Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
Public Attributes | List of all members
bb::ShpleminiVerifierOutput_< Curve, HasZK > Struct Template Reference

An efficient verifier for the evaluation proofs of multilinear polynomials and their shifts. More...

#include <shplemini.hpp>

Public Attributes

BatchOpeningClaim< Curvebatch_opening_claim
 

Detailed Description

template<typename Curve, bool HasZK>
struct bb::ShpleminiVerifierOutput_< Curve, HasZK >

An efficient verifier for the evaluation proofs of multilinear polynomials and their shifts.

Context

This Verifier combines verifiers from four protocols:

  1. Batch opening protocol: Reduces various evaluation claims of multilinear polynomials and their shifts to the opening claim of a single batched polynomial.
  2. Gemini protocol: Reduces the batched polynomial opening claim to a claim about openings of Gemini univariate polynomials.
  3. Shplonk protocol: Reduces the opening of Gemini univariate polynomials at different points to a single opening of a batched univariate polynomial. Outputs \( \text{shplonk_opening_claim} \).
  4. KZG or IPA protocol: Verifies the evaluation of the univariate batched by Shplonk.

Important Observation: From step 1 to step 4, the Verifier is not required to hash any results of its group operations. Therefore, they could be performed at the very end, i.e. by the opening protocol of a chosen univariate PCS. Because of this and the shape of the pairing check in Shplonk, various batch_mul calls could be reduced to a single batch_mul call. This way we minimize the number of gates in the resulting recursive verifier circuits and save some group operations in the native setting.

Remarks
The sequence of steps could be performed by performing batching of unshifted and shifted polynomials, feeding it to the existing GeminiVerifier, whose output would be passed to the ShplonkVerifier and then to the reduce_verify method of a chosen PCS. However, it would be less efficient than ShpleminiVerifier in terms of group and field operations.

Definition at line 167 of file shplemini.hpp.

Member Data Documentation

◆ batch_opening_claim

template<typename Curve , bool HasZK>
BatchOpeningClaim<Curve> bb::ShpleminiVerifierOutput_< Curve, HasZK >::batch_opening_claim

Definition at line 168 of file shplemini.hpp.

The documentation for this struct was generated from the following file: