From 4744d1c4c55bd3682277921c89cd506950733fc0 Mon Sep 17 00:00:00 2001
From: Thomas Piellard <thomas.piellard@consensys.net>
Date: Tue, 8 Jun 2021 16:56:10 +0200
Subject: [PATCH 01/13] feat: Add,Sub,ScalarMul ops added to Digest

---
 ecc/bls12-377/fr/polynomial/kzg/kzg.go        | 108 +++++++++++------
 ecc/bls12-377/fr/polynomial/kzg/kzg_test.go   |   2 +-
 .../fr/polynomial/mockcommitment/mock.go      |  66 ++++++++++-
 .../fr/polynomial/mockcommitment/mock_test.go |   2 +-
 .../fr/polynomial/mockcommitment/proof.go     |  29 -----
 .../mockcommitment/proof_single_point.go      |  29 -----
 ecc/bls12-381/fr/polynomial/kzg/kzg.go        | 108 +++++++++++------
 ecc/bls12-381/fr/polynomial/kzg/kzg_test.go   |   2 +-
 .../fr/polynomial/mockcommitment/mock.go      |  66 ++++++++++-
 .../fr/polynomial/mockcommitment/mock_test.go |   2 +-
 .../fr/polynomial/mockcommitment/proof.go     |  29 -----
 .../mockcommitment/proof_single_point.go      |  29 -----
 ecc/bn254/fr/polynomial/kzg/kzg.go            | 108 +++++++++++------
 ecc/bn254/fr/polynomial/kzg/kzg_test.go       |   2 +-
 .../fr/polynomial/mockcommitment/mock.go      |  66 ++++++++++-
 .../fr/polynomial/mockcommitment/mock_test.go |   2 +-
 .../fr/polynomial/mockcommitment/proof.go     |  29 -----
 .../mockcommitment/proof_single_point.go      |  29 -----
 ecc/bw6-761/fr/polynomial/kzg/kzg.go          | 108 +++++++++++------
 ecc/bw6-761/fr/polynomial/kzg/kzg_test.go     |   2 +-
 .../fr/polynomial/mockcommitment/mock.go      |  66 ++++++++++-
 .../fr/polynomial/mockcommitment/mock_test.go |   2 +-
 .../fr/polynomial/mockcommitment/proof.go     |  29 -----
 .../mockcommitment/proof_single_point.go      |  29 -----
 internal/generator/polynomial/generate.go     |   2 -
 .../template/commitment_kzg/kzg.go.tmpl       | 111 ++++++++++++------
 .../template/commitment_kzg/kzg.test.go.tmpl  |  53 ++++-----
 .../template/commitment_mock/mock.go.tmpl     |  74 +++++++++++-
 .../commitment_mock/mock.test.go.tmpl         |   2 +-
 .../template/commitment_mock/proof.go.tmpl    |  12 --
 .../proof.single.point.go.tmpl                |  11 --
 polynomial/commitment.go                      |   8 +-
 32 files changed, 724 insertions(+), 493 deletions(-)
 delete mode 100644 ecc/bls12-377/fr/polynomial/mockcommitment/proof.go
 delete mode 100644 ecc/bls12-377/fr/polynomial/mockcommitment/proof_single_point.go
 delete mode 100644 ecc/bls12-381/fr/polynomial/mockcommitment/proof.go
 delete mode 100644 ecc/bls12-381/fr/polynomial/mockcommitment/proof_single_point.go
 delete mode 100644 ecc/bn254/fr/polynomial/mockcommitment/proof.go
 delete mode 100644 ecc/bn254/fr/polynomial/mockcommitment/proof_single_point.go
 delete mode 100644 ecc/bw6-761/fr/polynomial/mockcommitment/proof.go
 delete mode 100644 ecc/bw6-761/fr/polynomial/mockcommitment/proof_single_point.go
 delete mode 100644 internal/generator/polynomial/template/commitment_mock/proof.go.tmpl
 delete mode 100644 internal/generator/polynomial/template/commitment_mock/proof.single.point.go.tmpl

diff --git a/ecc/bls12-377/fr/polynomial/kzg/kzg.go b/ecc/bls12-377/fr/polynomial/kzg/kzg.go
index c4d007521..553493ecf 100644
--- a/ecc/bls12-377/fr/polynomial/kzg/kzg.go
+++ b/ecc/bls12-377/fr/polynomial/kzg/kzg.go
@@ -33,12 +33,12 @@ import (
 var (
 	errNbDigestsNeqNbPolynomials = errors.New("number of digests is not the same as the number of polynomials")
 	errUnsupportedSize           = errors.New("the size of the polynomials exceeds the capacity of the SRS")
-	errDigestNotInG1             = errors.New("the digest is not in G1")
-	errProofNotInG1              = errors.New("the proof is not in G1")
 )
 
-// Digest commitment of a polynomial
-type Digest = bls12377.G1Affine
+// Digest commitment of a polynomial.
+type Digest struct {
+	data bls12377.G1Affine
+}
 
 // Scheme stores KZG data
 type Scheme struct {
@@ -98,6 +98,57 @@ func NewScheme(size int, alpha fr.Element) *Scheme {
 	return s
 }
 
+// Marshal serializes the point as in bls12377.G1Affine.
+func (d *Digest) Marshal() []byte {
+	return d.data.Marshal()
+}
+
+// Marshal serializes the point as in bls12377.G1Affine.
+func (d *Digest) Unmarshal(buf []byte) error {
+	err := d.data.Unmarshal(buf)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+// Add adds two digest. The API and behaviour mimics bls12377.G1Affine's,
+// i.e. the caller is modified.
+func (d *Digest) Add(d1, d2 polynomial.Digest) polynomial.Digest {
+	_d1 := d1.(*Digest)
+	_d2 := d2.(*Digest)
+	var p1, p2 bls12377.G1Jac
+	p1.FromAffine(&_d1.data)
+	p2.FromAffine(&_d2.data)
+	p1.AddAssign(&p2)
+	d.data.FromJacobian(&p1)
+	return d
+}
+
+// Sub adds two digest. The API and behaviour mimics bls12377.G1Affine's,
+// i.e. the caller is modified.
+func (d *Digest) Sub(d1, d2 polynomial.Digest) polynomial.Digest {
+	_d1 := d1.(*Digest)
+	_d2 := d2.(*Digest)
+	var p1, p2 bls12377.G1Jac
+	p1.FromAffine(&_d1.data)
+	p2.FromAffine(&_d2.data)
+	p1.SubAssign(&p2)
+	d.data.FromJacobian(&p1)
+	return d
+}
+
+// Add adds two digest. The API and behaviour mimics bls12377.G1Affine's,
+// i.e. the caller is modified.
+func (d *Digest) ScalarMul(d1 polynomial.Digest, s big.Int) polynomial.Digest {
+	_d1 := d1.(*Digest)
+	var p1 bls12377.G1Affine
+	p1.Set(&_d1.data)
+	p1.ScalarMultiplication(&p1, &s)
+	d.data.Set(&p1)
+	return d
+}
+
 // Marshal serializes a proof as H||point||claimed_value.
 // The point H is not compressed.
 func (p *Proof) Marshal() []byte {
@@ -216,7 +267,7 @@ func (s *Scheme) Commit(p polynomial.Polynomial) (polynomial.Digest, error) {
 		return nil, errUnsupportedSize
 	}
 
-	var res Digest
+	var _res bls12377.G1Affine
 	_p := p.(*bls12377_pol.Polynomial)
 
 	// ensure we don't modify p
@@ -228,7 +279,10 @@ func (s *Scheme) Commit(p polynomial.Polynomial) (polynomial.Digest, error) {
 			pCopy[i].FromMont()
 		}
 	})
-	res.MultiExp(s.SRS.G1, pCopy)
+	_res.MultiExp(s.SRS.G1, pCopy)
+
+	var res Digest
+	res.data.Set(&_res)
 
 	return &res, nil
 }
@@ -256,27 +310,20 @@ func (s *Scheme) Open(point interface{}, p polynomial.Polynomial) (polynomial.Op
 	if err != nil {
 		return nil, err
 	}
-	res.H.Set(c.(*bls12377.G1Affine))
+	_c := c.(*Digest)
+	res.H.Set(&_c.data)
 
 	return &res, nil
 }
 
 // Verify verifies a KZG opening proof at a single point
-func (s *Scheme) Verify(commitment polynomial.Digest, proof polynomial.OpeningProof) error {
+func (s *Scheme) Verify(d polynomial.Digest, proof polynomial.OpeningProof) error {
 
-	_commitment := commitment.(*bls12377.G1Affine)
+	_d := d.(*Digest)
+	var _commitment bls12377.G1Affine
+	_commitment.Set(&_d.data)
 	_proof := proof.(*Proof)
 
-	// verify that the committed quotient and the commitment are in the correct subgroup
-	subgroupCheck := _proof.H.IsInSubGroup()
-	if !subgroupCheck {
-		return errProofNotInG1
-	}
-	subgroupCheck = _commitment.IsInSubGroup()
-	if !subgroupCheck {
-		return errDigestNotInG1
-	}
-
 	// comm(f(a))
 	var claimedValueG1Aff bls12377.G1Affine
 	var claimedValueBigInt big.Int
@@ -285,7 +332,7 @@ func (s *Scheme) Verify(commitment polynomial.Digest, proof polynomial.OpeningPr
 
 	// [f(alpha) - f(a)]G1Jac
 	var fminusfaG1Jac, tmpG1Jac bls12377.G1Jac
-	fminusfaG1Jac.FromAffine(_commitment)
+	fminusfaG1Jac.FromAffine(&_commitment)
 	tmpG1Jac.FromAffine(&claimedValueG1Aff)
 	fminusfaG1Jac.SubAssign(&tmpG1Jac)
 
@@ -379,7 +426,9 @@ func (s *Scheme) BatchOpenSinglePoint(point interface{}, digests []polynomial.Di
 	if err != nil {
 		return nil, err
 	}
-	res.H.Set(c.(*bls12377.G1Affine))
+
+	_c := c.(*Digest)
+	res.H.Set(&_c.data)
 
 	return &res, nil
 }
@@ -395,20 +444,6 @@ func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpenin
 		return errNbDigestsNeqNbPolynomials
 	}
 
-	// subgroup checks for digests and the proof
-	subgroupCheck := true
-	for i := 0; i < len(digests); i++ {
-		_digest := digests[i].(*bls12377.G1Affine)
-		subgroupCheck = subgroupCheck && _digest.IsInSubGroup()
-	}
-	if !subgroupCheck {
-		return errDigestNotInG1
-	}
-	subgroupCheck = subgroupCheck && _batchOpeningProof.H.IsInSubGroup()
-	if !subgroupCheck {
-		return errProofNotInG1
-	}
-
 	// derive the challenge gamma, binded to the point and the commitments
 	fs := fiatshamir.NewTranscript(fiatshamir.SHA256, "gamma")
 	err := fs.Bind("gamma", _batchOpeningProof.Point.Marshal())
@@ -451,7 +486,8 @@ func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpenin
 	var sumGammaiTimesDigestsG1Aff bls12377.G1Affine
 	_digests := make([]bls12377.G1Affine, len(digests))
 	for i := 0; i < len(digests); i++ {
-		_digests[i].Set(digests[i].(*bls12377.G1Affine))
+		_d := digests[i].(*Digest)
+		_digests[i].Set(&_d.data)
 	}
 
 	sumGammaiTimesDigestsG1Aff.MultiExp(_digests, gammai)
diff --git a/ecc/bls12-377/fr/polynomial/kzg/kzg_test.go b/ecc/bls12-377/fr/polynomial/kzg/kzg_test.go
index c2613f473..ab90d4dda 100644
--- a/ecc/bls12-377/fr/polynomial/kzg/kzg_test.go
+++ b/ecc/bls12-377/fr/polynomial/kzg/kzg_test.go
@@ -129,7 +129,7 @@ func TestCommit(t *testing.T) {
 		t.Fatal(err)
 	}
 	var kzgCommit bls12377.G1Affine
-	kzgCommit.Set(_kzgCommit.(*bls12377.G1Affine))
+	kzgCommit.Unmarshal(_kzgCommit.Marshal())
 
 	// check commitment using manual commit
 	var x fr.Element
diff --git a/ecc/bls12-377/fr/polynomial/mockcommitment/mock.go b/ecc/bls12-377/fr/polynomial/mockcommitment/mock.go
index c61658de2..6d19b55a2 100644
--- a/ecc/bls12-377/fr/polynomial/mockcommitment/mock.go
+++ b/ecc/bls12-377/fr/polynomial/mockcommitment/mock.go
@@ -18,17 +18,79 @@ package mockcommitment
 
 import (
 	"io"
+	"math/big"
 
 	"github.com/consensys/gnark-crypto/ecc/bls12-377/fr"
 	bls12377 "github.com/consensys/gnark-crypto/ecc/bls12-377/fr/polynomial"
 	"github.com/consensys/gnark-crypto/polynomial"
 )
 
+// MockProof empty struct
+type MockProof struct {
+	Point        fr.Element
+	ClaimedValue fr.Element
+}
+
+func (mp *MockProof) Marshal() []byte {
+	panic("not implemented")
+}
+
+// MockBatchProofsSinglePoint empty struct
+type MockBatchProofsSinglePoint struct {
+	Point         fr.Element
+	ClaimedValues []fr.Element
+}
+
+func (mp *MockBatchProofsSinglePoint) Marshal() []byte {
+	panic("not implemented")
+}
+
 // Scheme mock commitment, useful for testing polynomial based IOP
 // like PLONK, where the scheme should not depend on which polynomial commitment scheme
 // is used.
 type Scheme struct{}
 
+// Digest commitment of a polynomials
+type Digest struct {
+	data fr.Element
+}
+
+// Marshal serializes the point as in bls12377.G1Affine.
+func (d *Digest) Marshal() []byte {
+	return d.data.Marshal()
+}
+
+// Marshal serializes the digest.
+func (d *Digest) Unmarshal(buf []byte) error {
+	d.data.SetBytes(buf)
+	return nil
+}
+
+// Add adds two digest.
+func (d *Digest) Add(d1, d2 polynomial.Digest) polynomial.Digest {
+	_d1 := d1.(*Digest)
+	_d2 := d2.(*Digest)
+	d.data.Add(&_d1.data, &_d2.data)
+	return d
+}
+
+// Sub adds two digest.
+func (d *Digest) Sub(d1, d2 polynomial.Digest) polynomial.Digest {
+	_d1 := d1.(*Digest)
+	_d2 := d2.(*Digest)
+	d.data.Sub(&_d1.data, &_d2.data)
+	return d
+}
+
+// Add adds two digest.
+func (d *Digest) ScalarMul(d1 polynomial.Digest, s big.Int) polynomial.Digest {
+	_d1 := d1.(*Digest)
+	var _s fr.Element
+	_s.SetBigInt(&s)
+	d.data.Mul(&d.data, &_d1.data)
+	return d
+}
+
 // WriteTo panics
 func (s *Scheme) WriteTo(w io.Writer) (n int64, err error) {
 	panic("not implemented")
@@ -42,8 +104,8 @@ func (s *Scheme) ReadFrom(r io.Reader) (n int64, err error) {
 // Commit returns the first coefficient of p
 func (s *Scheme) Commit(p polynomial.Polynomial) (polynomial.Digest, error) {
 	_p := p.(*bls12377.Polynomial)
-	var res fr.Element
-	res.SetInterface((*_p)[0])
+	var res Digest
+	res.data.SetInterface((*_p)[0])
 	return &res, nil
 }
 
diff --git a/ecc/bls12-377/fr/polynomial/mockcommitment/mock_test.go b/ecc/bls12-377/fr/polynomial/mockcommitment/mock_test.go
index 0ede1212f..fb4f24e2a 100644
--- a/ecc/bls12-377/fr/polynomial/mockcommitment/mock_test.go
+++ b/ecc/bls12-377/fr/polynomial/mockcommitment/mock_test.go
@@ -40,7 +40,7 @@ func TestCommit(t *testing.T) {
 	}
 
 	var _c fr.Element
-	_c.SetInterface(c)
+	_c.SetInterface(c.Marshal())
 
 	if !_c.Equal(&f[0]) {
 		t.Fatal("err mock commitment (commit)")
diff --git a/ecc/bls12-377/fr/polynomial/mockcommitment/proof.go b/ecc/bls12-377/fr/polynomial/mockcommitment/proof.go
deleted file mode 100644
index 812e7e6c8..000000000
--- a/ecc/bls12-377/fr/polynomial/mockcommitment/proof.go
+++ /dev/null
@@ -1,29 +0,0 @@
-// Copyright 2020 ConsenSys Software Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Code generated by consensys/gnark-crypto DO NOT EDIT
-
-package mockcommitment
-
-import "github.com/consensys/gnark-crypto/ecc/bls12-377/fr"
-
-// MockProof empty struct
-type MockProof struct {
-	Point        fr.Element
-	ClaimedValue fr.Element
-}
-
-func (mp *MockProof) Marshal() []byte {
-	panic("not implemented")
-}
diff --git a/ecc/bls12-377/fr/polynomial/mockcommitment/proof_single_point.go b/ecc/bls12-377/fr/polynomial/mockcommitment/proof_single_point.go
deleted file mode 100644
index d8b5c7b31..000000000
--- a/ecc/bls12-377/fr/polynomial/mockcommitment/proof_single_point.go
+++ /dev/null
@@ -1,29 +0,0 @@
-// Copyright 2020 ConsenSys Software Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Code generated by consensys/gnark-crypto DO NOT EDIT
-
-package mockcommitment
-
-import "github.com/consensys/gnark-crypto/ecc/bls12-377/fr"
-
-// MockBatchProofsSinglePoint empty struct
-type MockBatchProofsSinglePoint struct {
-	Point         fr.Element
-	ClaimedValues []fr.Element
-}
-
-func (mp *MockBatchProofsSinglePoint) Marshal() []byte {
-	panic("not implemented")
-}
diff --git a/ecc/bls12-381/fr/polynomial/kzg/kzg.go b/ecc/bls12-381/fr/polynomial/kzg/kzg.go
index 4bd3568a5..132a3ec02 100644
--- a/ecc/bls12-381/fr/polynomial/kzg/kzg.go
+++ b/ecc/bls12-381/fr/polynomial/kzg/kzg.go
@@ -33,12 +33,12 @@ import (
 var (
 	errNbDigestsNeqNbPolynomials = errors.New("number of digests is not the same as the number of polynomials")
 	errUnsupportedSize           = errors.New("the size of the polynomials exceeds the capacity of the SRS")
-	errDigestNotInG1             = errors.New("the digest is not in G1")
-	errProofNotInG1              = errors.New("the proof is not in G1")
 )
 
