a16z · quangvdao · Feb 28, 2026 · Feb 28, 2026 · Feb 28, 2026 · Feb 28, 2026
@@ -6,7 +6,6 @@ use jolt_core::utils::math::Math;
 use rand::Rng;
 use rand_chacha::ChaCha20Rng;
 use rand_core::{RngCore, SeedableRng};
-// use rayon::prelude::*;
 
 fn benchmark_dory_dense(c: &mut Criterion, name: &str, k: usize, t: usize) {
     let globals = DoryGlobals::initialize_context(k, t, DoryContext::Main, None);
@@ -20,7 +19,7 @@ fn benchmark_dory_dense(c: &mut Criterion, name: &str, k: usize, t: usize) {
     c.bench_function(&format!("{name} Dory commit_rows"), |b| {
         b.iter(|| {
             let _ = globals;
-            DoryCommitmentScheme::commit(&poly, &setup);
+            DoryCommitmentScheme::default().commit(&poly, &setup);
         });
     });
 }
@@ -43,10 +42,7 @@ fn benchmark_dory_one_hot_batch(c: &mut Criterion, name: &str, k: usize, t: usiz
     c.bench_function(&format!("{name} Dory one-hot commit"), |b| {
         b.iter(|| {
             let _ = globals;
-            DoryCommitmentScheme::batch_commit(&polys, &setup);
-            // polys.par_iter().for_each(|poly| {
-            //     DoryCommitmentScheme::commit(&poly, &setup);
-            // });
+            DoryCommitmentScheme::default().batch_commit(&polys, &setup);
         });
     });
 }
@@ -75,7 +71,7 @@ fn benchmark_dory_mixed_batch(c: &mut Criterion, name: &str, k: usize, t: usize)
     c.bench_function(&format!("{name} Dory mixed batch commit"), |b| {
         b.iter(|| {
             let _ = globals;
-            DoryCommitmentScheme::batch_commit(&polys, &setup);
+            DoryCommitmentScheme::default().batch_commit(&polys, &setup);
         });
     });
 }

@@ -2,6 +2,7 @@ use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
 use std::borrow::Borrow;
 use std::fmt::Debug;
 
+use crate::poly::opening_proof::BatchPolynomialSource;
 use crate::transcripts::Transcript;
 use crate::{
     curve::JoltCurve,
@@ -10,8 +11,10 @@ use crate::{
     utils::{errors::ProofVerifyError, small_scalar::SmallScalar},
 };
 
-pub trait CommitmentScheme: Clone + Sync + Send + 'static {
+pub trait CommitmentScheme: Clone + Sync + Send + Default + 'static {
     type Field: JoltField + Sized;
+    /// PCS-specific configuration carried by the instance. Opaque to generic code.
+    type Config: Clone + Sync + Send + CanonicalSerialize + CanonicalDeserialize;
     type ProverSetup: Clone + Sync + Send + Debug + CanonicalSerialize + CanonicalDeserialize;
     type VerifierSetup: Clone + Sync + Send + Debug + CanonicalSerialize + CanonicalDeserialize;
     type Commitment: Default
@@ -23,101 +26,47 @@ pub trait CommitmentScheme: Clone + Sync + Send + 'static {
         + CanonicalDeserialize
         + Clone;
     type Proof: Sync + Send + CanonicalSerialize + CanonicalDeserialize + Clone + Debug;
-    type BatchedProof: Sync + Send + CanonicalSerialize + CanonicalDeserialize;
     /// A hint that helps the prover compute an opening proof. Typically some byproduct of
     /// the commitment computation, e.g. for Dory the Pedersen commitments to the rows can be
     /// used as a hint for the opening proof.
     type OpeningProofHint: Sync + Send + Clone + Debug + PartialEq;
 
-    /// Generates the prover setup for this PCS. `max_num_vars` is the maximum number of
-    /// variables of any polynomial that will be committed using this setup.
     fn setup_prover(max_num_vars: usize) -> Self::ProverSetup;
 
-    /// Generates the verifier setup from the prover setup.
     fn setup_verifier(setup: &Self::ProverSetup) -> Self::VerifierSetup;
 
-    /// Commits to a multilinear polynomial using the provided setup.
-    ///
-    /// # Arguments
-    /// * `poly` - The multilinear polynomial to commit to
-    /// * `setup` - The prover setup for the commitment scheme
-    ///
-    /// # Returns
-    /// A tuple containing the commitment to the polynomial and a hint that can be used
-    /// to optimize opening proof generation
+    /// Reconstruct a PCS instance from a batched proof (e.g. for the verifier to
+    /// recover PCS-specific configuration serialized during proving).
+    fn from_proof(proof: &Self::Proof) -> Self;
+
+    fn config(&self) -> &Self::Config;
+
     fn commit(
+        &self,
         poly: &MultilinearPolynomial<Self::Field>,
         setup: &Self::ProverSetup,
     ) -> (Self::Commitment, Self::OpeningProofHint);
 
-    /// Commits to multiple multilinear polynomials in batch.
-    ///
-    /// # Arguments
-    /// * `polys` - A slice of multilinear polynomials to commit to
-    /// * `gens` - The prover setup for the commitment scheme
-    ///
-    /// # Returns
-    /// A vector of commitments, one for each input polynomial
     fn batch_commit<U>(
+        &self,
         polys: &[U],
         gens: &Self::ProverSetup,
     ) -> Vec<(Self::Commitment, Self::OpeningProofHint)>
     where
         U: Borrow<MultilinearPolynomial<Self::Field>> + Sync;
 
