ark-poly-commit 0.5.0

A library for constructing polynomial commitment schemes for use in zkSNARKs
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129

use crate::{
    utils::Matrix, PCCommitment, PCCommitmentState, PCCommitterKey, PCUniversalParams,
    PCVerifierKey,
};
use ark_ec::AffineRepr;
use ark_ff::PrimeField;
use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
use ark_std::{rand::RngCore, vec::Vec};

/// `UniversalParams` amounts to a Pederson commitment key of sufficient length
#[derive(Derivative, CanonicalSerialize, CanonicalDeserialize)]
#[derivative(Default(bound = ""), Clone(bound = ""), Debug(bound = ""))]
pub struct HyraxUniversalParams<G: AffineRepr> {
    /// A list of generators of the group.
    pub com_key: Vec<G>,
    /// A generator of the group.
    pub h: G,
}

impl<G: AffineRepr> PCUniversalParams for HyraxUniversalParams<G> {
    fn max_degree(&self) -> usize {
        // Only MLEs are supported
        1
    }
}

/// The committer key, which coincides with the universal parameters
pub type HyraxCommitterKey<G> = HyraxUniversalParams<G>;

/// The verifier key, which coincides with the committer key
pub type HyraxVerifierKey<G> = HyraxCommitterKey<G>;

impl<G: AffineRepr> PCCommitterKey for HyraxCommitterKey<G> {
    fn max_degree(&self) -> usize {
        // Only MLEs are supported
        1
    }
    fn supported_degree(&self) -> usize {
        // Only MLEs are supported
        1
    }
}

impl<G: AffineRepr> PCVerifierKey for HyraxVerifierKey<G> {
    // Only MLEs are supported
    fn max_degree(&self) -> usize {
        1
    }
    // Only MLEs are supported
    fn supported_degree(&self) -> usize {
        1
    }
}

/// Hyrax commitment to a polynomial consisting of one multi-commit per row of
/// the coefficient matrix
#[derive(Derivative, CanonicalSerialize, CanonicalDeserialize)]
#[derivative(Default(bound = ""), Clone(bound = ""), Debug(bound = ""))]
pub struct HyraxCommitment<G: AffineRepr> {
    /// A list of multi-commits to each row of the matrix representing the
    /// polynomial.
    pub row_coms: Vec<G>,
}

impl<G: AffineRepr> PCCommitment for HyraxCommitment<G> {
    #[inline]
    fn empty() -> Self {
        HyraxCommitment {
            row_coms: Vec::new(),
        }
    }

    // The degree bound is always 1, since only multilinear polynomials are
    // supported
    fn has_degree_bound(&self) -> bool {
        true
    }
}

pub(crate) type HyraxRandomness<F> = Vec<F>;

/// Hyrax Commitment state: matrix of polynomial coefficients and list of random
/// scalars used in each of the row-wise Pedersen commitments
#[derive(Derivative, CanonicalSerialize, CanonicalDeserialize)]
#[derivative(Default(bound = ""), Clone(bound = ""), Debug(bound = ""))]
pub struct HyraxCommitmentState<F>
where
    F: PrimeField,
{
    pub(crate) randomness: HyraxRandomness<F>,
    pub(crate) mat: Matrix<F>,
}

/// A vector of scalars, each of which multiplies the distinguished group
/// element in the Pederson commitment key for a different commitment
impl<F: PrimeField> PCCommitmentState for HyraxCommitmentState<F> {
    type Randomness = HyraxRandomness<F>;
    fn empty() -> Self {
        unimplemented!()
    }

    fn rand<R: RngCore>(
        num_queries: usize,
        _has_degree_bound: bool,
        _num_vars: Option<usize>,
        rng: &mut R,
    ) -> Self::Randomness {
        (0..num_queries).map(|_| F::rand(rng)).collect()
    }
}

/// Proof of a Hyrax opening, containing various commitments
/// and auxiliary values generated randomly during the opening
#[derive(Derivative, CanonicalSerialize, CanonicalDeserialize)]
#[derivative(Default(bound = ""), Clone(bound = ""), Debug(bound = ""))]
pub struct HyraxProof<G: AffineRepr> {
    /// Commitment to the evaluation of the polynomial at the requested point
    pub com_eval: G,
    /// Commitment to auxiliary random vector `d`
    pub com_d: G,
    /// Commitment to auxiliary random scalar `b`
    pub com_b: G,
    /// Auxiliary random vector
    pub z: Vec<G::ScalarField>,
    /// Auxiliary random scalar
    pub z_d: G::ScalarField,
    /// Auxiliary random scalar
    pub z_b: G::ScalarField,
}