Remove binding from powerquery, fix docs

book/src/SUMMARY.md

@@ -43,5 +43,4 @@
   - [Polynomials](background/polynomials.md)
   - [Cryptographic groups](background/groups.md)
   - [Elliptic curves](background/curves.md)
-  - [Polynomial commitment using inner product argument](background/pc-ipa.md)
   - [Recursion](background/recursion.md)

book/src/design/proving-system/inner-product.md

@@ -3,8 +3,6 @@
 Halo 2 uses a polynomial commitment scheme for which we can create polynomial commitment
 opening proofs, based around the Inner Product Argument.
 
-> TODO: Explain Halo 2's variant of the IPA.
->
 > It is very similar to $\text{PC}_\text{DL}.\text{Open}$ from Appendix A.2 of [BCMS20].
 > See [this comparison](comparison.md#bcms20-appendix-a2) for details.
 >

book/src/user/experimental-features.md

@@ -4,11 +4,7 @@ In `privacy-scaling-explorations/halo2` fork we have implemented many experiment
 
 ## Commitment scheme abstraction
 
-To support different kinds of polynomial commitment schemes, we've added a trait `CommitmentScheme` to allow create/verify proofs with different commitment scheme implementations, currently there are 2 available implementations in this fork:
-
-- [`IPACommitmentScheme`](https://privacy-scaling-explorations.github.io/halo2/halo2_proofs/poly/ipa/commitment/struct.IPACommitmentScheme.html)
-
-  The original implementation from `zcash/halo2` with the original multi-open strategy `{Prover,Verifier}IPA`
+To support different kinds of polynomial commitment schemes, we've added a trait `CommitmentScheme` to allow create/verify proofs with different commitment scheme implementations, currently there are one available implementations in this fork:
 
 - [`KZGCommitmentScheme`](https://privacy-scaling-explorations.github.io/halo2/halo2_proofs/poly/kzg/commitment/struct.KZGCommitmentScheme.html)
 
