3#include "../gemini/gemini.hpp"
4#include "../kzg/kzg.hpp"
5#include "../pcs_test_utils.hpp"
6#include "../shplonk/shplonk.hpp"
14#include <gtest/gtest.h>
22 static constexpr size_t log_n = 9;
23 static constexpr size_t n = 1UL <<
log_n;
32 using Fr =
typename Flavor::Curve::ScalarField;
34 using Commitment =
typename Flavor::Curve::AffineElement;
45using TestSettings = ::testing::Types<BN254Settings, GrumpkinSettings>;
52 static constexpr size_t log_n = 9;
53 static constexpr size_t n = 1UL <<
log_n;
59 using Curve =
typename TypeParam::Curve;
63 using CK =
typename TypeParam::CommitmentKey;
65 CK
ck = create_commitment_key<CK>(this->n);
74 auto mle_opening_point = this->random_evaluation_point(this->log_n);
77 this->num_polynomials,
86 auto update_batched_eval = [&](
Fr& batched_eval,
const std::vector<Fr>& evaluations,
Fr& rho_power) {
87 for (
auto& eval : evaluations) {
88 batched_eval += eval * rho_power;
94 Fr batched_evaluation(0);
95 update_batched_eval(batched_evaluation, mock_claims.
unshifted.
evals, rho_power);
99 auto compute_batched_commitment = [&](
const std::vector<Commitment>& commitments,
Fr& rho_power) {
100 GroupElement batched = GroupElement::zero();
101 for (
auto& comm : commitments) {
102 batched += comm * rho_power;
110 GroupElement batched_commitment_unshifted =
112 GroupElement batched_commitment_to_be_shifted =
116 GroupElement to_be_shifted_contribution = batched_commitment_to_be_shifted * gemini_eval_challenge.
invert();
118 GroupElement commitment_to_univariate_pos = batched_commitment_unshifted + to_be_shifted_contribution;
120 GroupElement commitment_to_univariate_neg = batched_commitment_unshifted - to_be_shifted_contribution;
123 commitment_to_univariate_pos * (shplonk_eval_challenge - gemini_eval_challenge).invert() +
124 commitment_to_univariate_neg *
125 (shplonk_batching_challenge * (shplonk_eval_challenge + gemini_eval_challenge).invert());
128 std::vector<Commitment> commitments;
129 std::vector<Fr> scalars;
130 Fr verifier_batched_evaluation{ 0 };
132 Fr inverted_vanishing_eval_pos = (shplonk_eval_challenge - gemini_eval_challenge).invert();
133 Fr inverted_vanishing_eval_neg = (shplonk_eval_challenge + gemini_eval_challenge).invert();
135 std::vector<Fr> inverted_vanishing_evals = { inverted_vanishing_eval_pos, inverted_vanishing_eval_neg };
138 inverted_vanishing_evals, shplonk_batching_challenge, gemini_eval_challenge);
141 commitments, scalars, verifier_batched_evaluation, rho);
144 GroupElement shplemini_result = GroupElement::batch_mul(commitments, scalars);
146 EXPECT_EQ(commitments.size(),
148 EXPECT_EQ(batched_evaluation, verifier_batched_evaluation);
153 using Curve = TypeParam::Curve;
161 using CK =
typename TypeParam::CommitmentKey;
163 CK
ck = create_commitment_key<CK>(this->n);
170 std::vector<Fr> shplonk_batching_challenge_powers =
171 compute_shplonk_batching_challenge_powers(shplonk_batching_challenge, this->log_n);
175 std::vector<Fr> mle_opening_point = this->random_evaluation_point(this->log_n);
178 this->num_polynomials,
191 auto fold_polynomials = GeminiProver::compute_fold_polynomials(this->log_n, mle_opening_point, batched);
193 std::vector<Commitment> prover_commitments;
194 for (
size_t l = 0; l < this->log_n - 1; ++l) {
195 auto commitment =
ck.commit(fold_polynomials[l]);
196 prover_commitments.emplace_back(commitment);
199 auto [A_0_pos, A_0_neg] =
202 const auto opening_claims = GeminiProver::construct_univariate_opening_claims(
205 std::vector<Fr> prover_evaluations;
206 for (
size_t l = 0; l < this->log_n; ++l) {
207 const auto& evaluation = opening_claims[l + 1].opening_pair.evaluation;
208 prover_evaluations.emplace_back(evaluation);
214 std::vector<Fr> expected_inverse_vanishing_evals;
215 expected_inverse_vanishing_evals.reserve(2 * this->log_n);
217 for (
size_t idx = 0; idx < this->log_n; idx++) {
218 expected_inverse_vanishing_evals.emplace_back((shplonk_eval_challenge - r_squares[idx]).invert());
219 expected_inverse_vanishing_evals.emplace_back((shplonk_eval_challenge + r_squares[idx]).invert());
222 Fr current_challenge{ shplonk_batching_challenge * shplonk_batching_challenge };
223 for (
