3#include "../gemini/gemini.hpp"
4#include "../kzg/kzg.hpp"
5#include "../pcs_test_utils.hpp"
6#include "../shplonk/shplonk.hpp"
14#include <gtest/gtest.h>
22 static constexpr size_t log_n = 9;
23 static constexpr size_t n = 1UL <<
log_n;
32 using Fr =
typename Flavor::Curve::ScalarField;
34 using Commitment =
typename Flavor::Curve::AffineElement;
45using TestSettings = ::testing::Types<BN254Settings, GrumpkinSettings>;
52 static constexpr size_t log_n = 9;
53 static constexpr size_t n = 1UL <<
log_n;
59 using Curve =
typename TypeParam::Curve;
63 using CK =
typename TypeParam::CommitmentKey;
65 CK
ck = create_commitment_key<CK>(this->n);
74 auto mle_opening_point = this->random_evaluation_point(this->log_n);
77 this->num_polynomials,
86 auto update_batched_eval = [&](
Fr& batched_eval,
const std::vector<Fr>& evaluations,
Fr& rho_power) {
87 for (
auto& eval : evaluations) {
88 batched_eval += eval * rho_power;
94 Fr batched_evaluation(0);
95 update_batched_eval(batched_evaluation, mock_claims.
unshifted.
evals, rho_power);
99 auto compute_batched_commitment = [&](
const std::vector<Commitment>& commitments,
Fr& rho_power) {
100 GroupElement batched = GroupElement::zero();
101 for (
auto& comm : commitments) {
102 batched += comm * rho_power;
110 GroupElement batched_commitment_unshifted =
112 GroupElement batched_commitment_to_be_shifted =
116 GroupElement to_be_shifted_contribution = batched_commitment_to_be_shifted * gemini_eval_challenge.
invert();
118 GroupElement commitment_to_univariate_pos = batched_commitment_unshifted + to_be_shifted_contribution;
120 GroupElement commitment_to_univariate_neg = batched_commitment_unshifted - to_be_shifted_contribution;
123 commitment_to_univariate_pos * (shplonk_eval_challenge - gemini_eval_challenge).invert() +
124 commitment_to_univariate_neg *
125 (shplonk_batching_challenge * (shplonk_eval_challenge + gemini_eval_challenge).invert());
128 std::vector<Commitment> commitments;
129 std::vector<Fr> scalars;
130 Fr verifier_batched_evaluation{ 0 };
132 Fr inverted_vanishing_eval_pos = (shplonk_eval_challenge - gemini_eval_challenge).invert();
133 Fr inverted_vanishing_eval_neg = (shplonk_eval_challenge + gemini_eval_challenge).invert();
135 std::vector<Fr> inverted_vanishing_evals = { inverted_vanishing_eval_pos, inverted_vanishing_eval_neg };
138 inverted_vanishing_evals, shplonk_batching_challenge, gemini_eval_challenge);
141 commitments, scalars, verifier_batched_evaluation, rho);
144 GroupElement shplemini_result = GroupElement::batch_mul(commitments, scalars);
146 EXPECT_EQ(commitments.size(),
148 EXPECT_EQ(batched_evaluation, verifier_batched_evaluation);
153 using Curve = TypeParam::Curve;
161 using CK =
typename TypeParam::CommitmentKey;
163 CK
ck = create_commitment_key<CK>(this->n);
170 std::vector<Fr> shplonk_batching_challenge_powers =
171 compute_shplonk_batching_challenge_powers(shplonk_batching_challenge, this->log_n);
175 std::vector<Fr> mle_opening_point = this->random_evaluation_point(this->log_n);
178 this->num_polynomials,
191 auto fold_polynomials = GeminiProver::compute_fold_polynomials(this->log_n, mle_opening_point, batched);
193 std::vector<Commitment> prover_commitments;
194 for (
size_t l = 0; l < this->log_n - 1; ++l) {
195 auto commitment =
ck.commit(fold_polynomials[l]);
196 prover_commitments.emplace_back(commitment);
199 auto [A_0_pos, A_0_neg] =
202 const auto opening_claims = GeminiProver::construct_univariate_opening_claims(
205 std::vector<Fr> prover_evaluations;
206 for (
