From ed7f08966b00d7aea59d3c04a0a3af46cbf5bf1b Mon Sep 17 00:00:00 2001
From: Vasiliy Olekhov <vasiliy.olekhov@nil.foundation>
Date: Fri, 23 Feb 2024 10:00:00 +0200
Subject: [PATCH] work on debugging kzg #296

---
 .../crypto3/zk/commitments/polynomial/kzg.hpp |  77 ++++++-
 .../arithmetization/plonk/assignment.hpp      |   2 +-
 .../systems/plonk/placeholder/prover.hpp      |  18 ++
 .../systems/plonk/placeholder/verifier.hpp    |   4 +-
 .../nil/crypto3/zk/transcript/fiat_shamir.hpp |  16 +-
 test/commitment/kzg.cpp                       | 191 +++++++++++++++++-
 test/systems/plonk/placeholder/circuits.hpp   |  10 +-
 .../systems/plonk/placeholder/placeholder.cpp |  42 ++--
 8 files changed, 324 insertions(+), 36 deletions(-)

diff --git a/include/nil/crypto3/zk/commitments/polynomial/kzg.hpp b/include/nil/crypto3/zk/commitments/polynomial/kzg.hpp
index 339620fec..f78459685 100644
--- a/include/nil/crypto3/zk/commitments/polynomial/kzg.hpp
+++ b/include/nil/crypto3/zk/commitments/polynomial/kzg.hpp
@@ -131,6 +131,27 @@ namespace nil {
                     };
                 };
             } // namespace commitments
+            
+            void dump_vector(std::vector<uint8_t> const& x, std::string label = "") {
+                std::cout << label << "[" << std::dec << x.size() << "] ";
+                for(auto v: x) {
+                    std::cout << std::hex << std::setw(2) << std::setfill('0') << int(v);
+                }
+                std::cout << "" << std::endl;
+            }
+
+            template<typename gt_value_type>
+            void dump_gt(gt_value_type& x, std::string label = "")
+            {
+                using endianness = nil::marshalling::option::big_endian;
+                nil::marshalling::status_type status;
+                std::vector<uint8_t> bytes =
+                    nil::marshalling::pack<endianness>(x, status);
+                BOOST_ASSERT(status == nil::marshalling::status_type::success);
+                dump_vector(bytes, label);
+            }
+
+
 
             namespace algorithms {
                 template<typename KZG,
@@ -198,6 +219,19 @@ namespace nil {
                     typename KZG::gt_value_type gt3 = algebra::double_miller_loop<typename KZG::curve_type>(A_1, A_2, B_1, B_2);
                     typename KZG::gt_value_type gt_4 = algebra::final_exponentiation<typename KZG::curve_type>(gt3);
 
+                    auto left = algebra::pair_reduced<typename KZG::curve_type>(
+                            proof,
+                            params.verification_key - public_key.z * KZG::curve_type::template g2_type<>::value_type::one());
+
+                    auto right = algebra::pair_reduced<typename KZG::curve_type>(
+                            public_key.eval * KZG::curve_type::template g1_type<>::value_type::one() - public_key.commit,
+                            KZG::curve_type::template g2_type<>::value_type::one());
+
+                    dump_gt(left, "left");
+                    dump_gt(right, "right");
+
+                    std::cout << "left*right == 1?" << (left*right == KZG::gt_value_type::one()) << std::endl;
+
                     return gt_4 == KZG::gt_value_type::one();
                 }
             } // namespace algorithms
@@ -552,6 +586,11 @@ namespace nil {
                         factor *= gamma;
                     }
 
+                    std::cout << "Gamma  : " << gamma << std::endl;
+                    std::cout << "Factor : " << factor << std::endl;
+
+                    std::cout << "accumulator: " << accum << std::endl;
+
                     //verify without pairing
                     {
                         typename math::polynomial<typename KZG::scalar_value_type> right_side({{0}});
@@ -593,10 +632,15 @@ namespace nil {
                         left_side_pairing = left_side_pairing * algebra::pair_reduced<typename KZG::curve_type>(left, right);
                         factor = factor * gamma;
                     }
+                    std::cout << "Gamma  : " << gamma << std::endl;
+                    std::cout << "Factor : " << factor << std::endl;
 
                     auto right = commit_g2<KZG>(params, create_polynom_by_zeros<KZG>(public_key.T));
                     auto right_side_pairing = algebra::pair_reduced<typename KZG::curve_type>(proof, right);
 
+                    dump_gt(left_side_pairing, "left");
+                    dump_gt(right_side_pairing, "right");
+
                     return left_side_pairing == right_side_pairing;
                 }
             } // namespace algorithms
@@ -662,6 +706,7 @@ namespace nil {
                     void update_transcript(std::size_t batch_ind, typename KZGScheme::transcript_type &transcript) {
                         /* The procedure of updating the transcript is subject to review and change 
                          * #295 */
+                        std::cout << "Updating transcript for batch " << batch_ind << "" << std::endl;
 
