From 9b0ea2cce536d56f3fd01cd662d8c41e84456250 Mon Sep 17 00:00:00 2001
From: "sm.wu" <hero78119@gmail.com>
Date: Tue, 9 Jan 2024 21:24:31 +0800
Subject: [PATCH] more debug message

---
 src/gadgets/lookup.rs  | 42 +++++++++++++++---------------
 src/lib.rs             | 20 +++++++++------
 src/spartan/ppsnark.rs | 58 +++++++++++++++++++++++++++++++++++++++---
 3 files changed, 88 insertions(+), 32 deletions(-)

diff --git a/src/gadgets/lookup.rs b/src/gadgets/lookup.rs
index 27e98a56e..2016e339e 100644
--- a/src/gadgets/lookup.rs
+++ b/src/gadgets/lookup.rs
@@ -282,7 +282,7 @@ impl<E: Engine> LookupTrace<E> {
     let read_value_term = gamma.mul(cs.namespace(|| "read_value_term"), read_value)?;
     // counter_term = gamma^2 * counter
     let read_counter_term = gamma_square.mul(cs.namespace(|| "read_counter_term"), read_counter)?;
-    // new_R = R + 1 / (alpha - (addr + gamma * value + gamma^2 * counter))
+    // new_R = R + 1 / (alpha + (addr + gamma * value + gamma^2 * counter))
     let new_R = AllocatedNum::alloc(cs.namespace(|| "new_R"), || {
       prev_R
         .get_value()
@@ -291,17 +291,18 @@ impl<E: Engine> LookupTrace<E> {
         .zip(read_value_term.get_value())
         .zip(read_counter_term.get_value())
         .map(|((((R, alpha), addr), value_term), counter_term)| {
-          R + (alpha - (addr + value_term + counter_term))
+          R + (alpha + (addr + value_term + counter_term))
             .invert()
             .expect("invert failed due to read term is 0") // negilible probability for invert failed
         })
         .ok_or(SynthesisError::AssignmentMissing)
     })?;
     let mut r_blc = LinearCombination::<F>::zero();
-    r_blc = r_blc + alpha.get_variable()
-      - addr.get_variable()
-      - read_value_term.get_variable()
-      - read_counter_term.get_variable();
+    r_blc = r_blc
+      + alpha.get_variable()
+      + addr.get_variable()
+      + read_value_term.get_variable()
+      + read_counter_term.get_variable();
     cs.enforce(
       || "R update",
       |lc| lc + new_R.get_variable() - prev_R.get_variable(),
@@ -352,7 +353,7 @@ impl<E: Engine> LookupTrace<E> {
         .zip(gamma_square.get_value())
         .map(
           |(((((W, alpha), addr), value_term), write_counter_term), gamma_square)| {
-            W + (alpha - (addr + value_term + write_counter_term + gamma_square))
+            W + (alpha + (addr + value_term + write_counter_term + gamma_square))
               .invert()
               .expect("invert failed due to write term is 0") // negilible probability for invert failed
           },
@@ -361,11 +362,12 @@ impl<E: Engine> LookupTrace<E> {
     })?;
     // new_W = W + 1 / (alpha - (addr + gamma * value + gamma^2 * counter))
     let mut w_blc = LinearCombination::<F>::zero();
-    w_blc = w_blc + alpha.get_variable()
-      - addr.get_variable()
-      - write_value_term.get_variable()
-      - write_counter_term.get_variable()
-      - gamma_square.get_variable();
+    w_blc = w_blc
+      + alpha.get_variable()
+      + addr.get_variable()
+      + write_value_term.get_variable()
+      + write_counter_term.get_variable()
+      + gamma_square.get_variable();
     cs.enforce(
       || "W update",
       |lc| lc + new_W.get_variable() - prev_W.get_variable(),
@@ -853,10 +855,10 @@ mod test {
         .zip(addr.get_value())
