Documentation

Fields

• tBlinding :: f

  Blinding factor of the T1 and T2 commitments, combined into the form required to make the committed version of the x-polynomial add up

• mu :: f

  Blinding factor required for the Verifier to verify commitments A, S

• t :: f

  Dot product of vectors l and r that prove knowledge of the value in range t = t(x) = l(x) · r(x)

• aiCommit :: Point

  Commitment to vectors aL and aR

• aoCommit :: Point

  Commitment to vectors aO

• sCommit :: Point

  Commitment to new vectors sL, sR, created at random by the Prover

• tCommits :: [Point]

  Commitments to t1, t3, t4, t5, t6

• productProof :: InnerProductProof f
   

Fields

• weights :: GateWeights f

  Weights for vectors of left and right inputs and for vector of outputs

• commitmentWeights :: [[f]]

  Weigths for a commitments V of rank m

• cs :: [f]

  Vector of constants of size Q

Fields

• assignment :: Assignment f

  Vectors of left and right inputs and vector of outputs

• commitments :: [Point]

  Vector of commited input values ∈ F^m

• commitBlinders :: [f]

  Vector of blinding factors for input values ∈ F^m

Fields

• wL :: [[f]]

  WL ∈ F^(Q x n)

• wR :: [[f]]

  WR ∈ F^(Q x n)

• wO :: [[f]]

  WO ∈ F^(Q x n)

Fields

• aL :: [f]

  aL ∈ F^n. Vector of left inputs of each multiplication gate

• aR :: [f]

  aR ∈ F^n. Vector of right inputs of each multiplication gate

• aO :: [f]

  aO ∈ F^n. Vector of outputs of each multiplication gate