A circuit for computing c, from section 5, step 5 of "A multi-folding scheme for CCS"

[dmpierre]

Gadget to compute $\sum_{j \in [t]} \gamma^{j} \cdot e_1 \cdot \sigma_j + \gamma^{t+1} \cdot e2 \cdot \sum{i=1} ci * \prod{j \in S_i} \theta_j$. This is the sum computed by the verifier and laid out in section 5, step 5 of "A multi-folding scheme for CCS".

Gadget methods defined here. Test implemented here.

[dmpierre]

Nice work!

I'm wondering if we could maybe merge the SumMulsGammaPowsEqSigmaGadget, SumCiMulProdThetajGadget into ComputeCFromSigmasAndThetasGadget.

The reasoning is that SumMulsGammaPowsEqSigmaGadget and SumCiMulProdThetajGadget are not used anywere else than inside ComputeCFromSigmasAndThetasGadget, so the methods SumMulsGammaPowsEqSigmaGadget::sum_muls_gamma_pows_eq_sigma() and SumCiMulProdThetajGadget::sum_ci_mul_prod_thetaj() could be private methods of ComputeCFromSigmasAndThetasGadget, since at the end they are internal intermediate steps of the ComputeCFromSigmasAndThetasGadget::compute_c_from_sigmas_and_thetas() method. And ComputeCFromSigmasAndThetasGadget::compute_c_from_sigmas_and_thetas() being the only public method of the gadget. In this way we avoid having extra complexname-gadgets exposed publicly.

How do you see it?

Great idea, makes things much cleaner. Done with 4566385!