size_t l = 0; l < this->log_n; ++l) {
207 const auto& evaluation = opening_claims[l + 1].opening_pair.evaluation;
208 prover_evaluations.emplace_back(evaluation);
214 std::vector<Fr> expected_inverse_vanishing_evals;
215 expected_inverse_vanishing_evals.reserve(2 * this->log_n);
217 for (
size_t idx = 0; idx < this->log_n; idx++) {
218 expected_inverse_vanishing_evals.emplace_back((shplonk_eval_challenge - r_squares[idx]).invert());
219 expected_inverse_vanishing_evals.emplace_back((shplonk_eval_challenge + r_squares[idx]).invert());
222 Fr current_challenge{ shplonk_batching_challenge * shplonk_batching_challenge };
223 for (
size_t idx = 0; idx < prover_commitments.size(); ++idx) {
224 expected_result -= prover_commitments[idx] * current_challenge * expected_inverse_vanishing_evals[2 * idx + 2];
225 current_challenge *= shplonk_batching_challenge;
226 expected_result -= prover_commitments[idx] * current_challenge * expected_inverse_vanishing_evals[2 * idx + 3];
227 current_challenge *= shplonk_batching_challenge;
231 std::vector<Fr> inverse_vanishing_evals =
232 ShplonkVerifier::compute_inverted_gemini_denominators(shplonk_eval_challenge, r_squares);
234 Fr expected_constant_term_accumulator{ 0 };
237 expected_constant_term_accumulator, mle_opening_point, r_squares, prover_evaluations);
238 std::vector<Commitment> commitments;
239 std::vector<Fr> scalars;
241 ShpleminiVerifier::batch_gemini_claims_received_from_prover(prover_commitments,
243 gemini_fold_pos_evaluations,
244 inverse_vanishing_evals,
245 shplonk_batching_challenge_powers,
248 expected_constant_term_accumulator);
251 GroupElement shplemini_result = GroupElement::batch_mul(commitments, scalars);
264 using Curve = TypeParam::Curve;
266 constexpr bool HasZK =
true;
270 using CK =
typename TypeParam::CommitmentKey;
273 auto prover_transcript = TypeParam::Transcript::test_prover_init_empty();
277 CK
ck = create_commitment_key<CK>(
std::max<size_t>(this->n, 1ULL << (log_subgroup_size + 1)));
280 ZKData zk_sumcheck_data(this->log_n, prover_transcript,
ck);
283 std::vector<Fr> mle_opening_point = this->random_evaluation_point(this->log_n);
287 this->num_polynomials,
294 zk_sumcheck_data, mle_opening_point, this->log_n);
296 prover_transcript->send_to_verifier(
"Libra:claimed_evaluation", claimed_inner_product);
300 zk_sumcheck_data, mle_opening_point, claimed_inner_product, prover_transcript,
ck);
301 small_subgroup_ipa_prover.
prove();
304 const auto opening_claim = ShpleminiProver::prove(this->n,
312 TestFixture::IPA::compute_opening_proof(this->
ck(), opening_claim, prover_transcript);
321 std::array<Commitment, NUM_LIBRA_COMMITMENTS> libra_commitments = {};
322 libra_commitments[0] =
323 verifier_transcript->template receive_from_prover<Commitment>(
"Libra:concatenation_commitment");
326 const Fr libra_total_sum = verifier_transcript->template receive_from_prover<Fr>(
"Libra:Sum");
327 const Fr libra_challenge = verifier_transcript->template get_challenge<Fr>(
"Libra:Challenge");
328 const Fr libra_evaluation = verifier_transcript->template receive_from_prover<Fr>(
"Libra:claimed_evaluation");
331 EXPECT_EQ(libra_total_sum, zk_sumcheck_data.libra_total_sum);
332 EXPECT_EQ(libra_challenge, zk_sumcheck_data.libra_challenge);
333 EXPECT_EQ(libra_evaluation, claimed_inner_product);
336 libra_commitments[1] = verifier_transcript->template receive_from_prover<Commitment>(
"Libra:grand_sum_commitment");
337 libra_commitments[2] = verifier_transcript->template receive_from_prover<Commitment>(
"Libra:quotient_commitment");