         .zip(read_value.get_value())
         .map(|((((prev_R, alpha), gamma), addr), read_value)| prev_R
-          + (alpha - (addr + gamma * read_value + gamma * gamma * <E1 as Engine>::Scalar::ZERO))
+          + (alpha + (addr + gamma * read_value + gamma * gamma * <E1 as Engine>::Scalar::ZERO))
             .invert()
             .unwrap()
-          + (alpha - (addr + gamma * read_value + gamma * gamma * <E1 as Engine>::Scalar::ONE))
+          + (alpha + (addr + gamma * read_value + gamma * gamma * <E1 as Engine>::Scalar::ONE))
             .invert()
             .unwrap())
     );
@@ -871,11 +873,11 @@ mod test {
         .zip(read_value.get_value())
         .map(|((((prev_W, alpha), gamma), addr), read_value)| {
           prev_W
-            + (alpha - (addr + gamma * read_value + gamma * gamma * (<E1 as Engine>::Scalar::ONE)))
+            + (alpha + (addr + gamma * read_value + gamma * gamma * (<E1 as Engine>::Scalar::ONE)))
               .invert()
               .unwrap()
             + (alpha
-              - (addr + gamma * read_value + gamma * gamma * (<E1 as Engine>::Scalar::from(2))))
+              + (addr + gamma * read_value + gamma * gamma * (<E1 as Engine>::Scalar::from(2))))
             .invert()
             .unwrap()
         }),
@@ -980,12 +982,12 @@ mod test {
         .zip(read_value.get_value())
         .map(|((((prev_R, alpha), gamma), addr), read_value)| prev_R
           + (alpha
-            - (addr
+            + (addr
               + gamma * <E1 as Engine>::Scalar::ZERO
               + gamma * gamma * <E1 as Engine>::Scalar::ZERO))
             .invert()
             .unwrap()
-          + (alpha - (addr + gamma * read_value + gamma * gamma * <E1 as Engine>::Scalar::ONE))
+          + (alpha + (addr + gamma * read_value + gamma * gamma * <E1 as Engine>::Scalar::ONE))
             .invert()
             .unwrap())
     );
@@ -1000,11 +1002,11 @@ mod test {
         .zip(read_value.get_value())
         .map(|((((prev_W, alpha), gamma), addr), read_value)| {
           prev_W
-            + (alpha - (addr + gamma * read_value + gamma * gamma * (<E1 as Engine>::Scalar::ONE)))
+            + (alpha + (addr + gamma * read_value + gamma * gamma * (<E1 as Engine>::Scalar::ONE)))
               .invert()
               .unwrap()
             + (alpha
-              - (addr + gamma * read_value + gamma * gamma * (<E1 as Engine>::Scalar::from(2))))
+              + (addr + gamma * read_value + gamma * gamma * (<E1 as Engine>::Scalar::from(2))))
             .invert()
             .unwrap()
         }),
diff --git a/src/lib.rs b/src/lib.rs
index 9702310ee..da907f093 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -179,8 +179,8 @@ where
   /// let circuit2 = TrivialCircuit::<<E2 as Engine>::Scalar>::default();
   /// // Only relevant for a SNARK using computation commitmnets, pass &(|_| 0)
   /// // or &*nova_snark::traits::snark::default_ck_hint() otherwise.
-  /// let ck_hint1 = &*SPrime::<E1>::ck_floor();
-  /// let ck_hint2 = &*SPrime::<E2>::ck_floor();
+  /// let ck_hint1 = &*SPrime::<E1, EE<_>>::ck_floor();
+  /// let ck_hint2 = &*SPrime::<E2, EE<_>>::ck_floor();
   ///
   /// let pp = PublicParams::setup(&circuit1, &circuit2, ck_hint1, ck_hint2);
   /// ```
@@ -2343,13 +2343,16 @@ mod tests {
 
     let circuit_secondary = TrivialCircuit::default();
 
