From 8544f1467ffa0aacbac911f6b9134f0c2a83c6a3 Mon Sep 17 00:00:00 2001
From: NoCtrlZ <phantomofrotten@gmail.com>
Date: Tue, 26 Apr 2022 19:57:16 +0900
Subject: [PATCH] add poly arithmetic bench and test

---
 Cargo.toml                                  | 10 ++++++
 book/src/design/proving-system/vanishing.md |  2 +-
 halo2_proofs/Cargo.toml                     |  4 +++
 halo2_proofs/benches/poly.rs                | 39 +++++++++++++++++++++
 halo2_proofs/src/arithmetic.rs              | 26 ++++++++++++++
 5 files changed, 80 insertions(+), 1 deletion(-)
 create mode 100644 halo2_proofs/benches/poly.rs

diff --git a/Cargo.toml b/Cargo.toml
index b7878ae843..698535dadc 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -4,3 +4,13 @@ members = [
     "halo2_gadgets",
     "halo2_proofs",
 ]
+
+[profile.bench]
+opt-level = 3
+debug = false
+debug-assertions = false
+overflow-checks = false
+rpath = false
+lto = "thin"
+incremental = false
+codegen-units = 1
diff --git a/book/src/design/proving-system/vanishing.md b/book/src/design/proving-system/vanishing.md
index 60025da7e7..72e1e21ee3 100644
--- a/book/src/design/proving-system/vanishing.md
+++ b/book/src/design/proving-system/vanishing.md
@@ -41,7 +41,7 @@ verifier samples $y$) linear combination of the circuit relations.
 
 ## Committing to $h(X)$
 
-$h(X)$ has degree $(d - 1)n - d$ (because the divisor $t(X)$ has degree $n$). However, the
+$h(X)$ has degree $d(n - 1) - n$ (because the divisor $t(X)$ has degree $n$). However, the
 polynomial commitment scheme we use for Halo 2 only supports committing to polynomials of
 degree $n - 1$ (which is the maximum degree that the rest of the protocol needs to commit
 to). Instead of increasing the cost of the polynomial commitment scheme, the prover split
diff --git a/halo2_proofs/Cargo.toml b/halo2_proofs/Cargo.toml
index 5446898e7f..cb2ce241db 100644
--- a/halo2_proofs/Cargo.toml
+++ b/halo2_proofs/Cargo.toml
@@ -34,6 +34,10 @@ harness = false
 name = "plonk"
 harness = false
 
+[[bench]]
+name = "poly"
+harness = false
+
 [[bench]]
 name = "dev_lookup"
 harness = false
diff --git a/halo2_proofs/benches/poly.rs b/halo2_proofs/benches/poly.rs
new file mode 100644
index 0000000000..d692c73e4c
--- /dev/null
+++ b/halo2_proofs/benches/poly.rs
@@ -0,0 +1,39 @@
+#[macro_use]
+extern crate criterion;
+
+use crate::arithmetic::{compute_inner_product, eval_polynomial};
+use crate::pasta::Fp;
+use group::ff::Field;
+use halo2_proofs::*;
+
+use criterion::{BenchmarkId, Criterion};
+use rand_core::OsRng;
+
+fn criterion_benchmark(c: &mut Criterion) {
+    let mut eval_polynomial_group = c.benchmark_group("poly-eval_polynomial");
+    for k in 3..19 {
+        eval_polynomial_group.bench_function(BenchmarkId::new("k", k), |b| {
+            b.iter(|| {
+                let poly = (0..(1 << k)).map(|_| Fp::random(OsRng)).collect::<Vec<_>>();
+                let point = Fp::random(OsRng);
+                eval_polynomial(&poly, point);
+            });
+        });
+    }
+    eval_polynomial_group.finish();
+
+    let mut compute_inner_product_group = c.benchmark_group("poly-compute_inner_product");
+    for k in 3..19 {
+        compute_inner_product_group.bench_function(BenchmarkId::new("k", k), |b| {
+            b.iter(|| {
+                let a = (0..(1 << k)).map(|_| Fp::random(OsRng)).collect::<Vec<_>>();
+                let b = (0..(1 << k)).map(|_| Fp::random(OsRng)).collect::<Vec<_>>();
+                compute_inner_product(&a, &b)
+            });
+        });
+    }
+    compute_inner_product_group.finish();
+}
+
+criterion_group!(benches, criterion_benchmark);
+criterion_main!(benches);
diff --git a/halo2_proofs/src/arithmetic.rs b/halo2_proofs/src/arithmetic.rs
index bab2a737be..fab43e1338 100644
--- a/halo2_proofs/src/arithmetic.rs
+++ b/halo2_proofs/src/arithmetic.rs
@@ -408,6 +408,32 @@ use rand_core::OsRng;
 #[cfg(test)]
 use crate::pasta::Fp;
 
+#[test]
+fn test_eval_polynomial() {
+    for k in 3..10 {
+        let mut eval = Fp::zero();
+        let mut exp = Fp::one();
+        let point = Fp::random(OsRng);
+        let poly = (0..(1 << k)).map(|_| Fp::random(OsRng)).collect::<Vec<_>>();
+        poly.iter().for_each(|a| {
+            eval += a * exp;
+            exp *= point;
+        });
+        assert_eq!(eval_polynomial(&poly, point), eval);
+    }
+}
+
+#[test]
+fn test_compute_inner_product() {
+    for k in 3..10 {
+        let mut product = Fp::zero();
+        let a = (0..(1 << k)).map(|_| Fp::random(OsRng)).collect::<Vec<_>>();
+        let b = (0..(1 << k)).map(|_| Fp::random(OsRng)).collect::<Vec<_>>();
+        a.iter().zip(b.iter()).for_each(|(a, b)| product += a * b);
+        assert_eq!(compute_inner_product(&a, &b), product);
+    }
+}
+
 #[test]
 fn test_lagrange_interpolate() {
     let rng = OsRng;