|
barretenberg
|
Prover class for the Goblin ECC op queue transcript merge protocol. More...
#include <merge_prover.hpp>
Public Member Functions | |
| MergeProver_ (const std::shared_ptr< CommitmentKey > &, const std::shared_ptr< ECCOpQueue > &, const std::shared_ptr< Transcript > &transcript=std::make_shared< Transcript >()) | |
| plonk::proof & | construct_proof () |
| Prove proper construction of the aggregate Goblin ECC op queue polynomials T_i^(j), j = 1,2,3,4. | |
Public Attributes | |
| std::shared_ptr< Transcript > | transcript |
| std::shared_ptr< ECCOpQueue > | op_queue |
| std::shared_ptr< CommitmentKey > | pcs_commitment_key |
Prover class for the Goblin ECC op queue transcript merge protocol.
| Flavor |
|
explicit |
Create MergeProver_
| plonk::proof & proof_system::honk::MergeProver_< Flavor >::construct_proof |
Prove proper construction of the aggregate Goblin ECC op queue polynomials T_i^(j), j = 1,2,3,4.
Let T_i^(j) be the jth column of the aggregate op queue after incorporating the contribution from the present circuit. T_{i-1}^(j) corresponds to the aggregate op queue at the previous stage and $t_i^(j)$ represents the contribution from the present circuit only. For each j, we have the relationship T_i = T_{i-1} + right_shift(t_i, M_{i-1}), where the shift magnitude M_{i-1} is the length of T_{i-1}. This protocol demonstrates that the aggregate op queue has been constructed correctly via a simple Schwartz-Zippel check. Evaluations are proven via batched KZG.
TODO(#746): Prove connection between t_i^{shift}, committed to herein, and t_i, used in the main protocol. See issue for details (https://github.com/AztecProtocol/barretenberg/issues/746).
| Flavor |
1.9.6