3#include "../commitment_key.test.hpp"
4#include "../gemini/gemini.hpp"
5#include "../kzg/kzg.hpp"
6#include "../shplonk/shplonk.hpp"
7#include "../utils/batch_mul_native.hpp"
15#include <gtest/gtest.h>
23 static constexpr size_t log_n = 9;
24 static constexpr size_t n = 1UL <<
log_n;
33 using Fr =
typename Flavor::Curve::ScalarField;
35 using Commitment =
typename Flavor::Curve::AffineElement;
46using TestSettings = ::testing::Types<BN254Settings, GrumpkinSettings>;
53 static constexpr size_t log_n = 9;
54 static constexpr size_t n = 1UL <<
log_n;
60 using Curve =
typename TypeParam::Curve;
64 using CK =
typename TypeParam::CommitmentKey;
66 CK
ck = create_commitment_key<CK>(this->n);
75 auto mle_opening_point = this->random_evaluation_point(this->log_n);
78 this->num_polynomials,
87 auto update_batched_eval = [&](
Fr& batched_eval,
const std::vector<Fr>& evaluations,
Fr& rho_power) {
88 for (
auto& eval : evaluations) {
89 batched_eval += eval * rho_power;
95 Fr batched_evaluation(0);
96 update_batched_eval(batched_evaluation, mock_claims.
unshifted.
evals, rho_power);
100 auto compute_batched_commitment = [&](
const std::vector<Commitment>& commitments,
Fr& rho_power) {
101 GroupElement batched = GroupElement::zero();
102 for (
auto& comm : commitments) {
103 batched += comm * rho_power;
111 GroupElement batched_commitment_unshifted =
113 GroupElement batched_commitment_to_be_shifted =
117 GroupElement to_be_shifted_contribution = batched_commitment_to_be_shifted * gemini_eval_challenge.
invert();
119 GroupElement commitment_to_univariate_pos = batched_commitment_unshifted + to_be_shifted_contribution;
121 GroupElement commitment_to_univariate_neg = batched_commitment_unshifted - to_be_shifted_contribution;
124 commitment_to_univariate_pos * (shplonk_eval_challenge - gemini_eval_challenge).invert() +
125 commitment_to_univariate_neg *
126 (shplonk_batching_challenge * (shplonk_eval_challenge + gemini_eval_challenge).invert());
129 std::vector<Commitment> commitments;
130 std::vector<Fr> scalars;
131 Fr verifier_batched_evaluation{ 0 };
133 Fr inverted_vanishing_eval_pos = (shplonk_eval_challenge - gemini_eval_challenge).invert();
134 Fr inverted_vanishing_eval_neg = (shplonk_eval_challenge + gemini_eval_challenge).invert();
136 std::vector<Fr> inverted_vanishing_evals = { inverted_vanishing_eval_pos, inverted_vanishing_eval_neg };
139 inverted_vanishing_evals, shplonk_batching_challenge, gemini_eval_challenge);
142 commitments, scalars, verifier_batched_evaluation, rho);
145 GroupElement shplemini_result = batch_mul_native<Curve>(commitments, scalars);
147 EXPECT_EQ(commitments.size(),
149 EXPECT_EQ(batched_evaluation, verifier_batched_evaluation);
154 using Curve = TypeParam::Curve;
162 using CK =
typename TypeParam::CommitmentKey;
164 CK
ck = create_commitment_key<CK>(this->n);
171 std::vector<Fr> shplonk_batching_challenge_powers =
172 compute_shplonk_batching_challenge_powers(shplonk_batching_challenge, this->log_n);
176 std::vector<Fr> mle_opening_point = this->random_evaluation_point(this->log_n);
179 this->num_polynomials,
192 auto fold_polynomials = GeminiProver::compute_fold_polynomials(this->log_n, mle_opening_point, batched);
194 std::vector<Commitment> prover_commitments;
195 for (
size_t l = 0; l < this->log_n - 1; ++l) {
196 auto commitment =
ck.commit(fold_polynomials[l]);
197 prover_commitments.emplace_back(commitment);
200 auto [A_0_pos, A_0_neg] =
203 const auto opening_claims = GeminiProver::construct_univariate_opening_claims(
206 std::vector<Fr> prover_evaluations;
207 for (
size_t l = 0; l < this->log_n; ++l) {
208 const auto& evaluation = opening_claims[l + 1].opening_pair.evaluation;
209 prover_evaluations.emplace_back(evaluation);
215 std::vector<Fr> expected_inverse_vanishing_evals;
216 expected_inverse_vanishing_evals.reserve(2 * this->log_n);
218 for (
size_t idx = 0; idx < this->log_n; idx++) {
219 expected_inverse_vanishing_evals.emplace_back((shplonk_eval_challenge - r_squares[idx]).invert());
220 expected_inverse_vanishing_evals.emplace_back((shplonk_eval_challenge + r_squares[idx]).invert());
223 Fr current_challenge{ shplonk_batching_challenge * shplonk_batching_challenge };