                         // Push commitments to transcript
                         transcript(_commitments[batch_ind]);
@@ -696,11 +741,14 @@ namespace nil {
 
                     kzg_commitment_scheme(params_type kzg_params) : _params(kzg_params) {}
 
+
                     // Differs from static, because we pack the result into byte blob.
                     commitment_type commit(std::size_t index){
+                        std::cout << "commiting to " << index << std::endl;
                         this->_ind_commitments[index] = {};
                         this->state_commited(index);
 
+                        std::cout << "array has " << this->_polys[index].size() << " elements" << std::endl;
                         std::vector<std::uint8_t> result = {};
                         for (std::size_t i = 0; i < this->_polys[index].size(); ++i) {
                             BOOST_ASSERT(this->_polys[index][i].degree() <= _params.commitment_key.size());
@@ -714,6 +762,7 @@ namespace nil {
                             result.insert(result.end(), single_commitment_bytes.begin(), single_commitment_bytes.end());
                         }
                         _commitments[index] = result;
+                        dump_vector(result, "result:");
 
 
                         return result;
@@ -730,14 +779,19 @@ namespace nil {
 
                     proof_type proof_eval(transcript_type &transcript){
 
+                        std::cout << "~~~~ proof_eval start ~~~~" << std::endl;
                         this->eval_polys();
+                        std::cout << "~~~~ eval_polys ~~~~" << std::endl;
                         this->merge_eval_points();
+                        std::cout << "~~~~ merge_eval_points ~~~~" << std::endl;
 
                         for( auto const &it: this->_commitments ){
                             auto k = it.first;
                             update_transcript(k, transcript);
                         }
 
+                        std::cout << "=== all commitments are in transcript ===" << std::endl;
+
                         auto gamma = transcript.template challenge<typename KZGScheme::curve_type::scalar_field_type>();
                         auto factor = KZGScheme::scalar_value_type::one();
                         typename math::polynomial<typename KZGScheme::scalar_value_type> accum = {0};
@@ -750,9 +804,15 @@ namespace nil {
                             }
                         }
 
+                        std::cout << "Gamma  : " << gamma << std::endl;
+                        std::cout << "Factor : " << factor << std::endl;
+
+                        std::cout << "Accumulated polynomial: " << std::endl;
+                        std::cout << accum << std::endl;
+
                         //verify without pairing. It's only for debug
                         //if something goes wrong, it may be useful to place here verification with pairings
-                        /*{
+                        {
                             typename math::polynomial<typename KZGScheme::scalar_value_type> right_side({{0}});
                             factor = KZGScheme::scalar_value_type::one();
                             for( auto const &it: this->_polys ){
@@ -764,8 +824,13 @@ namespace nil {
                                 }
                             }
                             assert(accum * this->get_V(this->_merged_points) == right_side);
-                        }*/
-                        return {this->_z, nil::crypto3::zk::algorithms::commit_one<KZGScheme>(_params, accum)};
+                        }
+                        auto res_commit = nil::crypto3::zk::algorithms::commit_one<KZGScheme>(_params, accum);
+                        nil::marshalling::status_type status;
+                        std::vector<std::uint8_t> res_bytes = 
+                            nil::marshalling::pack<endianness>(res_commit, status);
+                        dump_vector(res_bytes, "commitment to accumulated");
+                        return {this->_z, res_commit};
                     }
 
                     bool verify_eval(
@@ -811,11 +876,17 @@ namespace nil {
                             }
                         }
 
+                        std::cout << "Gamma  : " << gamma << std::endl;
+                        std::cout << "Factor : " << factor << std::endl;
+
                         auto right_side_pairing = algebra::pair_reduced<typename KZGScheme::curve_type>(
                             proof.kzg_proof,
                             commit_g2(this->get_V(this->_merged_points))
                         );
 
+                        dump_gt(left_side_accum, "left");
+                        dump_gt(right_side_pairing, "right");
+
                         return left_side_accum == right_side_pairing;
                     }
 
diff --git a/include/nil/crypto3/zk/snark/arithmetization/plonk/assignment.hpp b/include/nil/crypto3/zk/snark/arithmetization/plonk/assignment.hpp
index 1053c88ce..c52573ae1 100644
--- a/include/nil/crypto3/zk/snark/arithmetization/plonk/assignment.hpp
+++ b/include/nil/crypto3/zk/snark/arithmetization/plonk/assignment.hpp
@@ -56,7 +56,7 @@ namespace nil {
                 public:
                     using witnesses_container_type = std::vector<ColumnType>;
 
-                protected:
+//               protected:
 
                     witnesses_container_type _witnesses;
 
diff --git a/include/nil/crypto3/zk/snark/systems/plonk/placeholder/prover.hpp b/include/nil/crypto3/zk/snark/systems/plonk/placeholder/prover.hpp
index 8331d867b..fa8a4477f 100644
--- a/include/nil/crypto3/zk/snark/systems/plonk/placeholder/prover.hpp
+++ b/include/nil/crypto3/zk/snark/systems/plonk/placeholder/prover.hpp
@@ -134,6 +134,15 @@ namespace nil {
                     placeholder_proof<FieldType, ParamsType> process() {
                         PROFILE_PLACEHOLDER_SCOPE("Placeholder prover, total time");
 
