plonk: removed storing the pre-computed Lagrange basis as part of the…

… srs. instead compute it on-the-fly as we need it. addresses issue #55

libsnark/zk_proof_systems/plonk/circuit.hpp

@@ -38,9 +38,6 @@ template<typename ppT> struct circuit_t {
     /// vanilla Plonk proposal [GWC19])
     size_t num_qpolys;
 
-    /// Lagrange basis
-    std::vector<polynomial<Field>> L_basis;
-
     /// Public input polynomial
     polynomial<Field> PI_poly;
 
@@ -69,7 +66,6 @@ template<typename ppT> struct circuit_t {
     circuit_t(
         size_t num_gates,
         size_t num_qpolys,
-        std::vector<polynomial<Field>> &&L_basis,
         polynomial<Field> &&PI_poly,
         std::vector<polynomial<Field>> &&Q_polys,
         std::vector<polynomial<Field>> &&S_polys,

libsnark/zk_proof_systems/plonk/circuit.tcc

@@ -23,7 +23,6 @@ template<typename ppT>
 circuit_t<ppT>::circuit_t(
     size_t num_gates,
     size_t num_qpolys,
-    std::vector<polynomial<Field>> &&L_basis,
     polynomial<Field> &&PI_poly,
     std::vector<polynomial<Field>> &&Q_polys,
     std::vector<polynomial<Field>> &&S_polys,
@@ -34,7 +33,6 @@ circuit_t<ppT>::circuit_t(
     libff::Fr<ppT> &&k2)
     : num_gates(num_gates)
     , num_qpolys(num_qpolys)
-    , L_basis(L_basis)
     , PI_poly(PI_poly)
     , Q_polys(Q_polys)
     , S_polys(S_polys)

libsnark/zk_proof_systems/plonk/prover.tcc

@@ -417,13 +417,16 @@ round_three_out_t<ppT> plonk_prover<ppT>::round_three(
 
     // --- Computation of t_part[3]
 
+    std::vector<polynomial<Field>> L_basis =
+        plonk_compute_lagrange_basis<Field>(srs.num_gates);
+
     // z(x) - 1
     polynomial<Field> z_neg_one;
     libfqfft::_polynomial_addition<Field>(
         z_neg_one, round_two_out.z_poly, neg_one_poly);
     // (z(x)-1) * L_1(x)
     libfqfft::_polynomial_multiplication<Field>(
-        t_part[3], z_neg_one, srs.L_basis[0]);
+        t_part[3], z_neg_one, L_basis[0]);
     // (z(x)-1) * L_1(x) * alpha
     libfqfft::_polynomial_multiplication<Field>(
         t_part[3], t_part[3], alpha_poly);
@@ -713,9 +716,12 @@ round_five_out_t<ppT> plonk_prover<ppT>::round_five(
 
     // --- Computation of r_part[3]
 
+    std::vector<polynomial<Field>> L_basis =
+        plonk_compute_lagrange_basis<Field>(srs.num_gates);
+
     //     r3 = accumulator_poly_ext3 * eval_poly(L_1, [zeta])[0] * alpha ** 2
     polynomial<Field> L_0_zeta_poly{libfqfft::evaluate_polynomial<Field>(
-        srs.L_basis[0].size(), srs.L_basis[0], zeta)};
+        L_basis[0].size(), L_basis[0], zeta)};
     polynomial<Field> alpha_power2_poly{
         libff::power(alpha, libff::bigint<1>(2))};
     libfqfft::_polynomial_multiplication<Field>(

libsnark/zk_proof_systems/plonk/srs.hpp

@@ -83,9 +83,6 @@ template<typename ppT> class srs
     /// vanilla Plonk proposal [GWC19])
     size_t num_qpolys;
 
-    /// Lagrange basis
-    std::vector<polynomial<Field>> L_basis;
-
     /// Public input polynomial
     polynomial<Field> PI_poly;
 
@@ -121,7 +118,6 @@ template<typename ppT> class srs
 
     srs(const size_t &num_gates,
         const size_t &num_qpolys,
-        const std::vector<polynomial<Field>> &L_basis,
         const polynomial<Field> &PI_poly,
         const std::vector<polynomial<Field>> &Q_polys,
         const std::vector<polynomial<Field>> &S_polys,

