Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
Static Public Member Functions | Private Types | List of all members
bb::GeminiVerifier_< Curve > Class Template Reference

Gemini Verifier utility methods used by ShpleminiVerifier. More...

#include <gemini.hpp>

Static Public Member Functions

static std::vector< Commitmentget_fold_commitments (const size_t virtual_log_n, auto &transcript)
 Receive the fold commitments from the prover. This method is used by Shplemini where padding may be enabled, i.e. the verifier receives the same number of commitments independent of the actual circuit size.
 
static std::vector< Frget_gemini_evaluations (const size_t virtual_log_n, auto &transcript)
 Receive the fold evaluations from the prover. This method is used by Shplemini where padding may be enabled, i.e. the verifier receives the same number of commitments independent of the actual circuit size.
 
static std::vector< Frcompute_fold_pos_evaluations (std::span< const Fr > padding_indicator_array, const Fr &batched_evaluation, std::span< const Fr > evaluation_point, std::span< const Fr > challenge_powers, std::span< const Fr > fold_neg_evals)
 Compute \( A_0(r), A_1(r^2), \ldots, A_{d-1}(r^{2^{d-1}})\).
 

Private Types

using Fr = typename Curve::ScalarField
 
using Commitment = typename Curve::AffineElement
 

Detailed Description

template<typename Curve>
class bb::GeminiVerifier_< Curve >

Gemini Verifier utility methods used by ShpleminiVerifier.

Definition at line 241 of file gemini.hpp.

Member Typedef Documentation

◆ Commitment

template<typename Curve >
using bb::GeminiVerifier_< Curve >::Commitment = typename Curve::AffineElement
private

Definition at line 243 of file gemini.hpp.

◆ Fr

template<typename Curve >
using bb::GeminiVerifier_< Curve >::Fr = typename Curve::ScalarField
private

Definition at line 242 of file gemini.hpp.

Member Function Documentation

◆ compute_fold_pos_evaluations()

template<typename Curve >
static std::vector< Fr > bb::GeminiVerifier_< Curve >::compute_fold_pos_evaluations ( std::span< const Fr padding_indicator_array,
const Fr batched_evaluation,
std::span< const Fr evaluation_point,
std::span< const Fr challenge_powers,
std::span< const Fr fold_neg_evals 
)
inlinestatic

Compute \( A_0(r), A_1(r^2), \ldots, A_{d-1}(r^{2^{d-1}})\).

Recall that \( A_0(r) = \sum \rho^i \cdot f_i + \frac{1}{r} \cdot \sum \rho^{i+k} g_i \), where \( k \) is the number of "unshifted" commitments. \( f_i \) are the unshifted polynomials and \( g_i \) are the to-be-shifted-by-1 polynomials.

Initialize a_pos = \( A_{d}(r) \) with the batched evaluation \( \sum \rho^i f_i(\vec{u}) + \sum \rho^{i+k} g_i(\vec{u}) \). The verifier recovers \( A_{l-1}(r^{2^{l-1}}) \) from the "negative" value \( A_{l-1}\left(-r^{2^{l-1}}\right) \) received from the prover and the value \( A_{l}\left(r^{2^{l}}\right) \) computed at the previous step. Namely, the verifier computes

\begin{align} A_{l-1}\left(r^{2^{l-1}}\right) = \frac{2 \cdot r^{2^{l-1}} \cdot A_{l}\left(r^{2^l}\right) - A_{l-1}\left( -r^{2^{l-1}} \right)\cdot \left(r^{2^{l-1}} (1-u_{l-1}) - u_{l-1}\right)} {r^{2^{l-1}} (1- u_{l-1}) + u_{l-1}}. \end{align}

This method uses padding_indicator_array, whose i-th entry is FF{1} if i < log_n and 0 otherwise. We use these entries to either assign eval_pos_prev the value eval_pos computed in the current iteration of the loop, or to propagate the batched evaluation of the multilinear polynomials to the next iteration. This ensures the correctnes of the computation of the required positive evaluations.

To ensure that dummy evaluations cannot be used to tamper with the final batch_mul result, we multiply dummy positive evaluations by the entries of padding_indicator_array.

Parameters
padding_indicator_arrayAn array with first log_n entries equal to 1, and the remaining entries are 0.
batched_evaluationThe evaluation of the batched polynomial at \( (u_0, \ldots, u_{d-1})\).
evaluation_pointEvaluation point \( (u_0, \ldots, u_{d-1}) \). Depending on the context, might be padded to virtual_log_n size.
challenge_powersPowers of \( r \), \( r^2 ,\dots, r^{2^{d-1}} \).
fold_neg_evalsEvaluations \( A_{i-1}(-r^{2^{i-1}}) \).
Returns
\( A_{i}(r^{2^{i}})\) for \( i = 0, \ldots, \text{virtual_log_n} - 1 \).

Definition at line 319 of file gemini.hpp.

◆ get_fold_commitments()

template<typename Curve >
static std::vector< Commitment > bb::GeminiVerifier_< Curve >::get_fold_commitments ( const size_t  virtual_log_n,
auto &  transcript 
)
inlinestatic

Receive the fold commitments from the prover. This method is used by Shplemini where padding may be enabled, i.e. the verifier receives the same number of commitments independent of the actual circuit size.

Parameters
virtual_log_nAn integer >= log_n
transcript
Returns
A vector of fold commitments \( [A_i] \) for \( i = 1, \ldots, \text{virtual_log_n}-1\).

Definition at line 254 of file gemini.hpp.

◆ get_gemini_evaluations()

template<typename Curve >
static std::vector< Fr > bb::GeminiVerifier_< Curve >::get_gemini_evaluations ( const size_t  virtual_log_n,
auto &  transcript 
)
inlinestatic

Receive the fold evaluations from the prover. This method is used by Shplemini where padding may be enabled, i.e. the verifier receives the same number of commitments independent of the actual circuit size.

Parameters
virtual_log_nAn integer >= log_n
transcript
Returns
A vector of claimed negative fold evaluation \( A_i(-r^{2^i}) \) for \( i = 0, \ldots, \text{virtual_log_n}-1\).

Definition at line 275 of file gemini.hpp.

The documentation for this class was generated from the following file: