Barretenberg: bb::MultilinearBatchingProver Class Reference

Barretenberg

The ZK-SNARK library at the core of Aztec

Loading...

Searching...

No Matches

Prover for multilinear batching - reduces two polynomial evaluation claims to one via sumcheck. More...

#include <multilinear_batching_prover.hpp>

Public Types
using	Flavor = MultilinearBatchingFlavor

using	FF = typename Flavor::FF

using	Commitment = typename Flavor::Commitment

using	ProvingKey = typename Flavor::ProvingKey

using	Transcript = typename Flavor::Transcript

Public Member Functions
	MultilinearBatchingProver (MultilinearBatchingProverClaim &&accumulator_claim, MultilinearBatchingProverClaim &&instance_claim, std::shared_ptr< Transcript > transcript)
	Construct prover from two claims to be batched.

BB_PROFILE void	execute_commitments_round ()
	Send accumulator commitments to the verifier.

BB_PROFILE void	execute_challenges_and_evaluations_round ()
	Send accumulator challenge point and evaluations to the verifier.

BB_PROFILE void	execute_relation_check_rounds ()
	Execute sumcheck to reduce two evaluation claims to one at a random point u.

BB_PROFILE MultilinearBatchingProverClaim	compute_new_claim ()
	Compute the batched output claim after sumcheck.

HonkProof	export_proof ()

HonkProof	construct_proof ()
	Construct a multilinear batching proof.

Public Attributes
std::shared_ptr< Transcript >	transcript

ProvingKey	key

SumcheckOutput< Flavor >	sumcheck_output

Detailed Description

Prover for multilinear batching - reduces two polynomial evaluation claims to one via sumcheck.

Given two claims:

Accumulator: P_acc(r_acc) = v_acc with commitment [P_acc]
Instance: P_inst(r_inst) = v_inst with commitment [P_inst]

The prover runs sumcheck on the relation: sum_x [ P_acc(x) * eq(x, r_acc) + P_inst(x) * eq(x, r_inst) ] = v_acc + v_inst

This reduces both claims to evaluations at a new random point u. The output claim is: P_new(u) = v_new with [P_new] = [P_inst] + γ * [P_acc]

where P_new = P_inst + γ * P_acc and γ is derived from the transcript.

Usage:

Construct with two claims (takes ownership via move)
Call construct_proof() to run the protocol
Call compute_new_claim() to get the batched output claim

See also: chonk/README.md#batching-claims-into-accumulator

Definition at line 35 of file multilinear_batching_prover.hpp.

Member Typedef Documentation

◆ Commitment

using bb::MultilinearBatchingProver::Commitment = typename Flavor::Commitment

Definition at line 39 of file multilinear_batching_prover.hpp.

◆ FF

using bb::MultilinearBatchingProver::FF = typename Flavor::FF

Definition at line 38 of file multilinear_batching_prover.hpp.

◆ Flavor

using bb::MultilinearBatchingProver::Flavor = MultilinearBatchingFlavor

Definition at line 37 of file multilinear_batching_prover.hpp.

◆ ProvingKey

using bb::MultilinearBatchingProver::ProvingKey = typename Flavor::ProvingKey

Definition at line 40 of file multilinear_batching_prover.hpp.

◆ Transcript

using bb::MultilinearBatchingProver::Transcript = typename Flavor::Transcript

Definition at line 41 of file multilinear_batching_prover.hpp.

Constructor & Destructor Documentation

◆ MultilinearBatchingProver()

bb::MultilinearBatchingProver::MultilinearBatchingProver	(	MultilinearBatchingProverClaim &&	accumulator_claim,
		MultilinearBatchingProverClaim &&	instance_claim,
		std::shared_ptr< Transcript >	transcript
	)

Construct prover from two claims to be batched.

Parameters

accumulator_claim	The accumulated claim from previous folding rounds
instance_claim	The new instance claim to batch with the accumulator
transcript	Shared transcript for Fiat-Shamir

Definition at line 12 of file multilinear_batching_prover.cpp.

Member Function Documentation

◆ compute_new_claim()

MultilinearBatchingProverClaim bb::MultilinearBatchingProver::compute_new_claim ( )

Compute the batched output claim after sumcheck.

Combines claims: P_new = P_inst + γ * P_acc at the sumcheck challenge point u. Polynomials are updated in place and moved to avoid allocation.

Definition at line 59 of file multilinear_batching_prover.cpp.

◆ construct_proof()

HonkProof bb::MultilinearBatchingProver::construct_proof ( )

Construct a multilinear batching proof.

Call compute_new_claim() after to get the batched output claim.

Definition at line 105 of file multilinear_batching_prover.cpp.

◆ execute_challenges_and_evaluations_round()

void bb::MultilinearBatchingProver::execute_challenges_and_evaluations_round ( )

Send accumulator challenge point and evaluations to the verifier.

Used by verifier to construct eq polynomials and verify target sum.

Definition at line 26 of file multilinear_batching_prover.cpp.

◆ execute_commitments_round()

void bb::MultilinearBatchingProver::execute_commitments_round ( )

Send accumulator commitments to the verifier.

Instance commitments are assumed known to verifier from VK.

Definition at line 19 of file multilinear_batching_prover.cpp.

◆ execute_relation_check_rounds()

void bb::MultilinearBatchingProver::execute_relation_check_rounds ( )

Execute sumcheck to reduce two evaluation claims to one at a random point u.

Definition at line 37 of file multilinear_batching_prover.cpp.

◆ export_proof()

HonkProof bb::MultilinearBatchingProver::export_proof ( )

Definition at line 100 of file multilinear_batching_prover.cpp.

Member Data Documentation

◆ key

ProvingKey bb::MultilinearBatchingProver::key

Definition at line 86 of file multilinear_batching_prover.hpp.

◆ sumcheck_output

SumcheckOutput<Flavor> bb::MultilinearBatchingProver::sumcheck_output

Definition at line 87 of file multilinear_batching_prover.hpp.

◆ transcript

std::shared_ptr<Transcript> bb::MultilinearBatchingProver::transcript

Definition at line 85 of file multilinear_batching_prover.hpp.

The documentation for this class was generated from the following files:

src/barretenberg/multilinear_batching/multilinear_batching_prover.hpp
src/barretenberg/multilinear_batching/multilinear_batching_prover.cpp

bb
MultilinearBatchingProver
Generated by 1.9.8