Skip to content

Commit a295377

Browse files
committed
spec/ECSM: fix padding bug
1 parent e90b96b commit a295377

2 files changed

Lines changed: 8 additions & 5 deletions

File tree

spec/ecsm.typ

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -132,7 +132,8 @@ We emphasize here that @ec:c:c0_63_is_zero is required to ensure the sum evaluat
132132
The constraints @ec:c:c0_0 and @ec:c:c0_i, as well as the magic number $8160$ in @ec:c:range_c0 are discussed in @ecsm-limb_carry.
133133
#render_constraint_table(ecsm_chip, config, groups: "xG2")
134134

135-
Next, we restrict the witness pair $(y_G, #`q1`)$:
135+
Next, we restrict the witness pair $(y_G, #`q1`)$.
136+
Note there that @ec:c:c1_0 and @ec:c:c1_i multiply `B` by `μ` to simplify the padding; there are no other side-effects to this since $#`μ` = 1$ on non-padding rows (@ec:c:mu_isbit).
136137

137138
#render_constraint_table(ecsm_chip, config, groups: "yG")
138139

spec/src/ecsm.toml

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -347,26 +347,27 @@ ref = "ec:c:q1_257"
347347

348348
[[constraints.yG]]
349349
kind = "arith"
350-
constraint = "$2^8 dot #`c1`_0 = #`YG`_0 dot #`YG`_0 - #`X2`_0 dot #`XG`_0 - #`B`_0 + #`P`_0 dot #`P`_0 - #`Q1`_0 dot #`P`_0$"
350+
constraint = "$2^8 dot #`c1`_0 = #`YG`_0 dot #`YG`_0 - #`X2`_0 dot #`XG`_0 - #`μ` dot #`B`_0 + #`P`_0 dot #`P`_0 - #`Q1`_0 dot #`P`_0$"
351351
poly = ["-",
352352
["+",
353353
["*", ["idx", "YG", 0], ["idx", "YG", 0]],
354354
["*", ["idx", "P", 0], ["idx", "P", 0]],
355355
],
356356
["*", ["idx", "X2", 0], ["idx", "XG", 0]],
357-
["idx", "B", 0],
357+
["*", "μ", ["idx", "B", 0]],
358358
["*", ["idx", "Q1", 0], ["idx", "P", 0]],
359359
["*", ["^", 2, 8], ["idx", "c1", 0]]
360360
]
361+
ref = "ec:c:c1_0"
361362

362363
[[constraints.yG]]
363364
kind = "arith"
364-
constraint = "$2^8 dot #`c1`_i = #`c1`_(i-1) - #`B`_i + sum_(j=0)^i (#`YG`_j dot #`YG`_(i-j) + #`P`_j dot #`P`_(i-j) - #`X2`_j dot #`XG`_(i-j) - #`Q1`_j dot #`P`_(i-j))$"
365+
constraint = "$2^8 dot #`c1`_i = #`c1`_(i-1) - #`μ` dot #`B`_i + sum_(j=0)^i (#`YG`_j dot #`YG`_(i-j) + #`P`_j dot #`P`_(i-j) - #`X2`_j dot #`XG`_(i-j) - #`Q1`_j dot #`P`_(i-j))$"
365366
poly = ["+",
366367
["-",
367368
["idx", "c1", ["-", "i", 1]],
368369
["*", ["^", 2, 8], ["idx", "c1", "i"]],
369-
["idx", "B", "i"]
370+
["*", "μ", ["idx", "B", "i"]]
370371
],
371372
["sum", ["=", "j", 0], "i",
372373
["-",
@@ -380,6 +381,7 @@ poly = ["+",
380381
]
381382
]
382383
iter = ["i", 1, 63]
384+
ref = "ec:c:c1_i"
383385

384386
[[constraints.yG]]
385387
kind = "arith"

0 commit comments

Comments
 (0)