Use batch commitment scheme and commit only polynomial linear combination

plonk-core/Cargo.toml

@@ -64,6 +64,9 @@ merlin = { version = "3.0", default-features = false }
 num-traits = { version = "0.2.14" }
 rand_core = {version = "0.6", default-features=false, features = ["getrandom"] }
 
+ark-marlin = "0.3.0"
+digest = { version = "0.9" }
+
 [dev-dependencies]
 ark-bls12-377 = "0.3"
 ark-bls12-381 = "0.3"

plonk-core/src/circuit.rs

@@ -225,7 +225,7 @@ where
     fn compile<PC>(
         &mut self,
         u_params: &PC::UniversalParams,
-    ) -> Result<(ProverKey<F>, VerifierKey<F, PC>), Error>
+    ) -> Result<(ProverKey<F, PC>, VerifierKey<F, PC>), Error>
     where
         F: PrimeField,
         PC: HomomorphicCommitment<F>,
@@ -265,7 +265,7 @@ where
     fn gen_proof<PC>(
         &mut self,
         u_params: &PC::UniversalParams,
-        prover_key: ProverKey<F>,
+        prover_key: ProverKey<F, PC>,
         transcript_init: &'static [u8],
     ) -> Result<(Proof<F, PC>, PublicInputs<F>), Error>
     where

plonk-core/src/proof_system/linearisation_poly.rs

@@ -5,6 +5,7 @@
 // Copyright (c) DUSK NETWORK. All rights reserved.
 
 use crate::{
+    commitment::HomomorphicCommitment,
     error::Error,
     label_eval,
     proof_system::{
@@ -161,9 +162,9 @@ where
 }
 
 /// Compute the linearisation polynomial.
-pub fn compute<F, P>(
+pub fn compute<F, P, PC: HomomorphicCommitment<F>>(
     domain: &GeneralEvaluationDomain<F>,
-    prover_key: &ProverKey<F>,
+    prover_key: &ProverKey<F, PC>,
     alpha: &F,
     beta: &F,
     gamma: &F,
@@ -284,7 +285,7 @@ where
         table_next_eval,
     };
 
-    let gate_constraints = compute_gate_constraint_satisfiability::<F, P>(
+    let gate_constraints = compute_gate_constraint_satisfiability::<F, P, PC>(
         range_separation_challenge,
         logic_separation_challenge,
         fixed_base_separation_challenge,
@@ -350,15 +351,15 @@ where
 
 /// Computes the gate constraint satisfiability portion of the linearisation
 /// polynomial.
-fn compute_gate_constraint_satisfiability<F, P>(
+fn compute_gate_constraint_satisfiability<F, P, PC: HomomorphicCommitment<F>>(
     range_separation_challenge: &F,
     logic_separation_challenge: &F,
     fixed_base_separation_challenge: &F,
     var_base_separation_challenge: &F,
     wire_evals: &WireEvaluations<F>,
     q_arith_eval: F,
     custom_evals: &CustomEvaluations<F>,
-    prover_key: &ProverKey<F>,
+    prover_key: &ProverKey<F, PC>,
 ) -> DensePolynomial<F>
 where
     F: PrimeField,

plonk-core/src/proof_system/permutation.rs

@@ -16,32 +16,34 @@ use ark_poly::{
     polynomial::univariate::DensePolynomial, EvaluationDomain, Evaluations,
     GeneralEvaluationDomain,
 };
-use ark_poly_commit::PCCommitment;
+use ark_poly_commit::{PCCommitment, PolynomialCommitment};
 use ark_serialize::*;
 
+// Copy(bound = "PC::Commitment: Copy"),
 /// Permutation Prover Key
 #[derive(CanonicalDeserialize, CanonicalSerialize, derivative::Derivative)]
 #[derivative(
-    Clone(bound = ""),
-    Debug(bound = ""),
-    Eq(bound = ""),
-    PartialEq(bound = "")
+    Clone,
+    Debug(bound = "PC::Commitment: std::fmt::Debug"),
+    Eq(bound = "PC::Commitment: Eq"),
+    PartialEq(bound = "PC::Commitment: PartialEq")
 )]
-pub struct ProverKey<F>
+pub struct ProverKey<F, PC>
 where
     F: FftField,
+    PC: PolynomialCommitment<F, DensePolynomial<F>>,
 {
     /// Left Permutation
-    pub left_sigma: (DensePolynomial<F>, Evaluations<F>),
+    pub left_sigma: (DensePolynomial<F>, Evaluations<F>, PC::Commitment),
 
