Add polynomial commitment for multilinear polynomial (#66)

* add multilinear_pc barebones

* add multilinear extension commitment scheme

* add unit tests

* temporarily change dependency

* change dependency

* add trim

* remove `get_key`

* use `format` from ark_std

* fmt

* revert prev two

* tweak

* fmt

* Slightly tune the comments

* fmt

Co-authored-by: Weikeng Chen <w.k@berkeley.edu>

Author: tsunrise

src/lib.rs

@@ -97,6 +97,14 @@ pub mod sonic_pc;
 /// [pcdas]: https://eprint.iacr.org/2020/499
 pub mod ipa_pc;
 
+/// A multilinear polynomial commitment scheme that converts n-variate multilinear polynomial into
+/// n quotient UV polynomial. This scheme is based on hardness of the discrete logarithm
+/// in prime-order groups. Construction is detailed in [[XZZPD19]][xzzpd19] and [[ZGKPP18]][zgkpp18]
+///
+/// [xzzpd19]: https://eprint.iacr.org/2019/317
+/// [zgkpp]: https://ieeexplore.ieee.org/document/8418645
+pub mod multilinear_pc;
+
 /// Multivariate polynomial commitment based on the construction in
 /// [[PST13]][pst] with batching and (optional) hiding property inspired
 /// by the univariate scheme in [[CHMMVW20, "Marlin"]][marlin]

src/multilinear_pc/data_structures.rs

@@ -0,0 +1,70 @@
+use ark_ec::PairingEngine;
+use ark_serialize::{CanonicalDeserialize, CanonicalSerialize, Read, SerializationError, Write};
+use ark_std::vec::Vec;
+#[allow(type_alias_bounds)]
+/// Evaluations over {0,1}^n for G1
+pub type EvaluationHyperCubeOnG1<E: PairingEngine> = Vec<E::G1Affine>;
+#[allow(type_alias_bounds)]
+/// Evaluations over {0,1}^n for G2
+pub type EvaluationHyperCubeOnG2<E: PairingEngine> = Vec<E::G2Affine>;
+
+/// Public Parameter used by prover
+#[derive(CanonicalSerialize, CanonicalDeserialize, Clone, Debug)]
+pub struct UniversalParams<E: PairingEngine> {
+    /// number of variables
+    pub num_vars: usize,
+    /// `pp_{num_vars}`, `pp_{num_vars - 1}`, `pp_{num_vars - 2}`, ..., defined by XZZPD19
+    pub powers_of_g: Vec<EvaluationHyperCubeOnG1<E>>,
+    /// `pp_{num_vars}`, `pp_{num_vars - 1}`, `pp_{num_vars - 2}`, ..., defined by XZZPD19
+    pub powers_of_h: Vec<EvaluationHyperCubeOnG2<E>>,
+    /// generator for G1
+    pub g: E::G1Affine,
+    /// generator for G2
+    pub h: E::G2Affine,
+    /// g^randomness
+    pub g_mask: Vec<E::G1Affine>,
+}
+
+/// Public Parameter used by prover
+#[derive(CanonicalSerialize, CanonicalDeserialize, Clone, Debug)]
+pub struct CommitterKey<E: PairingEngine> {
+    /// number of variables
+    pub nv: usize,
+    /// pp_k defined by libra
+    pub powers_of_g: Vec<EvaluationHyperCubeOnG1<E>>,
+    /// pp_h defined by libra
+    pub powers_of_h: Vec<EvaluationHyperCubeOnG2<E>>,
+    /// generator for G1
+    pub g: E::G1Affine,
+    /// generator for G2
+    pub h: E::G2Affine,
+}
+
+/// Public Parameter used by prover
+#[derive(CanonicalSerialize, CanonicalDeserialize, Clone, Debug)]
+pub struct VerifierKey<E: PairingEngine> {
+    /// number of variables
+    pub nv: usize,
+    /// generator of G1
+    pub g: E::G1Affine,
+    /// generator of G2
+    pub h: E::G2Affine,
+    /// g^t1, g^t2, ...
+    pub g_mask_random: Vec<E::G1Affine>,
+}
+
+#[derive(CanonicalSerialize, CanonicalDeserialize, Clone, Debug)]
+/// commitment
+pub struct Commitment<E: PairingEngine> {
+    /// number of variables
+    pub nv: usize,
+    /// product of g as described by the vRAM paper
+    pub g_product: E::G1Affine,
+}
+
+#[derive(CanonicalSerialize, CanonicalDeserialize, Clone, Debug)]
+/// proof of opening
+pub struct Proof<E: PairingEngine> {
+    /// Evaluation of quotients
+    pub proofs: Vec<E::G2Affine>,
+}