-// Digest commitment of a polynomial
-type Digest = bls12381.G1Affine
+// Digest commitment of a polynomial.
+type Digest struct {
+	data bls12381.G1Affine
+}
 
 // Scheme stores KZG data
 type Scheme struct {
@@ -98,6 +98,57 @@ func NewScheme(size int, alpha fr.Element) *Scheme {
 	return s
 }
 
+// Marshal serializes the point as in bls12381.G1Affine.
+func (d *Digest) Marshal() []byte {
+	return d.data.Marshal()
+}
+
+// Marshal serializes the point as in bls12381.G1Affine.
+func (d *Digest) Unmarshal(buf []byte) error {
+	err := d.data.Unmarshal(buf)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+// Add adds two digest. The API and behaviour mimics bls12381.G1Affine's,
+// i.e. the caller is modified.
+func (d *Digest) Add(d1, d2 polynomial.Digest) polynomial.Digest {
+	_d1 := d1.(*Digest)
+	_d2 := d2.(*Digest)
+	var p1, p2 bls12381.G1Jac
+	p1.FromAffine(&_d1.data)
+	p2.FromAffine(&_d2.data)
+	p1.AddAssign(&p2)
+	d.data.FromJacobian(&p1)
+	return d
+}
+
+// Sub adds two digest. The API and behaviour mimics bls12381.G1Affine's,
+// i.e. the caller is modified.
+func (d *Digest) Sub(d1, d2 polynomial.Digest) polynomial.Digest {
+	_d1 := d1.(*Digest)
+	_d2 := d2.(*Digest)
+	var p1, p2 bls12381.G1Jac
+	p1.FromAffine(&_d1.data)
+	p2.FromAffine(&_d2.data)
+	p1.SubAssign(&p2)
+	d.data.FromJacobian(&p1)
+	return d
+}
+
+// Add adds two digest. The API and behaviour mimics bls12381.G1Affine's,
+// i.e. the caller is modified.
+func (d *Digest) ScalarMul(d1 polynomial.Digest, s big.Int) polynomial.Digest {
+	_d1 := d1.(*Digest)
+	var p1 bls12381.G1Affine
+	p1.Set(&_d1.data)
+	p1.ScalarMultiplication(&p1, &s)
+	d.data.Set(&p1)
+	return d
+}
+
 // Marshal serializes a proof as H||point||claimed_value.
 // The point H is not compressed.
 func (p *Proof) Marshal() []byte {
@@ -216,7 +267,7 @@ func (s *Scheme) Commit(p polynomial.Polynomial) (polynomial.Digest, error) {
 		return nil, errUnsupportedSize
 	}
 
-	var res Digest
+	var _res bls12381.G1Affine
 	_p := p.(*bls12381_pol.Polynomial)
 
 	// ensure we don't modify p
@@ -228,7 +279,10 @@ func (s *Scheme) Commit(p polynomial.Polynomial) (polynomial.Digest, error) {
 			pCopy[i].FromMont()
 		}
 	})
-	res.MultiExp(s.SRS.G1, pCopy)
+	_res.MultiExp(s.SRS.G1, pCopy)
+
+	var res Digest
+	res.data.Set(&_res)
 
 	return &res, nil
 }
@@ -256,27 +310,20 @@ func (s *Scheme) Open(point interface{}, p polynomial.Polynomial) (polynomial.Op
 	if err != nil {
 		return nil, err
 	}
-	res.H.Set(c.(*bls12381.G1Affine))
+	_c := c.(*Digest)
+	res.H.Set(&_c.data)
 
 	return &res, nil
 }
 
 // Verify verifies a KZG opening proof at a single point
-func (s *Scheme) Verify(commitment polynomial.Digest, proof polynomial.OpeningProof) error {
+func (s *Scheme) Verify(d polynomial.Digest, proof polynomial.OpeningProof) error {
 
-	_commitment := commitment.(*bls12381.G1Affine)
+	_d := d.(*Digest)
+	var _commitment bls12381.G1Affine
+	_commitment.Set(&_d.data)
 	_proof := proof.(*Proof)
 
-	// verify that the committed quotient and the commitment are in the correct subgroup
-	subgroupCheck := _proof.H.IsInSubGroup()
-	if !subgroupCheck {
-		return errProofNotInG1
-	}
-	subgroupCheck = _commitment.IsInSubGroup()
-	if !subgroupCheck {
-		return errDigestNotInG1
-	}
-
 	// comm(f(a))
 	var claimedValueG1Aff bls12381.G1Affine
 	var claimedValueBigInt big.Int
@@ -285,7 +332,7 @@ func (s *Scheme) Verify(commitment polynomial.Digest, proof polynomial.OpeningPr
 
 	// [f(alpha) - f(a)]G1Jac
 	var fminusfaG1Jac, tmpG1Jac bls12381.G1Jac
-	fminusfaG1Jac.FromAffine(_commitment)
+	fminusfaG1Jac.FromAffine(&_commitment)
 	tmpG1Jac.FromAffine(&claimedValueG1Aff)
 	fminusfaG1Jac.SubAssign(&tmpG1Jac)
 
@@ -379,7 +426,9 @@ func (s *Scheme) BatchOpenSinglePoint(point interface{}, digests []polynomial.Di
 	if err != nil {
 		return nil, err
 	}
-	res.H.Set(c.(*bls12381.G1Affine))
+
+	_c := c.(*Digest)
+	res.H.Set(&_c.data)
 
 	return &res, nil
 }
@@ -395,20 +444,6 @@ func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpenin
 		return errNbDigestsNeqNbPolynomials
 	}
 
-	// subgroup checks for digests and the proof
-	subgroupCheck := true
-	for i := 0; i < len(digests); i++ {
-		_digest := digests[i].(*bls12381.G1Affine)
-		subgroupCheck = subgroupCheck && _digest.IsInSubGroup()
-	}
-	if !subgroupCheck {
-		return errDigestNotInG1
-	}
-	subgroupCheck = subgroupCheck && _batchOpeningProof.H.IsInSubGroup()
-	if !subgroupCheck {
-		return errProofNotInG1
-	}
-
 	// derive the challenge gamma, binded to the point and the commitments
 	fs := fiatshamir.NewTranscript(fiatshamir.SHA256, "gamma")
 	err := fs.Bind("gamma", _batchOpeningProof.Point.Marshal())
@@ -451,7 +486,8 @@ func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpenin
 	var sumGammaiTimesDigestsG1Aff bls12381.G1Affine
 	_digests := make([]bls12381.G1Affine, len(digests))
 	for i := 0; i < len(digests); i++ {
-		_digests[i].Set(digests[i].(*bls12381.G1Affine))
+		_d := digests[i].(*Digest)
+		_digests[i].Set(&_d.data)
 	}
 
 	sumGammaiTimesDigestsG1Aff.MultiExp(_digests, gammai)
diff --git a/ecc/bls12-381/fr/polynomial/kzg/kzg_test.go b/ecc/bls12-381/fr/polynomial/kzg/kzg_test.go
index d3776ceca..55b6b5857 100644
--- a/ecc/bls12-381/fr/polynomial/kzg/kzg_test.go
+++ b/ecc/bls12-381/fr/polynomial/kzg/kzg_test.go
@@ -129,7 +129,7 @@ func TestCommit(t *testing.T) {
 		t.Fatal(err)
 	}
 	var kzgCommit bls12381.G1Affine
-	kzgCommit.Set(_kzgCommit.(*bls12381.G1Affine))
+	kzgCommit.Unmarshal(_kzgCommit.Marshal())
 
 	// check commitment using manual commit
 	var x fr.Element
diff --git a/ecc/bls12-381/fr/polynomial/mockcommitment/mock.go b/ecc/bls12-381/fr/polynomial/mockcommitment/mock.go
index 4d4aa1e95..41a3dbbf2 100644
--- a/ecc/bls12-381/fr/polynomial/mockcommitment/mock.go
+++ b/ecc/bls12-381/fr/polynomial/mockcommitment/mock.go
@@ -18,17 +18,79 @@ package mockcommitment
 
 import (
 	"io"
+	"math/big"
 
 	"github.com/consensys/gnark-crypto/ecc/bls12-381/fr"
 	bls12381 "github.com/consensys/gnark-crypto/ecc/bls12-381/fr/polynomial"
 	"github.com/consensys/gnark-crypto/polynomial"
 )
 
+// MockProof empty struct
+type MockProof struct {
+	Point        fr.Element
+	ClaimedValue fr.Element
+}
+
+func (mp *MockProof) Marshal() []byte {
+	panic("not implemented")
+}
+
+// MockBatchProofsSinglePoint empty struct
+type MockBatchProofsSinglePoint struct {
+	Point         fr.Element
+	ClaimedValues []fr.Element
+}
+
+func (mp *MockBatchProofsSinglePoint) Marshal() []byte {
+	panic("not implemented")
+}
+
 // Scheme mock commitment, useful for testing polynomial based IOP
 // like PLONK, where the scheme should not depend on which polynomial commitment scheme
 // is used.
 type Scheme struct{}
 
+// Digest commitment of a polynomials
+type Digest struct {
+	data fr.Element
+}
+
+// Marshal serializes the point as in bls12381.G1Affine.
+func (d *Digest) Marshal() []byte {
+	return d.data.Marshal()
+}
+
+// Marshal serializes the digest.
+func (d *Digest) Unmarshal(buf []byte) error {
+	d.data.SetBytes(buf)
+	return nil
+}
+
+// Add adds two digest.
+func (d *Digest) Add(d1, d2 polynomial.Digest) polynomial.Digest {
+	_d1 := d1.(*Digest)
+	_d2 := d2.(*Digest)
+	d.data.Add(&_d1.data, &_d2.data)
+	return d
+}
+
+// Sub adds two digest.
+func (d *Digest) Sub(d1, d2 polynomial.Digest) polynomial.Digest {
+	_d1 := d1.(*Digest)
+	_d2 := d2.(*Digest)
+	d.data.Sub(&_d1.data, &_d2.data)
+	return d
+}
+
+// Add adds two digest.
+func (d *Digest) ScalarMul(d1 polynomial.Digest, s big.Int) polynomial.Digest {
+	_d1 := d1.(*Digest)
+	var _s fr.Element
+	_s.SetBigInt(&s)
+	d.data.Mul(&d.data, &_d1.data)
+	return d
+}
+
 // WriteTo panics
 func (s *Scheme) WriteTo(w io.Writer) (n int64, err error) {
 	panic("not implemented")
@@ -42,8 +104,8 @@ func (s *Scheme) ReadFrom(r io.Reader) (n int64, err error) {
 // Commit returns the first coefficient of p
 func (s *Scheme) Commit(p polynomial.Polynomial) (polynomial.Digest, error) {
 	_p := p.(*bls12381.Polynomial)
-	var res fr.Element
-	res.SetInterface((*_p)[0])
+	var res Digest
+	res.data.SetInterface((*_p)[0])
 	return &res, nil
 }
 
diff --git a/ecc/bls12-381/fr/polynomial/mockcommitment/mock_test.go b/ecc/bls12-381/fr/polynomial/mockcommitment/mock_test.go
index 475f02bd9..a968c314a 100644
--- a/ecc/bls12-381/fr/polynomial/mockcommitment/mock_test.go
+++ b/ecc/bls12-381/fr/polynomial/mockcommitment/mock_test.go
@@ -40,7 +40,7 @@ func TestCommit(t *testing.T) {
 	}
 
 	var _c fr.Element
-	_c.SetInterface(c)
+	_c.SetInterface(c.Marshal())
 
 	if !_c.Equal(&f[0]) {
 		t.Fatal("err mock commitment (commit)")
diff --git a/ecc/bls12-381/fr/polynomial/mockcommitment/proof.go b/ecc/bls12-381/fr/polynomial/mockcommitment/proof.go
deleted file mode 100644
index faadf91e1..000000000
--- a/ecc/bls12-381/fr/polynomial/mockcommitment/proof.go
+++ /dev/null
@@ -1,29 +0,0 @@
-// Copyright 2020 ConsenSys Software Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Code generated by consensys/gnark-crypto DO NOT EDIT
-
-package mockcommitment
-
-import "github.com/consensys/gnark-crypto/ecc/bls12-381/fr"
-
-// MockProof empty struct
-type MockProof struct {
-	Point        fr.Element
-	ClaimedValue fr.Element
-}
-
-func (mp *MockProof) Marshal() []byte {
-	panic("not implemented")
-}
diff --git a/ecc/bls12-381/fr/polynomial/mockcommitment/proof_single_point.go b/ecc/bls12-381/fr/polynomial/mockcommitment/proof_single_point.go
deleted file mode 100644
index fb385d910..000000000
--- a/ecc/bls12-381/fr/polynomial/mockcommitment/proof_single_point.go
+++ /dev/null
@@ -1,29 +0,0 @@
-// Copyright 2020 ConsenSys Software Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Code generated by consensys/gnark-crypto DO NOT EDIT
-
-package mockcommitment
-
-import "github.com/consensys/gnark-crypto/ecc/bls12-381/fr"
-
-// MockBatchProofsSinglePoint empty struct
-type MockBatchProofsSinglePoint struct {
-	Point         fr.Element
-	ClaimedValues []fr.Element
-}
-
-func (mp *MockBatchProofsSinglePoint) Marshal() []byte {
-	panic("not implemented")
-}
diff --git a/ecc/bn254/fr/polynomial/kzg/kzg.go b/ecc/bn254/fr/polynomial/kzg/kzg.go
index 540d62711..d3af2794a 100644
--- a/ecc/bn254/fr/polynomial/kzg/kzg.go
+++ b/ecc/bn254/fr/polynomial/kzg/kzg.go
@@ -33,12 +33,12 @@ import (
 var (
 	errNbDigestsNeqNbPolynomials = errors.New("number of digests is not the same as the number of polynomials")
 	errUnsupportedSize           = errors.New("the size of the polynomials exceeds the capacity of the SRS")
-	errDigestNotInG1             = errors.New("the digest is not in G1")
-	errProofNotInG1              = errors.New("the proof is not in G1")
 )
 
-// Digest commitment of a polynomial
-type Digest = bn254.G1Affine
+// Digest commitment of a polynomial.
+type Digest struct {
+	data bn254.G1Affine
+}
 
 // Scheme stores KZG data
 type Scheme struct {
@@ -98,6 +98,57 @@ func NewScheme(size int, alpha fr.Element) *Scheme {
 	return s
 }
 
+// Marshal serializes the point as in bn254.G1Affine.
+func (d *Digest) Marshal() []byte {
+	return d.data.Marshal()
+}
+
+// Marshal serializes the point as in bn254.G1Affine.
+func (d *Digest) Unmarshal(buf []byte) error {
+	err := d.data.Unmarshal(buf)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+// Add adds two digest. The API and behaviour mimics bn254.G1Affine's,
+// i.e. the caller is modified.
+func (d *Digest) Add(d1, d2 polynomial.Digest) polynomial.Digest {
+	_d1 := d1.(*Digest)
+	_d2 := d2.(*Digest)
+	var p1, p2 bn254.G1Jac
+	p1.FromAffine(&_d1.data)
+	p2.FromAffine(&_d2.data)
+	p1.AddAssign(&p2)
+	d.data.FromJacobian(&p1)
+	return d
+}
+
+// Sub adds two digest. The API and behaviour mimics bn254.G1Affine's,
+// i.e. the caller is modified.
+func (d *Digest) Sub(d1, d2 polynomial.Digest) polynomial.Digest {
+	_d1 := d1.(*Digest)
+	_d2 := d2.(*Digest)
+	var p1, p2 bn254.G1Jac
+	p1.FromAffine(&_d1.data)
+	p2.FromAffine(&_d2.data)
+	p1.SubAssign(&p2)
+	d.data.FromJacobian(&p1)
+	return d
+}
+
+// Add adds two digest. The API and behaviour mimics bn254.G1Affine's,
+// i.e. the caller is modified.
+func (d *Digest) ScalarMul(d1 polynomial.Digest, s big.Int) polynomial.Digest {
+	_d1 := d1.(*Digest)
+	var p1 bn254.G1Affine
+	p1.Set(&_d1.data)
+	p1.ScalarMultiplication(&p1, &s)
+	d.data.Set(&p1)
+	return d
+}
+
 // Marshal serializes a proof as H||point||claimed_value.
 // The point H is not compressed.
 func (p *Proof) Marshal() []byte {
@@ -216,7 +267,7 @@ func (s *Scheme) Commit(p polynomial.Polynomial) (polynomial.Digest, error) {
 		return nil, errUnsupportedSize
 	}
 
-	var res Digest
+	var _res bn254.G1Affine
 	_p := p.(*bn254_pol.Polynomial)
 
