|
Clearmatics Libsnark
0.1
C++ library for zkSNARK proofs
|
#include <bdfg21.hpp>
Classes | |
| class | evaluation_witness |
| class | phase_1_output |
Public Types | |
| using | Field = libff::Fr< ppT > |
| using | srs = typename kzg10< ppT >::srs |
| using | commitment = typename kzg10< ppT >::commitment |
| using | evaluations = std::vector< std::vector< Field > > |
The i-th entry is evaluations of polynomials in f_sets[i] at z_i. More... | |
| using | evaluation_witness_phase_1 = libff::G1< ppT > |
Static Public Member Functions | |
| static evaluations | evaluate_polynomials (const std::vector< std::vector< polynomial< Field >>> &f_sets, const std::vector< Field > z_s) |
| static phase_1_output | create_evaluation_witness_phase_1 (const std::vector< std::vector< polynomial< Field >>> &f_sets, const std::vector< Field > &T, const evaluations &evaluations, const srs &srs, const Field &gamma) |
| static evaluation_witness | create_evaluation_witness (const std::vector< std::vector< polynomial< Field >>> &f_sets, const std::vector< Field > &T, const evaluations &evaluations, const srs &srs, const Field &gamma, const phase_1_output &witness_phase_1, const Field &z) |
| static bool | verify_evaluations (const std::vector< Field > &T, const evaluations &evaluations, const srs &srs, const Field &gamma, const Field &z, const evaluation_witness &witness, const std::vector< std::vector< commitment >> &cm_sets) |
Batched polynomial commitment scheme from [BDFG21], using concepts from [KZG10] and [GWC19]. Supports evaluation of an arbitrary number of polynomials at arbitrary points, with a fixed-size witness. See [BDFG21] Section 4.
The srs and commitments are the same as KZG10.
Definition at line 29 of file bdfg21.hpp.
| using libsnark::bdfg21< ppT >::commitment = typename kzg10<ppT>::commitment |
Definition at line 38 of file bdfg21.hpp.
| using libsnark::bdfg21< ppT >::evaluation_witness_phase_1 = libff::G1<ppT> |
Definition at line 70 of file bdfg21.hpp.
| using libsnark::bdfg21< ppT >::evaluations = std::vector<std::vector<Field> > |
The i-th entry is evaluations of polynomials in f_sets[i] at z_i.
$ of subsets $S_i$ of $T$ (for $T$ a subset of the field of interest) where each polynomial $f_i$ will be evaluated at points in $S_i$.
To match the expected use-cases, we assume that each polynomial $f_i$ is evaluated at exactly one point $z_i \in T$, and use a specification which is efficient for this case. Namely:
std::vector<Field> T is a set of evaluation points.std::vector<std::vector<polynomial>> f_sets is the set of sets where f_sets[i] contains the polynomials to be evaluated at T[i].Repeated polynomials (that is, a polynomial f which is to be evaluated at multiple points) must appear in multiple entries of f_sets, and is therefore inefficient in this formulation. This case is expected to be rare.
Other formulations can be supported as they are required.
Definition at line 68 of file bdfg21.hpp.
| using libsnark::bdfg21< ppT >::Field = libff::Fr<ppT> |
Definition at line 32 of file bdfg21.hpp.
| using libsnark::bdfg21< ppT >::srs = typename kzg10<ppT>::srs |
The srs generated by the setup step. This is denoted PK in [KZG10] section 3.2.
Definition at line 36 of file bdfg21.hpp.
|
static |
Compute the final witness, given the second random value $z$ from the verifier.
|
static |
Compute the first response from the prover, given the first random value $\gamma$ sampled by the verifier.
|
static |
|
static |
Verify an evaluation witness using polynomial commitments cm_sets. Commitments are arranged similarly to polynomials in f_sets, so that cm_sets[i][j] is a commitment to f_sets[i][j] (the j-th polynomial of the i-th set).
1.8.17