Skip to main content

w3f_pcs/pcs/
mod.rs

1use ark_ff::PrimeField;
2use ark_poly::Evaluations;
3use ark_serialize::*;
4use ark_std::fmt::Debug;
5use ark_std::iter::Sum;
6use ark_std::ops::{Add, Mul, Sub};
7use ark_std::rand::Rng;
8use ark_std::vec::Vec;
9
10pub use id::IdentityCommitment;
11
12use crate::Poly;
13
14mod id;
15pub mod kzg;
16
17pub trait Commitment<F: PrimeField>:
18    Eq
19    + Sized
20    + Clone
21    + Debug
22    + Add<Self, Output = Self>
23    + Mul<F, Output = Self>
24    + Sub<Self, Output = Self>
25    + Sum<Self>
26    + CanonicalSerialize
27    + CanonicalDeserialize
28{
29    fn mul(&self, by: F) -> Self;
30    fn combine(coeffs: &[F], commitments: &[Self]) -> Self;
31}
32
33/// Can be used to commit and open commitments to DensePolynomial<F> of degree up to max_degree.
34pub trait CommitterKey: Clone + Debug + CanonicalSerialize + CanonicalDeserialize {
35    /// Maximal degree of a polynomial supported.
36    fn max_degree(&self) -> usize;
37
38    /// Maximal number of evaluations supported when committing in the Lagrangian base.
39    fn max_evals(&self) -> usize {
40        self.max_degree() + 1
41    }
42}
43
44/// Can be used to verify openings to commitments.
45pub trait VerifierKey: Clone + Debug {
46    /// Maximal number of openings that can be verified.
47    fn max_points(&self) -> usize {
48        1
49    }
50}
51
52/// Generates a `VerifierKey`, serializable
53pub trait RawVerifierKey:
54    Clone + Debug + Eq + PartialEq + CanonicalSerialize + CanonicalDeserialize
55{
56    type VK: VerifierKey;
57
58    fn prepare(&self) -> Self::VK;
59}
60
61pub trait PcsParams {
62    type CK: CommitterKey;
63    type VK: VerifierKey;
64    type RVK: RawVerifierKey<VK = Self::VK>;
65
66    fn ck(&self) -> Self::CK;
67    fn vk(&self) -> Self::VK;
68    fn raw_vk(&self) -> Self::RVK;
69
70    fn ck_with_lagrangian(&self, _domain_size: usize) -> Self::CK {
71        unimplemented!();
72    }
73}
74
75/// Polynomial commitment scheme.
76pub trait PCS<F: PrimeField> {
77    type C: Commitment<F>;
78
79    type Proof: Clone + CanonicalSerialize + CanonicalDeserialize;
80
81    type CK: CommitterKey;
82
83    // vk needs to be convertible to a ck that is only required to commit to the p=1 constant polynomial,
84    // see https://eprint.iacr.org/archive/2020/1536/1629188090.pdf, section 4.2
85    type VK: VerifierKey + Into<Self::CK>;
86
87    type Params: PcsParams<CK = Self::CK, VK = Self::VK>;
88
89    fn setup<R: Rng>(max_degree: usize, rng: &mut R) -> Self::Params;
90
91    fn commit(ck: &Self::CK, p: &Poly<F>) -> Result<Self::C, ()>;
92
93    fn commit_evals(ck: &Self::CK, evals: &Evaluations<F>) -> Result<Self::C, ()> {
94        let poly = evals.interpolate_by_ref();
95        Self::commit(ck, &poly)
96    }
97
98    fn open(ck: &Self::CK, p: &Poly<F>, x: F) -> Result<Self::Proof, ()>;
99
100    fn verify(vk: &Self::VK, c: Self::C, x: F, z: F, proof: Self::Proof) -> Result<(), ()>;
101
102    // TODO: is the default implementation useful?
103    fn batch_verify<R: Rng>(
104        vk: &Self::VK,
105        c: Vec<Self::C>,
106        x: Vec<F>,
107        y: Vec<F>,
108        proof: Vec<Self::Proof>,
109        _rng: &mut R,
110    ) -> Result<(), ()> {
111        assert_eq!(c.len(), x.len());
112        assert_eq!(c.len(), y.len());
113        c.into_iter()
114            .zip(x.into_iter())
115            .zip(y.into_iter())
116            .zip(proof.into_iter())
117            .all(|(((c, x), y), proof)| Self::verify(vk, c, x, y, proof).is_ok())
118            .then(|| ())
119            .ok_or(())
120    }
121}