 	// ensure we don't modify p
@@ -228,7 +279,10 @@ func (s *Scheme) Commit(p polynomial.Polynomial) (polynomial.Digest, error) {
 			pCopy[i].FromMont()
 		}
 	})
-	res.MultiExp(s.SRS.G1, pCopy)
+	_res.MultiExp(s.SRS.G1, pCopy)
+
+	var res Digest
+	res.data.Set(&_res)
 
 	return &res, nil
 }
@@ -256,27 +310,20 @@ func (s *Scheme) Open(point interface{}, p polynomial.Polynomial) (polynomial.Op
 	if err != nil {
 		return nil, err
 	}
-	res.H.Set(c.(*bn254.G1Affine))
+	_c := c.(*Digest)
+	res.H.Set(&_c.data)
 
 	return &res, nil
 }
 
 // Verify verifies a KZG opening proof at a single point
-func (s *Scheme) Verify(commitment polynomial.Digest, proof polynomial.OpeningProof) error {
+func (s *Scheme) Verify(d polynomial.Digest, proof polynomial.OpeningProof) error {
 
-	_commitment := commitment.(*bn254.G1Affine)
+	_d := d.(*Digest)
+	var _commitment bn254.G1Affine
+	_commitment.Set(&_d.data)
 	_proof := proof.(*Proof)
 
-	// verify that the committed quotient and the commitment are in the correct subgroup
-	subgroupCheck := _proof.H.IsInSubGroup()
-	if !subgroupCheck {
-		return errProofNotInG1
-	}
-	subgroupCheck = _commitment.IsInSubGroup()
-	if !subgroupCheck {
-		return errDigestNotInG1
-	}
-
 	// comm(f(a))
 	var claimedValueG1Aff bn254.G1Affine
 	var claimedValueBigInt big.Int
@@ -285,7 +332,7 @@ func (s *Scheme) Verify(commitment polynomial.Digest, proof polynomial.OpeningPr
 
 	// [f(alpha) - f(a)]G1Jac
 	var fminusfaG1Jac, tmpG1Jac bn254.G1Jac
-	fminusfaG1Jac.FromAffine(_commitment)
+	fminusfaG1Jac.FromAffine(&_commitment)
 	tmpG1Jac.FromAffine(&claimedValueG1Aff)
 	fminusfaG1Jac.SubAssign(&tmpG1Jac)
 
@@ -379,7 +426,9 @@ func (s *Scheme) BatchOpenSinglePoint(point interface{}, digests []polynomial.Di
 	if err != nil {
 		return nil, err
 	}
-	res.H.Set(c.(*bn254.G1Affine))
+
+	_c := c.(*Digest)
+	res.H.Set(&_c.data)
 
 	return &res, nil
 }
@@ -395,20 +444,6 @@ func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpenin
 		return errNbDigestsNeqNbPolynomials
 	}
 
-	// subgroup checks for digests and the proof
-	subgroupCheck := true
-	for i := 0; i < len(digests); i++ {
-		_digest := digests[i].(*bn254.G1Affine)
-		subgroupCheck = subgroupCheck && _digest.IsInSubGroup()
-	}
-	if !subgroupCheck {
-		return errDigestNotInG1
-	}
-	subgroupCheck = subgroupCheck && _batchOpeningProof.H.IsInSubGroup()
-	if !subgroupCheck {
-		return errProofNotInG1
-	}
-
 	// derive the challenge gamma, binded to the point and the commitments
 	fs := fiatshamir.NewTranscript(fiatshamir.SHA256, "gamma")
 	err := fs.Bind("gamma", _batchOpeningProof.Point.Marshal())
@@ -451,7 +486,8 @@ func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpenin
 	var sumGammaiTimesDigestsG1Aff bn254.G1Affine
 	_digests := make([]bn254.G1Affine, len(digests))
 	for i := 0; i < len(digests); i++ {
-		_digests[i].Set(digests[i].(*bn254.G1Affine))
+		_d := digests[i].(*Digest)
+		_digests[i].Set(&_d.data)
 	}
 
 	sumGammaiTimesDigestsG1Aff.MultiExp(_digests, gammai)
diff --git a/ecc/bn254/fr/polynomial/kzg/kzg_test.go b/ecc/bn254/fr/polynomial/kzg/kzg_test.go
index 5b1392562..9a26b46ef 100644
--- a/ecc/bn254/fr/polynomial/kzg/kzg_test.go
+++ b/ecc/bn254/fr/polynomial/kzg/kzg_test.go
@@ -129,7 +129,7 @@ func TestCommit(t *testing.T) {
 		t.Fatal(err)
 	}
 	var kzgCommit bn254.G1Affine
-	kzgCommit.Set(_kzgCommit.(*bn254.G1Affine))
+	kzgCommit.Unmarshal(_kzgCommit.Marshal())
 
 	// check commitment using manual commit
 	var x fr.Element
diff --git a/ecc/bn254/fr/polynomial/mockcommitment/mock.go b/ecc/bn254/fr/polynomial/mockcommitment/mock.go
index ddbd8cf99..64bd673da 100644
--- a/ecc/bn254/fr/polynomial/mockcommitment/mock.go
+++ b/ecc/bn254/fr/polynomial/mockcommitment/mock.go
@@ -18,17 +18,79 @@ package mockcommitment
 
 import (
 	"io"
+	"math/big"
 
 	"github.com/consensys/gnark-crypto/ecc/bn254/fr"
 	bn254 "github.com/consensys/gnark-crypto/ecc/bn254/fr/polynomial"
 	"github.com/consensys/gnark-crypto/polynomial"
 )
 
+// MockProof empty struct
+type MockProof struct {
+	Point        fr.Element
+	ClaimedValue fr.Element
+}
+
+func (mp *MockProof) Marshal() []byte {
+	panic("not implemented")
+}
+
+// MockBatchProofsSinglePoint empty struct
+type MockBatchProofsSinglePoint struct {
+	Point         fr.Element
+	ClaimedValues []fr.Element
+}
+
+func (mp *MockBatchProofsSinglePoint) Marshal() []byte {
+	panic("not implemented")
+}
+
 // Scheme mock commitment, useful for testing polynomial based IOP
 // like PLONK, where the scheme should not depend on which polynomial commitment scheme
 // is used.
 type Scheme struct{}
 
+// Digest commitment of a polynomials
+type Digest struct {
+	data fr.Element
+}
+
+// Marshal serializes the point as in bn254.G1Affine.
+func (d *Digest) Marshal() []byte {
+	return d.data.Marshal()
+}
+
+// Marshal serializes the digest.
+func (d *Digest) Unmarshal(buf []byte) error {
+	d.data.SetBytes(buf)
+	return nil
+}
+
+// Add adds two digest.
+func (d *Digest) Add(d1, d2 polynomial.Digest) polynomial.Digest {
+	_d1 := d1.(*Digest)
+	_d2 := d2.(*Digest)
+	d.data.Add(&_d1.data, &_d2.data)
+	return d
+}
+
+// Sub adds two digest.
+func (d *Digest) Sub(d1, d2 polynomial.Digest) polynomial.Digest {
+	_d1 := d1.(*Digest)
+	_d2 := d2.(*Digest)
+	d.data.Sub(&_d1.data, &_d2.data)
+	return d
+}
+
+// Add adds two digest.
+func (d *Digest) ScalarMul(d1 polynomial.Digest, s big.Int) polynomial.Digest {
+	_d1 := d1.(*Digest)
+	var _s fr.Element
+	_s.SetBigInt(&s)
+	d.data.Mul(&d.data, &_d1.data)
+	return d
+}
+
 // WriteTo panics
 func (s *Scheme) WriteTo(w io.Writer) (n int64, err error) {
 	panic("not implemented")
@@ -42,8 +104,8 @@ func (s *Scheme) ReadFrom(r io.Reader) (n int64, err error) {
 // Commit returns the first coefficient of p
 func (s *Scheme) Commit(p polynomial.Polynomial) (polynomial.Digest, error) {
 	_p := p.(*bn254.Polynomial)
-	var res fr.Element
-	res.SetInterface((*_p)[0])
+	var res Digest
+	res.data.SetInterface((*_p)[0])
 	return &res, nil
 }
 
diff --git a/ecc/bn254/fr/polynomial/mockcommitment/mock_test.go b/ecc/bn254/fr/polynomial/mockcommitment/mock_test.go
index 44d942989..8e5cde642 100644
--- a/ecc/bn254/fr/polynomial/mockcommitment/mock_test.go
+++ b/ecc/bn254/fr/polynomial/mockcommitment/mock_test.go
@@ -40,7 +40,7 @@ func TestCommit(t *testing.T) {
 	}
 
 	var _c fr.Element
-	_c.SetInterface(c)
+	_c.SetInterface(c.Marshal())
 
 	if !_c.Equal(&f[0]) {
 		t.Fatal("err mock commitment (commit)")
diff --git a/ecc/bn254/fr/polynomial/mockcommitment/proof.go b/ecc/bn254/fr/polynomial/mockcommitment/proof.go
deleted file mode 100644
index a7fbb5c88..000000000
--- a/ecc/bn254/fr/polynomial/mockcommitment/proof.go
+++ /dev/null
@@ -1,29 +0,0 @@
-// Copyright 2020 ConsenSys Software Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Code generated by consensys/gnark-crypto DO NOT EDIT
-
-package mockcommitment
-
-import "github.com/consensys/gnark-crypto/ecc/bn254/fr"
-
-// MockProof empty struct
-type MockProof struct {
-	Point        fr.Element
-	ClaimedValue fr.Element
-}
-
-func (mp *MockProof) Marshal() []byte {
-	panic("not implemented")
-}
diff --git a/ecc/bn254/fr/polynomial/mockcommitment/proof_single_point.go b/ecc/bn254/fr/polynomial/mockcommitment/proof_single_point.go
deleted file mode 100644
index 58a850689..000000000
--- a/ecc/bn254/fr/polynomial/mockcommitment/proof_single_point.go
+++ /dev/null
@@ -1,29 +0,0 @@
-// Copyright 2020 ConsenSys Software Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Code generated by consensys/gnark-crypto DO NOT EDIT
-
-package mockcommitment
-
-import "github.com/consensys/gnark-crypto/ecc/bn254/fr"
-
-// MockBatchProofsSinglePoint empty struct
-type MockBatchProofsSinglePoint struct {
-	Point         fr.Element
-	ClaimedValues []fr.Element
-}
-
-func (mp *MockBatchProofsSinglePoint) Marshal() []byte {
-	panic("not implemented")
-}
diff --git a/ecc/bw6-761/fr/polynomial/kzg/kzg.go b/ecc/bw6-761/fr/polynomial/kzg/kzg.go
index c349e40f8..644060cdc 100644
--- a/ecc/bw6-761/fr/polynomial/kzg/kzg.go
+++ b/ecc/bw6-761/fr/polynomial/kzg/kzg.go
@@ -33,12 +33,12 @@ import (
 var (
 	errNbDigestsNeqNbPolynomials = errors.New("number of digests is not the same as the number of polynomials")
 	errUnsupportedSize           = errors.New("the size of the polynomials exceeds the capacity of the SRS")
-	errDigestNotInG1             = errors.New("the digest is not in G1")
-	errProofNotInG1              = errors.New("the proof is not in G1")
 )
 
-// Digest commitment of a polynomial
-type Digest = bw6761.G1Affine
+// Digest commitment of a polynomial.
+type Digest struct {
+	data bw6761.G1Affine
+}
 
 // Scheme stores KZG data
 type Scheme struct {
@@ -98,6 +98,57 @@ func NewScheme(size int, alpha fr.Element) *Scheme {
 	return s
 }
 
+// Marshal serializes the point as in bw6761.G1Affine.
+func (d *Digest) Marshal() []byte {
+	return d.data.Marshal()
+}
+
+// Marshal serializes the point as in bw6761.G1Affine.
+func (d *Digest) Unmarshal(buf []byte) error {
+	err := d.data.Unmarshal(buf)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+// Add adds two digest. The API and behaviour mimics bw6761.G1Affine's,
+// i.e. the caller is modified.
+func (d *Digest) Add(d1, d2 polynomial.Digest) polynomial.Digest {
+	_d1 := d1.(*Digest)
+	_d2 := d2.(*Digest)
+	var p1, p2 bw6761.G1Jac
+	p1.FromAffine(&_d1.data)
+	p2.FromAffine(&_d2.data)
+	p1.AddAssign(&p2)
+	d.data.FromJacobian(&p1)
+	return d
+}
+
+// Sub adds two digest. The API and behaviour mimics bw6761.G1Affine's,
+// i.e. the caller is modified.
+func (d *Digest) Sub(d1, d2 polynomial.Digest) polynomial.Digest {
+	_d1 := d1.(*Digest)
+	_d2 := d2.(*Digest)
+	var p1, p2 bw6761.G1Jac
+	p1.FromAffine(&_d1.data)
+	p2.FromAffine(&_d2.data)
+	p1.SubAssign(&p2)
+	d.data.FromJacobian(&p1)
+	return d
+}
+
+// Add adds two digest. The API and behaviour mimics bw6761.G1Affine's,
+// i.e. the caller is modified.
+func (d *Digest) ScalarMul(d1 polynomial.Digest, s big.Int) polynomial.Digest {
+	_d1 := d1.(*Digest)
+	var p1 bw6761.G1Affine
+	p1.Set(&_d1.data)
+	p1.ScalarMultiplication(&p1, &s)
+	d.data.Set(&p1)
+	return d
+}
+
 // Marshal serializes a proof as H||point||claimed_value.
 // The point H is not compressed.
 func (p *Proof) Marshal() []byte {
@@ -216,7 +267,7 @@ func (s *Scheme) Commit(p polynomial.Polynomial) (polynomial.Digest, error) {
 		return nil, errUnsupportedSize
 	}
 
-	var res Digest
+	var _res bw6761.G1Affine
 	_p := p.(*bw6761_pol.Polynomial)
 
 	// ensure we don't modify p
@@ -228,7 +279,10 @@ func (s *Scheme) Commit(p polynomial.Polynomial) (polynomial.Digest, error) {
 			pCopy[i].FromMont()
 		}
 	})
-	res.MultiExp(s.SRS.G1, pCopy)
+	_res.MultiExp(s.SRS.G1, pCopy)
+
+	var res Digest
+	res.data.Set(&_res)
 
 	return &res, nil
 }
@@ -256,27 +310,20 @@ func (s *Scheme) Open(point interface{}, p polynomial.Polynomial) (polynomial.Op
 	if err != nil {
 		return nil, err
 	}
-	res.H.Set(c.(*bw6761.G1Affine))
+	_c := c.(*Digest)
+	res.H.Set(&_c.data)
 
 	return &res, nil
 }
 
 // Verify verifies a KZG opening proof at a single point
-func (s *Scheme) Verify(commitment polynomial.Digest, proof polynomial.OpeningProof) error {
+func (s *Scheme) Verify(d polynomial.Digest, proof polynomial.OpeningProof) error {
 
-	_commitment := commitment.(*bw6761.G1Affine)
+	_d := d.(*Digest)
+	var _commitment bw6761.G1Affine
+	_commitment.Set(&_d.data)
 	_proof := proof.(*Proof)
 
-	// verify that the committed quotient and the commitment are in the correct subgroup
-	subgroupCheck := _proof.H.IsInSubGroup()
-	if !subgroupCheck {
-		return errProofNotInG1
-	}
-	subgroupCheck = _commitment.IsInSubGroup()
-	if !subgroupCheck {
-		return errDigestNotInG1
-	}
-
 	// comm(f(a))
 	var claimedValueG1Aff bw6761.G1Affine
 	var claimedValueBigInt big.Int
@@ -285,7 +332,7 @@ func (s *Scheme) Verify(commitment polynomial.Digest, proof polynomial.OpeningPr
 
 	// [f(alpha) - f(a)]G1Jac
 	var fminusfaG1Jac, tmpG1Jac bw6761.G1Jac
-	fminusfaG1Jac.FromAffine(_commitment)
+	fminusfaG1Jac.FromAffine(&_commitment)
 	tmpG1Jac.FromAffine(&claimedValueG1Aff)
 	fminusfaG1Jac.SubAssign(&tmpG1Jac)
 
@@ -379,7 +426,9 @@ func (s *Scheme) BatchOpenSinglePoint(point interface{}, digests []polynomial.Di
 	if err != nil {
 		return nil, err
 	}
-	res.H.Set(c.(*bw6761.G1Affine))
+
+	_c := c.(*Digest)
+	res.H.Set(&_c.data)
 
 	return &res, nil
 }
@@ -395,20 +444,6 @@ func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpenin
 		return errNbDigestsNeqNbPolynomials
 	}
 
-	// subgroup checks for digests and the proof
-	subgroupCheck := true
-	for i := 0; i < len(digests); i++ {
-		_digest := digests[i].(*bw6761.G1Affine)
-		subgroupCheck = subgroupCheck && _digest.IsInSubGroup()
-	}
-	if !subgroupCheck {
-		return errDigestNotInG1
-	}
-	subgroupCheck = subgroupCheck && _batchOpeningProof.H.IsInSubGroup()
-	if !subgroupCheck {
-		return errProofNotInG1
-	}
-
 	// derive the challenge gamma, binded to the point and the commitments
 	fs := fiatshamir.NewTranscript(fiatshamir.SHA256, "gamma")
 	err := fs.Bind("gamma", _batchOpeningProof.Point.Marshal())
@@ -451,7 +486,8 @@ func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpenin
 	var sumGammaiTimesDigestsG1Aff bw6761.G1Affine
 	_digests := make([]bw6761.G1Affine, len(digests))
 	for i := 0; i < len(digests); i++ {
-		_digests[i].Set(digests[i].(*bw6761.G1Affine))
+		_d := digests[i].(*Digest)
+		_digests[i].Set(&_d.data)
 	}
 
 	sumGammaiTimesDigestsG1Aff.MultiExp(_digests, gammai)
diff --git a/ecc/bw6-761/fr/polynomial/kzg/kzg_test.go b/ecc/bw6-761/fr/polynomial/kzg/kzg_test.go
index 374bd60f2..20c393ef0 100644
--- a/ecc/bw6-761/fr/polynomial/kzg/kzg_test.go
+++ b/ecc/bw6-761/fr/polynomial/kzg/kzg_test.go
@@ -129,7 +129,7 @@ func TestCommit(t *testing.T) {
 		t.Fatal(err)
 	}
 	var kzgCommit bw6761.G1Affine
-	kzgCommit.Set(_kzgCommit.(*bw6761.G1Affine))
+	kzgCommit.Unmarshal(_kzgCommit.Marshal())
 