libsnark/zk_proof_systems/plonk/srs.tcc

@@ -29,7 +29,6 @@ template<typename ppT>
 srs<ppT>::srs(
     const size_t &num_gates,
     const size_t &num_qpolys,
-    const std::vector<polynomial<Field>> &L_basis,
     const polynomial<Field> &PI_poly,
     const std::vector<polynomial<Field>> &Q_polys,
     const std::vector<polynomial<Field>> &S_polys,
@@ -42,7 +41,6 @@ srs<ppT>::srs(
     std::vector<libff::G2<ppT>> &&secret_powers_g2)
     : num_gates(num_gates)
     , num_qpolys(num_qpolys)
-    , L_basis(L_basis)
     , PI_poly(PI_poly)
     , Q_polys(Q_polys)
     , S_polys(S_polys)
@@ -202,7 +200,6 @@ srs<ppT> plonk_srs_derive_from_usrs(
     srs<ppT> srs(
         circuit.num_gates,
         circuit.num_qpolys,
-        circuit.L_basis,
         circuit.PI_poly,
         circuit.Q_polys,
         circuit.S_polys,

libsnark/zk_proof_systems/plonk/tests/test_plonk.cpp

@@ -174,12 +174,8 @@ circuit_t<ppT> plonk_circuit_description_from_example(
     // We represent the constraints q_L, q_R, q_O, q_M, q_C and the
     // witness w_L, w_R, w_O as polynomials in the roots of unity
     // e.g. f_{q_L}(omega_i) = q_L[i], 0\le{i}<8
-    // compute Lagrange basis
-    std::vector<polynomial<Field>> L_basis;
-    L_basis.resize(num_gates, polynomial<Field>(num_gates));
     std::shared_ptr<libfqfft::evaluation_domain<Field>> domain =
         libfqfft::get_evaluation_domain<Field>(num_gates);
-    plonk_compute_lagrange_basis<Field>(num_gates, L_basis);
 
     // compute public input (PI) polynomial
     polynomial<Field> PI_poly;
@@ -235,7 +231,6 @@ circuit_t<ppT> plonk_circuit_description_from_example(
     circuit_t<ppT> circuit(
         std::move(num_gates),
         std::move(num_qpolys),
-        std::move(L_basis),
         std::move(PI_poly),
         std::move(Q_polys),
         std::move(S_polys),

libsnark/zk_proof_systems/plonk/utils.hpp

@@ -63,10 +63,10 @@ template<typename FieldT> void print_vector(const std::vector<FieldT> &v);
 ///             a0+a1x+a2x^2+..+a_{n-1}x^{n-1} s.t. L_i(x=omega_i)=1
 ///             and L_i(x\neq{omega_i)})=0
 ///
-/// Note: uses libfqfft iFFT for the interpolation
+/// \note uses libfqfft iFFT for the interpolation
 template<typename FieldT>
-void plonk_compute_lagrange_basis(
-    const size_t npoints, std::vector<polynomial<FieldT>> &L);
+std::vector<polynomial<FieldT>> plonk_compute_lagrange_basis(
+    const size_t &npoints);
 
 /// Interpolate a polynomial from a set of points through inverse FFT
 ///

libsnark/zk_proof_systems/plonk/utils.tcc

@@ -42,12 +42,11 @@ template<typename FieldT> void print_vector(const std::vector<FieldT> &v)
 ///
 /// \note uses libfqfft iFFT for the interpolation
 template<typename FieldT>
-void plonk_compute_lagrange_basis(
-    const size_t npoints, std::vector<polynomial<FieldT>> &L)
+std::vector<polynomial<FieldT>> plonk_compute_lagrange_basis(
+    const size_t &npoints)
 {
-    assert(L.size() != 0);
-    assert(L.size() == L[0].size());
-    assert(L.size() == npoints);
+    std::vector<polynomial<FieldT>> L;
+    L.resize(npoints, polynomial<FieldT>(npoints));
 
     std::shared_ptr<libfqfft::evaluation_domain<FieldT>> domain =
         libfqfft::get_evaluation_domain<FieldT>(npoints);
@@ -58,6 +57,7 @@ void plonk_compute_lagrange_basis(
         domain->iFFT(u);
         L[i] = u;
     }
+    return L;
 }
 
 /// Interpolate a polynomial from a set of points through inverse FFT

libsnark/zk_proof_systems/plonk/verifier.tcc

@@ -181,9 +181,11 @@ template<typename ppT>
 step_six_out_t<ppT> plonk_verifier<ppT>::step_six(
     const step_four_out_t<ppT> &step_four_out, const srs<ppT> &srs)
 {
+    std::vector<polynomial<Field>> L_basis =
+        plonk_compute_lagrange_basis<Field>(srs.num_gates);
     libff::Fr<ppT> L_0_zeta;
     L_0_zeta = libfqfft::evaluate_polynomial<Field>(
-        srs.L_basis[0].size(), srs.L_basis[0], step_four_out.zeta);
+        L_basis[0].size(), L_basis[0], step_four_out.zeta);
     step_six_out_t<ppT> step_six_out(std::move(L_0_zeta));
     return step_six_out;
 }