Auxiliary opening data (#134)

* Add the trait bounds

* Add `CommitmentState`

* Update benches for the new type

* Fix the name of local variable

* Merge `PCCommitmentState` with `PCRandomness`

* Update `README.md`

* Fix a bug

* Put `Randomness` in `CommitmentState`

* Add a comment

* Remove the extra loop

* Update the comment for `CommitmentState`

Co-authored-by: Marcin <marcin.gorny.94@protonmail.com>

* cargo fmt

---------

Co-authored-by: Marcin <marcin.gorny.94@protonmail.com>

README.md

@@ -128,11 +128,11 @@ let (ck, vk) = PCS::trim(&pp, degree, 2, Some(&[degree])).unwrap();
 
 // 3. PolynomialCommitment::commit
 // The prover commits to the polynomial using their committer key `ck`.
-let (comms, rands) = PCS::commit(&ck, [&labeled_poly], Some(rng)).unwrap(); 
+let (comms, states) = PCS::commit(&ck, [&labeled_poly], Some(rng)).unwrap(); 
 
 // 4a. PolynomialCommitment::open
 // Opening proof at a single point.
-let proof_single = PCS::open(&ck, [&labeled_poly], &comms, &point_1, &mut (test_sponge.clone()), &rands, None).unwrap(); 
+let proof_single = PCS::open(&ck, [&labeled_poly], &comms, &point_1, &mut (test_sponge.clone()), &states, None).unwrap(); 
 
 // 5a. PolynomialCommitment::check
 // Verifying the proof at a single point, given the commitment, the point, the claimed evaluation, and the proof.
@@ -154,7 +154,7 @@ let proof_batched = PCS::batch_open(
    &comms,
    &query_set,
    &mut (test_sponge.clone()),
-   &rands,
+   &states,
    Some(rng),
 ).unwrap();
 

bench-templates/src/lib.rs

@@ -114,7 +114,7 @@ where
     let labeled_poly =
         LabeledPolynomial::new("test".to_string(), rand_poly(num_vars, rng), None, None);
 
-    let (coms, randomness) = PCS::commit(&ck, [&labeled_poly], Some(rng)).unwrap();
+    let (coms, states) = PCS::commit(&ck, [&labeled_poly], Some(rng)).unwrap();
     let point = P::Point::rand(rng);
 
     let start = Instant::now();
@@ -124,7 +124,7 @@ where
         &coms,
         &point,
         &mut test_sponge(),
-        &randomness,
+        &states,
         Some(rng),
     )
     .unwrap();
@@ -148,7 +148,7 @@ where
     let labeled_poly =
         LabeledPolynomial::new("test".to_string(), rand_poly(num_vars, rng), None, None);
 
-    let (coms, randomness) = PCS::commit(&ck, [&labeled_poly], Some(rng)).unwrap();
+    let (coms, states) = PCS::commit(&ck, [&labeled_poly], Some(rng)).unwrap();
     let point = P::Point::rand(rng);
 
     let proofs = PCS::open(
@@ -157,7 +157,7 @@ where
         &coms,
         &point,
         &mut test_sponge(),
-        &randomness,
+        &states,
         Some(rng),
     )
     .unwrap();
@@ -185,7 +185,7 @@ where
     let labeled_poly =
         LabeledPolynomial::new("test".to_string(), rand_poly(num_vars, rng), None, None);
 
-    let (coms, randomness) = PCS::commit(&ck, [&labeled_poly], Some(rng)).unwrap();
+    let (coms, states) = PCS::commit(&ck, [&labeled_poly], Some(rng)).unwrap();
     let point = P::Point::rand(rng);
     let claimed_eval = labeled_poly.evaluate(&point);
     let proof = PCS::open(
@@ -194,7 +194,7 @@ where
         &coms,
         &point,
         &mut test_sponge(),
-        &randomness,
+        &states,
         Some(rng),
     )
     .unwrap();

poly-commit/src/data_structures.rs

@@ -70,9 +70,12 @@ pub trait PCPreparedCommitment<UNPREPARED: PCCommitment>: Clone {
     fn prepare(comm: &UNPREPARED) -> Self;
 }
 
-/// Defines the minimal interface of commitment randomness for any polynomial
-/// commitment scheme.
-pub trait PCRandomness: Clone + CanonicalSerialize + CanonicalDeserialize {
+/// Defines the minimal interface of commitment state for any polynomial
+/// commitment scheme. It might be randomness etc.
+pub trait PCCommitmentState: Clone + CanonicalSerialize + CanonicalDeserialize {
+    /// This is the type of `Randomness` that the `rand` method returns
+    type Randomness: Clone + CanonicalSerialize + CanonicalDeserialize;
+
     /// Outputs empty randomness that does not hide the commitment.
     fn empty() -> Self;
 