 	// check commitment using manual commit
 	var x fr.Element
diff --git a/ecc/bw6-761/fr/polynomial/mockcommitment/mock.go b/ecc/bw6-761/fr/polynomial/mockcommitment/mock.go
index 3c0d43419..8971625e0 100644
--- a/ecc/bw6-761/fr/polynomial/mockcommitment/mock.go
+++ b/ecc/bw6-761/fr/polynomial/mockcommitment/mock.go
@@ -18,17 +18,79 @@ package mockcommitment
 
 import (
 	"io"
+	"math/big"
 
 	"github.com/consensys/gnark-crypto/ecc/bw6-761/fr"
 	bw6761 "github.com/consensys/gnark-crypto/ecc/bw6-761/fr/polynomial"
 	"github.com/consensys/gnark-crypto/polynomial"
 )
 
+// MockProof empty struct
+type MockProof struct {
+	Point        fr.Element
+	ClaimedValue fr.Element
+}
+
+func (mp *MockProof) Marshal() []byte {
+	panic("not implemented")
+}
+
+// MockBatchProofsSinglePoint empty struct
+type MockBatchProofsSinglePoint struct {
+	Point         fr.Element
+	ClaimedValues []fr.Element
+}
+
+func (mp *MockBatchProofsSinglePoint) Marshal() []byte {
+	panic("not implemented")
+}
+
 // Scheme mock commitment, useful for testing polynomial based IOP
 // like PLONK, where the scheme should not depend on which polynomial commitment scheme
 // is used.
 type Scheme struct{}
 
+// Digest commitment of a polynomials
+type Digest struct {
+	data fr.Element
+}
+
+// Marshal serializes the point as in bw6761.G1Affine.
+func (d *Digest) Marshal() []byte {
+	return d.data.Marshal()
+}
+
+// Marshal serializes the digest.
+func (d *Digest) Unmarshal(buf []byte) error {
+	d.data.SetBytes(buf)
+	return nil
+}
+
+// Add adds two digest.
+func (d *Digest) Add(d1, d2 polynomial.Digest) polynomial.Digest {
+	_d1 := d1.(*Digest)
+	_d2 := d2.(*Digest)
+	d.data.Add(&_d1.data, &_d2.data)
+	return d
+}
+
+// Sub adds two digest.
+func (d *Digest) Sub(d1, d2 polynomial.Digest) polynomial.Digest {
+	_d1 := d1.(*Digest)
+	_d2 := d2.(*Digest)
+	d.data.Sub(&_d1.data, &_d2.data)
+	return d
+}
+
+// Add adds two digest.
+func (d *Digest) ScalarMul(d1 polynomial.Digest, s big.Int) polynomial.Digest {
+	_d1 := d1.(*Digest)
+	var _s fr.Element
+	_s.SetBigInt(&s)
+	d.data.Mul(&d.data, &_d1.data)
+	return d
+}
+
 // WriteTo panics
 func (s *Scheme) WriteTo(w io.Writer) (n int64, err error) {
 	panic("not implemented")
@@ -42,8 +104,8 @@ func (s *Scheme) ReadFrom(r io.Reader) (n int64, err error) {
 // Commit returns the first coefficient of p
 func (s *Scheme) Commit(p polynomial.Polynomial) (polynomial.Digest, error) {
 	_p := p.(*bw6761.Polynomial)
-	var res fr.Element
-	res.SetInterface((*_p)[0])
+	var res Digest
+	res.data.SetInterface((*_p)[0])
 	return &res, nil
 }
 
diff --git a/ecc/bw6-761/fr/polynomial/mockcommitment/mock_test.go b/ecc/bw6-761/fr/polynomial/mockcommitment/mock_test.go
index cd19a42e5..52dbe3cbf 100644
--- a/ecc/bw6-761/fr/polynomial/mockcommitment/mock_test.go
+++ b/ecc/bw6-761/fr/polynomial/mockcommitment/mock_test.go
@@ -40,7 +40,7 @@ func TestCommit(t *testing.T) {
 	}
 
 	var _c fr.Element
-	_c.SetInterface(c)
+	_c.SetInterface(c.Marshal())
 
 	if !_c.Equal(&f[0]) {
 		t.Fatal("err mock commitment (commit)")
diff --git a/ecc/bw6-761/fr/polynomial/mockcommitment/proof.go b/ecc/bw6-761/fr/polynomial/mockcommitment/proof.go
deleted file mode 100644
index 5ac2d6e36..000000000
--- a/ecc/bw6-761/fr/polynomial/mockcommitment/proof.go
+++ /dev/null
@@ -1,29 +0,0 @@
-// Copyright 2020 ConsenSys Software Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Code generated by consensys/gnark-crypto DO NOT EDIT
-
-package mockcommitment
-
-import "github.com/consensys/gnark-crypto/ecc/bw6-761/fr"
-
-// MockProof empty struct
-type MockProof struct {
-	Point        fr.Element
-	ClaimedValue fr.Element
-}
-
-func (mp *MockProof) Marshal() []byte {
-	panic("not implemented")
-}
diff --git a/ecc/bw6-761/fr/polynomial/mockcommitment/proof_single_point.go b/ecc/bw6-761/fr/polynomial/mockcommitment/proof_single_point.go
deleted file mode 100644
index fc1ddc2b2..000000000
--- a/ecc/bw6-761/fr/polynomial/mockcommitment/proof_single_point.go
+++ /dev/null
@@ -1,29 +0,0 @@
-// Copyright 2020 ConsenSys Software Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Code generated by consensys/gnark-crypto DO NOT EDIT
-
-package mockcommitment
-
-import "github.com/consensys/gnark-crypto/ecc/bw6-761/fr"
-
-// MockBatchProofsSinglePoint empty struct
-type MockBatchProofsSinglePoint struct {
-	Point         fr.Element
-	ClaimedValues []fr.Element
-}
-
-func (mp *MockBatchProofsSinglePoint) Marshal() []byte {
-	panic("not implemented")
-}
diff --git a/internal/generator/polynomial/generate.go b/internal/generator/polynomial/generate.go
index 5f19aaba6..9f410a65b 100644
--- a/internal/generator/polynomial/generate.go
+++ b/internal/generator/polynomial/generate.go
@@ -23,8 +23,6 @@ func Generate(conf config.Curve, baseDir string, bgen *bavard.BatchGenerator) er
 	conf.Package = "mockcommitment"
 	entries = []bavard.Entry{
 		{File: filepath.Join(baseDir, "mockcommitment", "doc.go"), Templates: []string{"commitment_mock/doc.go.tmpl"}},
-		{File: filepath.Join(baseDir, "mockcommitment", "proof.go"), Templates: []string{"commitment_mock/proof.go.tmpl"}},
-		{File: filepath.Join(baseDir, "mockcommitment", "proof_single_point.go"), Templates: []string{"commitment_mock/proof.single.point.go.tmpl"}},
 		{File: filepath.Join(baseDir, "mockcommitment", "mock.go"), Templates: []string{"commitment_mock/mock.go.tmpl"}},
 		{File: filepath.Join(baseDir, "mockcommitment", "mock_test.go"), Templates: []string{"commitment_mock/mock.test.go.tmpl"}},
 	}
diff --git a/internal/generator/polynomial/template/commitment_kzg/kzg.go.tmpl b/internal/generator/polynomial/template/commitment_kzg/kzg.go.tmpl
index e707efcbc..c7c1cd6fb 100644
--- a/internal/generator/polynomial/template/commitment_kzg/kzg.go.tmpl
+++ b/internal/generator/polynomial/template/commitment_kzg/kzg.go.tmpl
@@ -15,12 +15,12 @@ import (
 var (
 	errNbDigestsNeqNbPolynomials = errors.New("number of digests is not the same as the number of polynomials")
 	errUnsupportedSize           = errors.New("the size of the polynomials exceeds the capacity of the SRS")
-	errDigestNotInG1             = errors.New("the digest is not in G1")
-	errProofNotInG1              = errors.New("the proof is not in G1")
 )
 
-// Digest commitment of a polynomial
-type Digest = {{ .CurvePackage }}.G1Affine
+// Digest commitment of a polynomial.
+type Digest struct {
+	data {{ .CurvePackage }}.G1Affine
+}
 
 // Scheme stores KZG data
 type Scheme struct {
@@ -35,7 +35,6 @@ type Scheme struct {
 	}
 }
 
-
 // Proof KZG proof for opening at a single point.
 type Proof struct {
 
@@ -81,11 +80,62 @@ func NewScheme(size int, alpha fr.Element) *Scheme {
 	return s
 }
 
+// Marshal serializes the point as in {{ .CurvePackage }}.G1Affine.
+func (d *Digest) Marshal() []byte {
+	return d.data.Marshal()
+}
+
+// Marshal serializes the point as in {{ .CurvePackage }}.G1Affine.
+func (d *Digest) Unmarshal(buf []byte) error {
+	err := d.data.Unmarshal(buf)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+// Add adds two digest. The API and behaviour mimics {{ .CurvePackage }}.G1Affine's,
+// i.e. the caller is modified.
+func (d *Digest) Add(d1, d2 polynomial.Digest) polynomial.Digest {
+	_d1 := d1.(*Digest)
+	_d2 := d2.(*Digest)
+	var p1, p2 {{ .CurvePackage }}.G1Jac
+	p1.FromAffine(&_d1.data)
+	p2.FromAffine(&_d2.data)
+	p1.AddAssign(&p2)
+	d.data.FromJacobian(&p1)
+	return d
+}
+
+// Sub adds two digest. The API and behaviour mimics {{ .CurvePackage }}.G1Affine's,
+// i.e. the caller is modified.
+func (d *Digest) Sub(d1, d2 polynomial.Digest) polynomial.Digest {
+	_d1 := d1.(*Digest)
+	_d2 := d2.(*Digest)
+	var p1, p2 {{ .CurvePackage }}.G1Jac
+	p1.FromAffine(&_d1.data)
+	p2.FromAffine(&_d2.data)
+	p1.SubAssign(&p2)
+	d.data.FromJacobian(&p1)
+	return d
+}
+
+// Add adds two digest. The API and behaviour mimics {{ .CurvePackage }}.G1Affine's,
+// i.e. the caller is modified.
+func (d *Digest) ScalarMul(d1 polynomial.Digest, s big.Int) polynomial.Digest {
+	_d1 := d1.(*Digest)
+	var p1 {{ .CurvePackage }}.G1Affine
+	p1.Set(&_d1.data)
+	p1.ScalarMultiplication(&p1, &s)
+	d.data.Set(&p1)
+	return d
+}
+
 // Marshal serializes a proof as H||point||claimed_value.
 // The point H is not compressed.
 func (p *Proof) Marshal() []byte {
 
-	var res [4*fr.Bytes]byte
+	var res [4 * fr.Bytes]byte
 
 	bH := p.H.RawBytes()
 	copy(res[:], bH[:])
@@ -199,7 +249,7 @@ func (s *Scheme) Commit(p polynomial.Polynomial) (polynomial.Digest, error) {
 		return nil, errUnsupportedSize
 	}
 
-	var res Digest
+	var _res {{ .CurvePackage }}.G1Affine
 	_p := p.(*{{ .CurvePackage }}_pol.Polynomial)
 
 	// ensure we don't modify p
@@ -211,7 +261,10 @@ func (s *Scheme) Commit(p polynomial.Polynomial) (polynomial.Digest, error) {
 			pCopy[i].FromMont()
 		}
 	})
-	res.MultiExp(s.SRS.G1, pCopy)
+	_res.MultiExp(s.SRS.G1, pCopy)
+
+	var res Digest
+	res.data.Set(&_res)
 
 	return &res, nil
 }
@@ -239,27 +292,20 @@ func (s *Scheme) Open(point interface{}, p polynomial.Polynomial) (polynomial.Op
 	if err != nil {
 		return nil, err
 	}
-	res.H.Set(c.(*{{ .CurvePackage }}.G1Affine))
+	_c := c.(*Digest)
+	res.H.Set(&_c.data)
 
 	return &res, nil
 }
 
 // Verify verifies a KZG opening proof at a single point
-func (s *Scheme) Verify(commitment polynomial.Digest, proof polynomial.OpeningProof) error {
+func (s *Scheme) Verify(d polynomial.Digest, proof polynomial.OpeningProof) error {
 
-	_commitment := commitment.(*{{ .CurvePackage }}.G1Affine)
+	_d := d.(*Digest)
+	var _commitment {{ .CurvePackage }}.G1Affine
+	_commitment.Set(&_d.data)
 	_proof := proof.(*Proof)
 
-	// verify that the committed quotient and the commitment are in the correct subgroup
-	subgroupCheck := _proof.H.IsInSubGroup()
-	if !subgroupCheck {
-		return errProofNotInG1
-	}
-	subgroupCheck = _commitment.IsInSubGroup()
-	if !subgroupCheck {
-		return errDigestNotInG1
-	}	
-
 	// comm(f(a))
 	var claimedValueG1Aff {{ .CurvePackage }}.G1Affine
 	var claimedValueBigInt big.Int
@@ -268,7 +314,7 @@ func (s *Scheme) Verify(commitment polynomial.Digest, proof polynomial.OpeningPr
 
 	// [f(alpha) - f(a)]G1Jac
 	var fminusfaG1Jac, tmpG1Jac {{ .CurvePackage }}.G1Jac
-	fminusfaG1Jac.FromAffine(_commitment)
+	fminusfaG1Jac.FromAffine(&_commitment)
 	tmpG1Jac.FromAffine(&claimedValueG1Aff)
 	fminusfaG1Jac.SubAssign(&tmpG1Jac)
 
@@ -362,7 +408,9 @@ func (s *Scheme) BatchOpenSinglePoint(point interface{}, digests []polynomial.Di
 	if err != nil {
 		return nil, err
 	}
-	res.H.Set(c.(*{{ .CurvePackage }}.G1Affine))
+
+	_c := c.(*Digest)
+	res.H.Set(&_c.data)
 
 	return &res, nil
 }
@@ -378,20 +426,6 @@ func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpenin
 		return errNbDigestsNeqNbPolynomials
 	}
 
-	// subgroup checks for digests and the proof
-	subgroupCheck := true
-	for i := 0; i < len(digests); i++ {
-		_digest := digests[i].(*{{ .CurvePackage }}.G1Affine)
-		subgroupCheck = subgroupCheck && _digest.IsInSubGroup()
-	}
-	if !subgroupCheck {
-		return errDigestNotInG1
-	}
-	subgroupCheck = subgroupCheck && _batchOpeningProof.H.IsInSubGroup()
-	if !subgroupCheck {
-		return errProofNotInG1
-	}
-
 	// derive the challenge gamma, binded to the point and the commitments
 	fs := fiatshamir.NewTranscript(fiatshamir.SHA256, "gamma")
 	err := fs.Bind("gamma", _batchOpeningProof.Point.Marshal())
@@ -434,7 +468,8 @@ func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpenin
 	var sumGammaiTimesDigestsG1Aff {{ .CurvePackage }}.G1Affine
 	_digests := make([]{{ .CurvePackage }}.G1Affine, len(digests))
 	for i := 0; i < len(digests); i++ {
-		_digests[i].Set(digests[i].(*{{ .CurvePackage }}.G1Affine))
+		_d := digests[i].(*Digest)
+		_digests[i].Set(&_d.data)
 	}
 
 	sumGammaiTimesDigestsG1Aff.MultiExp(_digests, gammai)
diff --git a/internal/generator/polynomial/template/commitment_kzg/kzg.test.go.tmpl b/internal/generator/polynomial/template/commitment_kzg/kzg.test.go.tmpl
index dc16bcf4e..e071dd64f 100644
--- a/internal/generator/polynomial/template/commitment_kzg/kzg.test.go.tmpl
+++ b/internal/generator/polynomial/template/commitment_kzg/kzg.test.go.tmpl
@@ -11,15 +11,13 @@ import (
 	"github.com/consensys/gnark-crypto/polynomial"
 )
 
-
-var _alphaSetup fr.Element 
+var _alphaSetup fr.Element
 
 func init() {
 	//_alphaSetup.SetRandom()
 	_alphaSetup.SetString("1234")
 }
 
-
 func randomPolynomial(size int) {{ .CurvePackage }}_pol.Polynomial {
 	f := make({{ .CurvePackage }}_pol.Polynomial, size)
 	for i := 0; i < size; i++ {
@@ -55,12 +53,12 @@ func TestDividePolyByXminusA(t *testing.T) {
 	// probabilistic test (using Schwartz Zippel lemma, evaluation at one point is enough)
 	var randPoint, xminusa fr.Element
 	randPoint.SetRandom()
-	
+
 	polRandpoint := pol.Eval(&randPoint).(fr.Element)
 	polRandpoint.Sub(&polRandpoint, &evaluation) // f(rand)-f(point)
-	
+
 	hRandPoint := h.Eval(&randPoint).(fr.Element)
-	xminusa.Sub(&randPoint, &point)  // rand-point
+	xminusa.Sub(&randPoint, &point) // rand-point
 
