Documentation
¶
Overview ¶
Package shplonk provides a SHPLONK commitment scheme, cf https://eprint.iacr.org/2020/081.pdf
Example (BatchOpen) ¶
This example shows how to batch open a list of polynomials on a set of points, where each polynomial is opened on its own set of point. That is the i-th polynomial f_i is opened on set of point S_i.
Output: verified
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
var ( ErrInvalidNumberOfPoints = errors.New("number of digests should be equal to the number of points") ErrVerifyOpeningProof = errors.New("can't verify batch opening proof") ErrInvalidNumberOfDigests = errors.New("number of digests should be equal to the number of polynomials") ErrPairingCheck = errors.New("pairing product is not 1") )
Functions ¶
func BatchVerify ¶
func BatchVerify(proof OpeningProof, digests []kzg.Digest, points [][]fr.Element, hf hash.Hash, vk kzg.VerifyingKey, dataTranscript ...[]byte) error
BatchVerify uses proof to check that the commitments correctly open to proof.ClaimedValues at points. The order matters: the proof validates that the i-th commitment is correctly opened at the i-th point dataTranscript is some extra data that might be needed for Fiat Shamir, and is appended at the end of the original transcript.
Types ¶
type OpeningProof ¶
type OpeningProof struct {
// W = ∑ᵢ γⁱZ_{T\Sᵢ}(f_i(X)-r)/Z_{T} where Z_{T} is the vanishing polynomial on the (Sᵢ)_{i}
// and r interpolates fᵢ(Sᵢ) on (Sᵢ)
W bls12381.G1Affine
// L(X)/(X-z) where L(X)=∑ᵢγⁱZ_{T\xᵢ}(f_i(X)-rᵢ) - Z_{T}W(X)
WPrime bls12381.G1Affine
// ClaimedValues[i] are the values of fᵢ on Sᵢ
ClaimedValues [][]fr.Element
}
OpeningProof KZG proof for opening (fᵢ)_{i} at a different points (xᵢ)_{i}.
implements io.ReaderFrom and io.WriterTo
Source Files