Skip to content

Commit

Permalink
Skip zero coefficients in bellman::groth16::prover::eval
Browse files Browse the repository at this point in the history
The `eval` function inside the Groth16 prover was assuming that any term
existing inside a linear combination (even ones with zero coefficients)
increased the query densities, meaning that the multiexp later would
assume a group element exists in the SRS with respect to that variable.

In fact, a group element doesn't exist because a zero coefficient causes
the QAP polynomial to be the zero polynomial for that element, and
points at infinity are not stored in the proving key for efficiency
purposes. This led to `bases` in `multiexp` having too few bases, leading
to the `expected more bases from source` error.

The prover now skips over zero coefficients as if they did not appear at
all in the linear combination, so that it doesn't mistakenly increase
the query density and assume that a group element will exist in the SRS.

Co-authored-by: ebfull <[email protected]>
  • Loading branch information
str4d and ebfull committed May 4, 2022
1 parent 781e7fb commit 2ad80cd
Showing 1 changed file with 16 additions and 14 deletions.
30 changes: 16 additions & 14 deletions src/groth16/prover.rs
Original file line number Diff line number Diff line change
Expand Up @@ -28,25 +28,27 @@ fn eval<S: PrimeField>(
for &(index, coeff) in lc.0.iter() {
let mut tmp;

match index {
Variable(Index::Input(i)) => {
tmp = input_assignment[i];
if let Some(ref mut v) = input_density {
v.inc(i);
if !coeff.is_zero_vartime() {
match index {
Variable(Index::Input(i)) => {
tmp = input_assignment[i];
if let Some(ref mut v) = input_density {
v.inc(i);
}
}
}
Variable(Index::Aux(i)) => {
tmp = aux_assignment[i];
if let Some(ref mut v) = aux_density {
v.inc(i);
Variable(Index::Aux(i)) => {
tmp = aux_assignment[i];
if let Some(ref mut v) = aux_density {
v.inc(i);
}
}
}
}

if coeff != S::one() {
tmp *= coeff;
if coeff != S::one() {
tmp *= coeff;
}
acc += tmp;
}
acc += tmp;
}

acc
Expand Down

0 comments on commit 2ad80cd

Please sign in to comment.