Finished step 7

verifier_circuit/src/poly_commitment/commitment.ts

@@ -221,6 +221,15 @@ export class AggregatedEvaluationProof
     /** scaling factor for polynomials */
     evalscale: Scalar
     /** batched opening proof */
-    opening: &'a OpeningProof
+    opening: OpeningProof
     combined_inner_product: Scalar
 }
+
+export class OpeningProof {
+    /** vector of rounds of L & R commitments */
+    lr: [Group, Group][]
+    delta: Group
+    z1: Scalar
+    z2: Scalar
+    sg: Group
+}

verifier_circuit/src/prover/prover.ts

@@ -1,6 +1,6 @@
 import { Polynomial } from "../polynomial.js"
 import { Field, Group, Scalar } from "o1js"
-import { PolyComm, bPoly, bPolyCoefficients } from "../poly_commitment/commitment";
+import { PolyComm, bPoly, bPolyCoefficients, OpeningProof } from "../poly_commitment/commitment";
 import { getLimbs64 } from "../util/bigint";
 import { Sponge } from "../verifier/sponge";
 import { Verifier, VerifierIndex } from "../verifier/verifier.js";
@@ -16,20 +16,22 @@ export class ProverProof {
     evals: ProofEvaluations<PointEvaluations<Scalar[]>>
     prev_challenges: RecursionChallenge[]
     commitments: ProverCommitments
-
     /** Required evaluation for Maller's optimization */
     ft_eval1: Scalar
+    proof: OpeningProof
 
     constructor(
         evals: ProofEvaluations<PointEvaluations<Scalar[]>>,
         prev_challenges: RecursionChallenge[],
         commitments: ProverCommitments,
-        ft_eval1: Scalar
+        ft_eval1: Scalar,
+        proof: OpeningProof
     ) {
         this.evals = evals;
         this.prev_challenges = prev_challenges;
         this.commitments = commitments;
-        this.ft_eval1 = ft_eval1
+        this.ft_eval1 = ft_eval1;
+        this.proof = proof;
     }
 
     /**

verifier_circuit/src/serde/serde_index.ts

@@ -8,7 +8,7 @@ import { Polynomial } from "../polynomial"
 import { Alphas } from "../alphas"
 
 export interface PolyCommJSON {
-    unshifted: { x: string, y: string }[]
+    unshifted: GroupJSON[]
     shifted: null
 }
 
@@ -103,16 +103,21 @@ interface VerifierIndexJSON {
     linearization: LinearizationJSON,
 }
 
-export function deserGroup(x: string, y: string): Group {
-    if (x === "0" && y === "1") {
+export interface GroupJSON {
+    x: string
+    y: string
+}
+
+export function deserGroup(json: GroupJSON): Group {
+    if (json.x === "0" && json.y === "1") {
         return Group.zero
     } else {
-        return Group.from(x, y);
+        return Group.from(json.x, json.y);
     }
 }
 
 export function deserPolyComm(json: PolyCommJSON): PolyComm<Group> {
-    const unshifted = json.unshifted.map(({ x, y }) => deserGroup(x, y));
+    const unshifted = json.unshifted.map(deserGroup);
     let shifted = undefined;
     if (json.shifted != null) {
         shifted = json.shifted;

verifier_circuit/src/serde/serde_proof.ts

@@ -1,7 +1,7 @@
-import { Proof, Scalar } from "o1js"
-import { PolyComm } from "../poly_commitment/commitment.js";
+import { Group, Proof, Scalar } from "o1js"
+import { OpeningProof, PolyComm } from "../poly_commitment/commitment.js";
 import { LookupEvaluations, PointEvaluations, ProofEvaluations, ProverCommitments, ProverProof, RecursionChallenge } from "../prover/prover.js"
-import { deserPolyComm, PolyCommJSON } from "./serde_index.js";
+import { deserPolyComm, PolyCommJSON, deserGroup, GroupJSON } from "./serde_index.js";
 
 type PointEvals = PointEvaluations<Scalar[]>;
 
@@ -120,19 +120,41 @@ export function deserProverCommitments(json: ProverCommitmentsJSON): ProverCommi
     };
 }
 