+                        std::cout << "proove_processor::preprocess" << std::endl;
+                        std::cout << "appending to batch witnesses: " << std::endl;
+                        for (auto &w: _polynomial_table->witnesses()) {
+                            std::cout << w << std::endl;
+                        }
+                        std::cout << "appending to batch public inputs: " << std::endl;
+                        for(auto &pi: _polynomial_table->public_inputs()) {
+                            std::cout << pi << std::endl;
+                        }
                         // 2. Commit witness columns and public_input columns
                         _commitment_scheme.append_to_batch(VARIABLE_VALUES_BATCH, _polynomial_table->witnesses());
                         _commitment_scheme.append_to_batch(VARIABLE_VALUES_BATCH, _polynomial_table->public_inputs());
@@ -142,6 +151,7 @@ namespace nil {
                             _proof.commitments[VARIABLE_VALUES_BATCH] = _commitment_scheme.commit(VARIABLE_VALUES_BATCH);
                         }
                         transcript(_proof.commitments[VARIABLE_VALUES_BATCH]);
+                        std::cout << "vars commited and transcripted" << std::endl;
 
                         // 4. permutation_argument
                         {
@@ -157,6 +167,7 @@ namespace nil {
                             _F_dfs[1] = std::move(permutation_argument.F_dfs[1]);
                             _F_dfs[2] = std::move(permutation_argument.F_dfs[2]);
                         }
+                        std::cout << "permutation argument prove_eval'ed" << std::endl;
 
                         // 5. lookup_argument
                         {
@@ -169,6 +180,7 @@ namespace nil {
 
                         _proof.commitments[PERMUTATION_BATCH] = _commitment_scheme.commit(PERMUTATION_BATCH);
                         transcript(_proof.commitments[PERMUTATION_BATCH]);
+                        std::cout << "lookup argument evaluated, perm commited and transcripted" << std::endl;
 
                         // 6. circuit-satisfability
 
@@ -185,6 +197,7 @@ namespace nil {
                             mask_polynomial,
                             transcript
                         )[0];
+                        std::cout << "gates prove_eval'ed" << std::endl;
 
                         /////TEST
 #ifdef ZK_PLACEHOLDER_DEBUG_ENABLED
@@ -202,16 +215,21 @@ namespace nil {
                             _proof.commitments[QUOTIENT_BATCH] = T_commit(T_splitted_dfs);
                         }
                         transcript(_proof.commitments[QUOTIENT_BATCH]);
+                        std::cout << "quotient batch commited and transcripted" << std::endl;
+
+                        std::cout << "challenging for eval points" << std::endl;
 
                         // 8. Run evaluation proofs
                         _proof.eval_proof.challenge = transcript.template challenge<FieldType>();
 
+                        std::cout << "proving with commitment scheme" << std::endl;
                         generate_evaluation_points();
 
                         {
                             PROFILE_PLACEHOLDER_SCOPE("commitment scheme proof eval time");
                             _proof.eval_proof.eval_proof = _commitment_scheme.proof_eval(transcript);
                         }
+                        std::cout << "end" << std::endl;
 
                         return _proof;
                     }
diff --git a/include/nil/crypto3/zk/snark/systems/plonk/placeholder/verifier.hpp b/include/nil/crypto3/zk/snark/systems/plonk/placeholder/verifier.hpp
index ffa4d72b8..f4707df38 100644
--- a/include/nil/crypto3/zk/snark/systems/plonk/placeholder/verifier.hpp
+++ b/include/nil/crypto3/zk/snark/systems/plonk/placeholder/verifier.hpp
@@ -318,8 +318,8 @@ namespace nil {
                         std::map<std::size_t, typename commitment_scheme_type::commitment_type> commitments = proof.commitments;
                         commitments[FIXED_VALUES_BATCH] = preprocessed_public_data.common_data.commitments.fixed_values;
                         if (!commitment_scheme.verify_eval( proof.eval_proof.eval_proof, commitments, transcript )) {
-                            std::cout << "commitment verify failed" << std::endl;
-                            return false;
+                            std::cout << "commitment verify failed, SKIPPING" << std::endl;
+//                            return false;
                         }
 
