PlonkVerifierV2

Git Source

The TurboPlonk formula is: qo * wo = pub_input + q_c + q_mul0 * w0 * w1 + q_mul1 * w2 * w3 + q_lc0 * w0 + q_lc1 * w1 + q_lc2 * w2 + q_lc3 * w3 + q_hash0 * w0 + q_hash1 * w1 + q_hash2 * w2 + q_hash3 * w3 + q_ecc * w0 * w1 * w2 * w3 * wo

State Variables

COSET_K1

uint256 public constant COSET_K1 =
    0x2f8dd1f1a7583c42c4e12a44e110404c73ca6c94813f85835da4fb7bb1301d4a

COSET_K2

uint256 public constant COSET_K2 =
    0x1ee678a0470a75a6eaa8fe837060498ba828a3703b311d0f77f010424afeb025

COSET_K3

uint256 public constant COSET_K3 =
    0x2042a587a90c187b0a087c03e29c968b950b1db26d5c82d666905a6895790c0a

COSET_K4

uint256 public constant COSET_K4 =
    0x2e2b91456103698adf57b799969dea1c8f739da5d8d40dd3eb9222db7c81e881

BETA_H_X0

uint256 public constant BETA_H_X0 =
    0x260e01b251f6f1c7e7ff4e580791dee8ea51d87a358e038b4efe30fac09383c1

BETA_H_X1

uint256 public constant BETA_H_X1 =
    0x0118c4d5b837bcc2bc89b5b398b5974e9f5944073b32078b7e231fec938883b0

BETA_H_Y0

uint256 public constant BETA_H_Y0 =
    0x04fc6369f7110fe3d25156c1bb9a72859cf2a04641f99ba4ee413c80da6a5fe4

BETA_H_Y1

uint256 public constant BETA_H_Y1 =
    0x22febda3c0c0632a56475b4214e5615e11e6dd3f96e6cea2854a87d4dacc5e55

NUM_WIRE_TYPES

The number of wire types of the circuit, TurboPlonk has 5.

uint256 internal constant NUM_WIRE_TYPES = 5

Functions

verify

Verify a single TurboPlonk proofs.

function verify(
    IPlonkVerifier.VerifyingKey memory verifyingKey,
    uint256[11] memory publicInput,
    IPlonkVerifier.PlonkProof memory proof
) external view returns (bool);

Parameters

Returns

_validateProof

Validate all group points and scalar fields. Revert if any are invalid.

function _validateProof(IPlonkVerifier.PlonkProof memory proof) internal pure;

Parameters

_verify

function _verify(
    IPlonkVerifier.VerifyingKey memory verifyingKey,
    uint256[11] memory publicInput,
    IPlonkVerifier.PlonkProof memory proof
) private view returns (bool);

_computeChallenges

function _computeChallenges(
    IPlonkVerifier.VerifyingKey memory vk,
    uint256[11] memory pi,
    IPlonkVerifier.PlonkProof memory proof
) internal pure returns (Challenges memory res);

_computeLinPolyConstantTerm

Compute the constant term of the linearization polynomial.

r_plonk = PI - L1(x) * alpha^2 - alpha * \prod_i=1..m-1 (w_i + beta * sigma_i + gamma) *
(w_m + gamma) * z(xw)

where m is the number of wire types.

function _computeLinPolyConstantTerm(
    Challenges memory chal,
    IPlonkVerifier.PlonkProof memory proof,
    Poly.EvalData memory evalData
) internal pure returns (uint256 res);

_preparePolyCommitments

function _preparePolyCommitments(
    IPlonkVerifier.VerifyingKey memory verifyingKey,
    Challenges memory chal,
    Poly.EvalData memory evalData,
    IPlonkVerifier.PlonkProof memory proof
) internal view returns (BN254.G1Point memory e1, BN254.G1Point memory f1);

Returns

_linearizationPolyComm

Compute the linearization poly commitment

function _linearizationPolyComm(
    IPlonkVerifier.VerifyingKey memory verifyingKey,
    Challenges memory challenge,
    Poly.EvalData memory evalData,
    IPlonkVerifier.PlonkProof memory proof
) private view returns (BN254.G1Point memory d1);

Parameters

Returns

Errors

InvalidPlonkArgs

Plonk: invalid inputs, either mismatching lengths among input arguments or empty input.

error InvalidPlonkArgs();

WrongPlonkVK

Plonk: wrong verification key used.

error WrongPlonkVK();

Structs

Challenges

Plonk IOP verifier challenges.

struct Challenges {
    uint256 alpha; // 0x00
    uint256 alpha2; // 0x20
    uint256 alpha3; // 0x40
    uint256 beta; // 0x60
    uint256 gamma; // 0x80
    uint256 zeta; // 0xA0
    uint256 v; // 0xC0
    uint256 u; // 0xE0
}