bb::KZG< Curve_ > Class Template Reference

#include <kzg.hpp>

Public Types
using	Curve = Curve_
using	CK = CommitmentKey< Curve >
using	VK = VerifierCommitmentKey< Curve >
using	Fr = typename Curve::ScalarField
using	Commitment = typename Curve::AffineElement
using	GroupElement = typename Curve::Element
using	Polynomial = bb::Polynomial< Fr >
using	VerifierAccumulator = std::array< GroupElement, 2 >

Static Public Member Functions
template<typename Transcript >
static void	compute_opening_proof (const CK &ck, const ProverOpeningClaim< Curve > &opening_claim, const std::shared_ptr< Transcript > &prover_trancript)
	Computes the KZG commitment to an opening proof polynomial at a single evaluation point.
template<typename Transcript >
static VerifierAccumulator	reduce_verify (const OpeningClaim< Curve > &claim, const std::shared_ptr< Transcript > &verifier_transcript)
	Computes the input points for the pairing check needed to verify a KZG opening claim of a single polynomial commitment. This reduction is non-interactive and always succeeds.
template<typename Transcript >
static VerifierAccumulator	reduce_verify_batch_opening_claim (BatchOpeningClaim< Curve > batch_opening_claim, const std::shared_ptr< Transcript > &transcript)
	Computes the input points for the pairing check needed to verify a KZG opening claim obtained from a Shplemini accumulator.

Detailed Description

template<typename Curve_>
class bb::KZG< Curve_ >

Definition at line 20 of file kzg.hpp.

Member Typedef Documentation

CK

template<typename Curve_ >

using bb::KZG< Curve_ >::CK = CommitmentKey<Curve>

Definition at line 23 of file kzg.hpp.

Commitment

template<typename Curve_ >

using bb::KZG< Curve_ >::Commitment = typename Curve::AffineElement

Definition at line 26 of file kzg.hpp.

Curve

template<typename Curve_ >

using bb::KZG< Curve_ >::Curve = Curve_

Definition at line 22 of file kzg.hpp.

Fr

template<typename Curve_ >

using bb::KZG< Curve_ >::Fr = typename Curve::ScalarField

Definition at line 25 of file kzg.hpp.

GroupElement

template<typename Curve_ >

using bb::KZG< Curve_ >::GroupElement = typename Curve::Element

Definition at line 27 of file kzg.hpp.

Polynomial

template<typename Curve_ >

using bb::KZG< Curve_ >::Polynomial = bb::Polynomial<Fr>

Definition at line 28 of file kzg.hpp.

VerifierAccumulator

template<typename Curve_ >

using bb::KZG< Curve_ >::VerifierAccumulator = std::array<GroupElement, 2>

Definition at line 29 of file kzg.hpp.

VK

template<typename Curve_ >

using bb::KZG< Curve_ >::VK = VerifierCommitmentKey<Curve>

Definition at line 24 of file kzg.hpp.

Member Function Documentation

compute_opening_proof()

template<typename Curve_ >

template<typename Transcript >

static void bb::KZG< Curve_ >::compute_opening_proof ( const CK &  ck, const ProverOpeningClaim< Curve > &  opening_claim, const std::shared_ptr< Transcript > &  prover_trancript  )

inlinestatic

Computes the KZG commitment to an opening proof polynomial at a single evaluation point.

Parameters

ck	The commitment key which has a commit function, the srs and pippenger_runtime_state
opening_claim	{p, (r, v = p(r))} where p is the witness polynomial whose opening proof needs to be computed
prover_transcript	Prover transcript

Definition at line 40 of file kzg.hpp.

reduce_verify()

template<typename Curve_ >

template<typename Transcript >

static VerifierAccumulator bb::KZG< Curve_ >::reduce_verify ( const OpeningClaim< Curve > &  claim, const std::shared_ptr< Transcript > &  verifier_transcript  )

inlinestatic

Computes the input points for the pairing check needed to verify a KZG opening claim of a single polynomial commitment. This reduction is non-interactive and always succeeds.

This is used in the recursive setting where we want to "aggregate" proofs, not verify them.

Parameters

claim

OpeningClaim ({r, v}, C)

Returns

{P₀, P₁} where

• P₀ = C − v⋅[1]₁ + r⋅[W(x)]₁
• P₁ = - [W(x)]₁

Definition at line 75 of file kzg.hpp.

reduce_verify_batch_opening_claim()

template<typename Curve_ >

template<typename Transcript >

static VerifierAccumulator bb::KZG< Curve_ >::reduce_verify_batch_opening_claim ( BatchOpeningClaim< Curve >  batch_opening_claim, const std::shared_ptr< Transcript > &  transcript  )

inlinestatic

Computes the input points for the pairing check needed to verify a KZG opening claim obtained from a Shplemini accumulator.

This function is used in a recursive setting where we want to "aggregate" proofs. In the Shplemini case, the commitment \( C \) is encoded into the vectors commitments and scalars contained in the batch_opening_claim. More explicitly, \( C = \sum \text{commitments}_i \cdot \text{scalars}_i \). To avoid performing an extra batch_mul, we simply add the commitment \( [W]_1 \) to the vector of commitments and the Shplonk evaluation challenge to the vector of scalars and perform a single batch_mul that computes \(C + W\cdot z \).

Parameters

batch_opening_claim

\((\text{commitments}, \text{scalars}, \text{shplonk_evaluation_challenge})\) A struct containing the commitments, scalars, and the Shplonk evaluation challenge.

Returns

\( \{P_0, P_1\}\) where:

• \( P_0 = C + [W(x)]_1 \cdot z \)
• \( P_1 = - [W(x)]_1 \)

Definition at line 122 of file kzg.hpp.

---

The documentation for this class was generated from the following file:

• src/barretenberg/commitment_schemes/kzg/kzg.hpp