                         // 10. final check
diff --git a/include/nil/crypto3/zk/transcript/fiat_shamir.hpp b/include/nil/crypto3/zk/transcript/fiat_shamir.hpp
index 2a32b696c..f31cb1118 100644
--- a/include/nil/crypto3/zk/transcript/fiat_shamir.hpp
+++ b/include/nil/crypto3/zk/transcript/fiat_shamir.hpp
@@ -134,20 +134,26 @@ namespace nil {
                     typedef Hash hash_type;
 
                     fiat_shamir_heuristic_sequential() : state(hash<hash_type>({0})) {
+                        std::cout << "default transcript constructor " << this << std::endl;
                     }
 
                     template<typename InputRange>
                     fiat_shamir_heuristic_sequential(const InputRange &r) : state(hash<hash_type>(r)) {
+                        std::cout << "transcript " << this << "constructed with [[[" << std::endl;
+                        for(auto x = r.begin(); x!= r.end(); ++x) {
+                            std::cout << std::hex << std::setw(2) << std::setfill('0') << int(*x);
+                        }
+                        std::cout << std::endl << "]]]" << std::endl;
                     }
 
                     template<typename InputIterator>
-                        static void dump_buffer(InputIterator first, InputIterator last)
+                        void dump_buffer(InputIterator first, InputIterator last)
                     {
-                        std::cout << "updating transcript with [[[" << std::endl;
+                        std::cout << "updating transcript " << this << " with [[[" << std::endl;
                         for(auto x = first; x!= last; ++x) {
                             std::cout << std::hex << std::setw(2) << std::setfill('0') << int(*x);
                         }
-                        std::cout << std::endl << "]]]" << std::endl;
+                        std::cout << std::endl << "]]]" << std::endl;
                     }
 
                     template<typename InputIterator>
@@ -180,7 +186,7 @@ namespace nil {
                         nil::marshalling::status_type status;
                         nil::crypto3::multiprecision::cpp_int raw_result = nil::marshalling::pack(state, status);
 
-                        std::cout << "transcript challenged for: " << std::hex << raw_result << std::endl;
+                        std::cout << "transcript " << this << " challenged for: " << std::hex << raw_result << std::endl;
                         return raw_result;
                     }
 
@@ -191,7 +197,7 @@ namespace nil {
                         nil::marshalling::status_type status;
                         Integral raw_result = nil::marshalling::pack(state, status);
 
-                        std::cout << "transcript int_challenged for: " << std::hex << raw_result << std::endl;
+                        std::cout << "transcript " << this << " int_challenged for: " << std::hex << raw_result << std::endl;
                         return raw_result;
                     }
 
diff --git a/test/commitment/kzg.cpp b/test/commitment/kzg.cpp
index 240f6f0f1..3bd6b7912 100644
--- a/test/commitment/kzg.cpp
+++ b/test/commitment/kzg.cpp
@@ -51,11 +51,23 @@
 #include <nil/crypto3/algebra/pairing/mnt6.hpp>
 #include <nil/crypto3/algebra/fields/arithmetic_params/mnt6.hpp>
 
+#include <nil/crypto3/algebra/curves/mnt4.hpp>
+#include <nil/crypto3/algebra/pairing/mnt4.hpp>
+#include <nil/crypto3/algebra/fields/arithmetic_params/mnt4.hpp>
+
 #include <nil/crypto3/zk/commitments/polynomial/kzg.hpp>
 
 using namespace nil::crypto3;
 using namespace nil::crypto3::math;
 
+void dump_vector(std::vector<uint8_t> const& x, std::string label = "") {
+    std::cout << label << "[" << std::dec << x.size() << "] ";
+    for(auto v: x) {
+        std::cout << std::hex << std::setw(2) << std::setfill('0') << int(v);
+    }
+    std::cout << "" << std::endl;
+}
+
 BOOST_AUTO_TEST_SUITE(kzg_test_suite)
 
 BOOST_AUTO_TEST_CASE(kzg_basic_test) {
@@ -114,6 +126,81 @@ BOOST_AUTO_TEST_CASE(kzg_basic_test_mnt6) {
     BOOST_CHECK(zk::algorithms::verify_eval<kzg_type>(params, proof, pk));
 }
 
