Skip to content

add evals and lookup poly_evals to transcript #164

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Michael-EY merged 1 commit into from
Nov 25, 2025
Merged

add evals and lookup poly_evals to transcript #164

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
160 changes: 108 additions & 52 deletions plonk/src/nightfall/mle/snark.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -382,12 +382,6 @@ impl<PCS: PolynomialCommitmentScheme> MLEPlonk<PCS> {
permutation_evals.push(value);
}

let evals = MLEProofEvals::<PCS> {
wire_evals,
selector_evals,
permutation_evals,
};

// Now we handle lookup related subroutines if support lookup.
let lookup_proof = if let (Some(m_poly), Some(m_commit)) = (m_poly, m_commit) {
let m_poly_eval =
Expand Down Expand Up @@ -532,6 +526,35 @@ impl<PCS: PolynomialCommitmentScheme> MLEPlonk<PCS> {
None
};

// Append evals and lookup_proof.poly_evals to the transcript.
for eval in wire_evals
.iter()
.chain(&selector_evals)
.chain(&permutation_evals)
{
transcript.push_message(b"eval", eval)?;
}
if let Some(lookup_proof) = lookup_proof.clone() {
for eval in [
lookup_proof.lookup_evals.m_poly_eval,
lookup_proof.lookup_evals.range_table_eval,
lookup_proof.lookup_evals.key_table_eval,
lookup_proof.lookup_evals.table_dom_sep_eval,
lookup_proof.lookup_evals.q_dom_sep_eval,
lookup_proof.lookup_evals.q_lookup_eval,
]
.iter()
{
transcript.push_message(b"lookup eval", eval)?;
}
}

let evals = MLEProofEvals::<PCS> {
wire_evals,
selector_evals,
permutation_evals,
};

let delta = transcript.squeeze_scalar_challenge::<P>(b"delta")?;

let mut combiner = P::ScalarField::one();
Expand Down Expand Up @@ -795,6 +818,29 @@ impl<PCS: PolynomialCommitmentScheme> MLEPlonk<PCS> {
None
};

// Append evals and lookup_proof.poly_evals to the transcript.
for eval in wire_evals
.iter()
.chain(&selector_evals)
.chain(&permutation_evals)
{
transcript.push_message(b"eval", eval)?;
}
if let Some(lookup_proof) = lookup_proof.clone() {
for eval in [
lookup_proof.lookup_evals.m_poly_eval,
lookup_proof.lookup_evals.range_table_eval,
lookup_proof.lookup_evals.key_table_eval,
lookup_proof.lookup_evals.table_dom_sep_eval,
lookup_proof.lookup_evals.q_dom_sep_eval,
lookup_proof.lookup_evals.q_lookup_eval,
]
.iter()
{
transcript.push_message(b"lookup eval", eval)?;
}
}

let evals = MLEProofEvals::<PCS> {
wire_evals,
selector_evals,
Expand Down Expand Up @@ -943,29 +989,6 @@ impl<PCS: PolynomialCommitmentScheme> MLEPlonk<PCS> {
"Could not evaluate pi poly".to_string(),
))?;

let delta = transcript.squeeze_scalar_challenge::<P>(b"delta")?;

let full_challenges = FullMLEChallenges::from_parts(challenges, delta, epsilon);

let zero_check_calc_eval = build_zerocheck_eval(
&proof.evals,
proof
.lookup_proof
.as_ref()
.map(|lookup_proof| &lookup_proof.lookup_evals),
&vk.gate_info,
&full_challenges,
pi_poly_eval,
zc_eq_eval,
);

if zero_check_calc_eval != sumcheck_deferred_check.eval {
return Err(PlonkError::SnarkError(SnarkError::ParameterError(format!(
"ZeroCheck check failed. Expected {}, got {}",
sumcheck_deferred_check.eval, zero_check_calc_eval
))));
}

let mut comms = Vec::new();

let mut evals = Vec::new();
Expand Down Expand Up @@ -1027,6 +1050,34 @@ impl<PCS: PolynomialCommitmentScheme> MLEPlonk<PCS> {
evals.push(lookup_proof.lookup_evals.q_lookup_eval);
}

// Append evals and lookup_proof.poly_evals to the transcript.
for eval in evals.iter() {
transcript.push_message(b"eval", eval)?;
}

let delta = transcript.squeeze_scalar_challenge::<P>(b"delta")?;

let full_challenges = FullMLEChallenges::from_parts(challenges, delta, epsilon);

let zero_check_calc_eval = build_zerocheck_eval(
&proof.evals,
proof
.lookup_proof
.as_ref()
.map(|lookup_proof| &lookup_proof.lookup_evals),
&vk.gate_info,
&full_challenges,
pi_poly_eval,
zc_eq_eval,
);

if zero_check_calc_eval != sumcheck_deferred_check.eval {
return Err(PlonkError::SnarkError(SnarkError::ParameterError(format!(
"ZeroCheck check failed. Expected {}, got {}",
sumcheck_deferred_check.eval, zero_check_calc_eval
))));
}

let delta_powers = (0..comms.len() as u64)
.map(|i| delta.pow([i]))
.collect::<Vec<P::ScalarField>>();
Expand Down Expand Up @@ -1173,29 +1224,6 @@ impl<PCS: PolynomialCommitmentScheme> MLEPlonk<PCS> {
"Could not evaluate pi poly".to_string(),
))?;

let delta = transcript.squeeze_scalar_challenge::<P>(b"delta")?;

let full_challenges = FullMLEChallenges::from_parts(challenges, delta, epsilon);

let zero_check_calc_eval = build_zerocheck_eval(
&proof.evals,
proof
.lookup_proof
.as_ref()
.map(|lookup_proof| &lookup_proof.lookup_evals),
&vk.gate_info,
&full_challenges,
pi_poly_eval,
zc_eq_eval,
);

if zero_check_calc_eval != sumcheck_deferred_check.eval {
return Err(PlonkError::SnarkError(SnarkError::ParameterError(format!(
"ZeroCheck check failed. Expected {}, got {}",
sumcheck_deferred_check.eval, zero_check_calc_eval
))));
}

let mut comms = Vec::new();

let mut evals = Vec::new();
Expand Down Expand Up @@ -1257,6 +1285,34 @@ impl<PCS: PolynomialCommitmentScheme> MLEPlonk<PCS> {
evals.push(lookup_proof.lookup_evals.q_lookup_eval);
}