 	// f(rand)-f(point)	==? h(rand)*(rand-point)
 	hRandPoint.Mul(&hRandPoint, &xminusa)
@@ -113,10 +111,10 @@ func TestCommit(t *testing.T) {
 		t.Fatal(err)
 	}
 	var kzgCommit {{ .CurvePackage }}.G1Affine
-	kzgCommit.Set(_kzgCommit.(*{{ .CurvePackage }}.G1Affine))
+	kzgCommit.Unmarshal(_kzgCommit.Marshal())
 
 	// check commitment using manual commit
-	var x  fr.Element
+	var x fr.Element
 	x.SetString("1234")
 	fx := f.Eval(&x).(fr.Element)
 	var fxbi big.Int
@@ -132,8 +130,6 @@ func TestCommit(t *testing.T) {
 
 }
 
-
-
 func TestVerifySinglePoint(t *testing.T) {
 
 	// create a KZG scheme
@@ -239,7 +235,7 @@ func BenchmarkKZGCommit(b *testing.B) {
 	p := randomPolynomial(benchSize / 2)
 
 	b.ResetTimer()
-	for i:=0;i<b.N;i++ {
+	for i := 0; i < b.N; i++ {
 		_, _ = s.Commit(&p)
 	}
 }
@@ -250,11 +246,11 @@ func BenchmarkKZGOpen(b *testing.B) {
 
 	// random polynomial
 	p := randomPolynomial(benchSize / 2)
-	var r fr.Element 
+	var r fr.Element
 	r.SetRandom()
 
 	b.ResetTimer()
-	for i:=0;i<b.N;i++ {
+	for i := 0; i < b.N; i++ {
 		_, _ = s.Open(r, &p)
 	}
 }
@@ -265,10 +261,10 @@ func BenchmarkKZGVerify(b *testing.B) {
 
 	// random polynomial
 	p := randomPolynomial(benchSize / 2)
-	var r fr.Element 
+	var r fr.Element
 	r.SetRandom()
 
-	// commit 
+	// commit
 	comm, err := s.Commit(&p)
 	if err != nil {
 		b.Fatal(err)
@@ -281,7 +277,7 @@ func BenchmarkKZGVerify(b *testing.B) {
 	}
 
 	b.ResetTimer()
-	for i:=0;i<b.N;i++ {
+	for i := 0; i < b.N; i++ {
 		s.Verify(comm, openingProof)
 	}
 }
@@ -292,56 +288,53 @@ func BenchmarkKZGBatchOpen10(b *testing.B) {
 
 	// 10 random polynomials
 	var ps [10]polynomial.Polynomial
-	for i:=0; i<10; i++ {
+	for i := 0; i < 10; i++ {
 		_p := randomPolynomial(benchSize / 2)
 		ps[i] = &_p
 	}
 
 	// commitments
 	var commitments [10]polynomial.Digest
-	for i:=0; i<10; i++ {
+	for i := 0; i < 10; i++ {
 		commitments[i], _ = s.Commit(ps[i])
 	}
 
-	var r fr.Element 
+	var r fr.Element
 	r.SetRandom()
 
-
 	b.ResetTimer()
-	for i:=0;i<b.N;i++ {
-		s.BatchOpenSinglePoint(r, commitments[:], ps[:]) 
+	for i := 0; i < b.N; i++ {
+		s.BatchOpenSinglePoint(r, commitments[:], ps[:])
 	}
 }
 
-
 func BenchmarkKZGBatchVerify10(b *testing.B) {
 	// kzg scheme
 	s := NewScheme(benchSize, _alphaSetup)
 
 	// 10 random polynomials
 	var ps [10]polynomial.Polynomial
-	for i:=0; i<10; i++ {
+	for i := 0; i < 10; i++ {
 		_p := randomPolynomial(benchSize / 2)
 		ps[i] = &_p
 	}
 
 	// commitments
 	var commitments [10]polynomial.Digest
-	for i:=0; i<10; i++ {
+	for i := 0; i < 10; i++ {
 		commitments[i], _ = s.Commit(ps[i])
 	}
 
-	var r fr.Element 
+	var r fr.Element
 	r.SetRandom()
 
-
-	proof, err := s.BatchOpenSinglePoint(r, commitments[:], ps[:]) 
+	proof, err := s.BatchOpenSinglePoint(r, commitments[:], ps[:])
 	if err != nil {
 		b.Fatal(err)
 	}
 
 	b.ResetTimer()
-	for i:=0;i<b.N;i++ {
+	for i := 0; i < b.N; i++ {
 		s.BatchVerifySinglePoint(commitments[:], proof)
 	}
-}
\ No newline at end of file
+}
diff --git a/internal/generator/polynomial/template/commitment_mock/mock.go.tmpl b/internal/generator/polynomial/template/commitment_mock/mock.go.tmpl
index 5bebe0a0b..99573053b 100644
--- a/internal/generator/polynomial/template/commitment_mock/mock.go.tmpl
+++ b/internal/generator/polynomial/template/commitment_mock/mock.go.tmpl
@@ -1,16 +1,78 @@
 import (
 	"io"
+	"math/big"
 
+	"github.com/consensys/gnark-crypto/ecc/{{ .Name }}/fr"
+	{{ .CurvePackage }} "github.com/consensys/gnark-crypto/ecc/{{ .Name }}/fr/polynomial"
 	"github.com/consensys/gnark-crypto/polynomial"
-	"github.com/consensys/gnark-crypto/ecc/{{.Name}}/fr"
-	{{toLower .CurvePackage}} "github.com/consensys/gnark-crypto/ecc/{{.Name}}/fr/polynomial"
 )
 
+// MockProof empty struct
+type MockProof struct {
+	Point        fr.Element
+	ClaimedValue fr.Element
+}
+
+func (mp *MockProof) Marshal() []byte {
+	panic("not implemented")
+}
+
+// MockBatchProofsSinglePoint empty struct
+type MockBatchProofsSinglePoint struct {
+	Point         fr.Element
+	ClaimedValues []fr.Element
+}
+
+func (mp *MockBatchProofsSinglePoint) Marshal() []byte {
+	panic("not implemented")
+}
+
 // Scheme mock commitment, useful for testing polynomial based IOP
 // like PLONK, where the scheme should not depend on which polynomial commitment scheme
 // is used.
 type Scheme struct{}
 
+// Digest commitment of a polynomials
+type Digest struct {
+	data fr.Element
+}
+
+// Marshal serializes the point as in {{ .CurvePackage}}.G1Affine.
+func (d *Digest) Marshal() []byte {
+	return d.data.Marshal()
+}
+
+// Marshal serializes the digest.	
+func (d *Digest) Unmarshal(buf []byte) error {
+	d.data.SetBytes(buf)
+	return nil
+}
+
+// Add adds two digest.
+func (d *Digest) Add(d1, d2 polynomial.Digest) polynomial.Digest {
+	_d1 := d1.(*Digest)
+	_d2 := d2.(*Digest)
+	d.data.Add(&_d1.data, &_d2.data)
+	return d
+}
+
+// Sub adds two digest.
+func (d *Digest) Sub(d1, d2 polynomial.Digest) polynomial.Digest {
+	_d1 := d1.(*Digest)
+	_d2 := d2.(*Digest)
+	d.data.Sub(&_d1.data, &_d2.data)
+	return d
+}
+
+// Add adds two digest.
+func (d *Digest) ScalarMul(d1 polynomial.Digest, s big.Int) polynomial.Digest {
+	_d1 := d1.(*Digest)
+	var _s fr.Element
+	_s.SetBigInt(&s)
+	d.data.Mul(&d.data, &_d1.data)
+	return d
+}
+
 // WriteTo panics
 func (s *Scheme) WriteTo(w io.Writer) (n int64, err error) {
 	panic("not implemented")
@@ -23,9 +85,9 @@ func (s *Scheme) ReadFrom(r io.Reader) (n int64, err error) {
 
 // Commit returns the first coefficient of p
 func (s *Scheme) Commit(p polynomial.Polynomial) (polynomial.Digest, error) {
-	_p := p.(*{{ .CurvePackage }}.Polynomial)
-	var res fr.Element
-	res.SetInterface((*_p)[0])
+	_p := p.(*{{ .CurvePackage}}.Polynomial)
+	var res Digest
+	res.data.SetInterface((*_p)[0])
 	return &res, nil
 }
 
@@ -64,4 +126,4 @@ func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpenin
 
 	return nil
 
-}
\ No newline at end of file
+}
diff --git a/internal/generator/polynomial/template/commitment_mock/mock.test.go.tmpl b/internal/generator/polynomial/template/commitment_mock/mock.test.go.tmpl
index c38608954..50114054f 100644
--- a/internal/generator/polynomial/template/commitment_mock/mock.test.go.tmpl
+++ b/internal/generator/polynomial/template/commitment_mock/mock.test.go.tmpl
@@ -22,7 +22,7 @@ func TestCommit(t *testing.T) {
 	}
 
 	var _c fr.Element
-	_c.SetInterface(c)
+	_c.SetInterface(c.Marshal())
 
 	if !_c.Equal(&f[0]) {
 		t.Fatal("err mock commitment (commit)")
diff --git a/internal/generator/polynomial/template/commitment_mock/proof.go.tmpl b/internal/generator/polynomial/template/commitment_mock/proof.go.tmpl
deleted file mode 100644
index 7e5e1fc94..000000000
--- a/internal/generator/polynomial/template/commitment_mock/proof.go.tmpl
+++ /dev/null
@@ -1,12 +0,0 @@
-import "github.com/consensys/gnark-crypto/ecc/{{ .Name }}/fr"
-
-// MockProof empty struct
-type MockProof struct {
-	Point        fr.Element
-	ClaimedValue fr.Element
-}
-
-func (mp *MockProof) Marshal() []byte {
-	panic("not implemented")
-}
-
diff --git a/internal/generator/polynomial/template/commitment_mock/proof.single.point.go.tmpl b/internal/generator/polynomial/template/commitment_mock/proof.single.point.go.tmpl
deleted file mode 100644
index 7b8862d48..000000000
--- a/internal/generator/polynomial/template/commitment_mock/proof.single.point.go.tmpl
+++ /dev/null
@@ -1,11 +0,0 @@
-import "github.com/consensys/gnark-crypto/ecc/{{ .Name }}/fr"
-
-// MockBatchProofsSinglePoint empty struct
-type MockBatchProofsSinglePoint struct {
-	Point         fr.Element
-	ClaimedValues []fr.Element
-}
-
-func (mp *MockBatchProofsSinglePoint) Marshal() []byte {
-	panic("not implemented")
-}
\ No newline at end of file
diff --git a/polynomial/commitment.go b/polynomial/commitment.go
index c342f778b..504e7472a 100644
--- a/polynomial/commitment.go
+++ b/polynomial/commitment.go
@@ -18,6 +18,7 @@ package polynomial
 import (
 	"errors"
 	"io"
+	"math/big"
 )
 
 var (
@@ -25,9 +26,14 @@ var (
 	ErrVerifyBatchOpeningSinglePoint = errors.New("error verifying batch opening proof at single point")
 )
 
-// Digest interface that a polynomial commitment should implement
+// Digest interface that an additively homomorphic
+// polynomial commitment should implement.
 type Digest interface {
+	Add(d1, d2 Digest) Digest
+	Sub(d1, d2 Digest) Digest
+	ScalarMul(d Digest, s big.Int) Digest
 	Marshal() []byte
+	Unmarshal(buf []byte) error
 }
 
 // OpeningProof interface that an opening proof

From 2e966f0ca42a4a1bb9eb31bd73cad474323d3c9c Mon Sep 17 00:00:00 2001
From: Thomas Piellard <thomas.piellard@consensys.net>
Date: Tue, 8 Jun 2021 19:41:43 +0200
Subject: [PATCH 02/13] feat: addition of methods GetClaimedValue(s) on opening
 proofs

---
 ecc/bls12-377/fr/polynomial/kzg/kzg.go            | 14 ++++++++++++++
 .../fr/polynomial/mockcommitment/mock.go          | 15 +++++++++++++++
 ecc/bls12-381/fr/polynomial/kzg/kzg.go            | 14 ++++++++++++++
 .../fr/polynomial/mockcommitment/mock.go          | 15 +++++++++++++++
 ecc/bn254/fr/polynomial/kzg/kzg.go                | 14 ++++++++++++++
 ecc/bn254/fr/polynomial/mockcommitment/mock.go    | 15 +++++++++++++++
 ecc/bw6-761/fr/polynomial/kzg/kzg.go              | 14 ++++++++++++++
 ecc/bw6-761/fr/polynomial/mockcommitment/mock.go  | 15 +++++++++++++++
 .../template/commitment_kzg/kzg.go.tmpl           | 14 ++++++++++++++
 .../template/commitment_mock/mock.go.tmpl         | 15 +++++++++++++++
 polynomial/commitment.go                          |  5 +++++
 11 files changed, 150 insertions(+)

diff --git a/ecc/bls12-377/fr/polynomial/kzg/kzg.go b/ecc/bls12-377/fr/polynomial/kzg/kzg.go
index 553493ecf..1379e7476 100644
--- a/ecc/bls12-377/fr/polynomial/kzg/kzg.go
+++ b/ecc/bls12-377/fr/polynomial/kzg/kzg.go
@@ -165,6 +165,11 @@ func (p *Proof) Marshal() []byte {
 	return res[:]
 }
 
+// GetClaimedValue returns the serialized claimed value.
+func (p *Proof) GetClaimedValue() []byte {
+	return p.ClaimedValue.Marshal()
+}
+
 type BatchProofsSinglePoint struct {
 	// Point at which the polynomials are evaluated
 	Point fr.Element
@@ -196,7 +201,16 @@ func (p *BatchProofsSinglePoint) Marshal() []byte {
 	}
 
 	return res
+}
 
+// GetClaimedValues returns a slice of the claimed values,
+// serialized.
+func (p *BatchProofsSinglePoint) GetClaimedValues() [][]byte {
+	res := make([][]byte, len(p.ClaimedValues))
+	for i := 0; i < len(p.ClaimedValues); i++ {
+		res[i] = p.ClaimedValues[i].Marshal()
+	}
+	return res
 }
 
 // WriteTo writes binary encoding of the scheme data.
diff --git a/ecc/bls12-377/fr/polynomial/mockcommitment/mock.go b/ecc/bls12-377/fr/polynomial/mockcommitment/mock.go
index 6d19b55a2..00bbd4348 100644
--- a/ecc/bls12-377/fr/polynomial/mockcommitment/mock.go
+++ b/ecc/bls12-377/fr/polynomial/mockcommitment/mock.go
@@ -35,6 +35,11 @@ func (mp *MockProof) Marshal() []byte {
 	panic("not implemented")
 }
 
+// GetClaimedValue returns the serialized claimed value.
+func (mp *MockProof) GetClaimedValue() []byte {
+	return mp.ClaimedValue.Marshal()
+}
+
 // MockBatchProofsSinglePoint empty struct
 type MockBatchProofsSinglePoint struct {
 	Point         fr.Element
@@ -45,6 +50,16 @@ func (mp *MockBatchProofsSinglePoint) Marshal() []byte {
 	panic("not implemented")
 }
 
+// GetClaimedValues returns a slice of the claimed values,
+// serialized.
+func (mp *MockBatchProofsSinglePoint) GetClaimedValues() [][]byte {
+	res := make([][]byte, len(mp.ClaimedValues))
+	for i := 0; i < len(mp.ClaimedValues); i++ {
+		res[i] = mp.ClaimedValues[i].Marshal()
+	}
+	return res
+}
+
 // Scheme mock commitment, useful for testing polynomial based IOP
 // like PLONK, where the scheme should not depend on which polynomial commitment scheme
 // is used.
diff --git a/ecc/bls12-381/fr/polynomial/kzg/kzg.go b/ecc/bls12-381/fr/polynomial/kzg/kzg.go
index 132a3ec02..15ae74ecc 100644
--- a/ecc/bls12-381/fr/polynomial/kzg/kzg.go
+++ b/ecc/bls12-381/fr/polynomial/kzg/kzg.go
@@ -165,6 +165,11 @@ func (p *Proof) Marshal() []byte {
 	return res[:]
 }
 
+// GetClaimedValue returns the serialized claimed value.
+func (p *Proof) GetClaimedValue() []byte {
+	return p.ClaimedValue.Marshal()
+}
+
 type BatchProofsSinglePoint struct {
 	// Point at which the polynomials are evaluated
 	Point fr.Element
@@ -196,7 +201,16 @@ func (p *BatchProofsSinglePoint) Marshal() []byte {
 	}
 
 	return res
+}
 
+// GetClaimedValues returns a slice of the claimed values,
+// serialized.
+func (p *BatchProofsSinglePoint) GetClaimedValues() [][]byte {
+	res := make([][]byte, len(p.ClaimedValues))
+	for i := 0; i < len(p.ClaimedValues); i++ {
+		res[i] = p.ClaimedValues[i].Marshal()
+	}
+	return res
 }
 
 // WriteTo writes binary encoding of the scheme data.
diff --git a/ecc/bls12-381/fr/polynomial/mockcommitment/mock.go b/ecc/bls12-381/fr/polynomial/mockcommitment/mock.go
index 41a3dbbf2..2e5d781bb 100644
--- a/ecc/bls12-381/fr/polynomial/mockcommitment/mock.go
+++ b/ecc/bls12-381/fr/polynomial/mockcommitment/mock.go
@@ -35,6 +35,11 @@ func (mp *MockProof) Marshal() []byte {
 	panic("not implemented")
 }
 