-    /// Homomorphically combines multiple commitments into a single commitment, computed as a
-    /// linear combination with the given coefficients.
-    fn combine_commitments<C: Borrow<Self::Commitment>>(
-        _commitments: &[C],
-        _coeffs: &[Self::Field],
-    ) -> Self::Commitment {
-        todo!("`combine_commitments` should be on a separate `AdditivelyHomomorphic` trait")
-    }
-
-    /// Homomorphically combines multiple opening proof hints into a single hint, computed as a
-    /// linear combination with the given coefficients.
-    fn combine_hints(
-        _hints: Vec<Self::OpeningProofHint>,
-        _coeffs: &[Self::Field],
-    ) -> Self::OpeningProofHint {
-        unimplemented!()
-    }
-
-    /// Generates a proof of evaluation for a polynomial at a specific point.
-    ///
-    /// # Arguments
-    /// * `setup` - The prover setup for the commitment scheme
-    /// * `poly` - The multilinear polynomial being proved
-    /// * `opening_point` - The point at which the polynomial is evaluated
-    /// * `hint` - An optional hint that helps optimize the proof generation.
-    ///   When `None`, implementations should compute the hint internally if needed.
-    /// * `transcript` - The transcript for Fiat-Shamir transformation
-    ///
-    /// # Returns
-    /// A tuple containing:
-    /// - The proof of the polynomial evaluation at the specified point
-    /// - An optional ZK blinding factor (y_blinding) for use in BlindFold; None for non-ZK schemes
     fn prove<ProofTranscript: Transcript>(
+        &self,
         setup: &Self::ProverSetup,
         poly: &MultilinearPolynomial<Self::Field>,
         opening_point: &[<Self::Field as JoltField>::Challenge],
         hint: Option<Self::OpeningProofHint>,
         transcript: &mut ProofTranscript,
+        commitment: &Self::Commitment,
     ) -> (Self::Proof, Option<Self::Field>);
 
-    /// Verifies a proof of polynomial evaluation at a specific point.
-    ///
-    /// # Arguments
-    /// * `proof` - The proof to be verified
-    /// * `setup` - The verifier setup for the commitment scheme
-    /// * `transcript` - The transcript for Fiat-Shamir transformation
-    /// * `opening_point` - The point at which the polynomial is evaluated
-    /// * `opening` - The claimed evaluation value of the polynomial at the opening point
-    /// * `commitment` - The commitment to the polynomial
-    ///
-    /// # Returns
-    /// Ok(()) if the proof is valid, otherwise a ProofVerifyError
     fn verify<ProofTranscript: Transcript>(
+        &self,
         proof: &Self::Proof,
         setup: &Self::VerifierSetup,
         transcript: &mut ProofTranscript,
@@ -126,6 +75,31 @@ pub trait CommitmentScheme: Clone + Sync + Send + 'static {
         commitment: &Self::Commitment,
     ) -> Result<(), ProofVerifyError>;
 
+    #[allow(clippy::too_many_arguments)]
+    fn batch_prove<ProofTranscript: Transcript, S: BatchPolynomialSource<Self::Field>>(
+        &self,
+        setup: &Self::ProverSetup,
+        poly_source: &S,
+        hints: Vec<Self::OpeningProofHint>,
+        commitments: &[&Self::Commitment],
+        opening_point: &[<Self::Field as JoltField>::Challenge],
+        claims: &[Self::Field],
+        coeffs: &[Self::Field],
+        transcript: &mut ProofTranscript,
+    ) -> (Self::Proof, Option<Self::Field>);
+
+    #[allow(clippy::too_many_arguments)]
+    fn batch_verify<ProofTranscript: Transcript>(
+        &self,
+        proof: &Self::Proof,
+        setup: &Self::VerifierSetup,
+        transcript: &mut ProofTranscript,
+        opening_point: &[<Self::Field as JoltField>::Challenge],
+        commitments: &[&Self::Commitment],
+        claims: &[Self::Field],
+        coeffs: &[Self::Field],
+    ) -> Result<(), ProofVerifyError>;
+
     fn protocol_name() -> &'static [u8];
 
     /// Extracts raw BN254 G1 generators and blinding generator from the prover setup.
@@ -155,18 +129,21 @@ pub trait StreamingCommitmentScheme: CommitmentScheme {
     /// The type representing chunk state (tier 1 commitments)
     type ChunkState: Send + Sync + Clone + PartialEq + Debug;
 
-    /// Compute tier 1 commitment for a chunk of small scalar values
-    fn process_chunk<T: SmallScalar>(setup: &Self::ProverSetup, chunk: &[T]) -> Self::ChunkState;
+    fn process_chunk<T: SmallScalar>(
+        &self,
+        setup: &Self::ProverSetup,
+        chunk: &[T],
+    ) -> Self::ChunkState;
 
-    /// Compute tier 1 commitment for a chunk of one-hot values
     fn process_chunk_onehot(
+        &self,
         setup: &Self::ProverSetup,
         onehot_k: usize,
         chunk: &[Option<usize>],
     ) -> Self::ChunkState;
 
-    /// Compute tier 2 commitment from accumulated tier 1 commitments
     fn aggregate_chunks(
+        &self,
         setup: &Self::ProverSetup,
         onehot_k: Option<usize>,
         tier1_commitments: &[Self::ChunkState],