+    let ck_hint1 = &*SPrime::<E1, EE<_>>::ck_floor();
+    let ck_hint2 = &*SPrime::<E2, EE<_>>::ck_floor();
+
     // produce public parameters
     let pp =
       PublicParams::<E1, E2, HeapifyCircuit<E1, E2>, TrivialCircuit<<E2 as Engine>::Scalar>>::setup(
         &circuit_primaries[0],
         &circuit_secondary,
-        &*default_ck_hint(),
-        &*default_ck_hint(),
+        ck_hint1,
+        ck_hint2,
       );
 
     // produce the prover and verifier keys for compressed snark
@@ -2407,10 +2410,10 @@ mod tests {
       zn_primary[5]
     ); // rw counter = number_of_iterated_nodes * (3r + 4w) operations
 
-    assert_eq!(pp.circuit_shape_primary.r1cs_shape.num_cons, 12599);
-    assert_eq!(pp.circuit_shape_primary.r1cs_shape.num_vars, 12607);
-    assert_eq!(pp.circuit_shape_secondary.r1cs_shape.num_cons, 10347);
-    assert_eq!(pp.circuit_shape_secondary.r1cs_shape.num_vars, 10329);
+    assert_eq!(pp.circuit_shape_primary.r1cs_shape.num_cons, 12609);
+    assert_eq!(pp.circuit_shape_primary.r1cs_shape.num_vars, 12615);
+    assert_eq!(pp.circuit_shape_secondary.r1cs_shape.num_cons, 10357);
+    assert_eq!(pp.circuit_shape_secondary.r1cs_shape.num_vars, 10337);
 
     println!("zn_primary {:?}", zn_primary);
 
@@ -2449,6 +2452,7 @@ mod tests {
       write_row,
       (alpha, gamma),
     );
+    println!("res: {:?}", res);
     assert!(res.is_ok());
   }
 }
diff --git a/src/spartan/ppsnark.rs b/src/spartan/ppsnark.rs
index e5e9b5642..537021a52 100644
--- a/src/spartan/ppsnark.rs
+++ b/src/spartan/ppsnark.rs
@@ -1536,6 +1536,7 @@ where
       .collect::<Vec<E::Scalar>>();
 
     let s = transcript.squeeze(b"r")?;
+    println!("prover s {:?}", s);
     let coeffs = powers::<E>(&s, claims.len());
 
     // compute the joint claim
@@ -1802,6 +1803,10 @@ where
     );
 
     transcript.absorb(b"c", &[comm_Az, comm_Bz, comm_Cz].as_slice());
+    println!(
+      "prover &[comm_Az, comm_Bz, comm_Cz] {:?}",
+      &[comm_Az, comm_Bz, comm_Cz].as_slice()
+    );
 
     // commit general table init/final value
     // padding init table/final table to same length as N
@@ -1816,12 +1821,17 @@ where
       || E::CE::commit(ck, &final_values),
       || E::CE::commit(ck, &final_counters),
     );
+    println!(
+      "prover &vec![comm_final_value, comm_final_counter] {:?}",
+      &vec![comm_final_value, comm_final_counter]
+    );
     // absorb lookup table value/counter commitment
-    transcript.absorb(b"e", &vec![comm_final_value, comm_final_counter].as_slice());
+    transcript.absorb(b"c", &vec![comm_final_value, comm_final_counter].as_slice());
 
     // number of rounds of sum-check
     let num_rounds_sc = pk.S_repr.N.log_2();
-    let tau = transcript.squeeze(b"t")?;
+    let tau: <E as Engine>::Scalar = transcript.squeeze(b"t")?;
+    println!("prover tau {:?}", tau);
     let tau_coords = PowPolynomial::new(&tau, num_rounds_sc).coordinates();
 