+// GetClaimedValue returns the serialized claimed value.
+func (mp *MockProof) GetClaimedValue() []byte {
+	return mp.ClaimedValue.Marshal()
+}
+
 // MockBatchProofsSinglePoint empty struct
 type MockBatchProofsSinglePoint struct {
 	Point         fr.Element
@@ -45,6 +50,16 @@ func (mp *MockBatchProofsSinglePoint) Marshal() []byte {
 	panic("not implemented")
 }
 
+// GetClaimedValues returns a slice of the claimed values,
+// serialized.
+func (mp *MockBatchProofsSinglePoint) GetClaimedValues() [][]byte {
+	res := make([][]byte, len(mp.ClaimedValues))
+	for i := 0; i < len(mp.ClaimedValues); i++ {
+		res[i] = mp.ClaimedValues[i].Marshal()
+	}
+	return res
+}
+
 // Scheme mock commitment, useful for testing polynomial based IOP
 // like PLONK, where the scheme should not depend on which polynomial commitment scheme
 // is used.
diff --git a/ecc/bn254/fr/polynomial/kzg/kzg.go b/ecc/bn254/fr/polynomial/kzg/kzg.go
index d3af2794a..9ea108a40 100644
--- a/ecc/bn254/fr/polynomial/kzg/kzg.go
+++ b/ecc/bn254/fr/polynomial/kzg/kzg.go
@@ -165,6 +165,11 @@ func (p *Proof) Marshal() []byte {
 	return res[:]
 }
 
+// GetClaimedValue returns the serialized claimed value.
+func (p *Proof) GetClaimedValue() []byte {
+	return p.ClaimedValue.Marshal()
+}
+
 type BatchProofsSinglePoint struct {
 	// Point at which the polynomials are evaluated
 	Point fr.Element
@@ -196,7 +201,16 @@ func (p *BatchProofsSinglePoint) Marshal() []byte {
 	}
 
 	return res
+}
 
+// GetClaimedValues returns a slice of the claimed values,
+// serialized.
+func (p *BatchProofsSinglePoint) GetClaimedValues() [][]byte {
+	res := make([][]byte, len(p.ClaimedValues))
+	for i := 0; i < len(p.ClaimedValues); i++ {
+		res[i] = p.ClaimedValues[i].Marshal()
+	}
+	return res
 }
 
 // WriteTo writes binary encoding of the scheme data.
diff --git a/ecc/bn254/fr/polynomial/mockcommitment/mock.go b/ecc/bn254/fr/polynomial/mockcommitment/mock.go
index 64bd673da..2c629320f 100644
--- a/ecc/bn254/fr/polynomial/mockcommitment/mock.go
+++ b/ecc/bn254/fr/polynomial/mockcommitment/mock.go
@@ -35,6 +35,11 @@ func (mp *MockProof) Marshal() []byte {
 	panic("not implemented")
 }
 
+// GetClaimedValue returns the serialized claimed value.
+func (mp *MockProof) GetClaimedValue() []byte {
+	return mp.ClaimedValue.Marshal()
+}
+
 // MockBatchProofsSinglePoint empty struct
 type MockBatchProofsSinglePoint struct {
 	Point         fr.Element
@@ -45,6 +50,16 @@ func (mp *MockBatchProofsSinglePoint) Marshal() []byte {
 	panic("not implemented")
 }
 
+// GetClaimedValues returns a slice of the claimed values,
+// serialized.
+func (mp *MockBatchProofsSinglePoint) GetClaimedValues() [][]byte {
+	res := make([][]byte, len(mp.ClaimedValues))
+	for i := 0; i < len(mp.ClaimedValues); i++ {
+		res[i] = mp.ClaimedValues[i].Marshal()
+	}
+	return res
+}
+
 // Scheme mock commitment, useful for testing polynomial based IOP
 // like PLONK, where the scheme should not depend on which polynomial commitment scheme
 // is used.
diff --git a/ecc/bw6-761/fr/polynomial/kzg/kzg.go b/ecc/bw6-761/fr/polynomial/kzg/kzg.go
index 644060cdc..f2d6417a1 100644
--- a/ecc/bw6-761/fr/polynomial/kzg/kzg.go
+++ b/ecc/bw6-761/fr/polynomial/kzg/kzg.go
@@ -165,6 +165,11 @@ func (p *Proof) Marshal() []byte {
 	return res[:]
 }
 
+// GetClaimedValue returns the serialized claimed value.
+func (p *Proof) GetClaimedValue() []byte {
+	return p.ClaimedValue.Marshal()
+}
+
 type BatchProofsSinglePoint struct {
 	// Point at which the polynomials are evaluated
 	Point fr.Element
@@ -196,7 +201,16 @@ func (p *BatchProofsSinglePoint) Marshal() []byte {
 	}
 
 	return res
+}
 
+// GetClaimedValues returns a slice of the claimed values,
+// serialized.
+func (p *BatchProofsSinglePoint) GetClaimedValues() [][]byte {
+	res := make([][]byte, len(p.ClaimedValues))
+	for i := 0; i < len(p.ClaimedValues); i++ {
+		res[i] = p.ClaimedValues[i].Marshal()
+	}
+	return res
 }
 
 // WriteTo writes binary encoding of the scheme data.
diff --git a/ecc/bw6-761/fr/polynomial/mockcommitment/mock.go b/ecc/bw6-761/fr/polynomial/mockcommitment/mock.go
index 8971625e0..93f8290b7 100644
--- a/ecc/bw6-761/fr/polynomial/mockcommitment/mock.go
+++ b/ecc/bw6-761/fr/polynomial/mockcommitment/mock.go
@@ -35,6 +35,11 @@ func (mp *MockProof) Marshal() []byte {
 	panic("not implemented")
 }
 
+// GetClaimedValue returns the serialized claimed value.
+func (mp *MockProof) GetClaimedValue() []byte {
+	return mp.ClaimedValue.Marshal()
+}
+
 // MockBatchProofsSinglePoint empty struct
 type MockBatchProofsSinglePoint struct {
 	Point         fr.Element
@@ -45,6 +50,16 @@ func (mp *MockBatchProofsSinglePoint) Marshal() []byte {
 	panic("not implemented")
 }
 
+// GetClaimedValues returns a slice of the claimed values,
+// serialized.
+func (mp *MockBatchProofsSinglePoint) GetClaimedValues() [][]byte {
+	res := make([][]byte, len(mp.ClaimedValues))
+	for i := 0; i < len(mp.ClaimedValues); i++ {
+		res[i] = mp.ClaimedValues[i].Marshal()
+	}
+	return res
+}
+
 // Scheme mock commitment, useful for testing polynomial based IOP
 // like PLONK, where the scheme should not depend on which polynomial commitment scheme
 // is used.
diff --git a/internal/generator/polynomial/template/commitment_kzg/kzg.go.tmpl b/internal/generator/polynomial/template/commitment_kzg/kzg.go.tmpl
index c7c1cd6fb..486b93790 100644
--- a/internal/generator/polynomial/template/commitment_kzg/kzg.go.tmpl
+++ b/internal/generator/polynomial/template/commitment_kzg/kzg.go.tmpl
@@ -147,6 +147,11 @@ func (p *Proof) Marshal() []byte {
 	return res[:]
 }
 
+// GetClaimedValue returns the serialized claimed value.
+func (p *Proof) GetClaimedValue() []byte {
+	return p.ClaimedValue.Marshal()
+}
+
 type BatchProofsSinglePoint struct {
 	// Point at which the polynomials are evaluated
 	Point fr.Element
@@ -178,7 +183,16 @@ func (p *BatchProofsSinglePoint) Marshal() []byte {
 	}
 
 	return res
+}
 
+// GetClaimedValues returns a slice of the claimed values,
+// serialized.
+func (p *BatchProofsSinglePoint) GetClaimedValues() [][]byte {
+	res := make([][]byte, len(p.ClaimedValues))
+	for i := 0; i < len(p.ClaimedValues); i++ {
+		res[i] = p.ClaimedValues[i].Marshal()
+	}
+	return res
 }
 
 // WriteTo writes binary encoding of the scheme data.
diff --git a/internal/generator/polynomial/template/commitment_mock/mock.go.tmpl b/internal/generator/polynomial/template/commitment_mock/mock.go.tmpl
index 99573053b..d0d049adb 100644
--- a/internal/generator/polynomial/template/commitment_mock/mock.go.tmpl
+++ b/internal/generator/polynomial/template/commitment_mock/mock.go.tmpl
@@ -17,6 +17,11 @@ func (mp *MockProof) Marshal() []byte {
 	panic("not implemented")
 }
 
+// GetClaimedValue returns the serialized claimed value.
+func (mp *MockProof) GetClaimedValue() []byte {
+	return mp.ClaimedValue.Marshal()
+}
+
 // MockBatchProofsSinglePoint empty struct
 type MockBatchProofsSinglePoint struct {
 	Point         fr.Element
@@ -27,6 +32,16 @@ func (mp *MockBatchProofsSinglePoint) Marshal() []byte {
 	panic("not implemented")
 }
 
+// GetClaimedValues returns a slice of the claimed values,
+// serialized.
+func (mp *MockBatchProofsSinglePoint) GetClaimedValues() [][]byte {
+	res := make([][]byte, len(mp.ClaimedValues))
+	for i := 0; i < len(mp.ClaimedValues); i++ {
+		res[i] = mp.ClaimedValues[i].Marshal()
+	}
+	return res
+}
+
 // Scheme mock commitment, useful for testing polynomial based IOP
 // like PLONK, where the scheme should not depend on which polynomial commitment scheme
 // is used.
diff --git a/polynomial/commitment.go b/polynomial/commitment.go
index 504e7472a..d2fdc1e72 100644
--- a/polynomial/commitment.go
+++ b/polynomial/commitment.go
@@ -40,12 +40,17 @@ type Digest interface {
 // should implement.
 type OpeningProof interface {
 	Marshal() []byte
+	GetClaimedValue() []byte
 }
 
 // BatchOpeningProofSinglePoint interface that a bacth opening proof (single point)
 // should implement.
 type BatchOpeningProofSinglePoint interface {
 	Marshal() []byte
+
+	// GetClaimedValues get the claimed values, in the order in which the polynomials
+	// are given in the opening proof.
+	GetClaimedValues() [][]byte
 }
 
 // CommitmentScheme interface for an additively homomorphic

From 6ff6d0771aed2eeb7ded63c4de49d13fdfadf4c6 Mon Sep 17 00:00:00 2001
From: Thomas Piellard <thomas.piellard@consensys.net>
Date: Fri, 11 Jun 2021 14:53:31 +0200
Subject: [PATCH 03/13] fix: mock Digest ScalarMul didn't modify the caller

---
 ecc/bls12-377/fr/polynomial/mockcommitment/mock.go              | 2 +-
 ecc/bls12-381/fr/polynomial/mockcommitment/mock.go              | 2 +-
 ecc/bn254/fr/polynomial/mockcommitment/mock.go                  | 2 +-
 ecc/bw6-761/fr/polynomial/mockcommitment/mock.go                | 2 +-
 .../generator/polynomial/template/commitment_mock/mock.go.tmpl  | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/ecc/bls12-377/fr/polynomial/mockcommitment/mock.go b/ecc/bls12-377/fr/polynomial/mockcommitment/mock.go
index 00bbd4348..a0cfbe834 100644
--- a/ecc/bls12-377/fr/polynomial/mockcommitment/mock.go
+++ b/ecc/bls12-377/fr/polynomial/mockcommitment/mock.go
@@ -102,7 +102,7 @@ func (d *Digest) ScalarMul(d1 polynomial.Digest, s big.Int) polynomial.Digest {
 	_d1 := d1.(*Digest)
 	var _s fr.Element
 	_s.SetBigInt(&s)
-	d.data.Mul(&d.data, &_d1.data)
+	d.data.Mul(&_s, &_d1.data)
 	return d
 }
 
diff --git a/ecc/bls12-381/fr/polynomial/mockcommitment/mock.go b/ecc/bls12-381/fr/polynomial/mockcommitment/mock.go
index 2e5d781bb..842faf3dc 100644
--- a/ecc/bls12-381/fr/polynomial/mockcommitment/mock.go
+++ b/ecc/bls12-381/fr/polynomial/mockcommitment/mock.go
@@ -102,7 +102,7 @@ func (d *Digest) ScalarMul(d1 polynomial.Digest, s big.Int) polynomial.Digest {
 	_d1 := d1.(*Digest)
 	var _s fr.Element
 	_s.SetBigInt(&s)
-	d.data.Mul(&d.data, &_d1.data)
+	d.data.Mul(&_s, &_d1.data)
 	return d
 }
 
diff --git a/ecc/bn254/fr/polynomial/mockcommitment/mock.go b/ecc/bn254/fr/polynomial/mockcommitment/mock.go
index 2c629320f..1f63ffb81 100644
--- a/ecc/bn254/fr/polynomial/mockcommitment/mock.go
+++ b/ecc/bn254/fr/polynomial/mockcommitment/mock.go
@@ -102,7 +102,7 @@ func (d *Digest) ScalarMul(d1 polynomial.Digest, s big.Int) polynomial.Digest {
 	_d1 := d1.(*Digest)
 	var _s fr.Element
 	_s.SetBigInt(&s)
-	d.data.Mul(&d.data, &_d1.data)
+	d.data.Mul(&_s, &_d1.data)
 	return d
 }
 
diff --git a/ecc/bw6-761/fr/polynomial/mockcommitment/mock.go b/ecc/bw6-761/fr/polynomial/mockcommitment/mock.go
index 93f8290b7..807081a39 100644
--- a/ecc/bw6-761/fr/polynomial/mockcommitment/mock.go
+++ b/ecc/bw6-761/fr/polynomial/mockcommitment/mock.go
@@ -102,7 +102,7 @@ func (d *Digest) ScalarMul(d1 polynomial.Digest, s big.Int) polynomial.Digest {
 	_d1 := d1.(*Digest)
 	var _s fr.Element
 	_s.SetBigInt(&s)
-	d.data.Mul(&d.data, &_d1.data)
+	d.data.Mul(&_s, &_d1.data)
 	return d
 }
 
diff --git a/internal/generator/polynomial/template/commitment_mock/mock.go.tmpl b/internal/generator/polynomial/template/commitment_mock/mock.go.tmpl
index d0d049adb..faae62010 100644
--- a/internal/generator/polynomial/template/commitment_mock/mock.go.tmpl
+++ b/internal/generator/polynomial/template/commitment_mock/mock.go.tmpl
@@ -84,7 +84,7 @@ func (d *Digest) ScalarMul(d1 polynomial.Digest, s big.Int) polynomial.Digest {
 	_d1 := d1.(*Digest)
 	var _s fr.Element
 	_s.SetBigInt(&s)
-	d.data.Mul(&d.data, &_d1.data)
+	d.data.Mul(&_s, &_d1.data)
 	return d
 }
 

From a305a5f109193974ba2bfec195cc05720c26381b Mon Sep 17 00:00:00 2001
From: Thomas Piellard <thomas.piellard@consensys.net>
Date: Fri, 11 Jun 2021 15:22:30 +0200
Subject: [PATCH 04/13] feat: added Clone() method on Digests

---
 ecc/bls12-377/fr/polynomial/kzg/kzg.go                     | 7 +++++++
 ecc/bls12-377/fr/polynomial/mockcommitment/mock.go         | 7 +++++++
 ecc/bls12-381/fr/polynomial/kzg/kzg.go                     | 7 +++++++
 ecc/bls12-381/fr/polynomial/mockcommitment/mock.go         | 7 +++++++
 ecc/bn254/fr/polynomial/kzg/kzg.go                         | 7 +++++++
 ecc/bn254/fr/polynomial/mockcommitment/mock.go             | 7 +++++++
 ecc/bw6-761/fr/polynomial/kzg/kzg.go                       | 7 +++++++
 ecc/bw6-761/fr/polynomial/mockcommitment/mock.go           | 7 +++++++
 .../polynomial/template/commitment_kzg/kzg.go.tmpl         | 7 +++++++
 .../polynomial/template/commitment_mock/mock.go.tmpl       | 7 +++++++
 polynomial/commitment.go                                   | 1 +
 11 files changed, 71 insertions(+)

diff --git a/ecc/bls12-377/fr/polynomial/kzg/kzg.go b/ecc/bls12-377/fr/polynomial/kzg/kzg.go
index 1379e7476..a78380741 100644
--- a/ecc/bls12-377/fr/polynomial/kzg/kzg.go
+++ b/ecc/bls12-377/fr/polynomial/kzg/kzg.go
@@ -98,6 +98,13 @@ func NewScheme(size int, alpha fr.Element) *Scheme {
 	return s
 }
 
+// Clone returns a copy of d
+func (d *Digest) Clone() polynomial.Digest {
+	var res Digest
+	res.data.Set(&d.data)
+	return &res
+}
+
 // Marshal serializes the point as in bls12377.G1Affine.
 func (d *Digest) Marshal() []byte {
 	return d.data.Marshal()
diff --git a/ecc/bls12-377/fr/polynomial/mockcommitment/mock.go b/ecc/bls12-377/fr/polynomial/mockcommitment/mock.go
index a0cfbe834..b5a9aebdc 100644
--- a/ecc/bls12-377/fr/polynomial/mockcommitment/mock.go
+++ b/ecc/bls12-377/fr/polynomial/mockcommitment/mock.go
@@ -70,6 +70,13 @@ type Digest struct {
 	data fr.Element
 }
 
