Function bellperson::groth16::aggregate::aggregate_proofs
source ยท pub fn aggregate_proofs<E>(
srs: &ProverSRS<E>,
transcript_include: &[u8],
proofs: &[Proof<E>],
version: AggregateVersion,
) -> Result<AggregateProof<E>, SynthesisError>
Expand description
Aggregate n
zkSnark proofs, where n
must be a power of two.
WARNING: transcript_include represents everything that should be included in
the transcript from outside the boundary of this function. This is especially
relevant for ALL public inputs of ALL individual proofs. In the regular case,
one should input ALL public inputs from ALL proofs aggregated. However, IF ALL the
public inputs are fixed, and public before the aggregation time, then there is
no need to hash those. The reason we specify this extra assumption is because hashing
the public inputs from the decoded form can take quite some time depending on the
number of proofs and public inputs (+100ms in our case). In the case of Filecoin, the only
non-fixed part of the public inputs are the challenges derived from a seed. Even though this
seed comes from a random beeacon, we are hashing this as a safety precaution.