refactor: Refactor HyperKZG comments

This is a port of the following upstream PRs: - microsoft/Nova#299 - microsoft/Nova#300
argumentcomputer · Jan 25, 2024 · fc980e5 · fc980e5
1 parent 43a868c
commit fc980e5
Showing 1 changed file with 11 additions and 3 deletions.
diff --git a/src/provider/hyperkzg.rs b/src/provider/hyperkzg.rs
@@ -1,4 +1,10 @@
-//! This module implements Nova's evaluation engine using multilinear KZG
+//! This module implements Nova's evaluation engine using `HyperKZG`, a KZG-based polynomial commitment for multilinear polynomials
+//! HyperKZG is based on the transformation from univariate PCS to multilinear PCS in the Gemini paper (section 2.4.2 in https://eprint.iacr.org/2022/420.pdf).
+//! However, there are some key differences:
+//! (1) HyperKZG works with multilinear polynomials represented in evaluation form (rather than in coefficient form in Gemini's transformation).
+//! This means that Spartan's polynomial IOP can use commit to its polynomials as-is without incurring any interpolations or FFTs.
+//! (2) HyperKZG is specialized to use KZG as the univariate commitment scheme, so it includes several optimizations (both during the transformation of multilinear-to-univariate claims
+//! and within the KZG commitment scheme implementation itself).
 #![allow(non_snake_case)]
 use crate::{
   errors::NovaError,
@@ -209,6 +215,8 @@ where
     assert_eq!(n, 1 << ell); // Below we assume that n is a power of two
 
     // Phase 1  -- create commitments com_1, ..., com_\ell
+    // We do not compute final Pi (and its commitment) as it is constant and equals to 'eval'
+    // also known to verifier, so can be derived on its side as well
     let mut polys: Vec<Vec<E::Fr>> = Vec::new();
     polys.push(hat_P.to_vec());
 
@@ -238,8 +246,8 @@ where
       .collect();
 
     // Phase 2
-    // We do not need to add x to the transcript, because in our context x was
-    // obtained from the transcript.
+    // We do not need to add x to the transcript, because in our context x was obtained from the transcript.
+    // We also do not need to absorb `C` and `eval` as they are already absorbed by the transcript by the caller
     let r = Self::compute_challenge(&comms, transcript);
     let u = vec![r, -r, r * r];