size_t idx = 0; idx < prover_commitments.size(); ++idx) {
224 expected_result -= prover_commitments[idx] * current_challenge * expected_inverse_vanishing_evals[2 * idx + 2];
225 current_challenge *= shplonk_batching_challenge;
226 expected_result -= prover_commitments[idx] * current_challenge * expected_inverse_vanishing_evals[2 * idx + 3];
227 current_challenge *= shplonk_batching_challenge;
231 std::vector<Fr> inverse_vanishing_evals =
232 ShplonkVerifier::compute_inverted_gemini_denominators(shplonk_eval_challenge, r_squares);
234 Fr expected_constant_term_accumulator{ 0 };
235 std::vector<Fr> padding_indicator_array(this->log_n,
Fr{ 1 });
237 std::vector<Fr> gemini_fold_pos_evaluations =
239 expected_constant_term_accumulator,
243 expected_constant_term_accumulator);
244 std::vector<Commitment> commitments;
245 std::vector<Fr> scalars;
247 ShpleminiVerifier::batch_gemini_claims_received_from_prover(padding_indicator_array,
250 gemini_fold_pos_evaluations,
251 inverse_vanishing_evals,
252 shplonk_batching_challenge_powers,
255 expected_constant_term_accumulator);
258 GroupElement shplemini_result = GroupElement::batch_mul(commitments, scalars);
271 using Curve = TypeParam::Curve;
273 constexpr bool HasZK =
true;
277 using CK =
typename TypeParam::CommitmentKey;
280 auto prover_transcript = TypeParam::Transcript::prover_init_empty();
284 CK
ck = create_commitment_key<CK>(
std::max<size_t>(this->n, 1ULL << (log_subgroup_size + 1)));
287 ZKData zk_sumcheck_data(this->log_n, prover_transcript,
ck);
290 std::vector<Fr> mle_opening_point = this->random_evaluation_point(this->log_n);
294 this->num_polynomials,
301 zk_sumcheck_data, mle_opening_point, this->log_n);
303 prover_transcript->send_to_verifier(
"Libra:claimed_evaluation", claimed_inner_product);
307 zk_sumcheck_data, mle_opening_point, claimed_inner_product, prover_transcript,
ck);
308 small_subgroup_ipa_prover.
prove();
311 const auto opening_claim = ShpleminiProver::prove(this->n,
319 TestFixture::IPA::compute_opening_proof(this->
ck(), opening_claim, prover_transcript);
329 libra_commitments[0] =
330 verifier_transcript->template receive_from_prover<Commitment>(
"Libra:concatenation_commitment");
333 const Fr libra_total_sum = verifier_transcript->template receive_from_prover<Fr>(
"Libra:Sum");
334 const Fr libra_challenge = verifier_transcript->template get_challenge<Fr>(
"Libra:Challenge");
335 const Fr libra_evaluation = verifier_transcript->template receive_from_prover<Fr>(
"Libra:claimed_evaluation");
338 EXPECT_EQ(libra_total_sum, zk_sumcheck_data.libra_total_sum);
339 EXPECT_EQ(libra_challenge, zk_sumcheck_data.libra_challenge);
340 EXPECT_EQ(libra_evaluation, claimed_inner_product);
343 libra_commitments[1] = verifier_transcript->template receive_from_prover<Commitment>(
"Libra:grand_sum_commitment");
344 libra_commitments[2] = verifier_transcript->template receive_from_prover<Commitment>(
"Libra:quotient_commitment");
347 std::vector<Fr> padding_indicator_array(this->log_n,
Fr{ 1 });
349 auto [batch_opening_claim, consistency_checked] =
350 ShpleminiVerifier::compute_batch_opening_claim(padding_indicator_array,
353 this->vk().get_g1_identity(),
361 TestFixture::IPA::reduce_verify_batch_opening_claim(batch_opening_claim, this->
vk(), verifier_transcript);
362 EXPECT_EQ(result,
true);
364 const auto pairing_points =
367 EXPECT_EQ(this->
vk().pairing_check(pairing_points[0], pairing_points[1]),
true);
369 EXPECT_EQ(consistency_checked,
true);
380 using Curve = TypeParam::Curve;
383 using CK =
typename TypeParam::CommitmentKey;
386 constexpr bool HasZK =
true;
389 CK
ck = create_commitment_key<CK>(4096);
392 std::vector<Fr> challenge = this->random_evaluation_point(this->log_n);
394 auto prover_transcript = TypeParam::Transcript::prover_init_empty();
402 mock_claims.template compute_sumcheck_opening_data<TypeParam>(
403 this->log_n, this->sumcheck_univariate_length, challenge,
ck);
406 const Fr claimed_inner_product =
409 prover_transcript->send_to_verifier(
"Libra:claimed_evaluation", claimed_inner_product);
413 zk_sumcheck_data, challenge, claimed_inner_product, prover_transcript,
ck);
414 small_subgroup_ipa_prover.
