddValues { } } +impl> VerifierGadget for CondAddValues> { + fn evaluate_constraints_main(&self) -> Vec { + let b = self.bitmask; + let (x1, y1) = self.acc; + let (x2, y2) = self.points; + let (x3, y3) = (F::zero(), F::zero()); + + #[rustfmt::skip] + let mut c1 = + b * ( + (x1 - x2) * (x1 - x2) * (x1 + x2 + x3) + - (y2 - y1) * (y2 - y1) + ) + (F::one() - b) * (y3 - y1); + + #[rustfmt::skip] + let mut c2 = + b * ( + (x1 - x2) * (y3 + y1) + - (y2 - y1) * (x3 - x1) + ) + (F::one() - b) * (x3 - x1); + + c1 *= self.not_last; + c2 *= self.not_last; + + vec![c1, c2] + } +} + #[cfg(test)] mod tests { + use crate::domain::Domain; + use crate::gadgets::booleanity::BitColumn; + use crate::gadgets::ec::AffineColumn; + use crate::test_helpers::cond_sum; + use crate::test_helpers::*; + use ark_ec::AffineRepr; use ark_ed_on_bls12_381_bandersnatch::SWAffine; use ark_poly::Polynomial; use ark_std::test_rng; - use crate::test_helpers::cond_sum; - use crate::test_helpers::*; - use super::*; fn _test_sw_cond_add_gadget(hiding: bool) { diff --git a/common/src/gadgets/ec/te_cond_add.rs b/common/src/gadgets/ec/te_cond_add.rs new file mode 100644 index 0000000..f411c81 --- /dev/null +++ b/common/src/gadgets/ec/te_cond_add.rs @@ -0,0 +1,203 @@ +use ark_ec::twisted_edwards::{Affine, TECurveConfig}; +use ark_ff::{FftField, Field}; +use ark_poly::univariate::DensePolynomial; +use ark_poly::{Evaluations, GeneralEvaluationDomain}; +use ark_std::{vec, vec::Vec}; + +use crate::gadgets::ec::{CondAdd, CondAddValues}; +use crate::gadgets::{ProverGadget, VerifierGadget}; +use crate::{const_evals, Column}; + +impl ProverGadget for CondAdd> +where + F: FftField, + Curve: TECurveConfig, +{ + fn witness_columns(&self) -> Vec> { + vec![self.acc.xs.poly.clone(), self.acc.ys.poly.clone()] + } + + fn constraints(&self) -> Vec> { + let domain = self.bitmask.domain_4x(); + let b = &self.bitmask.col.evals_4x; + let one = &const_evals(F::one(), domain); + let te_a_coeff = &const_evals(Curve::COEFF_A, domain); + let (x1, y1) = (&self.acc.xs.evals_4x, &self.acc.ys.evals_4x); + let (x2, y2) = (&self.points.xs.evals_4x, &self.points.ys.evals_4x); + let (x3, y3) = (&self.acc.xs.shifted_4x(), &self.acc.ys.shifted_4x()); + + //b (x_3 (y_1 y_2 + ax_1 x_2) - x_1 y_1 - y_2 x_2) + (1 - b) (x_3 - x_1) = 0 + #[rustfmt::skip] + let mut c1 = + &( + b * + &( + &( + x3 * + &( + &(y1 * y2) + + + &(te_a_coeff * + &(x1 * x2) + ) + ) + ) + - + &( + &(x1 * y1) + &(y2* x2) + ) + ) + ) + + &( + &(one - b) * &(x3 - x1) + ); + + //b (y_3 (x_1 y_2 - x_2 y_1) - x_1 y_1 + x_2 y_2) + (1 - b) (y_3 - y_1) = 0 + #[rustfmt::skip] + let mut c2 = + &( + b * + &( &(y3 * + &( + &(x1 * y2) - &(x2 * y1))) - + &(&(x1 * y1) - &(x2 * y2)) + ) + ) + + + &( + &(one - b) * &(y3 - y1) + ); + + let not_last = &self.not_last.evals_4x; + c1 *= not_last; + c2 *= not_last; + + vec![c1, c2] + } + + /// Mary-Oana Linearization technique. See: https://hackmd.io/0kdBl3GVSmmcB7QJe1NTuw?view#Linearization + fn constraints_linearized(&self, z: &F) -> Vec> { + let vals = self.evaluate_assignment(z); + let acc_x = self.acc.xs.as_poly(); + let