fix: commitments [skip-line-limit]

circuits/bin/insecure/pk_trbfv/src/main.nr

@@ -15,7 +15,7 @@ fn main(
     a: pub [Polynomial<N>; L],
     eek: Polynomial<N>,
     sk: Polynomial<N>,
-    e_sm: Polynomial<N>,
+    e_sm: [Polynomial<N>; L],
     r1is: [Polynomial<(2 * N) - 1>; L],
     r2is: [Polynomial<N - 1>; L],
     pk0is: [Polynomial<N>; L],

circuits/bin/production/pk_trbfv/src/main.nr

@@ -15,7 +15,7 @@ fn main(
     a: pub [Polynomial<N>; L],
     eek: Polynomial<N>,
     sk: Polynomial<N>,
-    e_sm: Polynomial<N>,
+    e_sm: [Polynomial<N>; L],
     r1is: [Polynomial<(2 * N) - 1>; L],
     r2is: [Polynomial<N - 1>; L],
     pk0is: [Polynomial<N>; L],

circuits/lib/src/core/bfv_dec.nr

@@ -5,8 +5,7 @@
 // or FITNESS FOR A PARTICULAR PURPOSE.
 
 use crate::math::commitments::{
-    compute_aggregated_shares_commitment, compute_shares_party_modulus_commitment,
-    prepare_aggregated_shares_commitment_payload, prepare_single_polynomial_commitment_payload,
+    compute_aggregated_shares_commitment, compute_spm_commitment_from_message,
 };
 use crate::math::polynomial::Polynomial;
 
@@ -38,12 +37,11 @@ impl<let N: u32, let L: u32, let H: u32, let BIT_MSG: u32> BfvDecCommitVerify<N,
     fn verify_commitments(self) {
         for party_idx in 0..H {
             for mod_idx in 0..L {
-                let payload = prepare_single_polynomial_commitment_payload::<N, BIT_MSG>(
-                    self.decrypted_shares[party_idx][mod_idx],
-                );
-                let computed = compute_shares_party_modulus_commitment(payload);
                 assert(
-                    computed == self.expected_commitments[party_idx][mod_idx],
+                    compute_spm_commitment_from_message::<N, BIT_MSG>(
+                        self.decrypted_shares[party_idx][mod_idx],
+                    )
+                        == self.expected_commitments[party_idx][mod_idx],
                     "Commitment mismatch",
                 );
             }
@@ -80,7 +78,6 @@ impl<let N: u32, let L: u32, let H: u32, let BIT_MSG: u32> BfvDecCommitVerify<N,
         let aggregated = self.compute_aggregated_shares();
 
         // Step 3: Return commitment to aggregated shares
-        let payload = prepare_aggregated_shares_commitment_payload::<N, L, BIT_MSG>(aggregated);
-        compute_aggregated_shares_commitment(payload)
+        compute_aggregated_shares_commitment::<N, L, BIT_MSG>(aggregated)
     }
 }

circuits/lib/src/core/bfv_enc.nr

@@ -5,9 +5,7 @@
 // or FITNESS FOR A PARTICULAR PURPOSE.
 
 use crate::math::commitments::{
-    compute_bfv_enc_challenge_commitment, compute_pk_bfv_commitment,
-    compute_shares_party_modulus_commitment, prepare_message_commitment_payload,
-    prepare_pk_commitment_payload,
+    compute_bfv_enc_challenge, compute_pk_bfv_commitment, compute_spm_commitment_from_message,
 };
 use crate::math::helpers::flatten;
 use crate::math::modulo::U128::ModU128;
@@ -170,20 +168,18 @@ impl<let N: u32, let L: u32, let BIT_PK: u32, let BIT_CT: u32, let BIT_U: u32, l
 
     /// Verifies that the public key hashes to the expected commitment
     fn verify_pk_commitment(self) {
-        let payload = prepare_pk_commitment_payload::<N, L, BIT_PK>(self.pk0is, self.pk1is);
-        let computed_commitment = compute_pk_bfv_commitment(payload);
         assert(
-            computed_commitment == self.expected_pk_commitment,
+            compute_pk_bfv_commitment::<N, L, BIT_PK>(self.pk0is, self.pk1is)
+                == self.expected_pk_commitment,
             "Public key commitment mismatch",
         );
     }
 
