Skip to main content

p3_commit/pcs/
multilinear.rs

1//! Polynomial commitment scheme trait for multilinear polynomials.
2
3use core::fmt::Debug;
4
5use p3_field::{ExtensionField, Field};
6use serde::Serialize;
7use serde::de::DeserializeOwned;
8
9/// Polynomial commitment scheme for multilinear polynomials over the Boolean hypercube.
10///
11/// A multilinear polynomial in m variables is defined by its 2^m evaluations
12/// on {0,1}^m. This trait abstracts the three phases of a PCS:
13///
14/// - **Commit**: bind to a witness and return a public commitment plus
15///   prover-only auxiliary data.
16/// - **Open**: produce a proof for an agreed opening protocol using the
17///   prover data from commitment.
18/// - **Verify**: check the proof against the public commitment and opening
19///   protocol.
20pub trait MultilinearPcs<Challenge, Challenger>
21where
22    Challenge: ExtensionField<Self::Val>,
23{
24    /// Base field of the committed polynomials.
25    type Val: Field;
26
27    /// Succinct binding commitment sent to the verifier.
28    type Commitment: Clone + Serialize + DeserializeOwned;
29
30    /// Prover-side auxiliary data retained between commit and open.
31    /// Never sent to the verifier.
32    type ProverData;
33
34    /// Opening proof checked by the verifier.
35    type Proof: Clone + Serialize + DeserializeOwned;
36
37    /// Verification failure type.
38    type Error: Debug;
39
40    /// Committed witness.
41    type Witness;
42
43    /// Public opening shapes agreed before commit.
44    type OpeningProtocol;
45
46    /// Number of variables m of the committed polynomials.
47    /// Every polynomial has 2^m evaluations.
48    fn num_vars(&self) -> usize;
49
50    /// Commit to a multilinear witness.
51    ///
52    /// The concrete witness representation is implementation-defined. It may
53    /// be a flat polynomial, a table layout, or another structure that expands
54    /// to multilinear evaluations over the Boolean hypercube.
55    ///
56    /// # Returns
57    ///
58    /// - A succinct commitment (e.g. a Merkle root).
59    /// - Opaque prover data consumed by `open`.
60    fn commit(
61        &self,
62        witness: Self::Witness,
63        challenger: &mut Challenger,
64    ) -> (Self::Commitment, Self::ProverData);
65
66    /// Produce an opening proof for the supplied opening protocol.
67    ///
68    /// Consumes the prover data returned by `commit`. The opening protocol is
69    /// public metadata shared with the verifier and determines which committed
70    /// values are opened.
71    ///
72    /// # Returns
73    ///
74    /// - The opening proof, including any implementation-specific claimed
75    ///   evaluations needed by `verify`.
76    fn open(
77        &self,
78        prover_data: Self::ProverData,
79        protocol: Self::OpeningProtocol,
80        challenger: &mut Challenger,
81    ) -> Self::Proof;
82
83    /// Verify an opening proof against a public commitment and opening protocol.
84    ///
85    /// The opening protocol must be the same public protocol used by the
86    /// prover when constructing the proof.
87    ///
88    /// The challenger must be in the same transcript state as the prover's
89    /// challenger was at the corresponding protocol step.
90    fn verify(
91        &self,
92        commitment: &Self::Commitment,
93        proof: &Self::Proof,
94        challenger: &mut Challenger,
95        protocol: Self::OpeningProtocol,
96    ) -> Result<(), Self::Error>;
97}