It uses the ethereum bn256.
// p(x) = x^3 + x + 5
p := []*big.Int{
big.NewInt(5),
big.NewInt(1), // x^1
big.NewInt(0), // x^2
big.NewInt(1), // x^3
}
assert.Equal(t, "1x³ + 1x¹ + 5", PolynomialToString(p))
// TrustedSetup
ts, err := NewTrustedSetup(p)
assert.Nil(t, err)
// Commit
c := Commit(ts, p)
// p(z)=y --> p(3)=35
z := big.NewInt(3)
y := big.NewInt(35)
// z & y: to prove an evaluation p(z)=y
proof, err := EvaluationProof(ts, p, z, y)
assert.Nil(t, err)
// verification
v := Verify(ts, c, proof, z, y)
assert.True(t, v)
Batch Proofs:
// zs & ys contain the f(z_i)=y_i values that will be proved inside a batch proof
zs := []*big.Int{z0, z1, z2}
ys := []*big.Int{y0, y1, y2}
// prove an evaluation of the multiple z_i & y_i
proof, err := EvaluationBatchProof(ts, p, zs, ys)
assert.Nil(t, err)
// batch proof verification
v := VerifyBatchProof(ts, c, proof, zs, ys)
assert.True(t, v)