     /// Verifies that the message polynomial hashes to the expected commitment
     fn verify_message_commitment(self) {
-        let payload = prepare_message_commitment_payload::<N>(self.message);
-        let computed_commitment = compute_shares_party_modulus_commitment(payload);
         assert(
-            computed_commitment == self.expected_message_commitment,
+            compute_spm_commitment_from_message::<N, BIT_MSG>(self.message)
+                == self.expected_message_commitment,
             "Message commitment mismatch",
         );
     }
@@ -330,7 +326,7 @@ impl<let N: u32, let L: u32, let BIT_PK: u32, let BIT_CT: u32, let BIT_U: u32, l
     fn generate_challenge(self, k1: Polynomial<N>) -> Vec<Field> {
         let inputs = self.payload(k1);
 
-        compute_bfv_enc_challenge_commitment::<L>(inputs)
+        compute_bfv_enc_challenge::<L>(inputs)
     }
 
     /// Verifies BFV encryption constraints using Fiat-Shamir challenges and the Schwartz-Zippel lemma

circuits/lib/src/core/bfv_pk.nr

@@ -4,7 +4,7 @@
 // without even the implied warranty of MERCHANTABILITY
 // or FITNESS FOR A PARTICULAR PURPOSE.
 
-use crate::math::commitments::{compute_pk_bfv_commitment, prepare_pk_commitment_payload};
+use crate::math::commitments::compute_pk_bfv_commitment;
 use crate::math::polynomial::Polynomial;
 
 /// BFV Public Key Commitment Circuit (Circuit 0).
@@ -27,8 +27,6 @@ impl<let N: u32, let L: u32, let BIT_PK: u32> BfvPkCommit<N, L, BIT_PK> {
     /// Main verification function
     /// Returns commitment to BFV public key
     pub fn verify(self) -> Field {
-        // Compute and return the pk bfv commitment
-        let payload = prepare_pk_commitment_payload::<N, L, BIT_PK>(self.pk0, self.pk1);
-        compute_pk_bfv_commitment(payload)
+        compute_pk_bfv_commitment::<N, L, BIT_PK>(self.pk0, self.pk1)
     }
 }

circuits/lib/src/core/greco.nr

@@ -143,22 +143,6 @@ impl<let N: u32, let L: u32, let BIT_PK: u32, let BIT_CT: u32, let BIT_U: u32, l
         }
     }
 
-    /// Flattens public key polynomials into a single array for commitment generation.
-    ///
-    /// This function serializes all public key polynomial coefficients into a 1D array to enable
-    /// the generation of a public key commitment using a cryptographic sponge.
-    ///
-    /// # Returns
-    /// An array containing all public key polynomial coefficients in flattened form
-    fn commitment_payload(self) -> Vec<Field> {
-        let mut inputs = Vec::new();
-
-        inputs = flatten::<_, _, BIT_PK>(inputs, self.pk0is);
-        inputs = flatten::<_, _, BIT_PK>(inputs, self.pk1is);
-
-        inputs
-    }
-
     /// Flattens all polynomials coefficients into a single array for challenge generation.
     ///
     /// This function serializes all polynomial coefficients into a 1D array to enable
@@ -318,12 +302,10 @@ impl<let N: u32, let L: u32, let BIT_PK: u32, let BIT_CT: u32, let BIT_U: u32, l
     /// - gamma_1, ..., gamma_{L-1} are used for linear combination of ct0 constraints
     /// - gamma_L, ..., gamma_{2L-1} are used for linear combination of ct1 constraints
     fn generate_challenge(self) -> Vec<Field> {
-        let commitment_payload = self.commitment_payload();
-        let gammas_payload = self.gammas_payload();
-
-        compute_greco_challenge_commitment::<L>(
-            commitment_payload,
-            gammas_payload,
+        compute_greco_challenge_commitment::<N, L, BIT_PK>(
+            self.pk0is,
+            self.pk1is,
+            self.gammas_payload(),
             self.pk_commitment,
         )
     }

circuits/lib/src/core/trbfv_dec_share.nr

@@ -4,10 +4,7 @@
 // without even the implied warranty of MERCHANTABILITY
 // or FITNESS FOR A PARTICULAR PURPOSE.
 