     // (1) send commitments to Az, Bz, and Cz along with their evaluations at tau
@@ -1856,7 +1866,7 @@ where
     // absorb the claimed evaluations into the transcript
     transcript.absorb(b"e", &eval_vec.as_slice());
     // absorb commitments to L_row and L_col in the transcript
-    transcript.absorb(b"e", &vec![comm_L_row, comm_L_col].as_slice());
+    transcript.absorb(b"c", &vec![comm_L_row, comm_L_col].as_slice());
     let comm_vec = vec![comm_Az, comm_Bz, comm_Cz];
     let poly_vec = vec![&Az, &Bz, &Cz];
     let c = transcript.squeeze(b"c")?;
@@ -1987,7 +1997,20 @@ where
           .as_slice(),
         );
 
+        println!(
+          "prover &[
+            comm_mem_oracles_row.clone(),
+            comm_mem_oracles_col.clone(),
+            comm_lookup_oracles.clone(),
+          ] {:?}",
+          &[
+            comm_mem_oracles_row.clone(),
+            comm_mem_oracles_col.clone(),
+            comm_lookup_oracles.clone(),
+          ]
+        );
         let rho = transcript.squeeze(b"r")?;
+        println!("prover rho {:?}", rho);
         let poly_eq = MultilinearPolynomial::new(PowPolynomial::new(&rho, num_rounds_sc).evals());
 
         Ok::<_, NovaError>((
@@ -2300,11 +2323,20 @@ where
       challenges,
     )?;
 
+    println!(
+      "verifier &[comm_Az, comm_Bz, comm_Cz] {:?}",
+      &[comm_Az, comm_Bz, comm_Cz].as_slice()
+    );
     transcript.absorb(b"c", &[comm_Az, comm_Bz, comm_Cz].as_slice());
     transcript.absorb(b"c", &[comm_final_value, comm_final_counter].as_slice());
 
+    println!(
+      "verify &vec![comm_final_value, comm_final_counter] {:?}",
+      &vec![comm_final_value, comm_final_counter]
+    );
     let num_rounds_sc = vk.S_comm.N.log_2();
     let tau = transcript.squeeze(b"t")?;
+    println!("verify tau {:?}", tau);
     let tau_coords = PowPolynomial::new(&tau, num_rounds_sc).coordinates();
 
     // add claims about Az, Bz, and Cz to be checked later
@@ -2318,7 +2350,7 @@ where
 
     transcript.absorb(b"e", &eval_vec.as_slice());
 
-    transcript.absorb(b"e", &vec![comm_L_row, comm_L_col].as_slice());
+    transcript.absorb(b"c", &vec![comm_L_row, comm_L_col].as_slice());
     let comm_vec = vec![comm_Az, comm_Bz, comm_Cz];
     let c = transcript.squeeze(b"c")?;
     let u: PolyEvalInstance<E> = PolyEvalInstance::batch(&comm_vec, &tau_coords, &eval_vec, &c);
@@ -2340,11 +2372,29 @@ where
       ]
       .as_slice(),
     );
+    println!(
+      "verifier &[
+        comm_mem_oracles_row.clone(),
+        comm_mem_oracles_col.clone(),
+        comm_lookup_oracles.clone(),
+      ] {:?}",
+      &vec![
+        comm_t_plus_r_inv_row,
+        comm_w_plus_r_inv_row,
+        comm_t_plus_r_inv_col,
+        comm_w_plus_r_inv_col,
+        comm_t_plus_r_inv_lookup,
+        comm_w_plus_r_inv_lookup,
+      ]
+      .as_slice()
+    );
 
     let rho = transcript.squeeze(b"r")?;
+    println!("verifier rho {:?}", rho);
 
     let num_claims = 13;
     let s = transcript.squeeze(b"r")?;
+    println!("verifier s {:?}", s);
     let coeffs = powers::<E>(&s, num_claims);
     let claim = (coeffs[7] + coeffs[8]) * claim + coeffs[10] * (read_row - write_row); // rest are zeros