// Append evals and lookup_proof.poly_evals to the transcript.
for eval in evals.iter() {
transcript.push_message(b"eval", eval)?;
}

let delta = transcript.squeeze_scalar_challenge::<P>(b"delta")?;

let full_challenges = FullMLEChallenges::from_parts(challenges, delta, epsilon);

let zero_check_calc_eval = build_zerocheck_eval(
&proof.evals,
proof
.lookup_proof
.as_ref()
.map(|lookup_proof| &lookup_proof.lookup_evals),
&vk.gate_info,
&full_challenges,
pi_poly_eval,
zc_eq_eval,
);

if zero_check_calc_eval != sumcheck_deferred_check.eval {
return Err(PlonkError::SnarkError(SnarkError::ParameterError(format!(
"ZeroCheck check failed. Expected {}, got {}",
sumcheck_deferred_check.eval, zero_check_calc_eval
))));
}

let delta_powers = (0..comms.len() as u64)
.map(|i| delta.pow([i]))
.collect::<Vec<P::ScalarField>>();
Expand Down
26 changes: 26 additions & 0 deletions plonk/src/recursion/circuits/challenges.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -199,6 +199,32 @@ where
let final_sumcheck_challenges =
circuit.recover_sumcheck_challenges::<P, C>(&proof_var.sumcheck_proof, &mut transcript)?;

// Append evals and lookup_proof.poly_evals to the transcript.
for eval in proof_var
.poly_evals_var
.wire_evals
.iter()
.chain(&proof_var.poly_evals_var.selector_evals)
.chain(&proof_var.poly_evals_var.permutation_evals)
{
transcript.push_emulated_variable(eval, circuit)?;
}

if let Some(lookup_proof) = &proof_var.lookup_proof_var {
for eval in [
&lookup_proof.poly_evals_var.m_poly_eval,
&lookup_proof.poly_evals_var.range_table_eval,
&lookup_proof.poly_evals_var.key_table_eval,
&lookup_proof.poly_evals_var.table_dom_sep_eval,
&lookup_proof.poly_evals_var.q_dom_sep_eval,
&lookup_proof.poly_evals_var.q_lookup_eval,
]
.iter()
{
transcript.push_emulated_variable(eval, circuit)?;
}
}

let delta = transcript.squeeze_scalar_challenge::<P>(circuit)?;
let delta_var = circuit.to_emulated_variable(delta)?;

Expand Down
26 changes: 26 additions & 0 deletions plonk/src/recursion/circuits/emulated_mle_arithmetic.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -332,6 +332,32 @@ pub(crate) fn verify_mleplonk_emulated_scalar_arithmetic(
let zerocheck_eval =
circuit.verify_emulated_proof::<SWGrumpkin>(&proof.sumcheck_proof, transcript)?;

// Append evals and lookup_proof.poly_evals to the transcript.
for eval in proof
.poly_evals_var
.wire_evals
.iter()
.chain(&proof.poly_evals_var.selector_evals)
.chain(&proof.poly_evals_var.permutation_evals)
{
transcript.push_emulated_variable(eval, circuit)?;
}

if let Some(lookup_proof) = &proof.lookup_proof_var {
for eval in [
&lookup_proof.poly_evals_var.m_poly_eval,
&lookup_proof.poly_evals_var.range_table_eval,
&lookup_proof.poly_evals_var.key_table_eval,
&lookup_proof.poly_evals_var.table_dom_sep_eval,
&lookup_proof.poly_evals_var.q_dom_sep_eval,
&lookup_proof.poly_evals_var.q_lookup_eval,
]
.iter()
{
transcript.push_emulated_variable(eval, circuit)?;
}
}

let delta = transcript.squeeze_scalar_challenge::<SWGrumpkin>(circuit)?;
let delta_var = circuit.to_emulated_variable(delta)?;

Expand Down
24 changes: 24 additions & 0 deletions plonk/src/recursion/circuits/mle_arithmetic.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -770,6 +770,30 @@ mod tests {
&mut transcript,
)
.unwrap();
// Append evals and lookup_proof.poly_evals to the transcript.
for eval in inner_proof
.evals
.wire_evals
.iter()
.chain(&inner_proof.evals.selector_evals)
.chain(&inner_proof.evals.permutation_evals)
{
transcript.push_message(b"eval", eval)?;
}
if let Some(lookup_proof) = inner_proof.lookup_proof.clone() {
for eval in [
lookup_proof.lookup_evals.m_poly_eval,
lookup_proof.lookup_evals.range_table_eval,
lookup_proof.lookup_evals.key_table_eval,
lookup_proof.lookup_evals.table_dom_sep_eval,
lookup_proof.lookup_evals.q_dom_sep_eval,
lookup_proof.lookup_evals.q_lookup_eval,
]
.iter()
{
transcript.push_message(b"lookup eval", eval)?;
}
}
let delta = transcript.squeeze_scalar_challenge::<P>(b"delta").unwrap();

let (opening_proof, _eval) = PCS::open(
Expand Down
Loading