Struct snarkos_polycommit::marlin_pc::MarlinKZG10

pub struct MarlinKZG10<E: PairingEngine> { /* fields omitted */ }

Polynomial commitment based on [KZG10], with degree enforcement, batching, and (optional) hiding property taken from [CHMMVW20, “Marlin”].

Degree bound enforcement requires that (at least one of) the points at which a committed polynomial is evaluated are from a distribution that is random conditioned on the polynomial. This is because degree bound enforcement relies on checking a polynomial identity at this point. More formally, the points must be sampled from an admissible query sampler, as detailed in [CHMMVW20].

Trait Implementations

impl<E: Clone + PairingEngine> Clone for MarlinKZG10<E>

fn clone(&self) -> MarlinKZG10<E>

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl<E: Debug + PairingEngine> Debug for MarlinKZG10<E>

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<E: PairingEngine> PolynomialCommitment<<E as PairingEngine>::Fr> for MarlinKZG10<E>

type BatchProof = Vec<Self::Proof>

The evaluation proof for a query set.

type Commitment = Commitment<E>

The commitment to a polynomial.

type CommitterKey = CommitterKey<E>

The committer key for the scheme; used to commit to a polynomial and then open the commitment to produce an evaluation proof.

type Error = Error

The error type for the scheme.

type Proof = Proof<E>

The evaluation proof for a single point.

type Randomness = Randomness<E>

The commitment randomness.

type UniversalParams = UniversalParams<E>

The universal parameters for the commitment scheme. These are "trimmed" down to Self::CommitterKey and Self::VerifierKey by Self::trim.

type VerifierKey = VerifierKey<E>

The verifier key for the scheme; used to check an evaluation proof.

fn setup<R: RngCore>(
    max_degree: usize,
    rng: &mut R
) -> Result<Self::UniversalParams, Self::Error>

Constructs public parameters when given as input the maximum degree max_degree for the polynomial commitment scheme.

fn trim(
    pp: &Self::UniversalParams,
    supported_degree: usize,
    enforced_degree_bounds: Option<&[usize]>
) -> Result<(Self::CommitterKey, Self::VerifierKey), Self::Error>

Specializes the public parameters for polynomials up to the given supported_degree and for enforcing degree bounds in the range 1..=supported_degree.

fn commit<'a>(
    ck: &Self::CommitterKey,
    polynomials: impl IntoIterator<Item = &'a LabeledPolynomial<'a, E::Fr>>,
    rng: Option<&mut dyn RngCore>
) -> Result<(Vec<LabeledCommitment<Self::Commitment>>, Vec<Self::Randomness>), Self::Error>

Outputs a commitment to polynomial.

fn open<'a>(
    ck: &Self::CommitterKey,
    labeled_polynomials: impl IntoIterator<Item = &'a LabeledPolynomial<'a, E::Fr>>,
    _commitments: impl IntoIterator<Item = &'a LabeledCommitment<Self::Commitment>>,
    point: E::Fr,
    opening_challenge: E::Fr,
    rands: impl IntoIterator<Item = &'a Self::Randomness>,
    _rng: Option<&mut dyn RngCore>
) -> Result<Self::Proof, Self::Error> where
    Self::Randomness: 'a,
    Self::Commitment: 'a, 

On input a polynomial p and a point point, outputs a proof for the same.

fn check<'a, R: RngCore>(
    vk: &Self::VerifierKey,
    commitments: impl IntoIterator<Item = &'a LabeledCommitment<Self::Commitment>>,
    point: E::Fr,
    values: impl IntoIterator<Item = E::Fr>,
    proof: &Self::Proof,
    opening_challenge: E::Fr,
    _rng: &mut R
) -> Result<bool, Self::Error> where
    Self::Commitment: 'a, 

Verifies that value is the evaluation at x of the polynomial committed inside comm.

fn batch_check<'a, R: RngCore>(
    vk: &Self::VerifierKey,
    commitments: impl IntoIterator<Item = &'a LabeledCommitment<Self::Commitment>>,
    query_set: &QuerySet<'_, E::Fr>,
    values: &Evaluations<'_, E::Fr>,
    proof: &Self::BatchProof,
    opening_challenge: E::Fr,
    rng: &mut R
) -> Result<bool, Self::Error> where
    Self::Commitment: 'a, 

Checks that values are the true evaluations at query_set of the polynomials committed in labeled_commitments.

fn open_combinations<'a>(
    ck: &Self::CommitterKey,
    lc_s: impl IntoIterator<Item = &'a LinearCombination<E::Fr>>,
    polynomials: impl IntoIterator<Item = &'a LabeledPolynomial<'a, E::Fr>>,
    commitments: impl IntoIterator<Item = &'a LabeledCommitment<Self::Commitment>>,
    query_set: &QuerySet<'_, E::Fr>,
    opening_challenge: E::Fr,
    rands: impl IntoIterator<Item = &'a Self::Randomness>,
    rng: Option<&mut dyn RngCore>
) -> Result<BatchLCProof<E::Fr, Self>, Self::Error> where
    Self::Randomness: 'a,
    Self::Commitment: 'a, 

On input a list of polynomials, linear combinations of those polynomials, and a query set, open_combination outputs a proof of evaluation of the combinations at the points in the query set.

fn check_combinations<'a, R: RngCore>(
    vk: &Self::VerifierKey,
    lc_s: impl IntoIterator<Item = &'a LinearCombination<E::Fr>>,
    commitments: impl IntoIterator<Item = &'a LabeledCommitment<Self::Commitment>>,
    query_set: &QuerySet<'_, E::Fr>,
    evaluations: &Evaluations<'_, E::Fr>,
    proof: &BatchLCProof<E::Fr, Self>,
    opening_challenge: E::Fr,
    rng: &mut R
) -> Result<bool, Self::Error> where
    Self::Commitment: 'a, 

Checks that values are the true evaluations at query_set of the polynomials committed in labeled_commitments.

fn batch_open<'a>(
    ck: &Self::CommitterKey,
    labeled_polynomials: impl IntoIterator<Item = &'a LabeledPolynomial<'a, F>>,
    commitments: impl IntoIterator<Item = &'a LabeledCommitment<Self::Commitment>>,
    query_set: &QuerySet<'_, F>,
    opening_challenge: F,
    rands: impl IntoIterator<Item = &'a Self::Randomness>,
    rng: Option<&mut dyn RngCore>
) -> Result<Self::BatchProof, Self::Error> where
    Self::Randomness: 'a,
    Self::Commitment: 'a, 

On input a list of labeled polynomials and a query set, open outputs a proof of evaluation of the polynomials at the points in the query set.