ConstraintCompositionCoefficients

winter_verifier

Struct ConstraintCompositionCoefficients 

Source 
pub struct ConstraintCompositionCoefficients<E>
where
    E: FieldElement,
{
    pub transition: Vec<E>,
    pub boundary: Vec<E>,
}
Expand description

Coefficients used in construction of constraint composition polynomial.

These coefficients are created by the Air::get_constraint_composition_coefficients() function. In the interactive version of the protocol, the verifier either draws these coefficients uniformly at random from the extension field of the protocol or draws a single random extension field element $\alpha$ and defines the coefficients as $\alpha_i = \alpha^i$. We call the former way way of generating the alpha-s, and hence of batching the constraints, linear/affine batching while we call the latter algebraic/curve batching.

There is one coefficient for each constraint so that we can compute a random linear combination of constraints as: $$ \sum_{i = 0}^k{\alpha_i \cdot C_i(x)} $$ where:

  • $\alpha_i$ is the coefficient for the $i$th constraint.
  • $C_i(x)$ is an evaluation of the $i$th constraint at $x$.

The coefficients are separated into two lists: one for transition constraints and another one for boundary constraints. This separation is done for convenience only.

Note that the soundness error of the protocol will depend on the batching used when computing the constraint composition polynomial. More precisely, when using algebraic batching there might be a loss of log_2(C - 1) bits of RbR soundness of the protocol, where C is the total number of constraints.

Fields§

§transition: Vec<E>§boundary: Vec<E>

Implementations§

Source§

impl<E> ConstraintCompositionCoefficients<E>
where E: FieldElement,

Source

pub fn draw_linear( public_coin: &mut impl RandomCoin<BaseField = <E as FieldElement>::BaseField>, num_transition_constraints: usize, num_boundary_constraints: usize, ) -> Result<ConstraintCompositionCoefficients<E>, RandomCoinError>

Generates the random values used in the construction of the constraint composition polynomial when linear batching is used.

Source

pub fn draw_algebraic( public_coin: &mut impl RandomCoin<BaseField = <E as FieldElement>::BaseField>, num_transition_constraints: usize, num_boundary_constraints: usize, ) -> Result<ConstraintCompositionCoefficients<E>, RandomCoinError>

Generates the random values used in the construction of the constraint composition polynomial when algebraic batching is used.

Source

pub fn draw_horner( public_coin: &mut impl RandomCoin<BaseField = <E as FieldElement>::BaseField>, num_transition_constraints: usize, num_boundary_constraints: usize, ) -> Result<ConstraintCompositionCoefficients<E>, RandomCoinError>

Generates the random values used in the construction of the constraint composition polynomial when Horner-type batching is used.

Trait Implementations§

Source§

impl<E> Clone for ConstraintCompositionCoefficients<E>
where E: Clone + FieldElement,

Source§

fn clone(&self) -> ConstraintCompositionCoefficients<E>

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl<E> Debug for ConstraintCompositionCoefficients<E>
where E: Debug + FieldElement,

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.