wip

co-circom/co-groth16/src/groth16.rs

@@ -114,8 +114,9 @@ where
         )?;
         tracing::debug!("done!");
         tracing::debug!("getting r and s...");
-        let r = self.driver.rand();
-        let s = self.driver.rand();
+        //TODO: this is bad - we need something else
+        let r = self.runtime.block_on(self.driver.rand())?;
+        let s = self.runtime.block_on(self.driver.rand())?;
         tracing::debug!("done!");
         tracing::debug!("calling create_proof_with_assignment...");
         self.create_proof_with_assignment(zkey, r, s, &h, &public_inputs[1..], private_witness)

co-circom/co-plonk/src/lib.rs

@@ -110,6 +110,7 @@ where
 mod plonk_utils {
     use ark_ec::pairing::Pairing;
     use circom_types::plonk::ZKey;
+    use rayon::prelude::*;
 
     use crate::mpc::CircomPlonkProver;
     use crate::types::{Domains, PlonkWitness};
@@ -143,20 +144,21 @@ mod plonk_utils {
 
     // For convenience coeff is given in reverse order
     pub(crate) fn blind_coefficients<P: Pairing, T: CircomPlonkProver<P>>(
-        poly: &[T::ArithmeticShare],
+        poly: &mut Vec<T::ArithmeticShare>,
         coeff_rev: &[T::ArithmeticShare],
-    ) -> Vec<T::ArithmeticShare> {
-        let mut res = poly.to_vec();
+    ) {
         #[allow(unused_mut)]
-        for (mut p, c) in res.iter_mut().zip(coeff_rev.iter().rev()) {
-            *p = T::sub(*p, *c);
-        }
+        poly.par_iter_mut()
+            .zip(coeff_rev.par_iter().rev())
+            .with_min_len(32)
+            .for_each(|(mut p, c)| {
+                *p = T::sub(*p, *c);
+            });
         // Extend
-        res.reserve(coeff_rev.len());
+        poly.reserve(coeff_rev.len());
         for c in coeff_rev.iter().rev().cloned() {
-            res.push(c);
+            poly.push(c);
         }
-        res
     }
 
     pub(crate) fn calculate_lagrange_evaluations<P: Pairing>(

co-circom/co-plonk/src/round1.rs

@@ -110,14 +110,14 @@ impl<'a, P: Pairing, T: CircomPlonkProver<P>> Round1<'a, P, T> {
         }
         buffer.resize(zkey.domain_size, T::ArithmeticShare::default());
         // Compute the coefficients of the wire polynomials a(X), b(X) and c(X) from A,B & C buffers
-        let poly = T::ifft(&buffer, &domains.domain);
+        let mut poly = T::ifft(&buffer, &domains.domain);
 
         tracing::debug!("ffts for evals..");
         // Compute extended evaluations of a(X), b(X) and c(X) polynomials
         let eval = T::fft(&poly, &domains.extended_domain);
 
         tracing::debug!("blinding coefficients");
-        let poly = plonk_utils::blind_coefficients::<P, T>(&poly, blind_factors);
+        plonk_utils::blind_coefficients::<P, T>(&mut poly, blind_factors);
         Ok((buffer, PolyEval { poly, eval }))
     }
 

co-circom/co-plonk/src/round2.rs

@@ -244,14 +244,15 @@ impl<'a, P: Pairing, T: CircomPlonkProver<P>> Round2<'a, P, T> {
 
         buffer_z.rotate_right(1); // Required by SNARKJs/Plonk
         batched_mul_span.exit();
+        let fft_span = tracing::info_span!("fft-ifft for z(x)").entered();
 
         // Compute polynomial coefficients z(X) from buffer_z
-        let poly_z = T::ifft(&buffer_z, &domains.domain);
+        let mut poly_z = T::ifft(&buffer_z, &domains.domain);
 
         // Compute extended evaluations of z(X) polynomial
         let eval_z = T::fft(&poly_z, &domains.extended_domain);
-
-        let poly_z = plonk_utils::blind_coefficients::<P, T>(&poly_z, &challenges.b[6..9]);
+        plonk_utils::blind_coefficients::<P, T>(&mut poly_z, &challenges.b[6..9]);
+        fft_span.exit();
 
         if poly_z.len() > zkey.domain_size + 3 {
             Err(PlonkProofError::PolynomialDegreeTooLarge)