$$a\mathcal {P}lon\mathcal {K}$$: Aggregated $$\mathcal {P}lon\mathcal {K}$$ from Multi-polynomial Commitment Schemes

$$\mathcal {P}lon\mathcal {K}$$ is a prominent universal and updatable zk-SNARK for general circuit satisfiability. We present $$a\mathcal {P}lon\mathcal {K}$$ , a variant of $$\mathcal {P}lon\mathcal {K}$$ that reduces the proof size and verification time when multiple statements are proven in a batch. Both the aggregated proof size and the verification complexity of $$a\mathcal {P}lon\mathcal {K}$$ are logarithmic in the number of aggregated statements. Our main building block, inspired by the techniques developed in SnarkPack (Gailly, Maller, Nitulescu, FC 2022), is a multi-polynomial commitment scheme, a new primitive that generalizes polynomial commitment schemes. Our techniques also include a mechanism for involving committed data into $$\mathcal {P}lon\mathcal {K}$$ statements very efficiently, which can be of independent interest. We implement an open-source industrial-grade library for zero-knowledge $$\mathcal {P}lon\mathcal {K}$$ proofs with support for $$a\mathcal {P}lon\mathcal {K}$$ . Our experimental results show that our techniques are suitable for real-world applications (such as blockchain rollups), achieving significant performance improvements in proof size and verification time.