340 auto [batch_opening_claim, consistency_checked] =
341 ShpleminiVerifier::compute_batch_opening_claim(mock_claims.
claim_batcher,
343 this->vk().get_g1_identity(),
351 TestFixture::IPA::reduce_verify_batch_opening_claim(batch_opening_claim, this->
vk(), verifier_transcript);
352 EXPECT_EQ(result,
true);
354 const auto pairing_points =
357 EXPECT_EQ(pairing_points.check(),
true);
359 EXPECT_EQ(consistency_checked,
true);
370 using Curve = TypeParam::Curve;
373 using CK =
typename TypeParam::CommitmentKey;
376 constexpr bool HasZK =
true;
379 CK
ck = create_commitment_key<CK>(4096);
382 std::vector<Fr> challenge = this->random_evaluation_point(this->log_n);
384 auto prover_transcript = TypeParam::Transcript::test_prover_init_empty();
392 mock_claims.template compute_sumcheck_opening_data<TypeParam>(
393 this->log_n, this->sumcheck_univariate_length, challenge,
ck);
396 const Fr claimed_inner_product =
399 prover_transcript->send_to_verifier(
"Libra:claimed_evaluation", claimed_inner_product);
403 zk_sumcheck_data, challenge, claimed_inner_product, prover_transcript,
ck);
404 small_subgroup_ipa_prover.
prove();
407 const auto opening_claim = ShpleminiProver::prove(this->n,
417 TestFixture::IPA::compute_opening_proof(this->
ck(), opening_claim, prover_transcript);
425 std::array<Commitment, NUM_LIBRA_COMMITMENTS> libra_commitments = {};
426 libra_commitments[0] =
427 verifier_transcript->template receive_from_prover<Commitment>(
"Libra:concatenation_commitment");
430 const Fr libra_total_sum = verifier_transcript->template receive_from_prover<Fr>(
"Libra:Sum");
431 const Fr libra_challenge = verifier_transcript->template get_challenge<Fr>(
"Libra:Challenge");
432 const Fr libra_evaluation = verifier_transcript->template receive_from_prover<Fr>(
"Libra:claimed_evaluation");
437 EXPECT_EQ(libra_evaluation, claimed_inner_product);
440 libra_commitments[1] = verifier_transcript->template receive_from_prover<Commitment>(
"Libra:grand_sum_commitment");
441 libra_commitments[2] = verifier_transcript->template receive_from_prover<Commitment>(
"Libra:quotient_commitment");
444 auto batch_opening_claim = ShpleminiVerifier::compute_batch_opening_claim(mock_claims.
claim_batcher,
446 this->vk().get_g1_identity(),
453 .batch_opening_claim;
457 TestFixture::IPA::reduce_verify_batch_opening_claim(batch_opening_claim, this->
vk(), verifier_transcript);
458 EXPECT_EQ(result,
true);
460 const auto pairing_points =
463 EXPECT_EQ(pairing_points.check(),
true);
479 using Curve =
typename TypeParam::Curve;
481 using CK =
typename TypeParam::CommitmentKey;
488 static constexpr size_t small_log_n = 3;
489 CK
ck = create_commitment_key<CK>(this->n);
492 auto u = this->random_evaluation_point(small_log_n);
503 const Fr tail = ((
Fr(1) - u[0]) * (
Fr(1) - u[1])).
invert();
504 poly.
at(4) = claimed_multilinear_eval * tail / u[2];
505 poly.
at(this->n - 8) = tail;
506 poly.