@@ -86,9 +89,8 @@ pub trait PCRandomness: Clone + CanonicalSerialize + CanonicalDeserialize {
         has_degree_bound: bool,
         num_vars: Option<usize>,
         rng: &mut R,
-    ) -> Self;
+    ) -> Self::Randomness;
 }
-
 /// A proof of satisfaction of linear combinations.
 #[derive(Clone, CanonicalSerialize, CanonicalDeserialize)]
 pub struct BatchLCProof<F: PrimeField, T: Clone + CanonicalSerialize + CanonicalDeserialize> {

poly-commit/src/ipa_pc/data_structures.rs

@@ -146,7 +146,8 @@ pub struct Randomness<G: AffineRepr> {
     pub shifted_rand: Option<G::ScalarField>,
 }
 
-impl<G: AffineRepr> PCRandomness for Randomness<G> {
+impl<G: AffineRepr> PCCommitmentState for Randomness<G> {
+    type Randomness = Self;
     fn empty() -> Self {
         Self {
             rand: G::ScalarField::zero(),

poly-commit/src/ipa_pc/mod.rs

@@ -1,7 +1,7 @@
 use crate::{BTreeMap, BTreeSet, String, ToString, Vec, CHALLENGE_SIZE};
 use crate::{BatchLCProof, DenseUVPolynomial, Error, Evaluations, QuerySet};
 use crate::{LabeledCommitment, LabeledPolynomial, LinearCombination};
-use crate::{PCCommitterKey, PCRandomness, PCUniversalParams, PolynomialCommitment};
+use crate::{PCCommitmentState, PCCommitterKey, PCUniversalParams, PolynomialCommitment};
 
 use ark_ec::{AffineRepr, CurveGroup, VariableBaseMSM};
 use ark_ff::{Field, One, PrimeField, UniformRand, Zero};
@@ -347,7 +347,7 @@ where
     type CommitterKey = CommitterKey<G>;
     type VerifierKey = VerifierKey<G>;
     type Commitment = Commitment<G>;
-    type Randomness = Randomness<G>;
+    type CommitmentState = Randomness<G>;
     type Proof = Proof<G>;
     type BatchProof = Vec<Self::Proof>;
     type Error = Error;
@@ -418,7 +418,7 @@ where
     ) -> Result<
         (
             Vec<LabeledCommitment<Self::Commitment>>,
-            Vec<Self::Randomness>,
+            Vec<Self::CommitmentState>,
         ),
         Self::Error,
     >
@@ -427,7 +427,7 @@ where
     {
         let rng = &mut crate::optional_rng::OptionalRng(rng);
         let mut comms = Vec::new();
-        let mut rands = Vec::new();
+        let mut states = Vec::new();
 
         let commit_time = start_timer!(|| "Committing to polynomials");
         for labeled_polynomial in polynomials {
@@ -446,7 +446,7 @@ where
                 hiding_bound,
             ));
 
-            let randomness = if let Some(h) = hiding_bound {
+            let state = if let Some(h) = hiding_bound {
                 Randomness::rand(h, degree_bound.is_some(), None, rng)
             } else {
                 Randomness::empty()
@@ -456,7 +456,7 @@ where
                 &ck.comm_key[..(polynomial.degree() + 1)],
                 &polynomial.coeffs(),
                 Some(ck.s),
-                Some(randomness.rand),
+                Some(state.rand),
             )
             .into();
 
@@ -465,7 +465,7 @@ where
                     &ck.comm_key[(ck.supported_degree() - d)..],
                     &polynomial.coeffs(),
                     Some(ck.s),
-                    randomness.shifted_rand,
+                    state.shifted_rand,
                 )
                 .into()
             });
@@ -474,13 +474,13 @@ where
             let labeled_comm = LabeledCommitment::new(label.to_string(), commitment, degree_bound);
 
             comms.push(labeled_comm);
-            rands.push(randomness);
+            states.push(state);
 
             end_timer!(commit_time);
         }
 
         end_timer!(commit_time);
-        Ok((comms, rands))
+        Ok((comms, states))
     }
 
     fn open<'a>(
@@ -489,12 +489,12 @@ where
         commitments: impl IntoIterator<Item = &'a LabeledCommitment<Self::Commitment>>,
         point: &'a P::Point,
         sponge: &mut S,
-        rands: impl IntoIterator<Item = &'a Self::Randomness>,
+        states: impl IntoIterator<Item = &'a Self::CommitmentState>,
         rng: Option<&mut dyn RngCore>,
     ) -> Result<Self::Proof, Self::Error>
     where
         Self::Commitment: 'a,
-        Self::Randomness: 'a,
+        Self::CommitmentState: 'a,
         P: 'a,
     {
         let mut combined_polynomial = P::zero();
@@ -504,15 +504,15 @@ where
         let mut has_hiding = false;
 
         let polys_iter = labeled_polynomials.into_iter();
-        let rands_iter = rands.into_iter();
+        let states_iter = states.into_iter();
         let comms_iter = commitments.into_iter();
 
         let combine_time = start_timer!(|| "Combining polynomials, randomness, and commitments.");
 
         let mut cur_challenge = sponge.squeeze_field_elements_with_sizes(&[CHALLENGE_SIZE])[0];
 
