package octez-plonk

  1. Overview
  2. Docs
Legend:
Library
Module
Module type
Parameter
Class
Class type

Parameters

Signature

module PC = PC

Underlying polynomial commitment scheme on which the polynomial protocol is based. Input of the functor Polynomial_protocol.Make.

type prover_public_parameters = PC.Public_parameters.prover

The type of prover public parameters.

val prover_public_parameters_t : prover_public_parameters Repr.t
type verifier_public_parameters = PC.Public_parameters.verifier

The type of verifier public parameters.

val verifier_public_parameters_t : verifier_public_parameters Repr.t
type transcript = PC.transcript

The type for transcripts, used for applying the Fiat-Shamir heuristic

val transcript_t : transcript Repr.t
type proof = {
  1. cm_t : PC.Commitment.t;
  2. pc_proof : PC.proof;
  3. pc_answers : PC.answer list;
}

The type for proofs, containing a commitment to the polynomial T that asserts the satisfiability of the identities over the subset of interest, as well as a PC proof and a list of PC answers.

val proof_t : proof Repr.t
val setup : setup_params:PC.Public_parameters.setup_params -> srs: (Octez_bls12_381_polynomial.Bls12_381_polynomial.Srs.t * Octez_bls12_381_polynomial.Bls12_381_polynomial.Srs.t) -> prover_public_parameters * verifier_public_parameters

The polynomial commitment setup function, requires a labeled argument of setup parameters for the underlying PC and a labeled argument containing the path location of a set of SRS files.

val prove : prover_public_parameters -> transcript -> n:int -> generator:Plonk.Bls.Scalar.t -> secrets:(Plonk.Bls.Poly.t SMap.t * PC.Commitment.prover_aux) list -> eval_points:Identities.eval_point list list -> evaluations:Bls.Evaluations.t SMap.t -> identities:Identities.prover_identities -> nb_of_t_chunks:int -> proof * transcript

The prover function. Takes as input the prover_public_parameters, an initial transcript (possibly including a context if this prove is used as a building block of a bigger protocol), the size n of subgroup H, the canonical generator of subgroup H, a list of secrets including polynomials that have supposedly been committed (and a verifier received such commitments) as well as prover auxiliary information generated during the committing process, a list of evaluation point lists specifying the evaluation points where each secret needs to be evaluated at, a map of the above-mentioned polynomials this time in FFT evaluations form, for efficient polynomial multiplication, and some prover_identities that are supposedly satisfied by the secret polynomials. Outputs a proof and an updated transcript.

val verify : verifier_public_parameters -> transcript -> n:int -> generator:Plonk.Bls.Scalar.t -> commitments:PC.Commitment.t list -> eval_points:Identities.eval_point list list -> identities:Identities.verifier_identities -> proof -> bool * transcript

The verifier function. Takes as input the verifier_public_parameters, an initial transcript (that should coincide with the initial transcript used by prove), the size n of subgroup H, the canonical generator of subgroup H, a list of commitments to the secret polynomials by the prover, a list of evaluation points as in prove, some verifier_identities, and a proof. Outputs a bool value representing acceptance or rejection.

OCaml

Innovation. Community. Security.