at(this->n - 4) = -tail * (
Fr(1) - u[2]) / u[2];
509 this->n, std::vector{
std::move(poly) }, std::vector<Fr>{ claimed_multilinear_eval },
ck);
514 const auto opening_claim =
515 ShpleminiProver::prove(this->n, mock_claims.polynomial_batcher, u,
ck, prover_transcript);
519 TestFixture::IPA::compute_opening_proof(
ck, opening_claim, prover_transcript);
527 auto batch_opening_claim = ShpleminiVerifier::compute_batch_opening_claim(
528 mock_claims.claim_batcher, u, this->vk().get_g1_identity(), verifier_transcript)
529 .batch_opening_claim;
534 TestFixture::IPA::reduce_verify_batch_opening_claim(batch_opening_claim, this->
vk(), verifier_transcript);
535 EXPECT_EQ(result,
true);
537 const auto pairing_points =
539 EXPECT_EQ(pairing_points.check(),
true);
555 using Curve =
typename TypeParam::Curve;
557 using CK =
typename TypeParam::CommitmentKey;
563 static constexpr size_t big_n = 1UL << 12;
564 static constexpr size_t small_log_n = 3;
565 static constexpr size_t big_ck_size = 1 << 14;
566 CK
ck = create_commitment_key<CK>(big_ck_size);
572 auto u = this->random_evaluation_point(small_log_n);
578 big_n, std::vector{
std::move(poly) }, std::vector<Fr>{ claimed_multilinear_eval },
ck);
583 const auto opening_claim = ShpleminiProver::prove(big_n, mock_claims.polynomial_batcher, u,
ck, prover_transcript);
587 TestFixture::IPA::compute_opening_proof(
ck, opening_claim, prover_transcript);
595 auto batch_opening_claim = ShpleminiVerifier::compute_batch_opening_claim(
596 mock_claims.claim_batcher, u, this->vk().get_g1_identity(), verifier_transcript)
597 .batch_opening_claim;
604 TestFixture::IPA::reduce_verify_batch_opening_claim(batch_opening_claim, this->
vk(), verifier_transcript);
605 EXPECT_EQ(result,
false);
607 const auto pairing_points =
609 EXPECT_EQ(pairing_points.check(),
false);
633 using Curve =
typename TypeParam::Curve;
637 using CK =
typename TypeParam::CommitmentKey;
641 CK
ck = create_commitment_key<CK>(this->n);
643 auto mle_opening_point = this->random_evaluation_point(this->log_n);
646 this->num_polynomials,
653 const auto opening_claim =
654 ShpleminiProver::prove(this->n, mock_claims.
polynomial_batcher, mle_opening_point,
ck, prover_transcript);
670 const Commitment g1_identity = this->
vk().get_g1_identity();
673 Fr lagrange0_at_u =
Fr(1);
674 for (
const auto& u_i : mle_opening_point) {
675 lagrange0_at_u *= (
Fr(1) - u_i);
677 const size_t unshifted_idx = this->num_polynomials - this->num_shiftable;
684 auto batch_opening_claim = ShpleminiVerifier::compute_batch_opening_claim(
685 mock_claims.
