fix: remove extra sub constraint

0xPolygonZero · Feb 18, 2024 · 72955b4 · 72955b4
1 parent 8d238c4
commit 72955b4
Showing 1 changed file with 5 additions and 4 deletions.
diff --git a/evm_arithmetization/src/keccak/round_flags.rs b/evm_arithmetization/src/keccak/round_flags.rs
@@ -30,8 +30,9 @@ pub(crate) fn eval_round_flags<F: Field, P: PackedField<Scalar = F>>(
         .sum::<P>();
     let next_any_flag = (0..NUM_ROUNDS).map(|i| next_values[reg_step(i)]).sum::<P>();
     // Padding row should only start after the last round row.
-    let not_final_step = P::ONES - local_values[reg_step(NUM_ROUNDS - 1)];
-    let padding_constraint = (next_any_flag - F::ONE) * current_any_flag * not_final_step;
+    let last_round_flag = local_values[reg_step(NUM_ROUNDS - 1)];
+    let padding_constraint =
+        (next_any_flag - F::ONE) * current_any_flag * (last_round_flag - F::ONE);
     for i in 0..NUM_ROUNDS {
         let current_round_flag = local_values[reg_step(i)];
         let next_round_flag = next_values[reg_step((i + 1) % NUM_ROUNDS)];
@@ -66,10 +67,10 @@ pub(crate) fn eval_round_flags_recursively<F: RichField + Extendable<D>, const D
     let next_any_flag =
         builder.add_many_extension((0..NUM_ROUNDS).map(|i| next_values[reg_step(i)]));
     // Padding row should only start after the last round row.
-    let not_final_step = builder.sub_extension(one, local_values[reg_step(NUM_ROUNDS - 1)]);
+    let last_round_flag = local_values[reg_step(NUM_ROUNDS - 1)];
     let padding_constraint = {
         let tmp = builder.mul_sub_extension(current_any_flag, next_any_flag, current_any_flag);
-        builder.mul_extension(tmp, not_final_step)
+        builder.mul_sub_extension(tmp, last_round_flag, tmp)
     };
     for i in 0..NUM_ROUNDS {
         let current_round_flag = local_values[reg_step(i)];