Function schnorrkel::vrf::dleq_verify_batch
source ยท pub fn dleq_verify_batch(
ps: &[VRFInOut],
proofs: &[VRFProofBatchable],
public_keys: &[PublicKey],
kusama: bool,
) -> SignatureResult<()>
Expand description
Batch verify DLEQ proofs where the public keys were held by different parties.
We first reconstruct the c
s present in the VRFProof
s but absent
in the VRFProofBatchable
s, using shorten_dleq
. We then verify
the R
and Hr
components of the VRFProofBatchable
s using the
two equations a normal verification uses to discover them.
We do this by delinearizing both verification equations with
random numbers.
TODO: Assess when the two verification equations should be combined, presumably by benchmarking both forms. At smaller batch sizes then we should clearly benefit form the combined form, but any combination doubles the scalar by scalar multiplications and hashing, so large enough batch verifications should favor two separate calls.