224 for (
size_t idx = 0; idx < prover_commitments.size(); ++idx) {
225 expected_result -= prover_commitments[idx] * current_challenge * expected_inverse_vanishing_evals[2 * idx + 2];
226 current_challenge *= shplonk_batching_challenge;
227 expected_result -= prover_commitments[idx] * current_challenge * expected_inverse_vanishing_evals[2 * idx + 3];
228 current_challenge *= shplonk_batching_challenge;
232 std::vector<Fr> inverse_vanishing_evals =
233 ShplonkVerifier::compute_inverted_gemini_denominators(shplonk_eval_challenge, r_squares);
235 Fr expected_constant_term_accumulator{ 0 };
236 std::vector<Fr> padding_indicator_array(this->log_n,
Fr{ 1 });
238 std::vector<Fr> gemini_fold_pos_evaluations =
240 expected_constant_term_accumulator,
244 expected_constant_term_accumulator);
245 std::vector<Commitment> commitments;
246 std::vector<Fr> scalars;
248 ShpleminiVerifier::batch_gemini_claims_received_from_prover(padding_indicator_array,
251 gemini_fold_pos_evaluations,
252 inverse_vanishing_evals,
253 shplonk_batching_challenge_powers,
256 expected_constant_term_accumulator);
259 GroupElement shplemini_result = batch_mul_native<Curve>(commitments, scalars);
272 using Curve = TypeParam::Curve;
274 constexpr bool HasZK =
true;
278 using CK =
typename TypeParam::CommitmentKey;
281 auto prover_transcript = TypeParam::Transcript::prover_init_empty();
285 CK
ck = create_commitment_key<CK>(
std::max<size_t>(this->n, 1ULL << (log_subgroup_size + 1)));
288 ZKData zk_sumcheck_data(this->log_n, prover_transcript,
ck);
291 std::vector<Fr> mle_opening_point = this->random_evaluation_point(this->log_n);
295 this->num_polynomials,
302 zk_sumcheck_data, mle_opening_point, this->log_n);
304 prover_transcript->send_to_verifier(
"Libra:claimed_evaluation", claimed_inner_product);
308 zk_sumcheck_data, mle_opening_point, claimed_inner_product, prover_transcript,
ck);
309 small_subgroup_ipa_prover.
prove();
312 const auto opening_claim = ShpleminiProver::prove(this->n,
320 TestFixture::IPA::compute_opening_proof(this->
ck(), opening_claim, prover_transcript);
330 libra_commitments[0] =
331 verifier_transcript->template receive_from_prover<Commitment>(
"Libra:concatenation_commitment");
334 const Fr libra_total_sum = verifier_transcript->template receive_from_prover<Fr>(
"Libra:Sum");
335 const Fr libra_challenge = verifier_transcript->template get_challenge<Fr>(
"Libra:Challenge");
336 const Fr libra_evaluation = verifier_transcript->template receive_from_prover<Fr>(
"Libra:claimed_evaluation");
339 EXPECT_EQ(libra_total_sum, zk_sumcheck_data.libra_total_sum);
340 EXPECT_EQ(libra_challenge, zk_sumcheck_data.libra_challenge);
341 EXPECT_EQ(libra_evaluation, claimed_inner_product);
344 libra_commitments[1] = verifier_transcript->template receive_from_prover<Commitment>(
"Libra:grand_sum_commitment");
345 libra_commitments[2] = verifier_transcript->template receive_from_prover<Commitment>(
"Libra:quotient_commitment");
348 std::vector<Fr> padding_indicator_array(this->log_n,
Fr{ 1 });
350 auto [batch_opening_claim, consistency_checked] =
351 ShpleminiVerifier::compute_batch_opening_claim(padding_indicator_array,
354 this->vk().get_g1_identity(),
362 TestFixture::IPA::reduce_verify_batch_opening_claim(batch_opening_claim, this->
vk(), verifier_transcript);
363 EXPECT_EQ(result,
true);
365 const auto pairing_points =
368 EXPECT_EQ(this->
vk().pairing_check(pairing_points[0], pairing_points[1]),
true);
370 EXPECT_EQ(consistency_checked,
true);
381 using Curve = TypeParam::Curve;
384 using CK =
typename TypeParam::CommitmentKey;
387 constexpr bool HasZK =
true;
390 CK
ck = create_commitment_key<CK>(4096);
393 std::vector<Fr> challenge = this->random_evaluation_point(this->log_n);
395 auto prover_transcript = TypeParam::Transcript::prover_init_empty();
403 mock_claims.template compute_sumcheck_opening_data<TypeParam>(
404 this->log_n, this->sumcheck_univariate_length, challenge,
ck);
407 const Fr claimed_inner_product =
410 prover_transcript->send_to_verifier(
"Libra:claimed_evaluation", claimed_inner_product);
414 zk_sumcheck_data, challenge, claimed_inner_product, prover_transcript,
ck);
415 small_subgroup_ipa_prover.