claim_batcher, mle_opening_point, g1_identity, verifier_transcript)
686 .batch_opening_claim;
693 const auto reduced = TestFixture::IPA::reduce_batch_opening_claim(batch_opening_claim);
694 prover_transcript->add_to_hash_buffer(
"IPA:commitment", reduced.commitment);
695 prover_transcript->add_to_hash_buffer(
"IPA:challenge", reduced.opening_pair.challenge);
696 prover_transcript->add_to_hash_buffer(
"IPA:evaluation", reduced.opening_pair.evaluation);
697 TestFixture::IPA::compute_opening_proof_internal(
ck, opening_claim, prover_transcript);
701 verifier_transcript->test_get_proof_data() = prover_transcript->test_get_proof_data();
704 TestFixture::IPA::reduce_verify_batch_opening_claim(batch_opening_claim, this->
vk(), verifier_transcript);
705 EXPECT_EQ(result,
false);
707 const auto pairing_points =
709 EXPECT_EQ(pairing_points.check(),
false);
717 EXPECT_EQ(prover_transcript->template get_challenge<Fr>(
"transcript_sync_check"),
718 verifier_transcript->template get_challenge<Fr>(
"transcript_sync_check"));
729 using Curve =
typename TypeParam::Curve;
731 constexpr bool HasZK =
true;
735 using CK =
typename TypeParam::CommitmentKey;
738 auto prover_transcript = TypeParam::Transcript::test_prover_init_empty();
742 CK
ck = create_commitment_key<CK>(
std::max<size_t>(this->n, 1ULL << (log_subgroup_size + 1)));
745 ZKData zk_sumcheck_data(this->log_n, prover_transcript,
ck);
748 std::vector<Fr> mle_opening_point = this->random_evaluation_point(this->log_n);
752 this->num_polynomials,
759 zk_sumcheck_data, mle_opening_point, this->log_n);
763 prover_transcript->send_to_verifier(
"Libra:claimed_evaluation", corrupted_inner_product);
768 zk_sumcheck_data, mle_opening_point, corrupted_inner_product, prover_transcript,
ck);
769 small_subgroup_ipa_prover.
prove();
772 const auto opening_claim = ShpleminiProver::prove(this->n,
780 TestFixture::IPA::compute_opening_proof(this->
ck(), opening_claim, prover_transcript);
789 std::array<Commitment, NUM_LIBRA_COMMITMENTS> libra_commitments = {};
790 libra_commitments[0] =
791 verifier_transcript->template receive_from_prover<Commitment>(
"Libra:concatenation_commitment");
794 [[maybe_unused]]
const Fr libra_total_sum = verifier_transcript->template receive_from_prover<Fr>(
"Libra:Sum");
795 [[maybe_unused]]
const Fr libra_challenge = verifier_transcript->template get_challenge<Fr>(
"Libra:Challenge");
797 const Fr libra_evaluation = verifier_transcript->template receive_from_prover<Fr>(
"Libra:claimed_evaluation");
800 libra_commitments[1] = verifier_transcript->template receive_from_prover<Commitment>(
"Libra:grand_sum_commitment");
801 libra_commitments[2] = verifier_transcript->template receive_from_prover<Commitment>(
"Libra:quotient_commitment");
804 auto shplemini_output = ShpleminiVerifier::compute_batch_opening_claim(mock_claims.
claim_batcher,
806 this->vk().get_g1_identity(),
813 EXPECT_FALSE(shplemini_output.consistency_checked);
823template <
typename TypeParam>
827 bool expected_consistency_checked)
832 using Curve =
typename TypeParam::Curve;
834 constexpr bool HasZK =
true;
838 using CK =
typename TypeParam::CommitmentKey;
840 auto prover_transcript = TypeParam::Transcript::test_prover_init_empty();
843 CK
ck = create_commitment_key<CK>(
std::max<size_t>(test->
n, 1ULL << (log_subgroup_size + 1)));
845 ZKData zk_sumcheck_data(test->
log_n, prover_transcript,
ck);
851 zk_sumcheck_data, mle_opening_point, test->
log_n);
853 prover_transcript->send_to_verifier(
"Libra:claimed_evaluation", claimed_inner_product);
856 zk_sumcheck_data, mle_opening_point, claimed_inner_product, prover_transcript,
ck);
857 small_subgroup_ipa_prover.
prove();
862 if (tamper_polynomial != TamperedPolynomial::None) {
863 witness_polynomials[
static_cast<size_t>(tamper_polynomial)].at(0) +=
Fr::random_element();
866 const auto opening_claim = ShpleminiProver::prove(
867 test->
n, mock_claims.
