plonkup/commitment_scheme/kzg10/
proof.rs

1// This Source Code Form is subject to the terms of the Mozilla Public
2// License, v. 2.0. If a copy of the MPL was not distributed with this
3// file, You can obtain one at http://mozilla.org/MPL/2.0/.
4//
5// Copyright (c) DUSK NETWORK. All rights reserved.
6
7use super::Commitment;
8use dusk_bls12_381::BlsScalar;
9
10/// Proof that a polynomial `p` was correctly evaluated at a point `z`
11/// producing the evaluated point p(z).
12#[derive(Copy, Clone, Debug)]
13#[allow(dead_code)]
14pub(crate) struct Proof {
15    /// This is a commitment to the witness polynomial.
16    pub(crate) commitment_to_witness: Commitment,
17    /// This is the result of evaluating a polynomial at the point `z`.
18    pub(crate) evaluated_point: BlsScalar,
19    /// This is the commitment to the polynomial that you want to prove a
20    /// statement about.
21    pub(crate) commitment_to_polynomial: Commitment,
22}
23
24#[cfg(feature = "alloc")]
25pub(crate) mod alloc {
26    use super::*;
27    use crate::transcript::TranscriptProtocol;
28    use crate::util::powers_of;
29    #[rustfmt::skip]
30    use ::alloc::vec::Vec;
31    use dusk_bls12_381::G1Projective;
32    use merlin::Transcript;
33    #[cfg(feature = "std")]
34    use rayon::prelude::*;
35
36    /// Proof that multiple polynomials were correctly evaluated at a point `z`,
37    /// each producing their respective evaluated points p_i(z).
38    #[derive(Debug)]
39    pub(crate) struct AggregateProof {
40        /// This is a commitment to the aggregated witness polynomial.
41        pub(crate) commitment_to_witness: Commitment,
42        /// These are the results of the evaluating each polynomial at the
43        /// point `z`.
44        pub(crate) evaluated_points: Vec<BlsScalar>,
45        /// These are the commitments to the polynomials which you want to
46        /// prove a statement about.
47        pub(crate) commitments_to_polynomials: Vec<Commitment>,
48    }
49
50    impl AggregateProof {
51        /// Initializes an `AggregatedProof` with the commitment to the witness.
52        pub(crate) fn with_witness(witness: Commitment) -> AggregateProof {
53            AggregateProof {
54                commitment_to_witness: witness,
55                evaluated_points: Vec::new(),
56                commitments_to_polynomials: Vec::new(),
57            }
58        }
59
60        /// Adds an evaluated point with the commitment to the polynomial which
61        /// produced it.
62        pub(crate) fn add_part(&mut self, part: (BlsScalar, Commitment)) {
63            self.evaluated_points.push(part.0);
64            self.commitments_to_polynomials.push(part.1);
65        }
66
67        /// Flattens an `AggregateProof` into a `Proof`.
68        /// The transcript must have the same view as the transcript that was
69        /// used to aggregate the witness in the proving stage.
70        pub(crate) fn flatten(&self, transcript: &mut Transcript) -> Proof {
71            let v_challenge = transcript.challenge_scalar(b"v_challenge");
72            let powers = powers_of(
73                &v_challenge,
74                self.commitments_to_polynomials.len() - 1,
75            );
76
77            #[cfg(not(feature = "std"))]
78            let flattened_poly_commitments_iter =
79                self.commitments_to_polynomials.iter().zip(powers.iter());
80            #[cfg(not(feature = "std"))]
81            let flattened_poly_evaluations_iter =
82                self.evaluated_points.iter().zip(powers.iter());
83
84            #[cfg(feature = "std")]
85            let flattened_poly_commitments_iter = self
86                .commitments_to_polynomials
87                .par_iter()
88                .zip(powers.par_iter());
89            #[cfg(feature = "std")]
90            let flattened_poly_evaluations_iter =
91                self.evaluated_points.par_iter().zip(powers.par_iter());
92
93            // Flattened polynomial commitments using challenge `v`
94            let flattened_poly_commitments: G1Projective =
95                flattened_poly_commitments_iter
96                    .map(|(poly, v_challenge)| poly.0 * v_challenge)
97                    .sum();
98            // Flattened evaluation points
99            let flattened_poly_evaluations: BlsScalar =
100                flattened_poly_evaluations_iter
101                    .map(|(eval, v_challenge)| eval * v_challenge)
102                    .sum();
103
104            Proof {
105                commitment_to_witness: self.commitment_to_witness,
106                evaluated_point: flattened_poly_evaluations,
107                commitment_to_polynomial: Commitment::from(
108                    flattened_poly_commitments,
109                ),
110            }
111        }
112    }
113}