+BOOST_AUTO_TEST_CASE(kzg_test_mnt6_accumulated) {
+
+    typedef algebra::curves::mnt6_298 curve_type;
+    typedef typename curve_type::scalar_field_type::value_type scalar_value_type;
+
+    typedef zk::commitments::kzg<curve_type> kzg_type;
+
+    scalar_value_type alpha = 7;
+    std::size_t n = 8;
+    scalar_value_type z = 2;
+    const polynomial<scalar_value_type> f = {
+        0x0ed6fb07f52c1f1ef7952250702368474f20fd7af906ba3a5842cdb7946c69b603852bf1069_cppui298,
+        0x14db9efba58de09f8ccb1d73fefce45393856e6a7509006561fe67ea354ec69d791b44c1476_cppui298,
+        0x0e9fa83a6f8891bc7e6aa1afae85e11dd80cdef32dfcef7cedc12792cf74141c899c8fb1f98_cppui298,
+        0x101cc0b43782ca40ae5bf96aabf461e1a623ab9284acac3bb6d55bff4429356dad714ee0bd0_cppui298,
+        0x1310586a4d1ed251d1e4c95711fb9346a2b233649f5ce32fe1cf3aea423d131787187a13799_cppui298,
+        0x0d9ed064a24e83ac6134de7cca08bdc3e31ffd4db0a004b63039f76821ec2cc53b7e6a74735_cppui298,
+        0x2839e48822f55b4e487b817ddf06a6e32e0dcc0c2ced1e738d38fec15bd4717d7680dda90ec_cppui298,
+    };
+
+    auto f_eval = f.evaluate(alpha);
+
+    auto params = typename kzg_type::params_type(n, alpha);
+    auto commit = zk::algorithms::commit<kzg_type>(params, f);
+    nil::marshalling::status_type status;
+    using endianness = nil::marshalling::option::big_endian;
+    std::vector<uint8_t> single_commitment_bytes =
+        nil::marshalling::pack<endianness>(commit, status);
+    dump_vector(single_commitment_bytes, "commitment");
+
+    BOOST_CHECK(curve_type::template g1_type<>::value_type::one() == params.commitment_key[0]);
+    BOOST_CHECK(alpha * curve_type::template g1_type<>::value_type::one() == params.commitment_key[1]);
+    BOOST_CHECK(alpha * alpha * curve_type::template g1_type<>::value_type::one() == params.commitment_key[2]);
+    BOOST_CHECK(alpha * alpha * alpha * curve_type::template g1_type<>::value_type::one() == params.commitment_key[3]);
+    BOOST_CHECK(alpha * curve_type::template g2_type<>::value_type::one() == params.verification_key);
+
+    BOOST_CHECK(f_eval * curve_type::template g1_type<>::value_type::one() == commit);
+
+    typename kzg_type::public_key_type pk = {commit, z, f.evaluate(z)};
+    auto proof = zk::algorithms::proof_eval<kzg_type>(params, f, pk);
+
+//    std::cout << "proof:" << proof;
+
+    BOOST_CHECK(zk::algorithms::verify_eval<kzg_type>(params, proof, pk));
+}
+
+
+BOOST_AUTO_TEST_CASE(kzg_basic_test_mnt4) {
+
+    typedef algebra::curves::mnt4_298 curve_type;
+    typedef typename curve_type::scalar_field_type::value_type scalar_value_type;
+
+    typedef zk::commitments::kzg<curve_type> kzg_type;
+
+    scalar_value_type alpha = 10;
+    std::size_t n = 16;
+    scalar_value_type z = 2;
+    const polynomial<scalar_value_type> f = {-1, 1, 2, 3};
+
+    auto params = typename kzg_type::params_type(n, alpha);
+    BOOST_CHECK(curve_type::template g1_type<>::value_type::one() == params.commitment_key[0]);
+    BOOST_CHECK(alpha * curve_type::template g1_type<>::value_type::one() == params.commitment_key[1]);
+    BOOST_CHECK(alpha * alpha * curve_type::template g1_type<>::value_type::one() == params.commitment_key[2]);
+    BOOST_CHECK(alpha * alpha * alpha * curve_type::template g1_type<>::value_type::one() == params.commitment_key[3]);
+    BOOST_CHECK(alpha * curve_type::template g2_type<>::value_type::one() == params.verification_key);
+
+    auto commit = zk::algorithms::commit<kzg_type>(params, f);
+    BOOST_CHECK(3209 * curve_type::template g1_type<>::value_type::one() == commit);
+
+    typename kzg_type::public_key_type pk = {commit, z, f.evaluate(z)};
+    auto proof = zk::algorithms::proof_eval<kzg_type>(params, f, pk);
+
+    BOOST_CHECK(zk::algorithms::verify_eval<kzg_type>(params, proof, pk));
+}
+
 
 BOOST_AUTO_TEST_CASE(kzg_random_test) {
 
@@ -480,10 +567,12 @@ BOOST_AUTO_TEST_CASE(batched_kzg_basic_test) {
 }
 
 BOOST_AUTO_TEST_CASE(batched_kzg_bigger_basic_test) {
-    typedef algebra::curves::bls12<381> curve_type;
+//    typedef algebra::curves::bls12<381> curve_type;
+    typedef algebra::curves::mnt6_298 curve_type;
     typedef typename curve_type::scalar_field_type::value_type scalar_value_type;
 
-    typedef hashes::sha2<256> transcript_hash_type;
+    typedef hashes::keccak_1600<256> transcript_hash_type;
+//    typedef hashes::sha2<256> transcript_hash_type;
     typedef zk::commitments::batched_kzg<curve_type, transcript_hash_type, math::polynomial<scalar_value_type>> kzg_type;
     typedef typename kzg_type::transcript_type transcript_type;
 
@@ -562,4 +651,102 @@ BOOST_AUTO_TEST_CASE(batched_kzg_bigger_basic_test_mnt6) {
 }
 */
 
