ok, blinding are may be in place, but need more carefull evaluation cause r(zy, 1) != r(z, y) if follow the algorithm 1 from the paper

src/sonic/helped/generator.rs

@@ -46,6 +46,7 @@ use crate::sonic::cs::ConstraintSystem as SonicConstraintSystem;
 use crate::sonic::cs::Variable as SonicVariable;
 use crate::sonic::cs::Coeff;
 use crate::sonic::sonic::{AdaptorCircuit};
+use super::parameters::NUM_BLINDINGS;
 
 use crate::verbose_flag;
 
@@ -381,7 +382,7 @@ pub fn generate_parameters<E, C>(
     where E: Engine, C: Circuit<E> 
 {
     let circuit_parameters = get_circuit_parameters::<E, C>(circuit)?; 
-    let min_d = circuit_parameters.n * 4;
+    let min_d = circuit_parameters.n * 4 + NUM_BLINDINGS;
 
     let srs = generate_srs(alpha, x, min_d)?;
 
@@ -407,8 +408,8 @@ pub fn generate_parameters_on_srs_and_information<E: Engine>(
     information: CircuitParameters<E>
 ) -> Result<Parameters<E>, SynthesisError>
 {
-    assert!(srs.d >= information.n * 4);
+    assert!(srs.d >= information.n * 4 + NUM_BLINDINGS);
-    let min_d = information.n * 4;
+    let min_d = information.n * 4 + NUM_BLINDINGS;
 
     let trimmed_srs: SRS<E> = SRS {
         d: min_d,

src/sonic/helped/prover.rs

@@ -210,80 +210,14 @@ pub fn create_proof_on_srs<E: Engine, C: Circuit<E>, S: SynthesisDriver>(
     let rng = &mut thread_rng();
 
     // c_{n+1}, c_{n+2}, c_{n+3}, c_{n+4}
-    let blindings: Vec<E::Fr> = (0..NUM_BLINDINGS).into_iter().map(|_| E::Fr::rand(rng)).collect();
+    // let blindings: Vec<E::Fr> = (0..NUM_BLINDINGS).into_iter().map(|_| E::Fr::rand(rng)).collect();
 
-    // let blindings: Vec<E::Fr> = vec![E::Fr::zero(); NUM_BLINDINGS];
+    let blindings: Vec<E::Fr> = vec![E::Fr::zero(); NUM_BLINDINGS];
 
     // let max_n = 3*n + 1 + NUM_BLINDINGS;
 
     // let max_n = 3*n + 1;
 
-    fn polynomial_commitment<
-        'a,
-        EE: Engine,
-        IS: IntoIterator<Item = &'a EE::Fr>,
-    >(
-        max: usize,
-        largest_negative_power: usize,
-        largest_positive_power: usize,
-        srs: &'a SRS<EE>,
-        s: IS,
-    ) -> EE::G1Affine
-    where
-        IS::IntoIter: ExactSizeIterator,
-    {
-        // smallest power is d - max - largest_negative_power; It should either be 1 for use of positive powers only,
-        // of we should use part of the negative powers
-        let d = srs.d;
-        assert!(max >= largest_positive_power);
-        if d < max + largest_negative_power + 1 {
-            println!("Use negative powers for polynomial commitment");
-            let min_power = largest_negative_power + max - d;
-            let max_power = d + largest_positive_power - max;
-            println!("Min power = {}, max = {}", min_power, max_power);
-            // need to use negative powers to make a proper commitment
-            return multiexp(
-                srs.g_negative_x_alpha[0..min_power].iter().rev()
-                .chain_ext(srs.g_positive_x_alpha[..max_power].iter()),
-                s
-            ).into_affine();
-        } else {
-            println!("Use positive powers only for polynomial commitment");
-            return multiexp(
-            srs.g_positive_x_alpha[(srs.d - max - largest_negative_power - 1)..].iter(),
-            s
-            ).into_affine();
-        }
-    }
-
-    fn polynomial_commitment_opening<
-        'a,
-        EE: Engine,
-        I: IntoIterator<Item = &'a EE::Fr>
-    >(
-        largest_negative_power: usize,
-        largest_positive_power: usize,
-        polynomial_coefficients: I,
-        mut point: EE::Fr,
-        srs: &'a SRS<EE>,
-    ) -> EE::G1Affine
-        where I::IntoIter: DoubleEndedIterator + ExactSizeIterator,
-    {
-        let poly = kate_divison(
-            polynomial_coefficients,
-            point,
-        );
-
-        let negative_poly = poly[0..largest_negative_power].iter().rev();
-        let positive_poly = poly[largest_negative_power..].iter();
-        multiexp(
-            srs.g_negative_x[1..(negative_poly.len() + 1)].iter().chain_ext(
-                srs.g_positive_x[0..positive_poly.len()].iter()
-            ),
-            negative_poly.chain_ext(positive_poly)
-        ).into_affine()
-    }
-
     let r = polynomial_commitment::<E, _>(
         n, 
         2*n + NUM_BLINDINGS, 