prove();
417 const auto opening_claim = ShpleminiProver::prove(this->n,
427 TestFixture::IPA::compute_opening_proof(this->
ck(), opening_claim, prover_transcript);
436 libra_commitments[0] =
437 verifier_transcript->template receive_from_prover<Commitment>(
"Libra:concatenation_commitment");
440 const Fr libra_total_sum = verifier_transcript->template receive_from_prover<Fr>(
"Libra:Sum");
441 const Fr libra_challenge = verifier_transcript->template get_challenge<Fr>(
"Libra:Challenge");
442 const Fr libra_evaluation = verifier_transcript->template receive_from_prover<Fr>(
"Libra:claimed_evaluation");
447 EXPECT_EQ(libra_evaluation, claimed_inner_product);
450 libra_commitments[1] = verifier_transcript->template receive_from_prover<Commitment>(
"Libra:grand_sum_commitment");
451 libra_commitments[2] = verifier_transcript->template receive_from_prover<Commitment>(
"Libra:quotient_commitment");
454 std::vector<Fr> padding_indicator_array(this->log_n,
Fr{ 1 });
456 auto batch_opening_claim = ShpleminiVerifier::compute_batch_opening_claim(padding_indicator_array,
459 this->vk().get_g1_identity(),
466 .batch_opening_claim;
470 TestFixture::IPA::reduce_verify_batch_opening_claim(batch_opening_claim, this->
vk(), verifier_transcript);
471 EXPECT_EQ(result,
true);
473 const auto pairing_points =
476 EXPECT_EQ(this->
vk().pairing_check(pairing_points[0], pairing_points[1]),
true);
488 using Curve =
typename TypeParam::Curve;
490 using CK =
typename TypeParam::CommitmentKey;
497 static constexpr size_t small_log_n = 3;
498 CK
ck = create_commitment_key<CK>(this->n);
501 auto u = this->random_evaluation_point(small_log_n);
512 const Fr tail = ((
Fr(1) - u[0]) * (
Fr(1) - u[1])).
invert();
513 poly.
at(4) = claimed_multilinear_eval * tail / u[2];
514 poly.
at(this->n - 8) = tail;
515 poly.
at(this->n - 4) = -tail * (
Fr(1) - u[2]) / u[2];
518 this->n, std::vector{
std::move(poly) }, std::vector<Fr>{ claimed_multilinear_eval },
ck);
523 const auto opening_claim =
524 ShpleminiProver::prove(this->n, mock_claims.polynomial_batcher, u,
ck, prover_transcript);
528 TestFixture::IPA::compute_opening_proof(
ck, opening_claim, prover_transcript);
536 std::vector<Fr> padding_indicator_array(small_log_n,
Fr{ 1 });
538 auto batch_opening_claim =
539 ShpleminiVerifier::compute_batch_opening_claim(
540 padding_indicator_array, mock_claims.claim_batcher, u, this->vk().get_g1_identity(), verifier_transcript)
541 .batch_opening_claim;
546 TestFixture::IPA::reduce_verify_batch_opening_claim(batch_opening_claim, this->
vk(), verifier_transcript);
547 EXPECT_EQ(result,
true);
549 const auto pairing_points =
551 EXPECT_EQ(this->
vk().pairing_check(pairing_points[0], pairing_points[1]),
true);
562 using Curve =
typename TypeParam::Curve;
564 using CK =
typename TypeParam::CommitmentKey;
570 static constexpr size_t big_n = 1UL << 12;
571 static constexpr size_t small_log_n = 3;
572 static constexpr size_t big_ck_size = 1 << 14;
573 CK
ck = create_commitment_key<CK>(big_ck_size);
579 auto u = this->random_evaluation_point(small_log_n);
585 big_n, std::vector{
std::move(poly) }, std::vector<Fr>{ claimed_multilinear_eval },
ck);
590 const auto opening_claim = ShpleminiProver::prove(big_n, mock_claims.polynomial_batcher, u,
ck, prover_transcript);
594 TestFixture::IPA::compute_opening_proof(
ck, opening_claim, prover_transcript);
602 std::vector<Fr> padding_indicator_array(small_log_n,
Fr{ 1 });
604 auto batch_opening_claim =
605 ShpleminiVerifier::compute_batch_opening_claim(
606 padding_indicator_array, mock_claims.claim_batcher, u, this->vk().get_g1_identity(), verifier_transcript)
607 .batch_opening_claim;
613 TestFixture::IPA::reduce_verify_batch_opening_claim(batch_opening_claim, this->
vk(), verifier_transcript),
616 const auto pairing_points =
618 EXPECT_EQ(this->
vk().pairing_check(pairing_points[0], pairing_points[1]),
false);
630 using Curve =
typename TypeParam::Curve;
632 constexpr bool HasZK =
true;
636 using CK =
typename TypeParam::CommitmentKey;
639 auto prover_transcript = TypeParam::Transcript::prover_init_empty();
643 CK
ck = create_commitment_key<CK>(
std::max<size_t>(this->n, 1ULL << (log_subgroup_size + 1)));
646 ZKData zk_sumcheck_data(this->log_n, prover_transcript,
ck);
649 std::vector<Fr> mle_opening_point = this->random_evaluation_point(this->log_n);
653 this->num_polynomials,
660 zk_sumcheck_data, mle_opening_point, this->log_n);
664 prover_transcript->send_to_verifier(
"Libra:claimed_evaluation", corrupted_inner_product);
669 zk_sumcheck_data, mle_opening_point, corrupted_inner_product, prover_transcript,
ck);
670 small_subgroup_ipa_prover.
prove();
673 const auto opening_claim = ShpleminiProver::prove(this->n,
681 TestFixture::IPA::compute_opening_proof(this->
ck(), opening_claim, prover_transcript);
691 libra_commitments[0] =
692 verifier_transcript->template receive_from_prover<Commitment>(
"Libra:concatenation_commitment");
695 [[maybe_unused]]
const Fr libra_total_sum = verifier_transcript->template receive_from_prover<Fr>(
"Libra:Sum");
696 [[maybe_unused]]
const Fr libra_challenge = verifier_transcript->template get_challenge<Fr>(
"Libra:Challenge");
698 const Fr libra_evaluation = verifier_transcript->template receive_from_prover<Fr>(
"Libra:claimed_evaluation");
701 libra_commitments[1] = verifier_transcript->template receive_from_prover<Commitment>(
"Libra:grand_sum_commitment");
702 libra_commitments[2] = verifier_transcript->template receive_from_prover<Commitment>(
"Libra:quotient_commitment");
705 std::vector<Fr> padding_indicator_array(this->log_n,
Fr{ 1 });
707 auto shplemini_output = ShpleminiVerifier::compute_batch_opening_claim(padding_indicator_array,
710 this->vk().get_g1_identity(),
717 EXPECT_FALSE(shplemini_output.consistency_checked);
727template <
typename TypeParam>
731 bool expected_consistency_checked)
736 using Curve =
typename TypeParam::Curve;
738 constexpr bool HasZK =
true;
742 using CK =
typename TypeParam::CommitmentKey;
744 auto prover_transcript = TypeParam::Transcript::prover_init_empty();
747 CK
ck = create_commitment_key<CK>(
std::max<size_t>(test->
n, 1ULL << (log_subgroup_size + 1)));
749 ZKData zk_sumcheck_data(test->
log_n, prover_transcript,
ck);
755 zk_sumcheck_data, mle_opening_point, test->
log_n);
757 prover_transcript->send_to_verifier(
"Libra:claimed_evaluation", claimed_inner_product);
760 zk_sumcheck_data, mle_opening_point, claimed_inner_product, prover_transcript,
ck);
761 small_subgroup_ipa_prover.
prove();
766 if (tamper_polynomial != TamperedPolynomial::None) {
767 witness_polynomials[
static_cast<size_t>(tamper_polynomial)].at(0) +=
Fr::random_element();
770 const auto opening_claim = ShpleminiProver::prove(
771 test->
n, mock_claims.
polynomial_batcher, mle_opening_point,
ck, prover_transcript, witness_polynomials);
782 libra_commitments[0] =
783 verifier_transcript->template receive_from_prover<Commitment>(
"Libra:concatenation_commitment");
785 [[maybe_unused]]
const Fr libra_total_sum = verifier_transcript->template receive_from_prover<Fr>(
"Libra:Sum");
786 [[maybe_unused]]
const Fr libra_challenge = verifier_transcript->template get_challenge<Fr>(
"Libra:Challenge");
787 const Fr libra_evaluation = verifier_transcript->template receive_from_prover<Fr>(
"Libra:claimed_evaluation");
789 libra_commitments[1] = verifier_transcript->template receive_from_prover<Commitment>(
"Libra:grand_sum_commitment");
790 libra_commitments[2] = verifier_transcript->template receive_from_prover<Commitment>(
"Libra:quotient_commitment");
793 if (tamper_commitment != TamperedCommitment::None) {
794 auto idx =
static_cast<size_t>(tamper_commitment);
795 libra_commitments[idx] = libra_commitments[idx] + Commitment::one();
798 std::vector<Fr> padding_indicator_array(test->
log_n,
Fr{ 1 });
800 auto [batch_opening_claim, consistency_checked] =
801 ShpleminiVerifier::compute_batch_opening_claim(padding_indicator_array,
810 EXPECT_EQ(consistency_checked, expected_consistency_checked);
815 batch_opening_claim, test->
vk(), verifier_transcript),
818 const auto pairing_points =
820 EXPECT_FALSE(test->
vk().pairing_check(pairing_points[0], pairing_points[1]));
829 using TamperedPolynomial =
typename TestFixture::TamperedPolynomial;
830 using TamperedCommitment =
typename TestFixture::TamperedCommitment;
833 this, TamperedPolynomial::Quotient, TamperedCommitment::None,
false);
841 using TamperedPolynomial =
typename TestFixture::TamperedPolynomial;
842 using TamperedCommitment =
typename TestFixture::TamperedCommitment;
845 this, TamperedPolynomial::None, TamperedCommitment::Quotient,
true);
853 using TamperedPolynomial =
typename TestFixture::TamperedPolynomial;
854 using TamperedCommitment =
typename TestFixture::TamperedCommitment;
857 this, TamperedPolynomial::GrandSum, TamperedCommitment::None,
false);
865 using TamperedPolynomial =
typename TestFixture::TamperedPolynomial;
866 using TamperedCommitment =
typename TestFixture::TamperedCommitment;
869 this, TamperedPolynomial::None, TamperedCommitment::GrandSum,
true);
877 using TamperedPolynomial =
typename TestFixture::TamperedPolynomial;
878 using TamperedCommitment =
typename TestFixture::TamperedCommitment;
881 this, TamperedPolynomial::Concatenated, TamperedCommitment::None,
false);
889 using TamperedPolynomial =
typename TestFixture::TamperedPolynomial;
890 using TamperedCommitment =
typename TestFixture::TamperedCommitment;
893 this, TamperedPolynomial::None, TamperedCommitment::Concatenated,
true);
static std::shared_ptr< BaseTranscript > prover_init_empty()
For testing: initializes transcript with some arbitrary data so that a challenge can be generated aft...
static std::shared_ptr< BaseTranscript > verifier_init_empty(const std::shared_ptr< BaseTranscript > &transcript)
For testing: initializes transcript based on proof data then receives junk data produced by BaseTrans...
std::vector< Fr > random_evaluation_point(const size_t num_variables)
bb::CommitmentKey< Curve > CommitmentKey
Polynomial compute_batched(const Fr &challenge)
Compute batched polynomial A₀ = F + G/X as the linear combination of all polynomials to be opened,...
std::pair< Polynomial, Polynomial > compute_partially_evaluated_batch_polynomials(const Fr &r_challenge)
Compute partially evaluated batched polynomials A₀(X, r) = A₀₊ = F + G/r, A₀(X, -r) = A₀₋ = F - G/r.
