Struct MarlinPST13 

pub struct MarlinPST13<E: Pairing, P: DenseMVPolynomial<E::ScalarField>> { /* private fields */ }

Multivariate polynomial commitment based on the construction in [PST13] with batching and (optional) hiding property inspired by the univariate scheme in [CHMMVW20, “Marlin”]

Trait Implementations

impl<E, P> PolynomialCommitment<<E as Pairing>::ScalarField, P> for MarlinPST13<E, P>

where E: Pairing, P: DenseMVPolynomial<E::ScalarField> + Sync, P::Point: Index<usize, Output = E::ScalarField>,

fn setup<R: RngCore>( max_degree: usize, num_vars: Option<usize>, rng: &mut R, ) -> Result<UniversalParams<E, P>, Error>

Constructs public parameters when given as input the maximum degree max_degree and number of variables num_vars for the polynomial commitment scheme.

fn trim( pp: &Self::UniversalParams, supported_degree: usize, _supported_hiding_bound: usize, _enforced_degree_bounds: Option<&[usize]>, ) -> Result<(Self::CommitterKey, Self::VerifierKey), Self::Error>

Specializes the public parameters for polynomials up to the given supported_degree

TODO: Add the ability to trim the number of variables TODO: Update for support_hiding_bound

fn commit<'a>( ck: &Self::CommitterKey, polynomials: impl IntoIterator<Item = &'a LabeledPolynomial<E::ScalarField, P>>, rng: Option<&mut dyn RngCore>, ) -> Result<(Vec<LabeledCommitment<Self::Commitment>>, Vec<Self::CommitmentState>), Self::Error>

where P: 'a,

Outputs a commitments to polynomials.

fn open<'a>( ck: &Self::CommitterKey, labeled_polynomials: impl IntoIterator<Item = &'a LabeledPolynomial<E::ScalarField, P>>, _commitments: impl IntoIterator<Item = &'a LabeledCommitment<Self::Commitment>>, point: &P::Point, sponge: &mut impl CryptographicSponge, states: impl IntoIterator<Item = &'a Self::CommitmentState>, _rng: Option<&mut dyn RngCore>, ) -> Result<Self::Proof, Self::Error>

where P: 'a, Self::CommitmentState: 'a, Self::Commitment: 'a,

On input a polynomial p and a point point, outputs a proof for the same.

fn check<'a>( vk: &Self::VerifierKey, commitments: impl IntoIterator<Item = &'a LabeledCommitment<Self::Commitment>>, point: &'a P::Point, values: impl IntoIterator<Item = E::ScalarField>, proof: &Self::Proof, sponge: &mut impl CryptographicSponge, _rng: Option<&mut dyn RngCore>, ) -> Result<bool, Self::Error>

where Self::Commitment: 'a,

Verifies that value is the evaluation at x of the polynomial committed inside comm.

fn check_combinations<'a, R: RngCore>( vk: &Self::VerifierKey, linear_combinations: impl IntoIterator<Item = &'a LinearCombination<E::ScalarField>>, commitments: impl IntoIterator<Item = &'a LabeledCommitment<Self::Commitment>>, eqn_query_set: &QuerySet<P::Point>, eqn_evaluations: &Evaluations<P::Point, E::ScalarField>, proof: &BatchLCProof<E::ScalarField, Self::BatchProof>, sponge: &mut impl CryptographicSponge, rng: &mut R, ) -> Result<bool, Self::Error>

where Self::Commitment: 'a,

Checks that values are the true evaluations at query_set of the polynomials committed in labeled_commitments.

type UniversalParams = UniversalParams<E, P>

The universal parameters for the commitment scheme. These are “trimmed” down to Self::CommitterKey and Self::VerifierKey by Self::trim.

type CommitterKey = CommitterKey<E, P>

The committer key for the scheme; used to commit to a polynomial and then open the commitment to produce an evaluation proof.

type VerifierKey = VerifierKey<E>

The verifier key for the scheme; used to check an evaluation proof.

type Commitment = Commitment<E>

The commitment to a polynomial.

type CommitmentState = Randomness<E, P>

Auxiliary state of the commitment, output by the commit phase. It contains information that can be reused by the committer during the open phase, such as the commitment randomness. Not to be shared with the verifier.

type Proof = Proof<E>

The evaluation proof for a single point.

type BatchProof = Vec<<MarlinPST13<E, P> as PolynomialCommitment<<E as Pairing>::ScalarField, P>>::Proof>

The evaluation proof for a query set.

type Error = Error

The error type for the scheme.

fn batch_check<'a, R: RngCore>( vk: &Self::VerifierKey, commitments: impl IntoIterator<Item = &'a LabeledCommitment<Self::Commitment>>, query_set: &QuerySet<P::Point>, values: &Evaluations<P::Point, E::ScalarField>, proof: &Self::BatchProof, sponge: &mut impl CryptographicSponge, rng: &mut R, ) -> Result<bool, Self::Error>

where Self::Commitment: 'a,

Verify opening proofs for several polynomials at one or more points each (possibly different for each polynomial). Each entry in the query set of points contains the label of the polynomial which was queried at that point.

fn open_combinations<'a>( ck: &Self::CommitterKey, linear_combinations: impl IntoIterator<Item = &'a LinearCombination<E::ScalarField>>, polynomials: impl IntoIterator<Item = &'a LabeledPolynomial<E::ScalarField, P>>, commitments: impl IntoIterator<Item = &'a LabeledCommitment<Self::Commitment>>, query_set: &QuerySet<P::Point>, sponge: &mut impl CryptographicSponge, states: impl IntoIterator<Item = &'a Self::CommitmentState>, rng: Option<&mut dyn RngCore>, ) -> Result<BatchLCProof<E::ScalarField, Self::BatchProof>, Self::Error>

where P: 'a, Self::CommitmentState: 'a, Self::Commitment: 'a,

Open commitments to all polynomials involved in a number of linear combinations (LC) simultaneously.

fn batch_open<'a>( ck: &Self::CommitterKey, labeled_polynomials: impl IntoIterator<Item = &'a LabeledPolynomial<F, P>>, commitments: impl IntoIterator<Item = &'a LabeledCommitment<Self::Commitment>>, query_set: &QuerySet<P::Point>, sponge: &mut impl CryptographicSponge, states: impl IntoIterator<Item = &'a Self::CommitmentState>, rng: Option<&mut dyn RngCore>, ) -> Result<Self::BatchProof, Self::Error>

where P: 'a, Self::CommitmentState: 'a, Self::Commitment: 'a,

Open several polynomials at one or more points each (possibly different for each polynomial). Each entry in the in the query set of points contains the label of the polynomial which should be queried at that point.