# Verkle Cryptography API
## Introduction
In this document, we describe the API that the cryptography layer needs to expose to the verkle trie layer. If you are creating a verkle trie implementation without the cryptography fully being implemented, you can mock the following APIs.
## Elliptic Curve API
We define a Elliptic curve $E$ over a base field $F_p$ with a scalar field $F_r$.
The group exposed by $E(F_p)$ must have prime order. This is so that the verkle trie logic does not need to worry about subgroup attack vectors.
The group exposes two algorithm:
- $\text{Serialise}$: This algorithm takes in a group element as input and returns a unique encoding of the group element as a byte string.
- $\text{MapToFieldBytes}$ : This algorithm takes in a group element as input and maps the group element to the base field $F_p$. The output is a unique encoding of the field element in $F_p$ as a byte string.
> MapToFieldBytes returns a byte string so that the verkle trie library does not need to be concerned with $F_p$, only $F_r$ is exposed through the API.
## MultiPoint Scheme API
The multipoint scheme exposes three algorithms:
- $\text{Prove:}$ This algorithm takes in as input a list of tuples of the form $(C_i, f_i(X), z_i, y_i)$ and produces a proof $\pi$ that each $f_i(z_i) = y_i$.
$C_i$ is the commitment to the function $f_i(X)$ and is produced by using the $\text{Commit}$ algorithm.
- $\text{Commit:}$ This algorithm takes as input a function $f(X)$ and produces a commitment to that function $C$.
- $\text{Verify:}$ This algorithm takes as input a proof $\pi$, and a list of tuples $C_i, z_i, y_i$. The output is true, if the proof can attest to the fact that, for all $i$, $C_i$ commits to a function $f_i(X)$ using $\text{Commit}$ and $f_i(z_i) = y_i$
## Summary
The API surface that the cryptography layer exposes to the verkle trie layer is very small; five methods. We note that in some cases, $\text{Serialise}$ and $\text{MapToFieldBytes}$ can uses the same function. The reason why we have two exposed algorithms is because $\text{MapToFieldBytes}$ is also expected to be zero knowledge friendly for when we provide a proof of execution for verkle trees, while $\text{Serialise}$ does not need to be.
Sign in with Wallet
Connect another wallet