Crate dory_pcs

Crate dory_pcs 

Source
Expand description

§dory

A high performance and modular implementation of the Dory polynomial commitment scheme.

Dory is a transparent polynomial commitment scheme with excellent asymptotic performance, based on the work of Jonathan Lee (eprint 2020/1274).

§Key Features

  • Transparent setup with automatic disk persistence
  • Logarithmic proof size: O(log n) group elements
  • Logarithmic verification: O(log n) GT exps and 5 pairings
  • Performance optimizations: Optional prepared point caching (~20-30% speedup) and parallelization
  • Flexible matrix layouts: Supports both square and non-square matrices (nu ≤ sigma)
  • Homomorphic properties: Com(r₁·P₁ + r₂·P₂ + … + rₙ·Pₙ) = r₁·Com(P₁) + r₂·Com(P₂) + … + rₙ·Com(Pₙ)

§Structure

§Core Modules

§Backend Implementations

  • backends - Concrete backend implementations (available with feature flags)

§Usage

§Basic Example

use dory_pcs::{setup, prove, verify};
use dory_pcs::backends::arkworks::{BN254, G1Routines, G2Routines, Blake2bTranscript};

// 1. Generate setup (automatically loads from/saves to disk)
let (prover_setup, verifier_setup) = setup::<BN254, _>(&mut rng, max_log_n);

// 2. Commit to polynomial
let (tier_2_commitment, tier_1_commitments) = polynomial
    .commit::<BN254, G1Routines>(nu, sigma, &prover_setup)?;

// 3. Generate evaluation proof
let mut prover_transcript = Blake2bTranscript::new(b"domain-separation");
let proof = prove::<_, BN254, G1Routines, G2Routines, _, _>(
    &polynomial, &point, tier_1_commitments, nu, sigma,
    &prover_setup, &mut prover_transcript
)?;

// 4. Verify
let mut verifier_transcript = Blake2bTranscript::new(b"domain-separation");
verify::<_, BN254, G1Routines, G2Routines, _>(
    tier_2_commitment, evaluation, &point, &proof,
    verifier_setup, &mut verifier_transcript
)?;

§Performance Optimization

Enable prepared point caching for ~20-30% pairing speedup (requires cache feature):

use dory_pcs::backends::arkworks::init_cache;

let (prover_setup, verifier_setup) = setup::<BN254, _>(&mut rng, max_log_n);
init_cache(&prover_setup.g1_vec, &prover_setup.g2_vec);
// Subsequent operations will automatically use cached prepared points

§Examples

See the examples/ directory for complete demonstrations:

  • basic_e2e.rs - Standard square matrix workflow
  • homomorphic.rs - Homomorphic combination of multiple polynomials
  • non_square.rs - Non-square matrix layout (nu < sigma)

§Feature Flags

  • backends - Enable concrete backends (currently Arkworks BN254)
  • cache - Enable prepared point caching (~20-30% speedup, requires parallel)
  • parallel - Enable Rayon parallelization for MSMs and pairings

Re-exports§

pub use error::DoryError;
pub use evaluation_proof::create_evaluation_proof;
pub use messages::FirstReduceMessage;
pub use messages::ScalarProductMessage;
pub use messages::SecondReduceMessage;
pub use messages::VMVMessage;
pub use primitives::poly::MultilinearLagrange;
pub use primitives::poly::Polynomial;
pub use proof::DoryProof;
pub use reduce_and_fold::DoryProverState;
pub use reduce_and_fold::DoryVerifierState;
pub use setup::ProverSetup;
pub use setup::VerifierSetup;

Modules§

backends
Backend implementations for Dory primitives
error
Error types for Dory PCS operations
evaluation_proof
Evaluation proof generation and verification using Eval-VMV-RE protocol
messages
Protocol messages exchanged between prover and verifier
primitives
Primitives
proof
Dory proof structure
reduce_and_fold
Opening proof protocol - prover and verifier state management
setup
Setup structures for Dory PCS

Functions§

generate_urs
Force generate new prover and verifier setups and save to disk
prove
Evaluate a polynomial at a point and create proof
setup
Generate or load prover and verifier setups from disk
verify
Verify an evaluation proof