+// Clone returns a copy of the digest
+func (d *Digest) Clone() polynomial.Digest {
+	var res Digest
+	res.data.Set(&d.data)
+	return &res
+}
+
 // Marshal serializes the point as in bls12377.G1Affine.
 func (d *Digest) Marshal() []byte {
 	return d.data.Marshal()
diff --git a/ecc/bls12-381/fr/polynomial/kzg/kzg.go b/ecc/bls12-381/fr/polynomial/kzg/kzg.go
index 15ae74ecc..8ca3007f2 100644
--- a/ecc/bls12-381/fr/polynomial/kzg/kzg.go
+++ b/ecc/bls12-381/fr/polynomial/kzg/kzg.go
@@ -98,6 +98,13 @@ func NewScheme(size int, alpha fr.Element) *Scheme {
 	return s
 }
 
+// Clone returns a copy of d
+func (d *Digest) Clone() polynomial.Digest {
+	var res Digest
+	res.data.Set(&d.data)
+	return &res
+}
+
 // Marshal serializes the point as in bls12381.G1Affine.
 func (d *Digest) Marshal() []byte {
 	return d.data.Marshal()
diff --git a/ecc/bls12-381/fr/polynomial/mockcommitment/mock.go b/ecc/bls12-381/fr/polynomial/mockcommitment/mock.go
index 842faf3dc..de2713662 100644
--- a/ecc/bls12-381/fr/polynomial/mockcommitment/mock.go
+++ b/ecc/bls12-381/fr/polynomial/mockcommitment/mock.go
@@ -70,6 +70,13 @@ type Digest struct {
 	data fr.Element
 }
 
+// Clone returns a copy of the digest
+func (d *Digest) Clone() polynomial.Digest {
+	var res Digest
+	res.data.Set(&d.data)
+	return &res
+}
+
 // Marshal serializes the point as in bls12381.G1Affine.
 func (d *Digest) Marshal() []byte {
 	return d.data.Marshal()
diff --git a/ecc/bn254/fr/polynomial/kzg/kzg.go b/ecc/bn254/fr/polynomial/kzg/kzg.go
index 9ea108a40..4aa3d4aad 100644
--- a/ecc/bn254/fr/polynomial/kzg/kzg.go
+++ b/ecc/bn254/fr/polynomial/kzg/kzg.go
@@ -98,6 +98,13 @@ func NewScheme(size int, alpha fr.Element) *Scheme {
 	return s
 }
 
+// Clone returns a copy of d
+func (d *Digest) Clone() polynomial.Digest {
+	var res Digest
+	res.data.Set(&d.data)
+	return &res
+}
+
 // Marshal serializes the point as in bn254.G1Affine.
 func (d *Digest) Marshal() []byte {
 	return d.data.Marshal()
diff --git a/ecc/bn254/fr/polynomial/mockcommitment/mock.go b/ecc/bn254/fr/polynomial/mockcommitment/mock.go
index 1f63ffb81..31f8e7ddb 100644
--- a/ecc/bn254/fr/polynomial/mockcommitment/mock.go
+++ b/ecc/bn254/fr/polynomial/mockcommitment/mock.go
@@ -70,6 +70,13 @@ type Digest struct {
 	data fr.Element
 }
 
+// Clone returns a copy of the digest
+func (d *Digest) Clone() polynomial.Digest {
+	var res Digest
+	res.data.Set(&d.data)
+	return &res
+}
+
 // Marshal serializes the point as in bn254.G1Affine.
 func (d *Digest) Marshal() []byte {
 	return d.data.Marshal()
diff --git a/ecc/bw6-761/fr/polynomial/kzg/kzg.go b/ecc/bw6-761/fr/polynomial/kzg/kzg.go
index f2d6417a1..89c5a29a8 100644
--- a/ecc/bw6-761/fr/polynomial/kzg/kzg.go
+++ b/ecc/bw6-761/fr/polynomial/kzg/kzg.go
@@ -98,6 +98,13 @@ func NewScheme(size int, alpha fr.Element) *Scheme {
 	return s
 }
 
+// Clone returns a copy of d
+func (d *Digest) Clone() polynomial.Digest {
+	var res Digest
+	res.data.Set(&d.data)
+	return &res
+}
+
 // Marshal serializes the point as in bw6761.G1Affine.
 func (d *Digest) Marshal() []byte {
 	return d.data.Marshal()
diff --git a/ecc/bw6-761/fr/polynomial/mockcommitment/mock.go b/ecc/bw6-761/fr/polynomial/mockcommitment/mock.go
index 807081a39..b8d6fd1b7 100644
--- a/ecc/bw6-761/fr/polynomial/mockcommitment/mock.go
+++ b/ecc/bw6-761/fr/polynomial/mockcommitment/mock.go
@@ -70,6 +70,13 @@ type Digest struct {
 	data fr.Element
 }
 
+// Clone returns a copy of the digest
+func (d *Digest) Clone() polynomial.Digest {
+	var res Digest
+	res.data.Set(&d.data)
+	return &res
+}
+
 // Marshal serializes the point as in bw6761.G1Affine.
 func (d *Digest) Marshal() []byte {
 	return d.data.Marshal()
diff --git a/internal/generator/polynomial/template/commitment_kzg/kzg.go.tmpl b/internal/generator/polynomial/template/commitment_kzg/kzg.go.tmpl
index 486b93790..80ac72b7a 100644
--- a/internal/generator/polynomial/template/commitment_kzg/kzg.go.tmpl
+++ b/internal/generator/polynomial/template/commitment_kzg/kzg.go.tmpl
@@ -80,6 +80,13 @@ func NewScheme(size int, alpha fr.Element) *Scheme {
 	return s
 }
 
+// Clone returns a copy of d
+func (d *Digest) Clone() polynomial.Digest {
+	var res Digest
+	res.data.Set(&d.data)
+	return &res
+}
+
 // Marshal serializes the point as in {{ .CurvePackage }}.G1Affine.
 func (d *Digest) Marshal() []byte {
 	return d.data.Marshal()
diff --git a/internal/generator/polynomial/template/commitment_mock/mock.go.tmpl b/internal/generator/polynomial/template/commitment_mock/mock.go.tmpl
index faae62010..b828eca95 100644
--- a/internal/generator/polynomial/template/commitment_mock/mock.go.tmpl
+++ b/internal/generator/polynomial/template/commitment_mock/mock.go.tmpl
@@ -52,6 +52,13 @@ type Digest struct {
 	data fr.Element
 }
 
+// Clone returns a copy of the digest
+func (d *Digest) Clone() polynomial.Digest {
+	var res Digest
+	res.data.Set(&d.data)
+	return &res
+}
+
 // Marshal serializes the point as in {{ .CurvePackage}}.G1Affine.
 func (d *Digest) Marshal() []byte {
 	return d.data.Marshal()
diff --git a/polynomial/commitment.go b/polynomial/commitment.go
index d2fdc1e72..12725f171 100644
--- a/polynomial/commitment.go
+++ b/polynomial/commitment.go
@@ -29,6 +29,7 @@ var (
 // Digest interface that an additively homomorphic
 // polynomial commitment should implement.
 type Digest interface {
+	Clone() Digest
 	Add(d1, d2 Digest) Digest
 	Sub(d1, d2 Digest) Digest
 	ScalarMul(d Digest, s big.Int) Digest

From 9649331711b5497db6bc2562cc8cb811f917e310 Mon Sep 17 00:00:00 2001
From: Gautam Botrel <gautam.botrel@gmail.com>
Date: Tue, 15 Jun 2021 21:58:06 -0500
Subject: [PATCH 05/13] feat: removed mock commitment

---
 .../fr/polynomial/mockcommitment/doc.go       |  18 --
 .../fr/polynomial/mockcommitment/mock.go      | 169 ------------------
 .../fr/polynomial/mockcommitment/mock_test.go | 131 --------------
 .../fr/polynomial/mockcommitment/doc.go       |  18 --
 .../fr/polynomial/mockcommitment/mock.go      | 169 ------------------
 .../fr/polynomial/mockcommitment/mock_test.go | 131 --------------
 ecc/bls24-315/fr/polynomial/kzg/kzg.go        | 129 +++++++++----
 ecc/bls24-315/fr/polynomial/kzg/kzg_test.go   |   2 +-
 .../fr/polynomial/mockcommitment/doc.go       |  18 --
 .../fr/polynomial/mockcommitment/mock.go      |  85 ---------
 .../fr/polynomial/mockcommitment/mock_test.go | 131 --------------
 .../fr/polynomial/mockcommitment/proof.go     |  29 ---
 .../mockcommitment/proof_single_point.go      |  29 ---
 ecc/bn254/fr/polynomial/mockcommitment/doc.go |  18 --
 .../fr/polynomial/mockcommitment/mock.go      | 169 ------------------
 .../fr/polynomial/mockcommitment/mock_test.go | 131 --------------
 .../fr/polynomial/mockcommitment/doc.go       |  18 --
 .../fr/polynomial/mockcommitment/mock.go      | 169 ------------------
 .../fr/polynomial/mockcommitment/mock_test.go | 131 --------------
 internal/generator/polynomial/generate.go     |  11 --
 .../template/commitment_mock/doc.go.tmpl      |   2 -
 .../template/commitment_mock/mock.go.tmpl     | 151 ----------------
 .../commitment_mock/mock.test.go.tmpl         | 113 ------------
 23 files changed, 94 insertions(+), 1878 deletions(-)
 delete mode 100644 ecc/bls12-377/fr/polynomial/mockcommitment/doc.go
 delete mode 100644 ecc/bls12-377/fr/polynomial/mockcommitment/mock.go
 delete mode 100644 ecc/bls12-377/fr/polynomial/mockcommitment/mock_test.go
 delete mode 100644 ecc/bls12-381/fr/polynomial/mockcommitment/doc.go
 delete mode 100644 ecc/bls12-381/fr/polynomial/mockcommitment/mock.go
 delete mode 100644 ecc/bls12-381/fr/polynomial/mockcommitment/mock_test.go
 delete mode 100644 ecc/bls24-315/fr/polynomial/mockcommitment/doc.go
 delete mode 100644 ecc/bls24-315/fr/polynomial/mockcommitment/mock.go
 delete mode 100644 ecc/bls24-315/fr/polynomial/mockcommitment/mock_test.go
 delete mode 100644 ecc/bls24-315/fr/polynomial/mockcommitment/proof.go
 delete mode 100644 ecc/bls24-315/fr/polynomial/mockcommitment/proof_single_point.go
 delete mode 100644 ecc/bn254/fr/polynomial/mockcommitment/doc.go
 delete mode 100644 ecc/bn254/fr/polynomial/mockcommitment/mock.go
 delete mode 100644 ecc/bn254/fr/polynomial/mockcommitment/mock_test.go
 delete mode 100644 ecc/bw6-761/fr/polynomial/mockcommitment/doc.go
 delete mode 100644 ecc/bw6-761/fr/polynomial/mockcommitment/mock.go
 delete mode 100644 ecc/bw6-761/fr/polynomial/mockcommitment/mock_test.go
 delete mode 100644 internal/generator/polynomial/template/commitment_mock/doc.go.tmpl
 delete mode 100644 internal/generator/polynomial/template/commitment_mock/mock.go.tmpl
 delete mode 100644 internal/generator/polynomial/template/commitment_mock/mock.test.go.tmpl

