updated with reference to plonk (#3462)

guruvamsi-policharla · web-flow · commit 2e532fe8678e · 2026-03-24T21:54:47.000-04:00
diff --git a/docs/blogs/batch-pari.html b/docs/blogs/batch-pari.html
@@ -224,7 +224,11 @@ <h3 id="our-solution">Our Solution</h3>
         multiplications for the <span class="math inline">\(v_a, v_b,
         v_q\)</span> terms, and finally checking a single multi-pairing.
         Of course, we still need to carry out steps 1-5 for each proof,
-        but these are very fast hashing and field operations.</p>
+        but these are very fast hashing and field operations. This
+        strategy applies more broadly to KZG opening proofs and
+        KZG-based SNARKs such as Plonk. For example, <a
+        href="https://github.com/Consensys/gnark/blob/6e6960808dfdc41e56d089d870f12ce2bc7f8289/std/recursion/plonk/verifier.go#L946-L973">gnark</a>
+        uses it for more efficient recursion of Plonk proofs.</p>
         <p>A quick implementation (with room for further optimization)
         of this idea can be found <a
         href="https://github.com/guruvamsi-policharla/garuda-pari/pull/1">here</a>,
diff --git a/docs/blogs/batch-pari.md b/docs/blogs/batch-pari.md
@@ -57,6 +57,7 @@ Rearranging the last equation, we have:
 $$e(\colorbox{lightgrey}{$T$},\; [\delta_2]_2) \stackrel{?}{=} e(\colorbox{lightgrey}{$U$},\; [\delta_1 \tau]_2) \cdot e(\colorbox{lightgrey}{$-r \cdot U$},\; [\delta_1]_2) \cdot e(\colorbox{lightgrey}{$v_a$} \cdot [\alpha]_1 + \colorbox{lightgrey}{$v_b$} \cdot [\beta]_1 + \colorbox{lightgrey}{$v_q$} \cdot [1]_1,\; [1]_2)$$
 
 where only the $\colorbox{lightgrey}{\text{highlighted}}$ terms change across different proofs (under the same verification key). Thus, we can batch verify multiple proofs (see [FGHP09](https://eprint.iacr.org/2008/015.pdf)) by taking a random linear combination using three $\mathbb{G}_1$ MSMs for the $T, U, r\cdot U$ terms, field multiplications for the $v_a, v_b, v_q$ terms, and finally checking a single multi-pairing. Of course, we still need to carry out steps 1-5 for each proof, but these are very fast hashing and field operations.
+This strategy applies more broadly to KZG opening proofs and KZG-based SNARKs such as Plonk. For example, [gnark](https://github.com/Consensys/gnark/blob/6e6960808dfdc41e56d089d870f12ce2bc7f8289/std/recursion/plonk/verifier.go#L946-L973) uses it for more efficient recursion of Plonk proofs.
 
 A quick implementation (with room for further optimization) of this idea can be found [here](https://github.com/guruvamsi-policharla/garuda-pari/pull/1), and it shows a $60\times$ speedup when verifying $2^{16}$ proofs relative to naive individual verification. Both experiments were run in single-threaded mode. Concretely, this amounts to $\approx 10\mu\text{s}$ per proof on an M5 MacBook Pro, down from 0.6 ms per proof. And the more proofs you verify, the faster it gets!
 