     /// Right Permutation
-    pub right_sigma: (DensePolynomial<F>, Evaluations<F>),
+    pub right_sigma: (DensePolynomial<F>, Evaluations<F>, PC::Commitment),
 
     /// Output Permutation
-    pub out_sigma: (DensePolynomial<F>, Evaluations<F>),
+    pub out_sigma: (DensePolynomial<F>, Evaluations<F>, PC::Commitment),
 
     /// Fourth Permutation
-    pub fourth_sigma: (DensePolynomial<F>, Evaluations<F>),
+    pub fourth_sigma: (DensePolynomial<F>, Evaluations<F>, PC::Commitment),
 
     /// Linear Evaluations
     pub linear_evaluations: Evaluations<F>,
@@ -53,9 +55,10 @@ where
      * domain elements] */
 }
 
-impl<F> ProverKey<F>
+impl<F, PC> ProverKey<F, PC>
 where
     F: FftField,
+    PC: PolynomialCommitment<F, DensePolynomial<F>>,
 {
     /// Computes permutation term of the quotient polynomial at the `i`th domain
     /// point.

plonk-core/src/proof_system/preprocess.rs

@@ -128,7 +128,7 @@ where
         commit_key: &PC::CommitterKey,
         transcript: &mut Transcript,
         _pc: PhantomData<PC>,
-    ) -> Result<ProverKey<F>, Error>
+    ) -> Result<ProverKey<F, PC>, Error>
     where
         PC: HomomorphicCommitment<F>,
     {
@@ -215,6 +215,26 @@ where
         let v_h_coset_4n =
             compute_vanishing_poly_over_coset(domain_4n, domain.size() as u64);
 
+        let (
+            left_sigma_poly,
+            right_sigma_poly,
+            out_sigma_poly,
+            fourth_sigma_poly,
+        ) = self.perm.compute_sigma_polynomials(self.n, &domain);
+
+        let (commitments, _) = PC::commit(
+            commit_key,
+            [
+                label_polynomial!(left_sigma_poly),
+                label_polynomial!(right_sigma_poly),
+                label_polynomial!(out_sigma_poly),
+                label_polynomial!(fourth_sigma_poly),
+            ]
+            .iter(),
+            None,
+        )
+        .map_err(to_pc_error::<F, PC>)?;
+
         Ok(ProverKey::from_polynomials_and_evals(
             domain.size(),
             (selectors.q_m, q_m_eval_4n),
@@ -229,10 +249,26 @@ where
             (selectors.q_lookup, q_lookup_eval_4n),
             (selectors.q_fixed_group_add, q_fixed_group_add_eval_4n),
             (selectors.q_variable_group_add, q_variable_group_add_eval_4n),
-            (selectors.left_sigma, left_sigma_eval_4n),
-            (selectors.right_sigma, right_sigma_eval_4n),
-            (selectors.out_sigma, out_sigma_eval_4n),
-            (selectors.fourth_sigma, fourth_sigma_eval_4n),
+            (
+                selectors.left_sigma,
+                left_sigma_eval_4n,
+                commitments[0].commitment().clone(),
+            ),
+            (
+                selectors.right_sigma,
+                right_sigma_eval_4n,
+                commitments[1].commitment().clone(),
+            ),
+            (
+                selectors.out_sigma,
+                out_sigma_eval_4n,
+                commitments[2].commitment().clone(),
+            ),
+            (
+                selectors.fourth_sigma,
+                fourth_sigma_eval_4n,
+                commitments[3].commitment().clone(),
+            ),
             linear_eval_4n,
             v_h_coset_4n,
             preprocessed_table.t[0].0.clone(),