prove();
418 const auto opening_claim = ShpleminiProver::prove(this->n,
428 TestFixture::IPA::compute_opening_proof(this->
ck(), opening_claim, prover_transcript);
437 libra_commitments[0] =
438 verifier_transcript->template receive_from_prover<Commitment>(
"Libra:concatenation_commitment");
441 const Fr libra_total_sum = verifier_transcript->template receive_from_prover<Fr>(
"Libra:Sum");
442 const Fr libra_challenge = verifier_transcript->template get_challenge<Fr>(
"Libra:Challenge");
443 const Fr libra_evaluation = verifier_transcript->template receive_from_prover<Fr>(
"Libra:claimed_evaluation");
448 EXPECT_EQ(libra_evaluation, claimed_inner_product);
451 libra_commitments[1] = verifier_transcript->template receive_from_prover<Commitment>(
"Libra:grand_sum_commitment");
452 libra_commitments[2] = verifier_transcript->template receive_from_prover<Commitment>(
"Libra:quotient_commitment");
455 std::vector<Fr> padding_indicator_array(this->log_n,
Fr{ 1 });
457 auto batch_opening_claim = ShpleminiVerifier::compute_batch_opening_claim(padding_indicator_array,
460 this->vk().get_g1_identity(),
467 .batch_opening_claim;
471 TestFixture::IPA::reduce_verify_batch_opening_claim(batch_opening_claim, this->
vk(), verifier_transcript);
472 EXPECT_EQ(result,
true);
474 const auto pairing_points =
477 EXPECT_EQ(this->
vk().pairing_check(pairing_points[0], pairing_points[1]),
true);
489 using Curve =
typename TypeParam::Curve;
491 using CK =
typename TypeParam::CommitmentKey;
498 static constexpr size_t small_log_n = 3;
499 CK
ck = create_commitment_key<CK>(this->n);
502 auto u = this->random_evaluation_point(small_log_n);
513 const Fr tail = ((
Fr(1) - u[0]) * (
Fr(1) - u[1])).
invert();
514 poly.
at(4) = claimed_multilinear_eval * tail / u[2];
515 poly.
at(this->n - 8) = tail;
516 poly.