polynomial_batcher, mle_opening_point,
ck, prover_transcript, witness_polynomials);
877 std::array<Commitment, NUM_LIBRA_COMMITMENTS> libra_commitments = {};
878 libra_commitments[0] =
879 verifier_transcript->template receive_from_prover<Commitment>(
"Libra:concatenation_commitment");
881 [[maybe_unused]]
const Fr libra_total_sum = verifier_transcript->template receive_from_prover<Fr>(
"Libra:Sum");
882 [[maybe_unused]]
const Fr libra_challenge = verifier_transcript->template get_challenge<Fr>(
"Libra:Challenge");
883 const Fr libra_evaluation = verifier_transcript->template receive_from_prover<Fr>(
"Libra:claimed_evaluation");
885 libra_commitments[1] = verifier_transcript->template receive_from_prover<Commitment>(
"Libra:grand_sum_commitment");
886 libra_commitments[2] = verifier_transcript->template receive_from_prover<Commitment>(
"Libra:quotient_commitment");
889 if (tamper_commitment != TamperedCommitment::None) {
890 auto idx =
static_cast<size_t>(tamper_commitment);
891 libra_commitments[idx] = libra_commitments[idx] + Commitment::one();
894 auto [batch_opening_claim, consistency_checked] =
895 ShpleminiVerifier::compute_batch_opening_claim(mock_claims.
claim_batcher,
903 EXPECT_EQ(consistency_checked, expected_consistency_checked);
908 batch_opening_claim, test->
vk(), verifier_transcript));
910 const auto pairing_points =
912 EXPECT_FALSE(pairing_points.check());
921 using TamperedPolynomial =
typename TestFixture::TamperedPolynomial;
922 using TamperedCommitment =
typename TestFixture::TamperedCommitment;
925 this, TamperedPolynomial::Quotient, TamperedCommitment::None,
false);
933 using TamperedPolynomial =
typename TestFixture::TamperedPolynomial;
934 using TamperedCommitment =
typename TestFixture::TamperedCommitment;
937 this, TamperedPolynomial::None, TamperedCommitment::Quotient,
true);
945 using TamperedPolynomial =
typename TestFixture::TamperedPolynomial;
946 using TamperedCommitment =
typename TestFixture::TamperedCommitment;
949 this, TamperedPolynomial::GrandSum, TamperedCommitment::None,
false);
957 using TamperedPolynomial =
typename TestFixture::TamperedPolynomial;
958 using TamperedCommitment =
typename TestFixture::TamperedCommitment;
961 this, TamperedPolynomial::None, TamperedCommitment::GrandSum,
true);
969 using TamperedPolynomial =
typename TestFixture::TamperedPolynomial;
970 using TamperedCommitment =
typename TestFixture::TamperedCommitment;
973 this, TamperedPolynomial::Concatenated, TamperedCommitment::None,
false);
981 using TamperedPolynomial =
typename TestFixture::TamperedPolynomial;
982 using TamperedCommitment =
typename TestFixture::TamperedCommitment;
985 this, TamperedPolynomial::None, TamperedCommitment::Concatenated,
true);
#define BB_DISABLE_ASSERTS()
static std::shared_ptr< BaseTranscript > test_prover_init_empty()
For testing: initializes transcript with some arbitrary data so that a challenge can be generated aft...
static std::shared_ptr< BaseTranscript > test_verifier_init_empty(const std::shared_ptr< BaseTranscript > &transcript)
For testing: initializes transcript based on proof data then receives junk data produced by BaseTrans...
std::vector< Fr > random_evaluation_point(const size_t num_variables)
bb::CommitmentKey< Curve > CommitmentKey
Polynomial compute_batched(const Fr &challenge)
Compute batched polynomial A₀ = F + G/X as the linear combination of all polynomials to be opened,...
std::pair< Polynomial, Polynomial > compute_partially_evaluated_batch_polynomials(const Fr &r_challenge)
Compute partially evaluated batched polynomials A₀(X, r) = A₀₊ = F + G/r, A₀(X, -r) = A₀₋ = F - G/r.
static std::vector< Fr > compute_fold_pos_evaluations(const Fr &batched_evaluation, std::span< const Fr > evaluation_point, std::span< const Fr > challenge_powers, std::span< const Fr > fold_neg_evals)
Compute .
