poly_commit/
witness.rs

1use zkstd::common::{Group, Pairing, PairingRange};
2
3/// witness for Kate polynomial commitment
4#[allow(dead_code)]
5#[derive(Debug)]
6pub struct Witness<P: Pairing> {
7    // Original commitment, C = p(s)
8    pub c_eval: P::G1Affine,
9    // Quotient commitment, C = q(s)
10    pub q_eval: P::G1Affine,
11    // (s - a)_g2
12    pub denominator: P::G2PairngRepr,
13    // H
14    pub h: P::G2PairngRepr,
15}
16
17impl<P: Pairing> Witness<P> {
18    pub fn verify(self) -> bool {
19        let pairing =
20            P::multi_miller_loop(&[(self.c_eval, self.h), (self.q_eval, self.denominator)])
21                .final_exp();
22
23        pairing == <<P as Pairing>::PairingRange as PairingRange>::Gt::ADDITIVE_IDENTITY
24    }
25}