-        for (labeled_polynomial, (labeled_commitment, randomness)) in
-            polys_iter.zip(comms_iter.zip(rands_iter))
+        for (labeled_polynomial, (labeled_commitment, state)) in
+            polys_iter.zip(comms_iter.zip(states_iter))
         {
             let label = labeled_polynomial.label();
             assert_eq!(labeled_polynomial.label(), labeled_commitment.label());
@@ -528,7 +528,7 @@ where
 
             if hiding_bound.is_some() {
                 has_hiding = true;
-                combined_rand += &(cur_challenge * &randomness.rand);
+                combined_rand += &(cur_challenge * &state.rand);
             }
 
             cur_challenge = sponge.squeeze_field_elements_with_sizes(&[CHALLENGE_SIZE])[0];
@@ -554,7 +554,7 @@ where
                 combined_commitment_proj += &commitment.shifted_comm.unwrap().mul(cur_challenge);
 
                 if hiding_bound.is_some() {
-                    let shifted_rand = randomness.shifted_rand;
+                    let shifted_rand = state.shifted_rand;
                     assert!(
                         shifted_rand.is_some(),
                         "shifted_rand.is_none() for {}",
@@ -870,23 +870,23 @@ where
         commitments: impl IntoIterator<Item = &'a LabeledCommitment<Self::Commitment>>,
         query_set: &QuerySet<P::Point>,
         sponge: &mut S,
-        rands: impl IntoIterator<Item = &'a Self::Randomness>,
+        states: impl IntoIterator<Item = &'a Self::CommitmentState>,
         rng: Option<&mut dyn RngCore>,
     ) -> Result<BatchLCProof<G::ScalarField, Self::BatchProof>, Self::Error>
     where
-        Self::Randomness: 'a,
+        Self::CommitmentState: 'a,
         Self::Commitment: 'a,
         P: 'a,
     {
         let label_poly_map = polynomials
             .into_iter()
-            .zip(rands)
+            .zip(states)
             .zip(commitments)
-            .map(|((p, r), c)| (p.label(), (p, r, c)))
+            .map(|((p, s), c)| (p.label(), (p, s, c)))
             .collect::<BTreeMap<_, _>>();
 
         let mut lc_polynomials = Vec::new();
-        let mut lc_randomness = Vec::new();
+        let mut lc_states = Vec::new();
         let mut lc_commitments = Vec::new();
         let mut lc_info = Vec::new();
 
@@ -944,7 +944,7 @@ where
             let lc_poly =
                 LabeledPolynomial::new(lc_label.clone(), poly, degree_bound, hiding_bound);
             lc_polynomials.push(lc_poly);
-            lc_randomness.push(Randomness {
+            lc_states.push(Randomness {
                 rand: combined_rand,
                 shifted_rand: combined_shifted_rand,
             });
@@ -965,7 +965,7 @@ where
             lc_commitments.iter(),
             &query_set,
             sponge,
-            lc_randomness.iter(),
+            lc_states.iter(),
             rng,
         )?;
         Ok(BatchLCProof { proof, evals: None })

poly-commit/src/kzg10/data_structures.rs

@@ -420,7 +420,8 @@ impl<F: PrimeField, P: DenseUVPolynomial<F>> Randomness<F, P> {
     }
 }
 
-impl<F: PrimeField, P: DenseUVPolynomial<F>> PCRandomness for Randomness<F, P> {
+impl<F: PrimeField, P: DenseUVPolynomial<F>> PCCommitmentState for Randomness<F, P> {
+    type Randomness = Self;
     fn empty() -> Self {
         Self {
             blinding_polynomial: P::zero(),

poly-commit/src/kzg10/mod.rs

@@ -5,7 +5,7 @@
 //! proposed by Kate, Zaverucha, and Goldberg ([KZG10](http://cacr.uwaterloo.ca/techreports/2010/cacr2010-10.pdf)).
 //! This construction achieves extractability in the algebraic group model (AGM).
 
-use crate::{BTreeMap, Error, LabeledPolynomial, PCRandomness, ToString, Vec};
+use crate::{BTreeMap, Error, LabeledPolynomial, PCCommitmentState, ToString, Vec};
 use ark_ec::AffineRepr;
 use ark_ec::{pairing::Pairing, CurveGroup};
 use ark_ec::{scalar_mul::ScalarMul, VariableBaseMSM};