-use crate::math::commitments::{
-    compute_aggregated_shares_commitment, compute_dec_share_challenge_commitment,
-    prepare_aggregated_shares_from_values_commitment_payload,
-};
+use crate::math::commitments::{compute_aggregated_shares_commitment, compute_dec_share_challenge};
 use crate::math::helpers::flatten;
 use crate::math::polynomial::Polynomial;
 
@@ -96,16 +93,20 @@ impl<let N: u32, let L: u32, let BIT_CT: u32, let BIT_S: u32, let BIT_E: u32, le
 
     /// Verifies that s hashes to expected_s_commitment
     fn verify_s_commitment(self) {
-        let payload = prepare_aggregated_shares_from_values_commitment_payload::<N, L>(self.s);
-        let computed_commitment = compute_aggregated_shares_commitment(payload);
-        assert(computed_commitment == self.expected_s_commitment, "S commitment mismatch");
+        assert(
+            compute_aggregated_shares_commitment::<N, L, BIT_S>(self.s)
+                == self.expected_s_commitment,
+            "S commitment mismatch",
+        );
     }
 
     /// Verifies that e hashes to expected_e_commitment
     fn verify_e_commitment(self) {
-        let payload = prepare_aggregated_shares_from_values_commitment_payload::<N, L>(self.e);
-        let computed_commitment = compute_aggregated_shares_commitment(payload);
-        assert(computed_commitment == self.expected_e_commitment, "E commitment mismatch");
+        assert(
+            compute_aggregated_shares_commitment::<N, L, BIT_E>(self.e)
+                == self.expected_e_commitment,
+            "E commitment mismatch",
+        );
     }
 
     /// Flattens all witness data into a single array for Fiat-Shamir challenge generation.
@@ -231,7 +232,7 @@ impl<let N: u32, let L: u32, let BIT_CT: u32, let BIT_S: u32, let BIT_E: u32, le
     fn generate_challenge(self) -> Field {
         let inputs = self.payload();
 
-        compute_dec_share_challenge_commitment(inputs)
+        compute_dec_share_challenge::<L>(inputs)
     }
 
     /// Verifies the lifted decryption share computation formula for a specific CRT basis using the Schwartz-Zippel lemma.

circuits/lib/src/core/trbfv_pk.nr

@@ -5,8 +5,8 @@
 // or FITNESS FOR A PARTICULAR PURPOSE.
 
 use crate::math::commitments::{
-    compute_pk_trbfv_commitment, compute_secret_commitment, compute_trbfv_pk_challenge_commitment,
-    prepare_pk_commitment_payload, prepare_single_polynomial_commitment_payload,
+    compute_pk_trbfv_challenge, compute_pk_trbfv_commitment, compute_secret_e_sm_commitment,
+    compute_secret_sk_commitment,
 };
 use crate::math::helpers::flatten;
 use crate::math::polynomial::Polynomial;
@@ -69,7 +69,7 @@ pub struct TrbfvPublicKey<let N: u32, let L: u32, let BIT_EEK: u32, let BIT_SK:
 
     /// Smudging noise polynomial (secret witness)
     /// Used for threshold decryption security
-    e_sm: Polynomial<N>,
+    e_sm: [Polynomial<N>; L],
 
     /// Quotients from polynomial operations (secret witnesses)
     /// r1[i] are quotients from modulus switching for modulus i (can be negative, degree 2*N-1)
@@ -90,7 +90,7 @@ impl<let N: u32, let L: u32, let BIT_EEK: u32, let BIT_SK: u32, let BIT_E_SM: u3
         a: [Polynomial<N>; L],
         eek: Polynomial<N>,
         sk: Polynomial<N>,
-        e_sm: Polynomial<N>,
+        e_sm: [Polynomial<N>; L],
         r1: [Polynomial<2 * N - 1>; L],
         r2: [Polynomial<N - 1>; L],
         pk0: [Polynomial<N>; L],
@@ -133,13 +133,9 @@ impl<let N: u32, let L: u32, let BIT_EEK: u32, let BIT_SK: u32, let BIT_E_SM: u3
         self.perform_range_checks();
 
