Commitments SRS breakup companion #632
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
gbotrel
requested changes
Apr 11, 2023
| @@ -8,7 +8,7 @@ import ( | |||
| "github.com/consensys/gnark-crypto/ecc/{{toLower .Curve}}/fr/iop" | |||
| "github.com/consensys/gnark-crypto/ecc" | |||
|
|
|||
| kzgg "github.com/consensys/gnark-crypto/kzg" | |||
| //kzgg "github.com/consensys/gnark-crypto/kzg" TODO Figure out why this is useful | |||
There was a problem hiding this comment.
if it compiles without it, kill it :)
| @@ -46,7 +46,7 @@ type VerifyingKey struct { | |||
| NbPublicVariables uint64 | |||
|
|
|||
| // Commitment scheme that is used for an instantiation of PLONK | |||
| KZGSRS *kzg.SRS | |||
| Kzg kzg.VerifyingKey | |||
There was a problem hiding this comment.
maybe Kzg -> KZGPk ? to make it clear that the Kzg objects in the proving and verifying keys are different.
There was a problem hiding this comment.
I felt that when we have pk.Kzg and vk.Kzg the context makes the type clear.
ThomasPiellard
approved these changes
Apr 18, 2023
Tabaie
changed the title
gbotrel
approved these changes
Apr 21, 2023
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Companion to Consensys/gnark-crypto#378 and Consensys/gnark-crypto#384.
The main idea is that by breaking up the KZG prover and verifier portions (who only have the generator of G1 in common) we get a lighter-weight Plonk verifying key.
In light of this, we will have the option to serialize and deserialize the KZG verifying key as part of the Plonk verifying key. The advantage to this is its obvious convenience. The (less tangible) disadvantage is that it muddies the conceptual separation between data structures that are resulting from a trusted setup (KZG stuff) and those that are merely precomputed (commitments to selectors etc.)
Similarly, in Groth16 circuits using commitments, the verifying key is best not polluted by the Pedersen proving key with twice as many group elements as there are committed variables.