at(this->n - 4) = -tail * (
Fr(1) - u[2]) / u[2];
519 this->n, std::vector{
std::move(poly) }, std::vector<Fr>{ claimed_multilinear_eval },
ck);
524 const auto opening_claim =
525 ShpleminiProver::prove(this->n, mock_claims.polynomial_batcher, u,
ck, prover_transcript);
529 TestFixture::IPA::compute_opening_proof(
ck, opening_claim, prover_transcript);
537 std::vector<Fr> padding_indicator_array(small_log_n,
Fr{ 1 });
539 auto batch_opening_claim =
540 ShpleminiVerifier::compute_batch_opening_claim(
541 padding_indicator_array, mock_claims.claim_batcher, u, this->vk().get_g1_identity(), verifier_transcript)
542 .batch_opening_claim;
547 TestFixture::IPA::reduce_verify_batch_opening_claim(batch_opening_claim, this->
vk(), verifier_transcript);
548 EXPECT_EQ(result,
true);
550 const auto pairing_points =
552 EXPECT_EQ(this->
vk().pairing_check(pairing_points[0], pairing_points[1]),
true);
563 using Curve =
typename TypeParam::Curve;
565 using CK =
typename TypeParam::CommitmentKey;
571 static constexpr size_t big_n = 1UL << 12;
572 static constexpr size_t small_log_n = 3;
573 static constexpr size_t big_ck_size = 1 << 14;
574 CK
ck = create_commitment_key<CK>(big_ck_size);
580 auto u = this->random_evaluation_point(small_log_n);
586 big_n, std::vector{
std::move(poly) }, std::vector<Fr>{ claimed_multilinear_eval },
ck);
591 const auto opening_claim = ShpleminiProver::prove(big_n, mock_claims.polynomial_batcher, u,
ck, prover_transcript);
595 TestFixture::IPA::compute_opening_proof(
ck, opening_claim, prover_transcript);
603 std::vector<Fr> padding_indicator_array(small_log_n,
Fr{ 1 });
605 auto batch_opening_claim =
606 ShpleminiVerifier::compute_batch_opening_claim(
607 padding_indicator_array, mock_claims.claim_batcher, u, this->vk().get_g1_identity(), verifier_transcript)
608 .batch_opening_claim;
614 TestFixture::IPA::reduce_verify_batch_opening_claim(batch_opening_claim, this->
vk(), verifier_transcript),
617 const auto pairing_points =
619 EXPECT_EQ(this->
vk().pairing_check(pairing_points[0], pairing_points[1]),
false);
631 using Curve =
typename TypeParam::Curve;
633 constexpr bool HasZK =
true;
637 using CK =
typename TypeParam::CommitmentKey;
640 auto prover_transcript = TypeParam::Transcript::prover_init_empty();
644 CK
ck = create_commitment_key<CK>(
std::max<size_t>(this->n, 1ULL << (log_subgroup_size + 1)));
647 ZKData zk_sumcheck_data(this->log_n, prover_transcript,
ck);
650 std::vector<Fr> mle_opening_point = this->random_evaluation_point(this->log_n);
654 this->num_polynomials,
661 zk_sumcheck_data, mle_opening_point, this->log_n);
665 prover_transcript->send_to_verifier(
"Libra:claimed_evaluation", corrupted_inner_product);
670 zk_sumcheck_data, mle_opening_point, corrupted_inner_product, prover_transcript,
ck);
671 small_subgroup_ipa_prover.
prove();
674 const auto opening_claim = ShpleminiProver::prove(this->n,
682 TestFixture::IPA::compute_opening_proof(this->
ck(), opening_claim, prover_transcript);
692 libra_commitments[0] =
693 verifier_transcript->template receive_from_prover<Commitment>(
"Libra:concatenation_commitment");
696 [[maybe_unused]]
const Fr libra_total_sum = verifier_transcript->template receive_from_prover<Fr>(
"Libra:Sum");
697 [[maybe_unused]]
const Fr libra_challenge = verifier_transcript->template get_challenge<Fr>(
"Libra:Challenge");
699 const Fr libra_evaluation = verifier_transcript->template receive_from_prover<Fr>(
"Libra:claimed_evaluation");
702 libra_commitments[1] = verifier_transcript->template receive_from_prover<Commitment>(
"Libra:grand_sum_commitment");
703 libra_commitments[2] = verifier_transcript->template receive_from_prover<Commitment>(
"Libra:quotient_commitment");
706 std::vector<Fr> padding_indicator_array(this->log_n,
Fr{ 1 });
708 auto shplemini_output = ShpleminiVerifier::compute_batch_opening_claim(padding_indicator_array,
711 this->vk().get_g1_identity(),
718 EXPECT_FALSE(shplemini_output.consistency_checked);
728template <
typename TypeParam>
732 bool expected_consistency_checked)
737 using Curve =
typename TypeParam::Curve;
739 constexpr bool HasZK =
true;
743 using CK =
typename TypeParam::CommitmentKey;
745 auto prover_transcript = TypeParam::Transcript::prover_init_empty();
748 CK
ck = create_commitment_key<CK>(
std::max<size_t>(test->
n, 1ULL << (log_subgroup_size + 1)));
750 ZKData zk_sumcheck_data(test->
log_n, prover_transcript,
ck);
756 zk_sumcheck_data, mle_opening_point, test->
log_n);
758 prover_transcript->send_to_verifier(
"Libra:claimed_evaluation", claimed_inner_product);
761 zk_sumcheck_data, mle_opening_point, claimed_inner_product, prover_transcript,
ck);
762 small_subgroup_ipa_prover.
