Struct UnivariateKzgPCS

pub struct UnivariateKzgPCS<E> { /* private fields */ }

KZG Polynomial Commitment Scheme on univariate polynomial.

Trait Implementations

impl<E: Pairing> PolynomialCommitmentScheme for UnivariateKzgPCS<E>

fn trim( srs: impl Borrow<Self::SRS>, supported_degree: usize, supported_num_vars: Option<usize>, ) -> Result<(UnivariateProverParam<E>, UnivariateVerifierParam<E>), PCSError>

Trim the universal parameters to specialize the public parameters. Input max_degree for univariate. supported_num_vars must be None or an error is returned.

fn commit( prover_param: impl Borrow<UnivariateProverParam<E>>, poly: &Self::Polynomial, ) -> Result<Self::Commitment, PCSError>

Generate a commitment for a polynomial Note that the scheme is not hiding

fn batch_commit( prover_param: impl Borrow<UnivariateProverParam<E>>, polys: &[Self::Polynomial], ) -> Result<Self::BatchCommitment, PCSError>

Generate a commitment for a list of polynomials

fn open( prover_param: impl Borrow<UnivariateProverParam<E>>, polynomial: &Self::Polynomial, point: &Self::Point, ) -> Result<(Self::Proof, Self::Evaluation), PCSError>

On input a polynomial p and a point point, outputs a proof for the same.

fn batch_open( prover_param: impl Borrow<UnivariateProverParam<E>>, _multi_commitment: &Self::BatchCommitment, polynomials: &[Self::Polynomial], points: &[Self::Point], ) -> Result<(Self::BatchProof, Vec<Self::Evaluation>), PCSError>

Input a list of polynomials, and the same number of points, compute a multi-opening for all the polynomials.

fn verify( verifier_param: &UnivariateVerifierParam<E>, commitment: &Self::Commitment, point: &Self::Point, value: &E::ScalarField, proof: &Self::Proof, ) -> Result<bool, PCSError>

Verifies that value is the evaluation at x of the polynomial committed inside comm.

fn batch_verify<R: RngCore + CryptoRng>( verifier_param: &UnivariateVerifierParam<E>, multi_commitment: &Self::BatchCommitment, points: &[Self::Point], values: &[E::ScalarField], batch_proof: &Self::BatchProof, rng: &mut R, ) -> Result<bool, PCSError>

Verifies that value_i is the evaluation at x_i of the polynomial poly_i committed inside comm.

fn multi_open( prover_param: impl Borrow<UnivariateProverParam<E>>, polynomial: &Self::Polynomial, points: &[Self::Point], ) -> Result<(Vec<Self::Proof>, Vec<Self::Evaluation>), PCSError>

Fast computation of batch opening for a single polynomial at multiple arbitrary points. Details see Sec 2.1~2.3 of FK23.

Only accept polynomial with power-of-two degree, no constraint on the size of points

type SRS = UnivariateUniversalParams<E>

Structured reference string

type Polynomial = DensePolynomial<<E as Pairing>::ScalarField>

Polynomial and its associated types

type Point = <E as Pairing>::ScalarField

Polynomial input domain

type Evaluation = <E as Pairing>::ScalarField

Polynomial Evaluation

type Commitment = Commitment<E>

Commitments

type BatchCommitment = Vec<<UnivariateKzgPCS<E> as PolynomialCommitmentScheme>::Commitment>

Batch commitments

type Proof = UnivariateKzgProof<E>

Proofs

type BatchProof = Vec<UnivariateKzgProof<E>>

Batch proofs

fn load_srs_from_file( supported_degree: usize, file: Option<&str>, ) -> Result<Self::SRS, PCSError>

Load public parameter in production environment. These parameters are loaded from files with serialized pp bytes, and the actual setup is usually carried out via MPC and should be implemented else where. We only load them into memory here.

impl<E: Pairing> UnivariatePCS for UnivariateKzgPCS<E>

fn multi_open_rou_evals( polynomial: &Self::Polynomial, num_points: usize, domain: &Radix2EvaluationDomain<Self::Evaluation>, ) -> Result<Vec<Self::Evaluation>, PCSError>

Compute the evaluations in Self::multi_open_rou().

fn multi_point_open( prover_param: impl Borrow<<Self::SRS as StructuredReferenceString>::ProverParam>, polynomial: &Self::Polynomial, points: &[Self::Point], ) -> Result<(Self::Proof, Vec<Self::Evaluation>), PCSError>

Input a polynomial, and multiple evaluation points, compute a batch opening proof for the multiple points of the same polynomial.

Warning: don’t use it when points.len() is large

fn multi_point_verify( verifier_param: impl Borrow<<Self::SRS as StructuredReferenceString>::VerifierParam>, commitment: &Self::Commitment, points: &[Self::Point], values: &[Self::Evaluation], proof: &Self::Proof, ) -> Result<bool, PCSError>

Verifies that values are the evaluation at the points of the polynomial committed inside comm.

Warning: don’t use it when points.len() is large

fn multi_open_rou_proofs( prover_param: impl Borrow<<Self::SRS as StructuredReferenceString>::ProverParam>, polynomial: &Self::Polynomial, num_points: usize, domain: &Radix2EvaluationDomain<Self::Evaluation>, ) -> Result<Vec<Self::Proof>, PCSError>

Compute the opening proofs in Self::multi_open_rou().

fn trim_fft_size( srs: impl Borrow<Self::SRS>, supported_degree: usize, ) -> Result<(<Self::SRS as StructuredReferenceString>::ProverParam, <Self::SRS as StructuredReferenceString>::VerifierParam), PCSError>

Similar to PolynomialCommitmentScheme::trim(), but trim to support the FFT operations, such as Self::multi_open_rou() or other operations that involves roots of unity.

fn multi_open_rou_eval_domain( degree: usize, num_points: usize, ) -> Result<Radix2EvaluationDomain<Self::Evaluation>, PCSError>

Given degree of the committed polynomial and num_points to open, return the evaluation domain for faster computation of opening proofs and evaluations (both using FFT).

fn multi_open_rou( prover_param: impl Borrow<<Self::SRS as StructuredReferenceString>::ProverParam>, polynomial: &Self::Polynomial, num_points: usize, domain: &Radix2EvaluationDomain<Self::Evaluation>, ) -> Result<(Vec<Self::Proof>, Vec<Self::Evaluation>), PCSError>

Same task as PolynomialCommitmentScheme::multi_open(), except the points are roots of unity. The first num_points of roots will be evaluated (in canonical order).