The goal is to make ClientIvc more flexible and intuitive, primarily through making recursive folding verification an internal component to the class. E.g. given 10 circuits in circuits, I'd like to be able to do this:
where proof, if verified, establishes knowledge of a witness satisfying all 10 circuits. This is currently not the case in general because there is nothing establishing that all but the last fold was done correctly. It works only in the special case of the aztec private function execution where every other circuit is a kernel containing two recursive folding verifications. If we instead build a single recursive folding verification into each call to accumulate (as we already do with the recursive merge verifier) then we can achieve the simple syntax above and it will be valid for arbitrary circuits. This also has the desirable side effect of removing the details of the IVC scheme from the aztec kernel which affords the backend more flexibility (e.g. to fold more than one instance at a time).
The goal is to make ClientIvc more flexible and intuitive, primarily through making recursive folding verification an internal component to the class. E.g. given 10 circuits in
circuits,I'd like to be able to do this:where
proof, if verified, establishes knowledge of a witness satisfying all 10 circuits. This is currently not the case in general because there is nothing establishing that all but the last fold was done correctly. It works only in the special case of the aztec private function execution where every other circuit is a kernel containing two recursive folding verifications. If we instead build a single recursive folding verification into each call to accumulate (as we already do with the recursive merge verifier) then we can achieve the simple syntax above and it will be valid for arbitrary circuits. This also has the desirable side effect of removing the details of the IVC scheme from the aztec kernel which affords the backend more flexibility (e.g. to fold more than one instance at a time).