prove();
767 if (tamper_polynomial != TamperedPolynomial::None) {
768 witness_polynomials[
static_cast<size_t>(tamper_polynomial)].at(0) +=
Fr::random_element();
771 const auto opening_claim = ShpleminiProver::prove(
772 test->
n, mock_claims.
polynomial_batcher, mle_opening_point,
ck, prover_transcript, witness_polynomials);
783 libra_commitments[0] =
784 verifier_transcript->template receive_from_prover<Commitment>(
"Libra:concatenation_commitment");
786 [[maybe_unused]]
const Fr libra_total_sum = verifier_transcript->template receive_from_prover<Fr>(
"Libra:Sum");
787 [[maybe_unused]]
const Fr libra_challenge = verifier_transcript->template get_challenge<Fr>(
"Libra:Challenge");
788 const Fr libra_evaluation = verifier_transcript->template receive_from_prover<Fr>(
"Libra:claimed_evaluation");
790 libra_commitments[1] = verifier_transcript->template receive_from_prover<Commitment>(
"Libra:grand_sum_commitment");
791 libra_commitments[2] = verifier_transcript->template receive_from_prover<Commitment>(
"Libra:quotient_commitment");
794 if (tamper_commitment != TamperedCommitment::None) {
795 auto idx =
static_cast<size_t>(tamper_commitment);
796 libra_commitments[idx] = libra_commitments[idx] + Commitment::one();
799 std::vector<Fr> padding_indicator_array(test->
log_n,
Fr{ 1 });
801 auto [batch_opening_claim, consistency_checked] =
802 ShpleminiVerifier::compute_batch_opening_claim(padding_indicator_array,
811 EXPECT_EQ(consistency_checked, expected_consistency_checked);
816 batch_opening_claim, test->
vk(), verifier_transcript),
819 const auto pairing_points =
821 EXPECT_FALSE(test->
vk().pairing_check(pairing_points[0], pairing_points[1]));
830 using TamperedPolynomial =
typename TestFixture::TamperedPolynomial;
831 using TamperedCommitment =
typename TestFixture::TamperedCommitment;
834 this, TamperedPolynomial::Quotient, TamperedCommitment::None,
false);
842 using TamperedPolynomial =
typename TestFixture::TamperedPolynomial;
843 using TamperedCommitment =
typename TestFixture::TamperedCommitment;
846 this, TamperedPolynomial::None, TamperedCommitment::Quotient,
true);
854 using TamperedPolynomial =
typename TestFixture::TamperedPolynomial;
855 using TamperedCommitment =
typename TestFixture::TamperedCommitment;
858 this, TamperedPolynomial::GrandSum, TamperedCommitment::None,
false);
866 using TamperedPolynomial =
typename TestFixture::TamperedPolynomial;
867 using TamperedCommitment =
typename TestFixture::TamperedCommitment;
870 this, TamperedPolynomial::None, TamperedCommitment::GrandSum,
true);
878 using TamperedPolynomial =
typename TestFixture::TamperedPolynomial;
879 using TamperedCommitment =
typename TestFixture::TamperedCommitment;
882 this, TamperedPolynomial::Concatenated, TamperedCommitment::None,
false);
890 using TamperedPolynomial =
typename TestFixture::TamperedPolynomial;
891 using TamperedCommitment =
typename TestFixture::TamperedCommitment;
894 this, TamperedPolynomial::None, TamperedCommitment::Concatenated,
true);
static std::shared_ptr< BaseTranscript > prover_init_empty()
For testing: initializes transcript with some arbitrary data so that a challenge can be generated aft...
static std::shared_ptr< BaseTranscript > verifier_init_empty(const std::shared_ptr< BaseTranscript > &transcript)
For testing: initializes transcript based on proof data then receives junk data produced by BaseTrans...
std::vector< Fr > random_evaluation_point(const size_t num_variables)
bb::CommitmentKey< Curve > CommitmentKey
Polynomial compute_batched(const Fr &challenge)
Compute batched polynomial A₀ = F + G/X as the linear combination of all polynomials to be opened,...
std::pair< Polynomial, Polynomial > compute_partially_evaluated_batch_polynomials(const Fr &r_challenge)
Compute partially evaluated batched polynomials A₀(X, r) = A₀₊ = F + G/r, A₀(X, -r) = A₀₋ = F - G/r.