src/sonic/util.rs

@@ -1,6 +1,7 @@
 use crate::SynthesisError;
 use ff::{Field, PrimeField, PrimeFieldRepr, ScalarEngine};
 use pairing::{CurveAffine, CurveProjective, Engine};
+use super::srs::SRS;
 
 pub trait ChainExt: Iterator {
     fn chain_ext<U>(self, other: U) -> Chain<Self, U::IntoIter>
@@ -71,8 +72,71 @@ where
     }
 }
 
+pub fn polynomial_commitment<
+        'a,
+        E: Engine,
+        IS: IntoIterator<Item = &'a E::Fr>,
+    >(
+        max: usize,
+        largest_negative_power: usize,
+        largest_positive_power: usize,
+        srs: &'a SRS<E>,
+        s: IS,
+    ) -> E::G1Affine
+    where
+        IS::IntoIter: ExactSizeIterator,
+    {
+        // smallest power is d - max - largest_negative_power; It should either be 1 for use of positive powers only,
+        // of we should use part of the negative powers
+        let d = srs.d;
+        assert!(max >= largest_positive_power);
+        if d < max + largest_negative_power + 1 {
+            let min_power = largest_negative_power + max - d;
+            let max_power = d + largest_positive_power - max;
+            // need to use negative powers to make a proper commitment
+            return multiexp(
+                srs.g_negative_x_alpha[0..min_power].iter().rev()
+                .chain_ext(srs.g_positive_x_alpha[..max_power].iter()),
+                s
+            ).into_affine();
+        } else {
+            return multiexp(
+            srs.g_positive_x_alpha[(srs.d - max - largest_negative_power - 1)..].iter(),
+            s
+            ).into_affine();
+        }
+    }
+
+pub fn polynomial_commitment_opening<
+        'a,
+        E: Engine,
+        I: IntoIterator<Item = &'a E::Fr>
+    >(
+        largest_negative_power: usize,
+        largest_positive_power: usize,
+        polynomial_coefficients: I,
+        mut point: E::Fr,
+        srs: &'a SRS<E>,
+    ) -> E::G1Affine
+        where I::IntoIter: DoubleEndedIterator + ExactSizeIterator,
+    {
+        let poly = kate_divison(
+            polynomial_coefficients,
+            point,
+        );
+
+        let negative_poly = poly[0..largest_negative_power].iter().rev();
+        let positive_poly = poly[largest_negative_power..].iter();
+        multiexp(
+            srs.g_negative_x[1..(negative_poly.len() + 1)].iter().chain_ext(
+                srs.g_positive_x[0..positive_poly.len()].iter()
+            ),
+            negative_poly.chain_ext(positive_poly)
+        ).into_affine()
+    }
+
 extern crate crossbeam;
-use self::crossbeam::channel::{unbounded, RecvError};
+use self::crossbeam::channel::{unbounded};
 
 pub fn evaluate_at_consequitive_powers<'a, F: Field> (
     coeffs: &[F],
@@ -115,15 +179,11 @@ pub fn evaluate_at_consequitive_powers<'a, F: Field> (
     let mut result = F::zero();
 
     loop {
-        let v = r.recv();
+        if r.is_empty() {
-        match v {
+            break;
-            Ok(value) => {
-                result.add_assign(&value);
-            },
-            Err(RecvError) => {
-                break;
-            }
         }
+        let value = r.recv().expect("must not be empty");
+        result.add_assign(&value);
     }
 
     result