Struct risc0_zkp::prove::poly_group::PolyGroup

source · 
pub struct PolyGroup<'a, H: Hal> {
    pub coeffs: &'a H::BufferElem,
    pub count: usize,
    pub evaluated: H::BufferElem,
    pub merkle: MerkleTreeProver<H>,
}
Expand description

A PolyGroup represents a group of polynomials, all of the same maximum degree, as well as the evaluation of those polynomials over some domain that is larger than that degree by some invRate. Additionally, it includes a dense Merkle tree, where each entry is a single point of the domain, and the leaf hash is a simple linear hash of all of the values at that point. That is, if we have 100 polynomials evaluated on 2^16 points, the merkle tree has 2^16 entries, each being a hash of 100 values. The size of the domain is always a power of 2 so that we can use NTTs.

The primary purpose of the PolyGroup is for use in the DEEP-ALI protocol, which basically needs 4 methods during proof generation, specifically we need to: 1) Resolve queries (i.e. make MerkleColProofs) 2) Do evaluation of the polynomials at ‘randomly’ chosen points 3) Mix the polynomials via a random set of linear coefficients 4) Access the raw values in the evaluation domain to ‘evaluate’ the constraint polynomial

The poly group holds 3 buffers:

  1. The per-polynomial coefficients, used for evaluation + mixing
  2. The points evaluated on the domain in question (for the ‘col’ part of merkle proofs) 3) The Merkle tree itself.

PolyGroups are constructed from two basic sources: steps of a computations, and a single higher degree polynomial that has been split into lower degree parts. In the case of computations, the resulting steps must be padded (possibly with randomized data), which is presumed to be done by the caller. The constructor additionally ‘shifts’ the polynomial so that f(x) -> f(3*x), which means that the normal NTT evaluation domain does not reveal anything about the original datapoints (i.e. is zero knowledge) so long as the number of queries is less than the randomized padding.

Fields§

§coeffs: &'a H::BufferElem§count: usize§evaluated: H::BufferElem§merkle: MerkleTreeProver<H>

Implementations§

Auto Trait Implementations§

Blanket Implementations§

Gets the TypeId of self. Read more
Immutably borrows from an owned value. Read more
Mutably borrows from an owned value. Read more

Returns the argument unchanged.

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Instruments this type with the current Span, returning an Instrumented wrapper. Read more

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

The alignment of pointer.
The type for initializers.
Initializes a with the given initializer. Read more
Dereferences the given pointer. Read more
Mutably dereferences the given pointer. Read more
Drops the object pointed to by the given pointer. Read more
Should always be Self
The type returned in the event of a conversion error.
Performs the conversion.
The type returned in the event of a conversion error.
Performs the conversion.
Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more