         // Step 2: Compute commitments
-        let sk_payload = prepare_single_polynomial_commitment_payload::<N, BIT_SK>(self.sk);
-        let e_sm_payload = prepare_single_polynomial_commitment_payload::<N, BIT_E_SM>(self.e_sm);
-        let pk_payload = prepare_pk_commitment_payload::<N, L, BIT_PK>(self.pk0, self.pk1);
-
-        let sk_commitment = compute_secret_commitment(sk_payload);
-        let e_sm_commitment = compute_secret_commitment(e_sm_payload);
-        let pk_commitment = compute_pk_trbfv_commitment(pk_payload);
+        let sk_commitment = compute_secret_sk_commitment::<N, BIT_SK>(self.sk);
+        let e_sm_commitment = compute_secret_e_sm_commitment::<N, L, BIT_E_SM>(self.e_sm);
+        let pk_commitment = compute_pk_trbfv_commitment::<N, L, BIT_PK>(self.pk0, self.pk1);
 
         // Step 3: Generate Fiat-Shamir challenges using commitments
         let gammas = self.generate_challenge(sk_commitment, pk_commitment, e_sm_commitment);
@@ -163,7 +159,7 @@ impl<let N: u32, let L: u32, let BIT_EEK: u32, let BIT_SK: u32, let BIT_E_SM: u3
     ) -> Vec<Field> {
         let inputs = self.payload(sk_commitment, pk_commitment, e_sm_commitment);
 
-        compute_trbfv_pk_challenge_commitment::<L>(inputs)
+        compute_pk_trbfv_challenge::<L>(inputs)
     }
 
     /// Performs range checks on all secret witness values
@@ -174,11 +170,13 @@ impl<let N: u32, let L: u32, let BIT_EEK: u32, let BIT_SK: u32, let BIT_E_SM: u3
         // Check that secret key polynomial has small coefficients
         self.sk.range_check_2bounds::<BIT_SK>(self.configs.sk_bound, self.configs.sk_bound);
 
-        // Check that smudging noise polynomial has small coefficients
-        self.e_sm.range_check_2bounds::<BIT_E_SM>(self.configs.e_sm_bound, self.configs.e_sm_bound);
-
         // Check quotient terms are within expected bounds (per modulus)
         for i in 0..L {
+            self.e_sm[i].range_check_2bounds::<BIT_E_SM>(
+                self.configs.e_sm_bound,
+                self.configs.e_sm_bound,
+            );
+
             self.r1[i].range_check_2bounds::<BIT_R1>(
                 self.configs.r1_bounds[i],
                 self.configs.r1_bounds[i],

circuits/lib/src/core/trbfv_pk_agg.nr

@@ -4,8 +4,7 @@
 // without even the implied warranty of MERCHANTABILITY
 // or FITNESS FOR A PARTICULAR PURPOSE.
 
-use crate::math::commitments::compute_greco_pk_agg_commitment;
-use crate::math::commitments::{compute_pk_trbfv_commitment, prepare_pk_commitment_payload};
+use crate::math::commitments::{compute_pk_agg_commitment, compute_pk_trbfv_commitment};
 use crate::math::modulo::U128::ModU128;
 use crate::math::polynomial::Polynomial;
 
@@ -74,10 +73,9 @@ impl<let N: u32, let H: u32, let L: u32, let BIT_PK: u32> TrbfvPublicKeyAggregat
     /// Verifies that pk trbfv hashes to each expected_pk_trbfv_commitment
     fn verify_pk_commitments(self) {
         for i in 0..H {
-            let payload = prepare_pk_commitment_payload::<N, L, BIT_PK>(self.pk0[i], self.pk1[i]);
-            let computed_commitment = compute_pk_trbfv_commitment(payload);
             assert(
-                computed_commitment == self.expected_pk_trbfv_commitments[i],
+                compute_pk_trbfv_commitment::<N, L, BIT_PK>(self.pk0[i], self.pk1[i])
+                    == self.expected_pk_trbfv_commitments[i],
                 "PK commitment mismatch",
             );
         }
@@ -123,7 +121,6 @@ impl<let N: u32, let H: u32, let L: u32, let BIT_PK: u32> TrbfvPublicKeyAggregat
         }
 
         // 2. Commit to aggregated public key
-        let payload = prepare_pk_commitment_payload::<N, L, BIT_PK>(self.pk0_agg, self.pk1_agg);
-        compute_greco_pk_agg_commitment(payload)
+        compute_pk_agg_commitment::<N, L, BIT_PK>(self.pk0_agg, self.pk1_agg)
     }
 }