@@ -20,10 +16,6 @@ To support different kinds of polynomial commitment schemes, we've added a trait
 When using `create_proof` and `verify_proof`, we need to specify the commitment scheme and multi-open strategy like:
 
 ```rust
-// Using IPA
-create_proof<IPACommitmentScheme<_>, ProverIPA<_>, _, _, _, _>
-verify_proof<IPACommitmentScheme<_>, ProverIPA<_>, _, _, _>
-
 // Using KZG with GWC19 multi-open strategy
 create_proof<KZGCommitmentScheme<_>, ProverGWC<_>, _, _, _, _>
 verify_proof<KZGCommitmentScheme<_>, ProverGWC<_>, _, _, _>

halo2_backend/src/helpers.rs

@@ -20,7 +20,6 @@ pub enum SerdeFormat {
     RawBytesUnchecked,
 }
 
-// Keep this trait for compatibility with IPA serialization
 pub trait CurveRead: CurveAffine {
     /// Reads a compressed element from the buffer and attempts to parse it
     /// using `from_bytes`.

halo2_backend/src/plonk/lookup/prover.rs

@@ -30,21 +30,16 @@ pub(in crate::plonk) struct Permuted<C: CurveAffine> {
     compressed_input_expression: Polynomial<C::Scalar, LagrangeCoeff>,
     permuted_input_expression: Polynomial<C::Scalar, LagrangeCoeff>,
     permuted_input_poly: Polynomial<C::Scalar, Coeff>,
-    permuted_input_blind: Blind<C::Scalar>,
     compressed_table_expression: Polynomial<C::Scalar, LagrangeCoeff>,
     permuted_table_expression: Polynomial<C::Scalar, LagrangeCoeff>,
     permuted_table_poly: Polynomial<C::Scalar, Coeff>,
-    permuted_table_blind: Blind<C::Scalar>,
 }
 
 #[derive(Debug)]
 pub(in crate::plonk) struct Committed<C: CurveAffine> {
     pub(in crate::plonk) permuted_input_poly: Polynomial<C::Scalar, Coeff>,
-    permuted_input_blind: Blind<C::Scalar>,
     pub(in crate::plonk) permuted_table_poly: Polynomial<C::Scalar, Coeff>,
-    permuted_table_blind: Blind<C::Scalar>,
     pub(in crate::plonk) product_poly: Polynomial<C::Scalar, Coeff>,
-    product_blind: Blind<C::Scalar>,
 }
 
 pub(in crate::plonk) struct Evaluated<C: CurveAffine> {
@@ -130,15 +125,15 @@ where
         let poly = pk.vk.domain.lagrange_to_coeff(values.clone());
         let blind = Blind(C::Scalar::random(&mut rng));
         let commitment = params.commit_lagrange(&engine.msm_backend, values, blind);
-        (poly, blind, commitment)
+        (poly, commitment)
     };
 
     // Commit to permuted input expression
-    let (permuted_input_poly, permuted_input_blind, permuted_input_commitment_projective) =
+    let (permuted_input_poly, permuted_input_commitment_projective) =
         commit_values(&permuted_input_expression);
 
     // Commit to permuted table expression
-    let (permuted_table_poly, permuted_table_blind, permuted_table_commitment_projective) =
+    let (permuted_table_poly, permuted_table_commitment_projective) =
         commit_values(&permuted_table_expression);
 
     let [permuted_input_commitment, permuted_table_commitment] = {
@@ -163,11 +158,9 @@ where
         compressed_input_expression,
         permuted_input_expression,
         permuted_input_poly,
-        permuted_input_blind,
         compressed_table_expression,
         permuted_table_expression,
         permuted_table_poly,
-        permuted_table_blind,
     })
 }
 
@@ -313,11 +306,8 @@ impl<C: CurveAffine> Permuted<C> {
 
         Ok(Committed::<C> {
             permuted_input_poly: self.permuted_input_poly,
-            permuted_input_blind: self.permuted_input_blind,
             permuted_table_poly: self.permuted_table_poly,
-            permuted_table_blind: self.permuted_table_blind,
             product_poly: z,
-            product_blind,
         })
     }
 }
@@ -368,31 +358,26 @@ impl<C: CurveAffine> Evaluated<C> {
             .chain(Some(ProverQuery {
                 point: *x,
                 poly: &self.constructed.product_poly,
-                blind: self.constructed.product_blind,
             }))
             // Open lookup input commitments at x
             .chain(Some(ProverQuery {
                 point: *x,
                 poly: &self.constructed.permuted_input_poly,
-                blind: self.constructed.permuted_input_blind,
             }))
             // Open lookup table commitments at x
             .chain(Some(ProverQuery {
                 point: *x,
                 poly: &self.constructed.permuted_table_poly,
-                blind: self.constructed.permuted_table_blind,
             }))
             // Open lookup input commitments at x_inv
             .chain(Some(ProverQuery {
                 point: x_inv,
                 poly: &self.constructed.permuted_input_poly,
-                blind: self.constructed.permuted_input_blind,
             }))
             // Open lookup product commitments at x_next
             .chain(Some(ProverQuery {
                 point: x_next,
                 poly: &self.constructed.product_poly,
-                blind: self.constructed.product_blind,
             }))
     }
 }

halo2_backend/src/plonk/permutation/prover.rs

@@ -29,7 +29,6 @@ use halo2_middleware::poly::Rotation;
 /// It stores a single `Z_P` in [permutation argument specification](https://zcash.github.io/halo2/design/proving-system/permutation.html#argument-specification).  
 pub(crate) struct CommittedSet<C: CurveAffine> {
     pub(crate) permutation_product_poly: Polynomial<C::Scalar, Coeff>,
-    permutation_product_blind: Blind<C::Scalar>,
 }
 
 /// Set of permutation product polynomials, which have been **committed**.
@@ -182,15 +181,13 @@ pub(in crate::plonk) fn permutation_commit<
         let permutation_product_commitment = params
             .commit_lagrange(&engine.msm_backend, &z, blind)
             .to_affine();
-        let permutation_product_blind = blind;
         let permutation_product_poly = domain.lagrange_to_coeff(z);
 
         // Hash the permutation product commitment
         transcript.write_point(permutation_product_commitment)?;
 
         sets.push(CommittedSet {
             permutation_product_poly,
-            permutation_product_blind,
         });
     }
 
@@ -202,11 +199,9 @@ impl<C: CurveAffine> super::ProvingKey<C> {
         &self,
         x: ChallengeX<C>,
     ) -> impl Iterator<Item = ProverQuery<'_, C>> + Clone {
-        self.polys.iter().map(move |poly| ProverQuery {
