w3f_pcs/pcs/
mod.rs

1use ark_ff::PrimeField;
2use ark_poly::Evaluations;
3use ark_serialize::*;
4use ark_std::fmt::Debug;
5use ark_std::iter::Sum;
6use ark_std::ops::{Add, Sub};
7use ark_std::rand::Rng;
8use ark_std::vec::Vec;
9
10pub use id::IdentityCommitment;
11
12use crate::Poly;
13
14mod id;
15pub mod kzg;
16
17pub trait Commitment<F: PrimeField>:
18    Eq
19    + Sized
20    + Clone
21    + Debug
22    + Add<Self, Output = Self>
23    + Sub<Self, Output = Self>
24    + Sum<Self>
25    + CanonicalSerialize
26    + CanonicalDeserialize
27{
28    fn mul(&self, by: F) -> Self;
29    fn combine(coeffs: &[F], commitments: &[Self]) -> Self;
30}
31
32/// Can be used to commit and open commitments to DensePolynomial<F> of degree up to max_degree.
33pub trait CommitterKey: Clone + Debug + CanonicalSerialize + CanonicalDeserialize {
34    /// Maximal degree of a polynomial supported.
35    fn max_degree(&self) -> usize;
36
37    /// Maximal number of evaluations supported when committing in the Lagrangian base.
38    fn max_evals(&self) -> usize {
39        self.max_degree() + 1
40    }
41}
42
43/// Can be used to verify openings to commitments.
44pub trait VerifierKey: Clone + Debug {
45    /// Maximal number of openings that can be verified.
46    fn max_points(&self) -> usize {
47        1
48    }
49}
50
51/// Generates a `VerifierKey`, serializable
52pub trait RawVerifierKey:
53    Clone + Debug + Eq + PartialEq + CanonicalSerialize + CanonicalDeserialize
54{
55    type VK: VerifierKey;
56
57    fn prepare(&self) -> Self::VK;
58}
59
60pub trait PcsParams {
61    type CK: CommitterKey;
62    type VK: VerifierKey;
63    type RVK: RawVerifierKey<VK = Self::VK>;
64
65    fn ck(&self) -> Self::CK;
66    fn vk(&self) -> Self::VK;
67    fn raw_vk(&self) -> Self::RVK;
68
69    fn ck_with_lagrangian(&self, _domain_size: usize) -> Self::CK {
70        unimplemented!();
71    }
72}
73
74/// Polynomial commitment scheme.
75pub trait PCS<F: PrimeField> {
76    type C: Commitment<F>;
77
78    type Proof: Clone + CanonicalSerialize + CanonicalDeserialize;
79
80    type CK: CommitterKey;
81
82    // vk needs to be convertible to a ck that is only required to commit to the p=1 constant polynomial,
83    // see https://eprint.iacr.org/archive/2020/1536/1629188090.pdf, section 4.2
84    type VK: VerifierKey + Into<Self::CK>;
85
86    type Params: PcsParams<CK = Self::CK, VK = Self::VK>;
87
88    fn setup<R: Rng>(max_degree: usize, rng: &mut R) -> Self::Params;
89
90    fn commit(ck: &Self::CK, p: &Poly<F>) -> Result<Self::C, ()>;
91
92    fn commit_evals(ck: &Self::CK, evals: &Evaluations<F>) -> Result<Self::C, ()> {
93        let poly = evals.interpolate_by_ref();
94        Self::commit(ck, &poly)
95    }
96
97    fn open(ck: &Self::CK, p: &Poly<F>, x: F) -> Result<Self::Proof, ()>;
98
99    fn verify(vk: &Self::VK, c: Self::C, x: F, z: F, proof: Self::Proof) -> Result<(), ()>;
100
101    // TODO: is the default implementation useful?
102    fn batch_verify<R: Rng>(
103        vk: &Self::VK,
104        c: Vec<Self::C>,
105        x: Vec<F>,
106        y: Vec<F>,
107        proof: Vec<Self::Proof>,
108        _rng: &mut R,
109    ) -> Result<(), ()> {
110        assert_eq!(c.len(), x.len());
111        assert_eq!(c.len(), y.len());
112        c.into_iter()
113            .zip(x.into_iter())
114            .zip(y.into_iter())
115            .zip(proof.into_iter())
116            .all(|(((c, x), y), proof)| Self::verify(vk, c, x, y, proof).is_ok())
117            .then(|| ())
118            .ok_or(())
119    }
120}