static std::vector< Fr > compute_fold_pos_evaluations(std::span< const Fr > padding_indicator_array, const Fr &batched_evaluation, std::span< const Fr > evaluation_point, std::span< const Fr > challenge_powers, std::span< const Fr > fold_neg_evals, Fr p_neg=Fr(0))
Compute .
static PairingPointsType reduce_verify_batch_opening_claim(BatchOpeningClaim< Curve > &&batch_opening_claim, const std::shared_ptr< Transcript > &transcript, const size_t expected_final_msm_size=0)
Computes the input points for the pairing check needed to verify a KZG opening claim obtained from a ...
static void compute_opening_proof(const CK &ck, const ProverOpeningClaim< Curve > &opening_claim, const std::shared_ptr< Transcript > &prover_trancript)
Computes the KZG commitment to an opening proof polynomial at a single evaluation point.
Structured polynomial class that represents the coefficients 'a' of a_0 + a_1 x .....
static Polynomial random(size_t size, size_t start_index=0)
Fr & at(size_t index)
Our mutable accessor, unlike operator[]. We abuse precedent a bit to differentiate at() and operator[...
static constexpr size_t n
static constexpr size_t log_n
static constexpr size_t n
typename Flavor::Curve::ScalarField Fr
static constexpr size_t num_polynomials
typename Flavor::CommitmentKey CK
typename Flavor::Curve::AffineElement Commitment
static constexpr size_t log_n
static constexpr size_t sumcheck_univariate_length
static constexpr size_t num_shiftable
typename Flavor::Curve::Element GroupElement
IPA< typename Flavor::Curve, log_n > IPA
A Curve-agnostic ZK protocol to prove inner products of small vectors.
std::array< bb::Polynomial< FF >, NUM_SMALL_IPA_EVALUATIONS > get_witness_polynomials() const
static FF compute_claimed_inner_product(ZKSumcheckData< Flavor > &zk_sumcheck_data, const std::vector< FF > &multivariate_challenge, const size_t &log_circuit_size)
For test purposes: Compute the sum of the Libra constant term and Libra univariates evaluated at Sumc...
void prove()
Compute the derived witnesses and and commit to them.
Commitment get_g1_identity() const
typename Group::element Element
static constexpr size_t SUBGROUP_SIZE
typename Group::affine_element AffineElement
std::vector< Fr > powers_of_evaluation_challenge(const Fr &r, const size_t num_squares)
Compute squares of folding challenge r.
std::vector< Fr > powers_of_rho(const Fr &rho, const size_t num_powers)
Compute powers of challenge ρ
constexpr T get_msb(const T in)
Entry point for Barretenberg command-line interface.
::testing::Types< BN254Settings, GrumpkinSettings > TestSettings
TYPED_TEST_SUITE(ShpleminiTest, TestSettings)
void run_libra_tampering_test(ShpleminiTest< TypeParam > *test, typename ShpleminiTest< TypeParam >::TamperedPolynomial tamper_polynomial, typename ShpleminiTest< TypeParam >::TamperedCommitment tamper_commitment, bool expected_consistency_checked)
Helper to run a Libra tampering test with configurable tampering options.
TYPED_TEST(ShpleminiTest, CorrectnessOfMultivariateClaimBatching)
CommitmentKey< Curve > ck
VerifierCommitmentKey< Curve > vk
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
void compute_scalars_for_each_batch(std::span< const Fr > inverted_vanishing_evals, const Fr &nu_challenge, const Fr &r_challenge)
Compute scalars used to batch each set of claims, excluding contribution from batching challenge \rho...
void update_batch_mul_inputs_and_batched_evaluation(std::vector< Commitment > &commitments, std::vector< Fr > &scalars, Fr &batched_evaluation, const Fr &rho, Fr shplonk_batching_pos={ 0 }, Fr shplonk_batching_neg={ 0 })
Append the commitments and scalars from each batch of claims to the Shplemini, vectors which subseque...
std::vector< Commitment > commitments
Constructs random polynomials, computes commitments and corresponding evaluations.
std::vector< bb::Polynomial< Fr > > round_univariates
std::vector< Commitment > sumcheck_commitments
ClaimBatcher claim_batcher
std::vector< std::array< Fr, 3 > > sumcheck_evaluations
PolynomialBatcher polynomial_batcher
This structure is created to contain various polynomials and constants required by ZK Sumcheck.
constexpr field invert() const noexcept
static field random_element(numeric::RNG *engine=nullptr) noexcept
1.9.8