acc_y = self.acc.ys.as_poly(); + + let (c_acc_x, c_acc_y) = vals.acc_coeffs_1(); + let c1_lin = acc_x * c_acc_x + acc_y * c_acc_y; //though acc_y is 0 + + let (c_acc_x, c_acc_y) = vals.acc_coeffs_2(); + let c2_lin = acc_x * c_acc_x + acc_y * c_acc_y; //though acc_x is 0 + + vec![c1_lin, c2_lin] + } + + fn domain(&self) -> GeneralEvaluationDomain { + self.bitmask.domain() + } +} + +impl> CondAddValues> { + pub fn acc_coeffs_1(&self) -> (F, F) { + let b = self.bitmask; + let (x1, y1) = self.acc; + let (x2, y2) = self.points; + + let mut c_acc_x = b * (y1 * y2 + C::COEFF_A * x1 * x2) + F::one() - b; + let mut c_acc_y = F::zero(); + + c_acc_x *= self.not_last; + c_acc_y *= self.not_last; + + (c_acc_x, c_acc_y) + } + + pub fn acc_coeffs_2(&self) -> (F, F) { + let b = self.bitmask; + let (x1, y1) = self.acc; + let (x2, y2) = self.points; + + let mut c_acc_x = F::zero(); + let mut c_acc_y = b * (x1 * y2 - x2 * y1) + F::one() - b; + + c_acc_x *= self.not_last; + c_acc_y *= self.not_last; + + (c_acc_x, c_acc_y) + } +} + +impl> VerifierGadget + for CondAddValues> +{ + fn evaluate_constraints_main(&self) -> Vec { + let b = self.bitmask; + let (x1, y1) = self.acc; + let (x2, y2) = self.points; + let (x3, y3) = (F::zero(), F::zero()); + + //b (x_3 (y_1 y_2 + ax_1 x_2) - x_1 y_1 - y_2 x_2) + (1 - b) (x_3 - x_1) = 0 + let mut c1 = b * (x3 * (y1 * y2 + C::COEFF_A * x1 * x2) - (x1 * y1 + x2 * y2)) + + (F::one() - b) * (x3 - x1); + + //b (y_3 (x_1 y_2 - x_2 y_1) - x_1 y_1 + x_2 y_2) + (1 - b) (y_3 - y_1) = 0 + let mut c2 = + b * (y3 * (x1 * y2 - x2 * y1) - (x1 * y1 - x2 * y2)) + (F::one() - b) * (y3 - y1); + + c1 *= self.not_last; + c2 *= self.not_last; + + vec![c1, c2] + } +} + +#[cfg(test)] +mod tests { + use crate::gadgets::ec::AffineColumn; + use crate::gadgets::ec::BitColumn; + use crate::gadgets::ec::Domain; + use ark_ec::AffineRepr; + use ark_ed_on_bls12_381_bandersnatch::EdwardsAffine; + use ark_poly::Polynomial; + use ark_std::test_rng; + + use crate::test_helpers::cond_sum; + use crate::test_helpers::*; + + use super::*; + + fn _test_te_cond_add_gadget(hiding: bool) { + let rng = &mut test_rng(); + + let log_n = 10; + let n = 2usize.pow(log_n); + let domain = Domain::new(n, hiding); + let seed = EdwardsAffine::generator(); + + let bitmask = random_bitvec(domain.capacity - 1, 0.5, rng); + let points = random_vec::(domain.capacity - 1, rng); + let expected_res = seed + cond_sum(&bitmask, &points); + + let bitmask_col = BitColumn::init(bitmask, &domain); + let points_col = AffineColumn::private_column(points, &domain); + let gadget = CondAdd::init(bitmask_col, points_col, seed, &domain); + let res = gadget.acc.points.last().unwrap(); + assert_eq!(res, &expected_res); + + let cs = gadget.constraints(); + let (c1, c2) = (&cs[0], &cs[1]); + let c1 = c1.interpolate_by_ref(); + let c2 = c2.interpolate_by_ref(); + assert_eq!(c1.degree(), 4 * n - 3); + assert_eq!