Struct HidingFriPcs

pub struct HidingFriPcs<Val, Dft, InputMmcs, FriMmcs, R> { /* private fields */ }

A hiding FRI PCS. Both MMCSs must also be hiding; this is not enforced at compile time so it’s the user’s responsibility to configure.

Implementations

impl<Val, Dft, InputMmcs, FriMmcs, R> HidingFriPcs<Val, Dft, InputMmcs, FriMmcs, R>

pub fn new( dft: Dft, mmcs: InputMmcs, params: FriParameters<FriMmcs>, num_random_codewords: usize, rng: R, ) -> Self

Trait Implementations

impl<Val: Debug, Dft: Debug, InputMmcs: Debug, FriMmcs: Debug, R: Debug> Debug for HidingFriPcs<Val, Dft, InputMmcs, FriMmcs, R>

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<Val, Dft, InputMmcs, FriMmcs, Challenge, Challenger, R> Pcs<Challenge, Challenger> for HidingFriPcs<Val, Dft, InputMmcs, FriMmcs, R>

where Val: TwoAdicField, StandardUniform: Distribution<Val>, Dft: TwoAdicSubgroupDft<Val>, InputMmcs: Mmcs<Val>, FriMmcs: Mmcs<Challenge>, Challenge: TwoAdicField + ExtensionField<Val>, Challenger: FieldChallenger<Val> + CanObserve<FriMmcs::Commitment> + GrindingChallenger<Witness = Val>, R: Rng + Send + Sync,

type Proof = (Vec<Vec<Vec<Vec<Challenge>>>>, FriProof<Challenge, FriMmcs, Val, Vec<BatchOpening<Val, InputMmcs>>>)

The first item contains the openings of the random polynomials added by this wrapper. The second item is the usual FRI proof.

fn commit_quotient( &self, quotient_domain: Self::Domain, quotient_evaluations: RowMajorMatrix<Val>, num_chunks: usize, ) -> (Self::Commitment, Self::ProverData)

Commit to the quotient polynomial. We first decompose the quotient polynomial into num_chunks many smaller polynomials each of degree degree / num_chunks. These quotient polynomials are then randomized as explained in Section 4.2 of https://eprint.iacr.org/2024/1037.pdf .

Arguments

• quotient_domain the domain of the quotient polynomial.
• quotient_evaluations the evaluations of the quotient polynomial over the domain. This should be in standard (not bit-reversed) order.
• num_chunks the number of smaller polynomials to decompose the quotient polynomial into.

Panics

This function panics if num_chunks is either 0 or 1. The first case makes no logical sense and in the second case, the resulting commitment would not be hiding.

const ZK: bool = true

Set to true to activate randomization and achieve zero-knowledge.

type Domain = TwoAdicMultiplicativeCoset<Val>

The class of evaluation domains that this commitment scheme works over.

type Commitment = <InputMmcs as Mmcs<Val>>::Commitment

The commitment that’s sent to the verifier.

type ProverData = <InputMmcs as Mmcs<Val>>::ProverData<DenseMatrix<Val>>

Data that the prover stores for committed polynomials, to help the prover with opening.

type EvaluationsOnDomain<'a> = HorizontallyTruncated<Val, RowIndexMappedView<BitReversalPerm, DenseMatrix<Val, &'a [Val]>>>

Type of the output of get_evaluations_on_domain.

type Error = FriError<<FriMmcs as Mmcs<Challenge>>::Error, <InputMmcs as Mmcs<Val>>::Error>

The type of a proof verification error.

fn natural_domain_for_degree(&self, degree: usize) -> Self::Domain

This should return a domain such that Domain::next_point returns Some.

fn commit( &self, evaluations: impl IntoIterator<Item = (Self::Domain, RowMajorMatrix<Val>)>, ) -> (Self::Commitment, Self::ProverData)

Given a collection of evaluation matrices, produce a binding commitment to the polynomials defined by those evaluations. If zk is enabled, the evaluations are first randomized as explained in Section 3 of https://eprint.iacr.org/2024/1037.pdf .

fn get_evaluations_on_domain<'a>( &self, prover_data: &'a Self::ProverData, idx: usize, domain: Self::Domain, ) -> Self::EvaluationsOnDomain<'a>

Given prover data corresponding to a commitment to a collection of evaluation matrices, return the evaluations of those matrices on the given domain.

fn open( &self, rounds: Vec<(&Self::ProverData, Vec<Vec<Challenge>>)>, challenger: &mut Challenger, ) -> (OpenedValues<Challenge>, Self::Proof)

Open a collection of polynomial commitments at a set of points. Produce the values at those points along with a proof of correctness.

fn verify( &self, rounds: Vec<(Self::Commitment, Vec<(Self::Domain, Vec<(Challenge, Vec<Challenge>)>)>)>, proof: &Self::Proof, challenger: &mut Challenger, ) -> Result<(), Self::Error>

Verify that a collection of opened values is correct.

fn get_opt_randomization_poly_commitment( &self, ext_trace_domain: Self::Domain, ) -> Option<(Self::Commitment, Self::ProverData)>

const TRACE_IDX: usize = _

Index of the trace commitment in the computed opened values.

const QUOTIENT_IDX: usize = _

Index of the quotient commitments in the computed opened values.

const PREPROCESSED_TRACE_IDX: usize = _

Index of the preprocessed trace commitment in the computed opened values.