bb::GeminiVerifier_< Curve > Class Template Reference

Gemini Verifier utility methods used by ShpleminiVerifier. More...

#include <gemini.hpp>

Static Public Member Functions
static std::vector< Commitment >	get_fold_commitments (const size_t virtual_log_n, auto &transcript)
	Receive the fold commitments from the prover. This method is used by Shplemini where padding may be enabled, i.e. the verifier receives the same number of commitments independent of the actual circuit size.
static std::vector< Fr >	get_gemini_evaluations (const size_t virtual_log_n, auto &transcript)
	Receive the fold evaluations from the prover. This method is used by Shplemini where padding may be enabled, i.e. the verifier receives the same number of commitments independent of the actual circuit size.
static std::vector< Fr >	compute_fold_pos_evaluations (std::span< const Fr > padding_indicator_array, const Fr &batched_evaluation, std::span< const Fr > evaluation_point, std::span< const Fr > challenge_powers, std::span< const Fr > fold_neg_evals, Fr p_neg=Fr(0))
	Compute \( A_0(r), A_1(r^2), \ldots, A_{d-1}(r^{2^{d-1}})\).

Private Types
using	Fr = typename Curve::ScalarField
using	Commitment = typename Curve::AffineElement

Detailed Description

template<typename Curve>
class bb::GeminiVerifier_< Curve >

Gemini Verifier utility methods used by ShpleminiVerifier.

Definition at line 316 of file gemini.hpp.

Member Typedef Documentation

Commitment

template<typename Curve >

using bb::GeminiVerifier_< Curve >::Commitment = typename Curve::AffineElement

private

Definition at line 318 of file gemini.hpp.

Fr

template<typename Curve >

using bb::GeminiVerifier_< Curve >::Fr = typename Curve::ScalarField

private

Definition at line 317 of file gemini.hpp.

Member Function Documentation

compute_fold_pos_evaluations()

template<typename Curve >

static std::vector< Fr > bb::GeminiVerifier_< Curve >::compute_fold_pos_evaluations ( std::span< const Fr >  padding_indicator_array, const Fr &  batched_evaluation, std::span< const Fr >  evaluation_point, std::span< const Fr >  challenge_powers, std::span< const Fr >  fold_neg_evals, Fr  p_neg = Fr(0)  )

inlinestatic

Compute \( A_0(r), A_1(r^2), \ldots, A_{d-1}(r^{2^{d-1}})\).

Recall that \( A_0(r) = \sum \rho^i \cdot f_i + \frac{1}{r} \cdot \sum \rho^{i+k} g_i \), where \( k \) is the number of "unshifted" commitments. \( f_i \) are the unshifted polynomials and \( g_i \) are the to-be-shifted-by-1 polynomials.

Initialize a_pos = \( A_{d}(r) \) with the batched evaluation \( \sum \rho^i f_i(\vec{u}) + \sum \rho^{i+k} g_i(\vec{u}) \). The verifier recovers \( A_{l-1}(r^{2^{l-1}}) \) from the "negative" value \( A_{l-1}\left(-r^{2^{l-1}}\right) \) received from the prover and the value \( A_{l}\left(r^{2^{l}}\right) \) computed at the previous step. Namely, the verifier computes

\begin{align} A_{l-1}\left(r^{2^{l-1}}\right) = \frac{2 \cdot r^{2^{l-1}} \cdot A_{l}\left(r^{2^l}\right) - A_{l-1}\left( -r^{2^{l-1}} \right)\cdot \left(r^{2^{l-1}} (1-u_{l-1}) - u_{l-1}\right)} {r^{2^{l-1}} (1- u_{l-1}) + u_{l-1}}. \end{align}

In the case of interleaving, the first "negative" evaluation has to be corrected by the contribution from \( P_{-}(-r^s)\), where \( s \) is the size of the group to be interleaved.

This method uses padding_indicator_array, whose i-th entry is FF{1} if i < log_n and 0 otherwise. We use these entries to either assign eval_pos_prev the value eval_pos computed in the current iteration of the loop, or to propagate the batched evaluation of the multilinear polynomials to the next iteration. This ensures the correctnes of the computation of the required positive evaluations.

To ensure that dummy evaluations cannot be used to tamper with the final batch_mul result, we multiply dummy positive evaluations by the entries of padding_indicator_array.

Parameters

padding_indicator_array	An array with first log_n entries equal to 1, and the remaining entries are 0.
batched_evaluation	The evaluation of the batched polynomial at \( (u_0, \ldots, u_{d-1})\).
evaluation_point	Evaluation point \( (u_0, \ldots, u_{d-1}) \). Depending on the context, might be padded to virtual_log_n size.
challenge_powers	Powers of \( r \), \( r^2 ,\dots, r^{2^{d-1}} \).
fold_neg_evals	Evaluations \( A_{i-1}(-r^{2^{i-1}}) \).

Returns

\( A_{i}(r^{2^{i}})\) for \( i = 0, \ldots, \text{virtual_log_n} - 1 \).

Definition at line 397 of file gemini.hpp.

get_fold_commitments()

template<typename Curve >

static std::vector< Commitment > bb::GeminiVerifier_< Curve >::get_fold_commitments ( const size_t  virtual_log_n, auto &  transcript  )

inlinestatic

Receive the fold commitments from the prover. This method is used by Shplemini where padding may be enabled, i.e. the verifier receives the same number of commitments independent of the actual circuit size.

Parameters

virtual_log_n	An integer >= log_n
transcript

Returns

A vector of fold commitments \( [A_i] \) for \( i = 1, \ldots, \text{virtual_log_n}-1\).

Definition at line 329 of file gemini.hpp.

get_gemini_evaluations()

template<typename Curve >

static std::vector< Fr > bb::GeminiVerifier_< Curve >::get_gemini_evaluations ( const size_t  virtual_log_n, auto &  transcript  )

inlinestatic

Receive the fold evaluations from the prover. This method is used by Shplemini where padding may be enabled, i.e. the verifier receives the same number of commitments independent of the actual circuit size.

Parameters

virtual_log_n	An integer >= log_n
transcript

Returns

A vector of claimed negative fold evaluation \( A_i(-r^{2^i}) \) for \( i = 0, \ldots, \text{virtual_log_n}-1\).

Definition at line 350 of file gemini.hpp.

---

The documentation for this class was generated from the following file:

• src/barretenberg/commitment_schemes/gemini/gemini.hpp