(c2.degree(), 4 * n - 3); + + domain.divide_by_vanishing_poly(&c1); + domain.divide_by_vanishing_poly(&c2); + + // test_gadget(gadget); + } + + #[test] + fn test_te_cond_add_gadget() { + _test_te_cond_add_gadget(false); + _test_te_cond_add_gadget(true); + } +} diff --git a/common/src/gadgets/mod.rs b/common/src/gadgets/mod.rs index 518327f..efb21a3 100644 --- a/common/src/gadgets/mod.rs +++ b/common/src/gadgets/mod.rs @@ -5,9 +5,9 @@ use ark_std::vec::Vec; pub mod booleanity; // pub mod inner_prod_pub; +pub mod ec; pub mod fixed_cells; pub mod inner_prod; -pub mod sw_cond_add; pub trait ProverGadget { // Columns populated by the gadget. diff --git a/ring/src/piop/mod.rs b/ring/src/piop/mod.rs index 421e33c..43e4d66 100644 --- a/ring/src/piop/mod.rs +++ b/ring/src/piop/mod.rs @@ -10,7 +10,7 @@ use fflonk::pcs::kzg::params::RawKzgVerifierKey; use fflonk::pcs::kzg::KZG; use fflonk::pcs::{Commitment, PcsParams, PCS}; -use common::gadgets::sw_cond_add::AffineColumn; +use common::gadgets::ec::AffineColumn; use common::{Column, ColumnsCommited, ColumnsEvaluated, FieldColumn}; pub(crate) use prover::PiopProver; pub(crate) use verifier::PiopVerifier; diff --git a/ring/src/piop/params.rs b/ring/src/piop/params.rs index 6ac7706..c840142 100644 --- a/ring/src/piop/params.rs +++ b/ring/src/piop/params.rs @@ -4,7 +4,7 @@ use ark_ff::{BigInteger, PrimeField}; use ark_std::{vec, vec::Vec}; use common::domain::Domain; -use common::gadgets::sw_cond_add::AffineColumn; +use common::gadgets::ec::AffineColumn; use crate::piop::FixedColumns; diff --git a/ring/src/piop/prover.rs b/ring/src/piop/prover.rs index e307067..6ad8008 100644 --- a/ring/src/piop/prover.rs +++ b/ring/src/piop/prover.rs @@ -6,19 +6,19 @@ use ark_std::marker::PhantomData; use ark_std::{vec, vec::Vec}; use fflonk::pcs::Commitment; +use crate::piop::params::PiopParams; +use crate::piop::FixedColumns; +use crate::piop::{RingCommitments, RingEvaluations}; use common::domain::Domain; use common::gadgets::booleanity::{BitColumn, Booleanity}; +use common::gadgets::ec::AffineColumn; +use common::gadgets::ec::CondAdd; use common::gadgets::fixed_cells::FixedCells; use common::gadgets::inner_prod::InnerProd; -use common::gadgets::sw_cond_add::{AffineColumn, CondAdd}; use common::gadgets::ProverGadget; use common::piop::ProverPiop; use common::{Column, FieldColumn}; -use crate::piop::params::PiopParams; -use crate::piop::FixedColumns; -use crate::piop::{RingCommitments, RingEvaluations}; - // The 'table': columns representing the execution trace of the computation // and the constraints -- polynomials that vanish on every 2 consecutive rows. pub struct PiopProver> { diff --git a/ring/src/piop/verifier.rs b/ring/src/piop/verifier.rs index 9e6a81b..65e52d6 100644 --- a/ring/src/piop/verifier.rs +++ b/ring/src/piop/verifier.rs @@ -1,19 +1,22 @@ +use ark_ec::short_weierstrass::{Affine, SWCurveConfig}; +use ark_ec::AffineRepr; use ark_ff::PrimeField; +use ark_std::marker::PhantomData; use ark_std::{vec, vec::Vec}; use fflonk::pcs::Commitment; use common::domain::EvaluatedDomain; use common::gadgets::booleanity::BooleanityValues; +use common::gadgets::ec::CondAddValues; use common::gadgets::fixed_cells::FixedCellsValues; use common::gadgets::inner_prod::InnerProdValues; -use