provekit-whir 0.1.1

An implementation of the WHIR polynomial commitment scheme
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66

//! Linear Forms that commited vectors can be openened against.

mod covector;
mod multilinear_extension;
mod univariate_evaluation;

use std::any::Any;

use ark_ff::Field;
use static_assertions::assert_obj_safe;

pub use self::{
    covector::Covector, multilinear_extension::MultilinearExtension,
    univariate_evaluation::UnivariateEvaluation,
};
use crate::algebra::{
    embedding::{self, Embedding},
    fields,
};

/// Represents a linear function $๐”ฝ^n โ†’ ๐”ฝ$ used in WHIR openings.
///
/// Note that the trait does not contain a method to actually evaluate the linear form, for that
/// see the [`Evaluate`] trait.
///
/// The `Any` supertrait enables downcasting concrete types (e.g. [`Covector`]) from
/// `dyn LinearForm<F>`, which the prover uses to recycle covector buffers.
pub trait LinearForm<F: Field>: Any + Send + Sync {
    /// The dimension of the domain of this linear form.
    fn size(&self) -> usize;

    /// Evaluate the linear form as a multi-linear extension in a random point.
    ///
    /// Specifically the computed value should be the linear functional applied to vector given by
    /// the tensor product $a = a_0 โŠ— a_1 โŠ— โ‹ฏ โŠ— a_(k-1)$ where $k โ‰ฅ โŒˆlog_2 sizeโŒ‰$ and
    /// $a_i = (1-point_i, point_i)$ truncated to `self.size()`.
    ///
    /// This function can be used by the verifier to check the [`FinalClaim`].
    fn mle_evaluate(&self, point: &[F]) -> F;

    /// Accumulate the covector representation of the linear form.
    ///
    /// Take $w โˆˆ ๐”ฝ^n$ such that evaluating the linear form on $v โˆˆ ๐”ฝ^n$ equals the inner
    /// product $โŸจw,vโŸฉ$. Then this function computes $accumulator_i += scalar ยท w_i$.
    ///
    /// This function is only called by the prover.
    fn accumulate(&self, accumulator: &mut [F], scalar: F);
}

/// A linear form that can be evaluated on a subfield vector.
///
/// In particular [`Evaluate<Identity<F>>`] allows evaluating the linear form
/// on its native field.
pub trait Evaluate<M: Embedding>: LinearForm<M::Target> {
    /// Evaluate the linear form on a subfield vector.
    ///
    /// - `self` is a linear form $๐”ฝ^n โ†’ ๐”ฝ$.
    /// - `embedding` is an embedding $๐”พ โ†’ ๐”ฝ$.
    /// - `vector` is a vector in $๐”พ^n$.
    ///
    fn evaluate(&self, embedding: &M, vector: &[M::Source]) -> M::Target;
}

assert_obj_safe!(LinearForm<fields::Field64>);

assert_obj_safe!(Evaluate<embedding::Basefield<fields::Field64_2>>);