static std::vector< Fr > compute_fold_pos_evaluations(std::span< const Fr > padding_indicator_array, const Fr &batched_evaluation, std::span< const Fr > evaluation_point, std::span< const Fr > challenge_powers, std::span< const Fr > fold_neg_evals, Fr p_neg=Fr(0))
Compute .
static PairingPointsType reduce_verify_batch_opening_claim(BatchOpeningClaim< Curve > &&batch_opening_claim, const std::shared_ptr< Transcript > &transcript, const size_t expected_final_msm_size=0)
Computes the input points for the pairing check needed to verify a KZG opening claim obtained from a ...
static void compute_opening_proof(const CK &ck, const ProverOpeningClaim< Curve > &opening_claim, const std::shared_ptr< Transcript > &prover_trancript)
Computes the KZG commitment to an opening proof polynomial at a single evaluation point.
Structured polynomial class that represents the coefficients 'a' of a_0 + a_1 x .....
static Polynomial random(size_t size, size_t start_index=0)
Fr & at(size_t index)
Our mutable accessor, unlike operator[]. We abuse precedent a bit to differentiate at() and operator[...
static constexpr size_t n
static constexpr size_t log_n
static constexpr size_t n
typename Flavor::Curve::ScalarField Fr
static constexpr size_t num_polynomials
typename Flavor::CommitmentKey CK
typename Flavor::Curve::AffineElement Commitment
static constexpr size_t log_n
static constexpr size_t sumcheck_univariate_length
static constexpr size_t num_shiftable
typename Flavor::Curve::Element GroupElement
IPA< typename Flavor::Curve, log_n > IPA
A Curve-agnostic ZK protocol to prove inner products of small vectors.
std::array< bb::Polynomial< FF >, NUM_SMALL_IPA_EVALUATIONS > get_witness_polynomials() const
static FF compute_claimed_inner_product(ZKSumcheckData< Flavor > &zk_sumcheck_data, const std::vector< FF > &multivariate_challenge, const size_t &log_circuit_size)
For test purposes: Compute the sum of the Libra constant term and Libra univariates evaluated at Sumc...
void prove()
Compute the derived witnesses and and commit to them.
Commitment get_g1_identity() const
typename Group::element Element
static constexpr size_t SUBGROUP_SIZE
typename Group::affine_element AffineElement
std::vector< Fr > powers_of_evaluation_challenge(const Fr &r, const size_t num_squares)
Compute squares of folding challenge r.
std::vector< Fr > powers_of_rho(const Fr &rho, const size_t num_powers)
Compute powers of challenge ρ
constexpr T get_msb(const T in)
Entry point for Barretenberg command-line interface.
::testing::Types< BN254Settings, GrumpkinSettings > TestSettings
TYPED_TEST_SUITE(CommitmentKeyTest, Curves)
TYPED_TEST(CommitmentKeyTest, CommitToZeroPoly)
void run_libra_tampering_test(ShpleminiTest< TypeParam > *test, typename ShpleminiTest< TypeParam >::TamperedPolynomial tamper_polynomial, typename ShpleminiTest< TypeParam >::TamperedCommitment tamper_commitment, bool expected_consistency_checked)
Helper to run a Libra tampering test with configurable tampering options.
CommitmentKey< Curve > ck
VerifierCommitmentKey< Curve > vk
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
void compute_scalars_for_each_batch(std::span< const Fr > inverted_vanishing_evals, const Fr &nu_challenge, const Fr &r_challenge)
Compute scalars used to batch each set of claims, excluding contribution from batching challenge \rho...
void update_batch_mul_inputs_and_batched_evaluation(std::vector< Commitment > &commitments, std::vector< Fr > &scalars, Fr &batched_evaluation, const Fr &rho, Fr shplonk_batching_pos={ 0 }, Fr shplonk_batching_neg={ 0 })
Append the commitments and scalars from each batch of claims to the Shplemini, vectors which subseque...
std::vector< Commitment > commitments
Constructs random polynomials, computes commitments and corresponding evaluations.
std::vector< bb::Polynomial< Fr > > round_univariates
std::vector< Commitment > sumcheck_commitments
ClaimBatcher claim_batcher
std::vector< std::array< Fr, 3 > > sumcheck_evaluations
PolynomialBatcher polynomial_batcher
This structure is created to contain various polynomials and constants required by ZK Sumcheck.
constexpr field invert() const noexcept
static field random_element(numeric::RNG *engine=nullptr) noexcept
1.9.8