common::gadgets::sw_cond_add::CondAddValues; use common::gadgets::VerifierGadget; use common::piop::VerifierPiop; use crate::piop::{FixedColumnsCommitted, RingCommitments}; use crate::RingEvaluations; -pub struct PiopVerifier> { +pub struct PiopVerifier, P: AffineRepr> { domain_evals: EvaluatedDomain, fixed_columns_committed: FixedColumnsCommitted, witness_columns_committed: RingCommitments, @@ -21,12 +24,12 @@ pub struct PiopVerifier> { booleanity: BooleanityValues, inner_prod: InnerProdValues, inner_prod_acc: FixedCellsValues, - cond_add: CondAddValues, + cond_add: CondAddValues, cond_add_acc_x: FixedCellsValues, cond_add_acc_y: FixedCellsValues, } -impl> PiopVerifier { +impl, P: AffineRepr> PiopVerifier { pub fn init( domain_evals: EvaluatedDomain, fixed_columns_committed: FixedColumnsCommitted, @@ -46,6 +49,7 @@ impl> PiopVerifier { all_columns_evaluated.cond_add_acc[0], all_columns_evaluated.cond_add_acc[1], ), + _phantom: PhantomData, }; let inner_prod = InnerProdValues { @@ -97,7 +101,9 @@ impl> PiopVerifier { } } -impl> VerifierPiop for PiopVerifier { +impl, Jubjub: SWCurveConfig> VerifierPiop + for PiopVerifier> +{ const N_CONSTRAINTS: usize = 7; const N_COLUMNS: usize = 7; diff --git a/ring/src/ring_verifier.rs b/ring/src/ring_verifier.rs index ba474c5..c1e665e 100644 --- a/ring/src/ring_verifier.rs +++ b/ring/src/ring_verifier.rs @@ -12,28 +12,28 @@ use crate::piop::params::PiopParams; use crate::piop::{FixedColumnsCommitted, PiopVerifier, VerifierKey}; use crate::RingProof; -pub struct RingVerifier +pub struct RingVerifier where F: PrimeField, CS: PCS, - Curve: SWCurveConfig, + Jubjub: SWCurveConfig, T: PlonkTranscript, { - piop_params: PiopParams, + piop_params: PiopParams, fixed_columns_committed: FixedColumnsCommitted, plonk_verifier: PlonkVerifier, } -impl RingVerifier +impl RingVerifier where F: PrimeField, CS: PCS, - Curve: SWCurveConfig, + Jubjub: SWCurveConfig, T: PlonkTranscript, { pub fn init( verifier_key: VerifierKey, - piop_params: PiopParams, + piop_params: PiopParams, empty_transcript: T, ) -> Self { let pcs_vk = verifier_key.pcs_raw_vk.prepare(); @@ -45,13 +45,13 @@ where } } - pub fn verify_ring_proof(&self, proof: RingProof, result: Affine) -> bool { + pub fn verify_ring_proof(&self, proof: RingProof, result: Affine) -> bool { let (challenges, mut rng) = self.plonk_verifier.restore_challenges( &result, &proof, // '1' accounts for the quotient polynomial that is aggregated together with the columns - PiopVerifier::::N_COLUMNS + 1, - PiopVerifier::::N_CONSTRAINTS, + PiopVerifier::>::N_COLUMNS + 1, + PiopVerifier::>::N_CONSTRAINTS, ); let seed = self.piop_params.seed; let seed_plus_result = (seed + result).into_affine(); @@ -61,7 +61,7 @@ where self.piop_params.domain.hiding, ); - let piop = PiopVerifier::init( + let piop = PiopVerifier::<_, _, Affine>::init( domain_eval, self.fixed_columns_committed.clone(), proof.column_commitments.clone(), @@ -74,7 +74,7 @@ where .verify(piop, proof, challenges, &mut rng) } - pub fn piop_params(&self) -> &PiopParams { + pub fn piop_params(&self) -> &PiopParams { &self.piop_params } }