RingVerifier from VerifierKey

[davxy]

As discussed some time ago at the moment in the Sassafras pallet when I need to check a bunch of tickets I'm loading the whole KZG from store in order to construct the VerifierKey.

This is obviously wrong as it is sufficient to:

1. construct the VerifierKey once the public keys are known
2. serialize the VerifierKey
3. load the VerifierKey to verify the tickets

The VerifierKey serialized size for a domain of 1024 is just 384 bytes (as opposed to the KZG which is 147747 bytes).

What I actually missing to start using it is a way to construct the RingVerifier from the VerifierKey and the params to reconstruct the piop_params. In practice I need a function like:

pub fn make_ring_verifier(
    verifier_key: VerifierKey,
    h_seed: [u8; 32],
    domain_size: usize
) -> RingVerifier {
    let piop_params = make_piop_params(h_seed, domain_size);   /// <<<<< THIS IS ALREADY provided in ring.rs
    RingVerifier::init(verifier_key, piop_params, Transcript::new(b"ring-vrf-test"))
}

Do you think is possible to add something like it in bandersnatch_vrfs?

[davxy]

cc @swasilyev

[burdges]

At first blush I think ring::RingVerifier could #[derive(CannonicalSerialize,CannonicalDeserialze)] except..

PlonkVerifier cannot #[derive(CannonicalSerialize,CannonicalDeserialze)] while it contains a raw transcript: https://github.com/w3f/ring-proof/blob/master/common/src/verifier.rs#L17

It's trivial to fix that however.. It's improve the borrowing concerns too.

I'm not really sure what @swasilyev plans though

[burdges]

ring::VerifierKey is 32kb because of https://github.com/w3f/ring-proof/blob/master/ring/src/ring_verifier.rs#L25

It'll only be 400 bytes or so in the runtime when using the ark-substrate curve though. It still contains the transcript however, so this should be created afresh, or use other tricks.

I'd say RingVerifier::init is "cheap" so we call it every time.

[davxy]

Closed by https://github.com/w3f/ring-vrf/pull/67