-            point: *x,
-            poly,
-            blind: Blind::default(),
-        })
+        self.polys
+            .iter()
+            .map(move |poly| ProverQuery { point: *x, poly })
     }
 
     pub(in crate::plonk) fn evaluate<E: EncodedChallenge<C>, T: TranscriptWrite<C, E>>(
@@ -290,12 +285,10 @@ impl<C: CurveAffine> Evaluated<C> {
                     .chain(Some(ProverQuery {
                         point: *x,
                         poly: &set.permutation_product_poly,
-                        blind: set.permutation_product_blind,
                     }))
                     .chain(Some(ProverQuery {
                         point: x_next,
                         poly: &set.permutation_product_poly,
-                        blind: set.permutation_product_blind,
                     }))
             }))
             // Open it at \omega^{last} x for all but the last set. This rotation is only
@@ -311,7 +304,6 @@ impl<C: CurveAffine> Evaluated<C> {
                         Some(ProverQuery {
                             point: x_last,
                             poly: &set.permutation_product_poly,
-                            blind: set.permutation_product_blind,
                         })
                     }),
             )

halo2_backend/src/plonk/prover.rs

@@ -613,7 +613,6 @@ impl<
                             .map(move |&(column, at)| ProverQuery {
                                 point: self.pk.vk.domain.rotate_omega(*x, at),
                                 poly: &advice.advice_polys[column.index],
-                                blind: advice.advice_blinds[column.index],
                             }),
                     )
                     // Permutations
@@ -633,7 +632,7 @@ impl<
                     .map(|&(column, at)| ProverQuery {
                         point: self.pk.vk.domain.rotate_omega(*x, at),
                         poly: &self.pk.fixed_polys[column.index],
-                        blind: Blind::default(),
+                        // blind: Blind::default(),
                     }),
             )
             // Copy constraints

halo2_backend/src/plonk/shuffle/prover.rs

@@ -29,7 +29,6 @@ struct Compressed<C: CurveAffine> {
 #[derive(Debug)]
 pub(in crate::plonk) struct Committed<C: CurveAffine> {
     pub(in crate::plonk) product_poly: Polynomial<C::Scalar, Coeff>,
-    product_blind: Blind<C::Scalar>,
 }
 
 pub(in crate::plonk) struct Evaluated<C: CurveAffine> {
@@ -198,10 +197,7 @@ where
     // Hash product commitment
     transcript.write_point(product_commitment)?;
 
-    Ok(Committed::<C> {
-        product_poly: z,
-        product_blind,
-    })
+    Ok(Committed::<C> { product_poly: z })
 }
 
 impl<C: CurveAffine> Committed<C> {
@@ -242,13 +238,11 @@ impl<C: CurveAffine> Evaluated<C> {
             .chain(Some(ProverQuery {
                 point: *x,
                 poly: &self.constructed.product_poly,
-                blind: self.constructed.product_blind,
             }))
             // Open shuffle product commitments at x_next
             .chain(Some(ProverQuery {
                 point: x_next,
                 poly: &self.constructed.product_poly,
-                blind: self.constructed.product_blind,
             }))
     }
 }

halo2_backend/src/plonk/vanishing/prover.rs

@@ -21,18 +21,15 @@ use crate::{
 
 pub(in crate::plonk) struct Committed<C: CurveAffine> {
     random_poly: Polynomial<C::Scalar, Coeff>,
-    random_blind: Blind<C::Scalar>,
 }
 
 pub(in crate::plonk) struct Constructed<C: CurveAffine> {
     h_pieces: Vec<Polynomial<C::Scalar, Coeff>>,
-    h_blinds: Vec<Blind<C::Scalar>>,
     committed: Committed<C>,
 }
 
 pub(in crate::plonk) struct Evaluated<C: CurveAffine> {
     h_poly: Polynomial<C::Scalar, Coeff>,
-    h_blind: Blind<C::Scalar>,
     committed: Committed<C>,
 }
 
@@ -90,10 +87,7 @@ impl<C: CurveAffine> Argument<C> {
             .to_affine();
         transcript.write_point(c)?;
 
-        Ok(Committed {
-            random_poly,
-            random_blind,
-        })
+        Ok(Committed { random_poly })
     }
 }
 
@@ -149,7 +143,6 @@ impl<C: CurveAffine> Committed<C> {
 
         Ok(Constructed {
             h_pieces,
-            h_blinds,
             committed: self,
         })
     }
@@ -169,18 +162,11 @@ impl<C: CurveAffine> Constructed<C> {
             .rev()
             .fold(domain.empty_coeff(), |acc, eval| acc * xn + eval);
 
-        let h_blind = self
-            .h_blinds
-            .iter()
-            .rev()
-            .fold(Blind(C::Scalar::ZERO), |acc, eval| acc * Blind(xn) + *eval);
-
         let random_eval = eval_polynomial(&self.committed.random_poly, *x);
         transcript.write_scalar(random_eval)?;
 
         Ok(Evaluated {
             h_poly,
-            h_blind,
             committed: self.committed,
         })
     }
@@ -195,12 +181,10 @@ impl<C: CurveAffine> Evaluated<C> {
             .chain(Some(ProverQuery {
                 point: *x,
                 poly: &self.h_poly,
-                blind: self.h_blind,
             }))
             .chain(Some(ProverQuery {
                 point: *x,
                 poly: &self.committed.random_poly,
-                blind: self.committed.random_blind,
             }))
     }
 }

halo2_backend/src/plonk/verifier.rs

@@ -18,11 +18,6 @@ use crate::poly::{
 };
 use crate::transcript::{read_n_scalars, EncodedChallenge, TranscriptRead};
 
-#[cfg(feature = "batch")]
-mod batch;
-#[cfg(feature = "batch")]
-pub use batch::BatchVerifier;
-
 /// Returns a boolean indicating whether or not the proof is valid.  Verifies a single proof (not
 /// batched).
 pub fn verify_proof<'params, Scheme, V, E, T, Strategy>(

halo2_backend/src/poly/multiopen_test.rs

@@ -204,17 +204,14 @@ mod test {
             ProverQuery {
                 point: x.get_scalar(),
                 poly: &ax,
-                blind,
             },
             ProverQuery {
                 point: x.get_scalar(),
                 poly: &bx,
-                blind,
             },
             ProverQuery {
                 point: y.get_scalar(),
                 poly: &cx,
-                blind,
             },
         ]
         .to_vec();