bb::KZG< Curve_ > Class Template Reference

#include <kzg.hpp>

Public Types
using	Curve = Curve_
using	CK = CommitmentKey< Curve >
using	VK = VerifierCommitmentKey< Curve >
using	Fr = typename Curve::ScalarField
using	Commitment = typename Curve::AffineElement
using	GroupElement = typename Curve::Element
using	Polynomial = bb::Polynomial< Fr >
using	PairingPointsType = std::conditional_t< Curve::is_stdlib_type, stdlib::recursion::PairingPoints< Curve >, bb::PairingPoints< Curve > >

Static Public Member Functions
template<typename Transcript >
static void	compute_opening_proof (const CK &ck, const ProverOpeningClaim< Curve > &opening_claim, const std::shared_ptr< Transcript > &prover_trancript)
	Computes the KZG commitment to an opening proof polynomial at a single evaluation point.
template<typename Transcript >
static PairingPointsType	reduce_verify (const OpeningClaim< Curve > &claim, const std::shared_ptr< Transcript > &verifier_transcript)
	Computes the input points for the pairing check needed to verify a KZG opening claim of a single polynomial commitment. This reduction is non-interactive and always succeeds.
template<typename Transcript >
static PairingPointsType	reduce_verify_batch_opening_claim (BatchOpeningClaim< Curve > &&batch_opening_claim, const std::shared_ptr< Transcript > &transcript, const size_t expected_final_msm_size=0)
	Computes the input points for the pairing check needed to verify a KZG opening claim obtained from a Shplemini accumulator.

Detailed Description

template<typename Curve_>
class bb::KZG< Curve_ >

Definition at line 22 of file kzg.hpp.

Member Typedef Documentation

CK

template<typename Curve_ >

using bb::KZG< Curve_ >::CK = CommitmentKey<Curve>

Definition at line 25 of file kzg.hpp.

Commitment

template<typename Curve_ >

using bb::KZG< Curve_ >::Commitment = typename Curve::AffineElement

Definition at line 28 of file kzg.hpp.

Curve

template<typename Curve_ >

using bb::KZG< Curve_ >::Curve = Curve_

Definition at line 24 of file kzg.hpp.

Fr

template<typename Curve_ >

using bb::KZG< Curve_ >::Fr = typename Curve::ScalarField

Definition at line 27 of file kzg.hpp.

GroupElement

template<typename Curve_ >

using bb::KZG< Curve_ >::GroupElement = typename Curve::Element

Definition at line 29 of file kzg.hpp.

PairingPointsType

template<typename Curve_ >

using bb::KZG< Curve_ >::PairingPointsType = std::conditional_t<Curve::is_stdlib_type, stdlib::recursion::PairingPoints<Curve>, bb::PairingPoints<Curve> >

Definition at line 31 of file kzg.hpp.

Polynomial

template<typename Curve_ >

using bb::KZG< Curve_ >::Polynomial = bb::Polynomial<Fr>

Definition at line 30 of file kzg.hpp.

VK

template<typename Curve_ >

using bb::KZG< Curve_ >::VK = VerifierCommitmentKey<Curve>

Definition at line 26 of file kzg.hpp.

Member Function Documentation

compute_opening_proof()

template<typename Curve_ >

template<typename Transcript >

static void bb::KZG< Curve_ >::compute_opening_proof ( const CK &  ck, const ProverOpeningClaim< Curve > &  opening_claim, const std::shared_ptr< Transcript > &  prover_trancript  )

inlinestatic

Computes the KZG commitment to an opening proof polynomial at a single evaluation point.

Parameters

ck	The commitment key which has a commit function, the srs and pippenger_runtime_state
opening_claim	{p, (r, v = p(r))} where p is the witness polynomial whose opening proof needs to be computed
prover_transcript	Prover transcript

Definition at line 43 of file kzg.hpp.

reduce_verify()

template<typename Curve_ >

template<typename Transcript >

static PairingPointsType bb::KZG< Curve_ >::reduce_verify ( const OpeningClaim< Curve > &  claim, const std::shared_ptr< Transcript > &  verifier_transcript  )

inlinestatic

Computes the input points for the pairing check needed to verify a KZG opening claim of a single polynomial commitment. This reduction is non-interactive and always succeeds.

This is used in the recursive setting where we want to "aggregate" proofs, not verify them.

Parameters

claim

OpeningClaim ({r, v}, C)

Returns

PairingPoints {P₀, P₁} where

• P₀ = C − v⋅[1]₁ + r⋅[W(x)]₁
• P₁ = - [W(x)]₁

Definition at line 82 of file kzg.hpp.

reduce_verify_batch_opening_claim()

template<typename Curve_ >

template<typename Transcript >

static PairingPointsType bb::KZG< Curve_ >::reduce_verify_batch_opening_claim ( BatchOpeningClaim< Curve > &&  batch_opening_claim, const std::shared_ptr< Transcript > &  transcript, const size_t  expected_final_msm_size = 0  )

inlinestatic

Computes the input points for the pairing check needed to verify a KZG opening claim obtained from a Shplemini accumulator.

This function is used in a recursive setting where we want to "aggregate" proofs. In the Shplemini case, the commitment \( C \) is encoded into the vectors commitments and scalars contained in the batch_opening_claim. More explicitly, \( C = \sum \text{commitments}_i \cdot \text{scalars}_i \). To avoid performing an extra batch_mul, we simply add the commitment \( [W]_1 \) to the vector of commitments and the Shplonk evaluation challenge to the vector of scalars and perform a single batch_mul that computes \(C + W\cdot z \).

Parameters

batch_opening_claim	\((\text{commitments}, \text{scalars}, \text{shplonk_evaluation_challenge})\) A struct containing the commitments, scalars, and the Shplonk evaluation challenge.
expected_final_msm_size	Optional expected size of the final MSM (after adding quotient commitment). If non-zero, asserts that the finalized claim has this exact size. Use Flavor::FINAL_PCS_MSM_SIZE.

Returns

PairingPoints \( \{P_0, P_1\}\) where:

• \( P_0 = C + [W(x)]_1 \cdot z \)
• \( P_1 = - [W(x)]_1 \)

Definition at line 131 of file kzg.hpp.

---

The documentation for this class was generated from the following file:

• src/barretenberg/commitment_schemes/kzg/kzg.hpp