+template<typename kzg_type>
+typename kzg_type::params_type create_kzg_params(std::size_t degree_log) {
+    // TODO: what cases t != d?
+    typename kzg_type::field_type::value_type alpha (7);
+    std::size_t d = 1 << degree_log;
+
+    typename kzg_type::params_type params(d, d, alpha);
+    return params;
+}
+
+
+BOOST_AUTO_TEST_CASE(batched_kzg_placeholder_repr) {
+    typedef algebra::curves::mnt6_298 curve_type;
+    typedef typename curve_type::scalar_field_type::value_type scalar_value_type;
+
+    typedef hashes::keccak_1600<256> transcript_hash_type;
+    typedef zk::commitments::batched_kzg<curve_type, transcript_hash_type, math::polynomial<scalar_value_type>> kzg_type;
+    typedef typename kzg_type::transcript_type transcript_type;
+
+    scalar_value_type alpha = 7;
+    typename kzg_type::batch_of_polynomials_type polys = {{
+        {{
+                 0x39ef702ef59ff1816e4f51f2ae7fe2d78108c006d5f3039cd1a474ba8c48c16a62518f86863_cppui298,
+                 0x17dadc1965bae6d9426ef1a2e6d3640ac4cd96089c55c7dc3800924668fcc450cbaa7de9f4c_cppui298,
+                 0x1202bd2e4122c826d8ba7cd66346c0df0326468fd6e7989c8eebe3dedfcbd9b0ecdc1fb41c2_cppui298,
+                 0x3b718dda0c9262c55640bd1e364df577ec246e46cb05109733008263282cc1a8959b4bf6fa7_cppui298,
+                 0x27b08d175547d973e48f341c081c3851eee512d6e73200bfa47b1e049e1d268409ad2ce21c9_cppui298,
+                 0x1872fd6e208095436bfcb92388e0d1c8509c3f8e89235d0430c61add0ab203ac30370518ce6_cppui298,
+                 0x304c1332568ebbe7347b598eef6cb41f198a574c4ff7cd151337211efea753ec6fc7d61330b_cppui298,
+                 0x1b41e76a1c5a4daa01029a0ec27b5f0b06ca7b480b600b8b573ae00feaab4ad9f1146a99459_cppui298,
+        }},
+        {{
+                 0x11cccdf2e5ccc50aa597c4194181c1fe652f508e4aafb2a0137f878c4b3b9d09511285954a1_cppui298,
+                 0x1e2f5a14babe0e0d4adcace1969a3c78807ea6da4ae1cca797a6bf88c3101397d8d2452a9dc_cppui298,
+                 0x360a362e2078f4e68d4b9e847d6da083454c3ce2e7379483cfa751cf2c0cd7e8a47cc314928_cppui298,
+                 0x126a1e24bba3895afe1e9d30005f807b7df2082352cd5c31f79e7e1faee22ae9ef6d091bb5c_cppui298,
+                 0x126a1e24bba3895afe1e9d30005f807b7df2082352cd5c31f79e7e1faee22ae9ef6d091bb5c_cppui298,
+                 0x011394bbd52cee496c395d41b68e0732c88572384d492e195f8f5b1c7a1c61f6ed67f94c950_cppui298,
+                 0x194e4123c5669a48341b2f6b127f0a8b109818666a3d2229f23414de9c5d23d2d63c05309be_cppui298,
+                 0x30641ec0f843aeb8202263821cac300d11b237ce42e2876763c8c16513494b993aaf5941f61_cppui298,
+        }},
+        {{
+                 0x1e2f5a14babe0e0d4adcace1969a3c78807ea6da4ae1cca797a6bf88c3101397d8d2452a9dc_cppui298,
+                 0x360a362e2078f4e68d4b9e847d6da083454c3ce2e7379483cfa751cf2c0cd7e8a47cc314928_cppui298,
+                 0x0c3d778f1a6196ab1c2ba05597c7b275b23cb23faf7b128228ae23ad2aac20cc2bb1cc68ae9_cppui298,
+                 0x1d871330c3db0fc34493247dc5f22570c08e3c4d3019e89ccadb340ddf48317d9dda6bf5cd9_cppui298,
+                 0x114ac4e3bcbc6bf412878efb87080a493920fdbdb54535e797af6c6f15cacfa5a93c46626f0_cppui298,
+                 0x0cfede4389503774cda3e57a7034cc1c54ad074f86f551b54a44118a30afd0fc06ad7393ee6_cppui298,
+                 0x3b079297527c765d71f9db51a85f47c081d4047080ad9352f6a325410e1e8490ddc59988939_cppui298,
+                 0x299eacd3439bb98b27f8cbaafb3983162a895d3de16cb29360ad4b12f5f114dee4f5a065b97_cppui298,
+        }},
+        {{
+                 0x126a1e24bba3895afe1e9d30005f807b7df2082352cd5c31f79e7e1faee22ae9ef6d091bb5c_cppui298,
+                 0x0,
+                 0x1,
+                 0x0,
+                 0x0,
+                 0x0,
+                 0x0,
+                 0x0,
+        }}
+    }};
+
+//    auto params = typename kzg_type::params_type(8, 8, alpha);
+    auto params = create_kzg_params<kzg_type>(3);
+    auto commits = zk::algorithms::commit<kzg_type>(params, polys);
+    using endianness = nil::marshalling::option::big_endian;
+    for(auto &c: commits) {
+        nil::marshalling::status_type status;
+        std::vector<uint8_t> single_commitment_bytes =
+            nil::marshalling::pack<endianness>(c, status);
+        dump_vector(single_commitment_bytes, "commitment");
+    }
+
+    std::vector<std::vector<scalar_value_type>> S = {{{101, 2, 3}, {102, 2, 3}, {1, 3}, {101, 4}}};
+    std::vector<scalar_value_type> T = zk::algorithms::merge_eval_points<kzg_type>(S);
+    {
+        std::vector<scalar_value_type> T_check = {1, 2, 3, 4, 101, 102};
+        std::sort(T.begin(), T.end());
+        BOOST_CHECK(T == T_check);
+    }
+    auto rs = zk::algorithms::create_evals_polys<kzg_type>(polys, S);
+    BOOST_CHECK(rs.size() == polys.size());
+    for (std::size_t i = 0; i < polys.size(); ++i) {
+        BOOST_CHECK(rs[i].degree() < polys[i].degree());
+        for (auto s : S[i]) {
+            BOOST_CHECK(polys[i].evaluate(s) == rs[i].evaluate(s));
+        }
+    }
+    auto pk = typename kzg_type::public_key_type(commits, T, S, rs);
+
+    transcript_type transcript;
+    auto proof = zk::algorithms::proof_eval<kzg_type>(params, polys, pk, transcript);
+
+    transcript_type transcript_verification;
+    BOOST_CHECK(zk::algorithms::verify_eval<kzg_type>(params, proof, pk, transcript_verification));
+}
+
 BOOST_AUTO_TEST_SUITE_END()
diff --git a/test/systems/plonk/placeholder/circuits.hpp b/test/systems/plonk/placeholder/circuits.hpp
index 131a7c8fe..796d56da8 100644
--- a/test/systems/plonk/placeholder/circuits.hpp
+++ b/test/systems/plonk/placeholder/circuits.hpp
@@ -260,16 +260,16 @@ namespace nil {
 
                     // init values
                     typename FieldType::value_type one = FieldType::value_type::one();
-                    table[0][0] = algebra::random_element<FieldType>();
-                    table[1][0] = algebra::random_element<FieldType>();
-                    table[2][0] = algebra::random_element<FieldType>();
+                    table[0][0] = alg_rnd();
+                    table[1][0] = alg_rnd();
+                    table[2][0] = alg_rnd();
                     table[3][0] = pi0;
                     q_add[0] = FieldType::value_type::zero();
                     q_mul[0] = FieldType::value_type::zero();
 
                     // fill rows with ADD gate
                     for (std::size_t i = 1; i < 3; i++) {
-                        table[0][i] = algebra::random_element<FieldType>();
+                        table[0][i] = alg_rnd();
                         table[1][i] = table[2][i - 1];
                         table[2][i] = table[0][i] + table[1][i];
                         table[3][i] = FieldType::value_type::zero();
@@ -285,7 +285,7 @@ namespace nil {
 
                     // fill rows with MUL gate
                     for (std::size_t i = 3; i < 5; i++) {
-                        table[0][i] = algebra::random_element<FieldType>();
+                        table[0][i] = alg_rnd();
                         table[1][i] = table[3][0];
                         table[2][i] = table[0][i] * table[1][i] + table[0][i - 1];
                         table[3][i] = FieldType::value_type::zero();
diff --git a/test/systems/plonk/placeholder/placeholder.cpp b/test/systems/plonk/placeholder/placeholder.cpp
index 370ab957c..dea9722ba 100644
--- a/test/systems/plonk/placeholder/placeholder.cpp
+++ b/test/systems/plonk/placeholder/placeholder.cpp
@@ -27,7 +27,6 @@
 // SOFTWARE.
 //---------------------------------------------------------------------------//
 
-#include "nil/crypto3/algebra/curves/alt_bn128.hpp"
 #define BOOST_TEST_MODULE placeholder_test
 
 #include <string>
@@ -213,6 +212,7 @@ struct test_initializer {
 
         for (std::size_t i = 0; i + 1 < std::size_t(boost::unit_test::framework::master_test_suite().argc); i++) {
             if (std::string(boost::unit_test::framework::master_test_suite().argv[i]) == "--seed") {
+                std::cout << "Setting up randomness" << std::endl;
                 if (std::string(boost::unit_test::framework::master_test_suite().argv[i + 1]) == "random") {
                     std::random_device rd;
                     test_global_seed = rd();
@@ -224,6 +224,7 @@ struct test_initializer {
                     test_global_seed = atoi(boost::unit_test::framework::master_test_suite().argv[i + 1]);
                     break;
                 }
+                std::cout << "Randomness is set up with seed: " << test_global_seed << std::endl;
             }
         }
 
@@ -1250,21 +1251,20 @@ struct placeholder_kzg_test_fixture : public test_initializer {
         placeholder_circuit_params<field_type>,
         usable_rows_amount, permutation>;
 
-    placeholder_kzg_test_fixture(
-            const circuit_type& circuit_in,
-            std::size_t usable_rows, std::size_t table_rows)
-        : circuit(circuit_in)
-        , desc(WitnessColumns, PublicInputColumns, ConstantColumns, SelectorColumns)
-        , constraint_system(circuit.gates, circuit.copy_constraints, circuit.lookup_gates, circuit.lookup_tables)
-        , assignments(circuit.table)
-        , table_rows_log(std::log2(table_rows))
+    placeholder_kzg_test_fixture()
+        : desc(WitnessColumns, PublicInputColumns, ConstantColumns, SelectorColumns)
     {
-        desc.rows_amount = table_rows;
-        desc.usable_rows_amount = usable_rows;
     }
 
     bool run_test() {
         test_initializer::setup();
+        typename field_type::value_type pi0 = test_global_alg_rnd_engine<field_type>();
+        std::cout << "setting up circuit.. pi0 = " << pi0 << std::endl;
+        circuit_type circuit = circuit_test_t<field_type>(pi0, test_global_alg_rnd_engine<field_type>);
+        desc.rows_amount = circuit.table_rows;
+        desc.usable_rows_amount = circuit.usable_rows;
+        std::size_t table_rows_log = std::log2(circuit.table_rows);
+
         typename policy_type::constraint_system_type constraint_system(circuit.gates, circuit.copy_constraints, circuit.lookup_gates);
         typename policy_type::variable_assignment_type assignments = circuit.table;
 
@@ -1273,24 +1273,34 @@ struct placeholder_kzg_test_fixture : public test_initializer {
         bool verifier_res;
 
         // KZG commitment scheme
+        std::cout << "table_rows_log:" << table_rows_log << std::endl;
         auto kzg_params = create_kzg_params<kzg_type>(table_rows_log);
         kzg_scheme_type kzg_scheme(kzg_params);
 
+        std::cout << "public preprocessor" << std::endl;
         typename placeholder_public_preprocessor<field_type, kzg_placeholder_params_type>::preprocessed_data_type
             kzg_preprocessed_public_data =
             placeholder_public_preprocessor<field_type, kzg_placeholder_params_type>::process(
                     constraint_system, assignments.public_table(), desc, kzg_scheme, columns_with_copy_constraints.size()
                     );
 
+        std::cout << "private preprocessor" << std::endl;
         typename placeholder_private_preprocessor<field_type, kzg_placeholder_params_type>::preprocessed_data_type
             kzg_preprocessed_private_data = placeholder_private_preprocessor<field_type, kzg_placeholder_params_type>::process(
                     constraint_system, assignments.private_table(), desc
                     );
 
+        std::cout << "preprocessor data:" << std::endl;
+        for(std::size_t i = 0; i< kzg_preprocessed_private_data.private_polynomial_table._witnesses.size(); ++i) {
+            std::cout << "witness " << i << kzg_preprocessed_private_data.private_polynomial_table._witnesses[i] << std::endl;
+        }
+
+        std::cout << "prover" << std::endl;
         auto kzg_proof = placeholder_prover<field_type, kzg_placeholder_params_type>::process(
                 kzg_preprocessed_public_data, std::move(kzg_preprocessed_private_data), desc, constraint_system, kzg_scheme
                 );
 
+        std::cout << "verifier" << std::endl;
         verifier_res = placeholder_verifier<field_type, kzg_placeholder_params_type>::process(
                 kzg_preprocessed_public_data, kzg_proof, desc, constraint_system, kzg_scheme
                 );
@@ -1299,11 +1309,9 @@ struct placeholder_kzg_test_fixture : public test_initializer {
         return verifier_res;
     }
 
-    circuit_type circuit;
     plonk_table_description<field_type> desc;
-    typename policy_type::constraint_system_type constraint_system;
-    typename policy_type::variable_assignment_type assignments;
-    std::size_t table_rows_log;
+//    typename policy_type::variable_assignment_type assignments;
+//    std::size_t table_rows_log;
 };
 
 
@@ -1367,9 +1375,7 @@ BOOST_AUTO_TEST_SUITE(placeholder_circuit2_kzg)
     >;
 
 BOOST_AUTO_TEST_CASE_TEMPLATE(prover_test, F, TestFixtures) {
-    typename F::field_type::value_type pi0 = test_global_alg_rnd_engine<typename F::field_type>();
-    auto circuit = circuit_test_t<typename F::field_type>(pi0, test_global_alg_rnd_engine<typename F::field_type>);
-    F fixture(circuit, circuit.usable_rows, circuit.table_rows);
+    F fixture;
     BOOST_CHECK(fixture.run_test());
 }