+
+interface OpeningProofJSON {
+    lr: GroupJSON[][] // [GroupJSON, GroupJSON]
+    delta: GroupJSON
+    z1: string
+    z2: string
+    sg: GroupJSON
+}
+
+export function deserOpeningProof(json: OpeningProofJSON): OpeningProof {
+    return {
+        lr: json.lr.map((g) => [deserGroup(g[0]), deserGroup(g[1])]),
+        delta: deserGroup(json.delta),
+        z1: deserHexScalar(json.z1),
+        z2: deserHexScalar(json.z2),
+        sg: deserGroup(json.sg),
+    }
+}
+
 interface ProverProofJSON {
     evals: ProofEvalsJSON
     prev_challenges: RecursionChallenge[]
     commitments: ProverCommitmentsJSON
     ft_eval1: string
+    proof: OpeningProofJSON
 }
 
+
 export function deserProverProof(json: ProverProofJSON): ProverProof {
-    const { evals, prev_challenges, commitments, ft_eval1 } = json;
+    const { evals, prev_challenges, commitments, ft_eval1, proof } = json;
     return new ProverProof(
         deserProofEvals(evals),
         prev_challenges,
         deserProverCommitments(commitments),
-        deserHexScalar(ft_eval1)
+        deserHexScalar(ft_eval1),
+        deserOpeningProof(proof)
     );
 }

verifier_circuit/src/verifier/batch.ts

@@ -1,4 +1,4 @@
-import { Evaluation, PolyComm } from "../poly_commitment/commitment.js";
+import { AggregatedEvaluationProof, Evaluation, PolyComm } from "../poly_commitment/commitment.js";
 import { ProverProof, PointEvaluations, ProofEvaluations, Constants } from "../prover/prover.js";
 import { Verifier, VerifierIndex } from "./verifier.js";
 import { Group, Scalar } from "o1js";
@@ -181,31 +181,17 @@ export class Batch extends Verifier {
         }
 
         // prepare for the opening proof verification
-        let evaluation_points = vec![oracles.zeta, oracles.zeta * verifier_index.domain.group_gen];
-        Ok(BatchEvaluationProof {
+        let evaluation_points = [oracles.zeta, oracles.zeta.mul(verifier_index.domain_gen)];
+        const agg_proof: AggregatedEvaluationProof = {
             sponge: fq_sponge,
             evaluations,
             evaluation_points,
             polyscale: oracles.v,
             evalscale: oracles.u,
-            opening: &proof.proof,
+            opening: proof.proof,
             combined_inner_product,
-        })
-        /*
-          Compute the commitment to the linearized polynomial $f$. To do this, add the constraints of all of the gates, of the permutation, and optionally of the lookup. (See the separate sections in the constraints section.) Any polynomial should be replaced by its associated commitment, contained in the verifier index or in the proof, unless a polynomial has its evaluation provided by the proof in which case the evaluation should be used in place of the commitment.
-          Compute the (chuncked) commitment of $ft$ (see Maller’s optimization).
-          List the polynomial commitments, and their associated evaluations, that are associated to the aggregated evaluation proof in the proof:
-              recursion
-              public input commitment
-              ft commitment (chunks of it)
-              permutation commitment
-              index commitments that use the coefficients
-              witness commitments
-              coefficient commitments
-              sigma commitments
-              lookup commitments
-        */
-        return public_comm;
+        };
+        return agg_proof;
     }
 
     /*

verifier_circuit/src/verifier/batching.test.ts

@@ -14,12 +14,5 @@ test("Partial verification integration test", () => {
     const vi = deserVerifierIndex(verifier_index_json);
     const proof = deserProverProof(proof_json);
 
-    let f_comm = Batch.toBatch(vi, proof, []); // upto step 2 implemented.
-    let expected_f_comm = new PolyComm<Group>([
-        Group({
-            x: Field(0x221b959dacd2052aae26193fca36b53279866a4fbbab0d5a2f828b5fd7778201n),
-            y: Field(0x058c8f1105cae57f4891eadc9b85c8954e5067190e155e61d66855ace69c16c0n)
-        })
-    ])
-    expect(f_comm).toEqual(expected_f_comm)
+    Batch.toBatch(vi, proof, []); // upto step 2 implemented.
 })