feat: translation evaluations with zk pt.1 #12051
Conversation
| @@ -157,50 +157,8 @@ void ECCVMProver::execute_pcs_rounds() | |||
| sumcheck_output.round_univariates, | |||
| sumcheck_output.round_univariate_evaluations); | |||
|
|
|||
| // Get the challenge at which we evaluate all transcript polynomials as univariates | |||
There was a problem hiding this comment.
isolated into a separate method
| @@ -0,0 +1,90 @@ | |||
| #pragma once | |||
There was a problem hiding this comment.
It's a new class in a way similar to ZKSumcheckData. It is supposed to accept the eccvm transcript wires, extract, and concatenate the masking terms to prepare them for the SmallSubgroupIPA.
| commitments.transcript_z1, | ||
| commitments.transcript_z2 }; | ||
|
|
||
| const OpeningClaim translation_opening_claim = reduce_verify_translation_evaluations(transcript_commitments); |
There was a problem hiding this comment.
again, isolated the translation evaluations logic into a separarte method to improve readability and make it uniform with the prover class
| @@ -209,9 +167,6 @@ void ECCVMProver::execute_pcs_rounds() | |||
|
|
|||
| // Compute the opening proof for the batched opening claim with the univariate PCS | |||
| PCS::compute_opening_proof(key->commitment_key, batch_opening_claim, ipa_transcript); | |||
|
|
|||
| // Produce another challenge passed as input to the translator verifier | |||
| translation_batching_challenge_v = transcript->template get_challenge<FF>("Translation:batching_challenge"); | |||
There was a problem hiding this comment.
This was a very strange step, the challenge that has to be propagated is the batching_challenge_v produced in reduce_translation_evaluations
| // Load the proof produced by the translator prover | ||
| transcript->load_proof(proof); | ||
|
|
||
| Flavor::VerifierCommitments commitments{ key }; | ||
| Flavor::CommitmentLabels commitment_labels; | ||
|
|
||
| const auto circuit_size = transcript->template receive_from_prover<uint32_t>("circuit_size"); | ||
| evaluation_input_x = transcript->template receive_from_prover<BF>("evaluation_input_x"); |
There was a problem hiding this comment.
this was not sound, the prover could've sent anything here, switched to the propagation of these challenges from the ECCVMVerifier to TranslatorVerifier.
iakovenkos
changed the title
To fix the issue with translation evaluations when the masking is enabled in ECCVM, we need to prove the batched evaluation of the masking term, where by masking term we mean a small table (5 columns, 4 rows) added at the end of the Transcript polynomials.
Fortunately, we could use the SmallSubgroupIPA protocol to do this efficiently and faciliatate the integration of this fix into Goblin.
This is the first batch of changes:
Also, discovered and resolved a soundness issue related to the translation evaluations.