IPA (inner product argument) commitment scheme class.
static PairingPointsType reduce_verify_batch_opening_claim(BatchOpeningClaim< Curve > &&batch_opening_claim, const std::shared_ptr< Transcript > &transcript, const size_t expected_final_msm_size=0)
Computes the input points for the pairing check needed to verify a KZG opening claim obtained from a ...
static void compute_opening_proof(const CK &ck, const ProverOpeningClaim< Curve > &opening_claim, const std::shared_ptr< Transcript > &prover_trancript)
Computes the KZG commitment to an opening proof polynomial at a single evaluation point.
Structured polynomial class that represents the coefficients 'a' of a_0 + a_1 x .....
static Polynomial random(size_t size, size_t start_index=0)
Fr & at(size_t index)
Our mutable accessor, unlike operator[]. We abuse precedent a bit to differentiate at() and operator[...
static constexpr size_t n
static constexpr size_t log_n
static constexpr size_t n
typename Flavor::Curve::ScalarField Fr
static constexpr size_t num_polynomials
typename Flavor::CommitmentKey CK
typename Flavor::Curve::AffineElement Commitment
static constexpr size_t log_n
static constexpr size_t sumcheck_univariate_length
static constexpr size_t num_shiftable
typename Flavor::Curve::Element GroupElement
A Curve-agnostic ZK protocol to prove inner products of small vectors.
std::array< bb::Polynomial< FF >, NUM_SMALL_IPA_EVALUATIONS > get_witness_polynomials() const
static FF compute_claimed_inner_product(ZKSumcheckData< Flavor > &zk_sumcheck_data, const std::vector< FF > &multivariate_challenge, const size_t &log_circuit_size)
For test purposes: Compute the sum of the Libra constant term and Libra univariates evaluated at Sumc...
void prove()
Compute the derived witnesses and and commit to them.
Commitment get_g1_identity() const
typename Group::element Element
static constexpr size_t SUBGROUP_SIZE
typename Group::affine_element AffineElement
std::vector< Fr > powers_of_evaluation_challenge(const Fr &r, const size_t num_squares)
Compute squares of folding challenge r.
std::vector< Fr > powers_of_rho(const Fr &rho, const size_t num_powers)
Compute powers of challenge ρ
constexpr T get_msb(const T in)
Entry point for Barretenberg command-line interface.
::testing::Types< BN254Settings, GrumpkinSettings > TestSettings
TYPED_TEST_SUITE(CommitmentKeyTest, Curves)
TYPED_TEST(CommitmentKeyTest, CommitToZeroPoly)
void run_libra_tampering_test(ShpleminiTest< TypeParam > *test, typename ShpleminiTest< TypeParam >::TamperedPolynomial tamper_polynomial, typename ShpleminiTest< TypeParam >::TamperedCommitment tamper_commitment, bool expected_consistency_checked)
Helper to run a Libra tampering test with configurable tampering options.
CommitmentKey< Curve > ck
VerifierCommitmentKey< Curve > vk
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
void update_batch_mul_inputs_and_batched_evaluation(std::vector< Commitment > &commitments, std::vector< Fr > &scalars, Fr &batched_evaluation, const Fr &rho)
Append the commitments and scalars from each batch of claims to the Shplemini vectors which subsequen...
void compute_scalars_for_each_batch(std::span< const Fr > inverted_vanishing_evals, const Fr &nu_challenge, const Fr &r_challenge)
Compute scalars used to batch each set of claims, excluding contribution from batching challenge \rho...
std::vector< Commitment > commitments
Constructs random polynomials, computes commitments and corresponding evaluations.
std::vector< bb::Polynomial< Fr > > round_univariates
std::vector< Commitment > sumcheck_commitments
ClaimBatcher claim_batcher
std::vector< std::array< Fr, 3 > > sumcheck_evaluations
PolynomialBatcher polynomial_batcher
This structure is created to contain various polynomials and constants required by ZK Sumcheck.
constexpr field invert() const noexcept
static field random_element(numeric::RNG *engine=nullptr) noexcept
1.9.8