diff --git a/ecc/bls12-377/fr/polynomial/mockcommitment/doc.go b/ecc/bls12-377/fr/polynomial/mockcommitment/doc.go
deleted file mode 100644
index 5473a4d43..000000000
--- a/ecc/bls12-377/fr/polynomial/mockcommitment/doc.go
+++ /dev/null
@@ -1,18 +0,0 @@
-// Copyright 2020 ConsenSys Software Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Code generated by consensys/gnark-crypto DO NOT EDIT
-
-// Package mockcommitment provides a mock commitment scheme, for development and test purposes.
-package mockcommitment
diff --git a/ecc/bls12-377/fr/polynomial/mockcommitment/mock.go b/ecc/bls12-377/fr/polynomial/mockcommitment/mock.go
deleted file mode 100644
index b5a9aebdc..000000000
--- a/ecc/bls12-377/fr/polynomial/mockcommitment/mock.go
+++ /dev/null
@@ -1,169 +0,0 @@
-// Copyright 2020 ConsenSys Software Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Code generated by consensys/gnark-crypto DO NOT EDIT
-
-package mockcommitment
-
-import (
-	"io"
-	"math/big"
-
-	"github.com/consensys/gnark-crypto/ecc/bls12-377/fr"
-	bls12377 "github.com/consensys/gnark-crypto/ecc/bls12-377/fr/polynomial"
-	"github.com/consensys/gnark-crypto/polynomial"
-)
-
-// MockProof empty struct
-type MockProof struct {
-	Point        fr.Element
-	ClaimedValue fr.Element
-}
-
-func (mp *MockProof) Marshal() []byte {
-	panic("not implemented")
-}
-
-// GetClaimedValue returns the serialized claimed value.
-func (mp *MockProof) GetClaimedValue() []byte {
-	return mp.ClaimedValue.Marshal()
-}
-
-// MockBatchProofsSinglePoint empty struct
-type MockBatchProofsSinglePoint struct {
-	Point         fr.Element
-	ClaimedValues []fr.Element
-}
-
-func (mp *MockBatchProofsSinglePoint) Marshal() []byte {
-	panic("not implemented")
-}
-
-// GetClaimedValues returns a slice of the claimed values,
-// serialized.
-func (mp *MockBatchProofsSinglePoint) GetClaimedValues() [][]byte {
-	res := make([][]byte, len(mp.ClaimedValues))
-	for i := 0; i < len(mp.ClaimedValues); i++ {
-		res[i] = mp.ClaimedValues[i].Marshal()
-	}
-	return res
-}
-
-// Scheme mock commitment, useful for testing polynomial based IOP
-// like PLONK, where the scheme should not depend on which polynomial commitment scheme
-// is used.
-type Scheme struct{}
-
-// Digest commitment of a polynomials
-type Digest struct {
-	data fr.Element
-}
-
-// Clone returns a copy of the digest
-func (d *Digest) Clone() polynomial.Digest {
-	var res Digest
-	res.data.Set(&d.data)
-	return &res
-}
-
-// Marshal serializes the point as in bls12377.G1Affine.
-func (d *Digest) Marshal() []byte {
-	return d.data.Marshal()
-}
-
-// Marshal serializes the digest.
-func (d *Digest) Unmarshal(buf []byte) error {
-	d.data.SetBytes(buf)
-	return nil
-}
-
-// Add adds two digest.
-func (d *Digest) Add(d1, d2 polynomial.Digest) polynomial.Digest {
-	_d1 := d1.(*Digest)
-	_d2 := d2.(*Digest)
-	d.data.Add(&_d1.data, &_d2.data)
-	return d
-}
-
-// Sub adds two digest.
-func (d *Digest) Sub(d1, d2 polynomial.Digest) polynomial.Digest {
-	_d1 := d1.(*Digest)
-	_d2 := d2.(*Digest)
-	d.data.Sub(&_d1.data, &_d2.data)
-	return d
-}
-
-// Add adds two digest.
-func (d *Digest) ScalarMul(d1 polynomial.Digest, s big.Int) polynomial.Digest {
-	_d1 := d1.(*Digest)
-	var _s fr.Element
-	_s.SetBigInt(&s)
-	d.data.Mul(&_s, &_d1.data)
-	return d
-}
-
-// WriteTo panics
-func (s *Scheme) WriteTo(w io.Writer) (n int64, err error) {
-	panic("not implemented")
-}
-
-// ReadFrom panics
-func (s *Scheme) ReadFrom(r io.Reader) (n int64, err error) {
-	panic("not implemented")
-}
-
-// Commit returns the first coefficient of p
-func (s *Scheme) Commit(p polynomial.Polynomial) (polynomial.Digest, error) {
-	_p := p.(*bls12377.Polynomial)
-	var res Digest
-	res.data.SetInterface((*_p)[0])
-	return &res, nil
-}
-
-// Open computes an opening proof of _p at _val.
-// Returns a MockProof, which is an empty interface.
-func (s *Scheme) Open(point interface{}, p polynomial.Polynomial) (polynomial.OpeningProof, error) {
-
-	res := MockProof{}
-	res.Point.SetInterface(point)
-	res.ClaimedValue.SetInterface(p.Eval(point))
-
-	return &res, nil
-}
-
-// Verify mock implementation of verify
-func (s *Scheme) Verify(commitment polynomial.Digest, proof polynomial.OpeningProof) error {
-	return nil
-}
-
-// BatchOpenSinglePoint computes a batch opening proof for _p at _val.
-func (s *Scheme) BatchOpenSinglePoint(point interface{}, digests []polynomial.Digest, polynomials []polynomial.Polynomial) (polynomial.BatchOpeningProofSinglePoint, error) {
-
-	var res MockBatchProofsSinglePoint
-	res.ClaimedValues = make([]fr.Element, len(polynomials))
-	res.Point.SetInterface(point)
-
-	for i := 0; i < len(polynomials); i++ {
-		res.ClaimedValues[i].SetInterface(polynomials[i].Eval(point))
-	}
-
-	return &res, nil
-}
-
-// BatchVerifySinglePoint computes a batch opening proof for
-func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpeningProof polynomial.BatchOpeningProofSinglePoint) error {
-
-	return nil
-
-}
diff --git a/ecc/bls12-377/fr/polynomial/mockcommitment/mock_test.go b/ecc/bls12-377/fr/polynomial/mockcommitment/mock_test.go
deleted file mode 100644
index fb4f24e2a..000000000
--- a/ecc/bls12-377/fr/polynomial/mockcommitment/mock_test.go
+++ /dev/null
@@ -1,131 +0,0 @@
-// Copyright 2020 ConsenSys Software Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Code generated by consensys/gnark-crypto DO NOT EDIT
-
-package mockcommitment
-
-import (
-	"testing"
-
-	"github.com/consensys/gnark-crypto/ecc/bls12-377/fr"
-	bls12377_pol "github.com/consensys/gnark-crypto/ecc/bls12-377/fr/polynomial"
-	"github.com/consensys/gnark-crypto/polynomial"
-)
-
-func TestCommit(t *testing.T) {
-
-	size := 60
-	f := make(bls12377_pol.Polynomial, size)
-	for i := 0; i < size; i++ {
-		f[i].SetRandom()
-	}
-
-	var s Scheme
-
-	c, err := s.Commit(&f)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	var _c fr.Element
-	_c.SetInterface(c.Marshal())
-
-	if !_c.Equal(&f[0]) {
-		t.Fatal("err mock commitment (commit)")
-	}
-}
-
-func TestVerifySinglePoint(t *testing.T) {
-
-	size := 60
-	f := make(bls12377_pol.Polynomial, size)
-	for i := 0; i < size; i++ {
-		f[i].SetRandom()
-	}
-
-	var s Scheme
-
-	c, err := s.Commit(&f)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	var point fr.Element
-	point.SetRandom()
-
-	o, err := s.Open(point, &f)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	// verify the claimed valued
-	res := o.(*MockProof)
-	expected := f.Eval(point).(fr.Element)
-	if !res.ClaimedValue.Equal(&expected) {
-		t.Fatal("err mock commitment (open)")
-	}
-
-	err = s.Verify(c, o)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-}
-
-func TestBatchVerifySinglePoint(t *testing.T) {
-
-	// create polynomials
-	size := 60
-	f := make([]polynomial.Polynomial, 10)
-	for i := 0; i < 10; i++ {
-		_f := make(bls12377_pol.Polynomial, size)
-		for i := 0; i < size; i++ {
-			_f[i].SetRandom()
-		}
-		f[i] = &_f
-	}
-
-	var s Scheme
-
-	// commit the polynomials
-	digests := make([]polynomial.Digest, 10)
-	for i := 0; i < 10; i++ {
-		digests[i], _ = s.Commit(f[i])
-	}
-
-	var point fr.Element
-	point.SetRandom()
-
-	proof, err := s.BatchOpenSinglePoint(&point, digests, f)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	// verify the claimed values
-	_proof := proof.(*MockBatchProofsSinglePoint)
-	for i := 0; i < 10; i++ {
-		expectedClaim := f[i].Eval(point).(fr.Element)
-		if !expectedClaim.Equal(&_proof.ClaimedValues[i]) {
-			t.Fatal("inconsistant claimed values")
-		}
-	}
-
-	// verify the proof
-	err = s.BatchVerifySinglePoint(digests, proof)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-}
diff --git a/ecc/bls12-381/fr/polynomial/mockcommitment/doc.go b/ecc/bls12-381/fr/polynomial/mockcommitment/doc.go
deleted file mode 100644
index 5473a4d43..000000000
--- a/ecc/bls12-381/fr/polynomial/mockcommitment/doc.go
+++ /dev/null
@@ -1,18 +0,0 @@
-// Copyright 2020 ConsenSys Software Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Code generated by consensys/gnark-crypto DO NOT EDIT
-
-// Package mockcommitment provides a mock commitment scheme, for development and test purposes.
-package mockcommitment
diff --git a/ecc/bls12-381/fr/polynomial/mockcommitment/mock.go b/ecc/bls12-381/fr/polynomial/mockcommitment/mock.go
deleted file mode 100644
index de2713662..000000000
--- a/ecc/bls12-381/fr/polynomial/mockcommitment/mock.go
+++ /dev/null
@@ -1,169 +0,0 @@
-// Copyright 2020 ConsenSys Software Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Code generated by consensys/gnark-crypto DO NOT EDIT
-
-package mockcommitment
-
-import (
-	"io"
-	"math/big"
-
-	"github.com/consensys/gnark-crypto/ecc/bls12-381/fr"
-	bls12381 "github.com/consensys/gnark-crypto/ecc/bls12-381/fr/polynomial"
-	"github.com/consensys/gnark-crypto/polynomial"
-)
-
-// MockProof empty struct
-type MockProof struct {
-	Point        fr.Element
-	ClaimedValue fr.Element
-}
-
-func (mp *MockProof) Marshal() []byte {
-	panic("not implemented")
-}
-
-// GetClaimedValue returns the serialized claimed value.
-func (mp *MockProof) GetClaimedValue() []byte {
-	return mp.ClaimedValue.Marshal()
-}
-
-// MockBatchProofsSinglePoint empty struct
-type MockBatchProofsSinglePoint struct {
-	Point         fr.Element
-	ClaimedValues []fr.Element
-}
-
-func (mp *MockBatchProofsSinglePoint) Marshal() []byte {
-	panic("not implemented")
-}
-
-// GetClaimedValues returns a slice of the claimed values,
-// serialized.
-func (mp *MockBatchProofsSinglePoint) GetClaimedValues() [][]byte {
-	res := make([][]byte, len(mp.ClaimedValues))
-	for i := 0; i < len(mp.ClaimedValues); i++ {
-		res[i] = mp.ClaimedValues[i].Marshal()
-	}
-	return res
-}
-
-// Scheme mock commitment, useful for testing polynomial based IOP
-// like PLONK, where the scheme should not depend on which polynomial commitment scheme
-// is used.
-type Scheme struct{}
-
-// Digest commitment of a polynomials
-type Digest struct {
-	data fr.Element
-}
-
-// Clone returns a copy of the digest
-func (d *Digest) Clone() polynomial.Digest {
-	var res Digest
-	res.data.Set(&d.data)
-	return &res
-}
-
-// Marshal serializes the point as in bls12381.G1Affine.
-func (d *Digest) Marshal() []byte {
-	return d.data.Marshal()
-}
-
-// Marshal serializes the digest.
-func (d *Digest) Unmarshal(buf []byte) error {
-	d.data.SetBytes(buf)
-	return nil
-}
-
-// Add adds two digest.
-func (d *Digest) Add(d1, d2 polynomial.Digest) polynomial.Digest {
-	_d1 := d1.(*Digest)
-	_d2 := d2.(*Digest)
-	d.data.Add(&_d1.data, &_d2.data)
-	return d
-}
-
-// Sub adds two digest.
-func (d *Digest) Sub(d1, d2 polynomial.Digest) polynomial.Digest {
-	_d1 := d1.(*Digest)
-	_d2 := d2.(*Digest)
-	d.data.Sub(&_d1.data, &_d2.data)
-	return d
-}
-
-// Add adds two digest.
-func (d *Digest) ScalarMul(d1 polynomial.Digest, s big.Int) polynomial.Digest {
-	_d1 := d1.(*Digest)
-	var _s fr.Element
-	_s.SetBigInt(&s)
-	d.data.Mul(&_s, &_d1.data)
-	return d
-}
-
-// WriteTo panics
-func (s *Scheme) WriteTo(w io.Writer) (n int64, err error) {
-	panic("not implemented")
-}
-
-// ReadFrom panics
-func (s *Scheme) ReadFrom(r io.Reader) (n int64, err error) {
-	panic("not implemented")
-}
-
-// Commit returns the first coefficient of p
-func (s *Scheme) Commit(p polynomial.Polynomial) (polynomial.Digest, error) {
-	_p := p.(*bls12381.Polynomial)
-	var res Digest
-	res.data.SetInterface((*_p)[0])
-	return &res, nil
-}
-
-// Open computes an opening proof of _p at _val.
-// Returns a MockProof, which is an empty interface.
-func (s *Scheme) Open(point interface{}, p polynomial.Polynomial) (polynomial.OpeningProof, error) {
-
-	res := MockProof{}
-	res.Point.SetInterface(point)
-	res.ClaimedValue.SetInterface(p.Eval(point))
-
-	return &res, nil
-}
-
-// Verify mock implementation of verify
-func (s *Scheme) Verify(commitment polynomial.Digest, proof polynomial.OpeningProof) error {
-	return nil
-}
-
-// BatchOpenSinglePoint computes a batch opening proof for _p at _val.
-func (s *Scheme) BatchOpenSinglePoint(point interface{}, digests []polynomial.Digest, polynomials []polynomial.Polynomial) (polynomial.BatchOpeningProofSinglePoint, error) {
-
-	var res MockBatchProofsSinglePoint
-	res.ClaimedValues = make([]fr.Element, len(polynomials))
-	res.Point.SetInterface(point)
-
-	for i := 0; i < len(polynomials); i++ {
-		res.ClaimedValues[i].SetInterface(polynomials[i].Eval(point))
-	}
-
-	return &res, nil
-}
-
-// BatchVerifySinglePoint computes a batch opening proof for
-func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpeningProof polynomial.BatchOpeningProofSinglePoint) error {
-
-	return nil
-
-}
diff --git a/ecc/bls12-381/fr/polynomial/mockcommitment/mock_test.go b/ecc/bls12-381/fr/polynomial/mockcommitment/mock_test.go
deleted file mode 100644
index a968c314a..000000000
--- a/ecc/bls12-381/fr/polynomial/mockcommitment/mock_test.go
+++ /dev/null
@@ -1,131 +0,0 @@
-// Copyright 2020 ConsenSys Software Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Code generated by consensys/gnark-crypto DO NOT EDIT
-
-package mockcommitment
-
-import (
-	"testing"
-
-	"github.com/consensys/gnark-crypto/ecc/bls12-381/fr"
-	bls12381_pol "github.com/consensys/gnark-crypto/ecc/bls12-381/fr/polynomial"
-	"github.com/consensys/gnark-crypto/polynomial"
-)
-
-func TestCommit(t *testing.T) {
-
-	size := 60
-	f := make(bls12381_pol.Polynomial, size)
-	for i := 0; i < size; i++ {
-		f[i].SetRandom()
-	}
-
-	var s Scheme
-
-	c, err := s.Commit(&f)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	var _c fr.Element
-	_c.SetInterface(c.Marshal())
-
-	if !_c.Equal(&f[0]) {
-		t.Fatal("err mock commitment (commit)")
-	}
-}
-
-func TestVerifySinglePoint(t *testing.T) {
-
-	size := 60
-	f := make(bls12381_pol.Polynomial, size)
-	for i := 0; i < size; i++ {
-		f[i].SetRandom()
-	}
-
-	var s Scheme
-
-	c, err := s.Commit(&f)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	var point fr.Element
-	point.SetRandom()
-
-	o, err := s.Open(point, &f)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	// verify the claimed valued
-	res := o.(*MockProof)
-	expected := f.Eval(point).(fr.Element)
-	if !res.ClaimedValue.Equal(&expected) {
-		t.Fatal("err mock commitment (open)")
-	}
-
-	err = s.Verify(c, o)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-}
-
-func TestBatchVerifySinglePoint(t *testing.T) {
-
-	// create polynomials
-	size := 60
-	f := make([]polynomial.Polynomial, 10)
-	for i := 0; i < 10; i++ {
-		_f := make(bls12381_pol.Polynomial, size)
-		for i := 0; i < size; i++ {
-			_f[i].SetRandom()
-		}
-		f[i] = &_f
-	}
-
-	var s Scheme
-
-	// commit the polynomials
-	digests := make([]polynomial.Digest, 10)
-	for i := 0; i < 10; i++ {
-		digests[i], _ = s.Commit(f[i])
-	}
-
-	var point fr.Element
-	point.SetRandom()
-
-	proof, err := s.BatchOpenSinglePoint(&point, digests, f)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	// verify the claimed values
-	_proof := proof.(*MockBatchProofsSinglePoint)
-	for i := 0; i < 10; i++ {
-		expectedClaim := f[i].Eval(point).(fr.Element)
-		if !expectedClaim.Equal(&_proof.ClaimedValues[i]) {
-			t.Fatal("inconsistant claimed values")
-		}
-	}
-
-	// verify the proof
-	err = s.BatchVerifySinglePoint(digests, proof)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-}
diff --git a/ecc/bls24-315/fr/polynomial/kzg/kzg.go b/ecc/bls24-315/fr/polynomial/kzg/kzg.go
index a36c2d629..298822f7b 100644
--- a/ecc/bls24-315/fr/polynomial/kzg/kzg.go
+++ b/ecc/bls24-315/fr/polynomial/kzg/kzg.go
@@ -33,12 +33,12 @@ import (
 var (
 	errNbDigestsNeqNbPolynomials = errors.New("number of digests is not the same as the number of polynomials")
 	errUnsupportedSize           = errors.New("the size of the polynomials exceeds the capacity of the SRS")
-	errDigestNotInG1             = errors.New("the digest is not in G1")
-	errProofNotInG1              = errors.New("the proof is not in G1")
 )
 
-// Digest commitment of a polynomial
-type Digest = bls24315.G1Affine
+// Digest commitment of a polynomial.
+type Digest struct {
+	data bls24315.G1Affine
+}
 
 // Scheme stores KZG data
 type Scheme struct {
@@ -98,6 +98,64 @@ func NewScheme(size int, alpha fr.Element) *Scheme {
 	return s
 }
 
+// Clone returns a copy of d
+func (d *Digest) Clone() polynomial.Digest {
+	var res Digest
+	res.data.Set(&d.data)
+	return &res
+}
+
+// Marshal serializes the point as in bls24315.G1Affine.
+func (d *Digest) Marshal() []byte {
+	return d.data.Marshal()
+}
+
+// Marshal serializes the point as in bls24315.G1Affine.
+func (d *Digest) Unmarshal(buf []byte) error {
+	err := d.data.Unmarshal(buf)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+// Add adds two digest. The API and behaviour mimics bls24315.G1Affine's,
+// i.e. the caller is modified.
+func (d *Digest) Add(d1, d2 polynomial.Digest) polynomial.Digest {
+	_d1 := d1.(*Digest)
+	_d2 := d2.(*Digest)
+	var p1, p2 bls24315.G1Jac
+	p1.FromAffine(&_d1.data)
+	p2.FromAffine(&_d2.data)
+	p1.AddAssign(&p2)
+	d.data.FromJacobian(&p1)
+	return d
+}
+
+// Sub adds two digest. The API and behaviour mimics bls24315.G1Affine's,
+// i.e. the caller is modified.
+func (d *Digest) Sub(d1, d2 polynomial.Digest) polynomial.Digest {
+	_d1 := d1.(*Digest)
+	_d2 := d2.(*Digest)
+	var p1, p2 bls24315.G1Jac
+	p1.FromAffine(&_d1.data)
+	p2.FromAffine(&_d2.data)
+	p1.SubAssign(&p2)
+	d.data.FromJacobian(&p1)
+	return d
+}
+
+// Add adds two digest. The API and behaviour mimics bls24315.G1Affine's,
+// i.e. the caller is modified.
+func (d *Digest) ScalarMul(d1 polynomial.Digest, s big.Int) polynomial.Digest {
+	_d1 := d1.(*Digest)
+	var p1 bls24315.G1Affine
+	p1.Set(&_d1.data)
+	p1.ScalarMultiplication(&p1, &s)
+	d.data.Set(&p1)
+	return d
+}
+
 // Marshal serializes a proof as H||point||claimed_value.
 // The point H is not compressed.
 func (p *Proof) Marshal() []byte {
@@ -114,6 +172,11 @@ func (p *Proof) Marshal() []byte {
 	return res[:]
 }
 
+// GetClaimedValue returns the serialized claimed value.
+func (p *Proof) GetClaimedValue() []byte {
+	return p.ClaimedValue.Marshal()
+}
+
 type BatchProofsSinglePoint struct {
 	// Point at which the polynomials are evaluated
 	Point fr.Element
@@ -145,7 +208,16 @@ func (p *BatchProofsSinglePoint) Marshal() []byte {
 	}
 
 	return res
+}
 
+// GetClaimedValues returns a slice of the claimed values,
+// serialized.
+func (p *BatchProofsSinglePoint) GetClaimedValues() [][]byte {
+	res := make([][]byte, len(p.ClaimedValues))
+	for i := 0; i < len(p.ClaimedValues); i++ {
+		res[i] = p.ClaimedValues[i].Marshal()
+	}
+	return res
 }
 
 // WriteTo writes binary encoding of the scheme data.
@@ -216,7 +288,7 @@ func (s *Scheme) Commit(p polynomial.Polynomial) (polynomial.Digest, error) {
 		return nil, errUnsupportedSize
 	}
 
-	var res Digest
+	var _res bls24315.G1Affine
 	_p := p.(*bls24315_pol.Polynomial)
 
 	// ensure we don't modify p
@@ -228,7 +300,10 @@ func (s *Scheme) Commit(p polynomial.Polynomial) (polynomial.Digest, error) {
 			pCopy[i].FromMont()
 		}
 	})
-	res.MultiExp(s.SRS.G1, pCopy)
+	_res.MultiExp(s.SRS.G1, pCopy)
+
+	var res Digest
+	res.data.Set(&_res)
 
 	return &res, nil
 }
@@ -256,27 +331,20 @@ func (s *Scheme) Open(point interface{}, p polynomial.Polynomial) (polynomial.Op
 	if err != nil {
 		return nil, err
 	}
-	res.H.Set(c.(*bls24315.G1Affine))
+	_c := c.(*Digest)
+	res.H.Set(&_c.data)
 
 	return &res, nil
 }
 
 // Verify verifies a KZG opening proof at a single point
-func (s *Scheme) Verify(commitment polynomial.Digest, proof polynomial.OpeningProof) error {
+func (s *Scheme) Verify(d polynomial.Digest, proof polynomial.OpeningProof) error {
 
-	_commitment := commitment.(*bls24315.G1Affine)
+	_d := d.(*Digest)
+	var _commitment bls24315.G1Affine
+	_commitment.Set(&_d.data)
 	_proof := proof.(*Proof)
 
-	// verify that the committed quotient and the commitment are in the correct subgroup
-	subgroupCheck := _proof.H.IsInSubGroup()
-	if !subgroupCheck {
-		return errProofNotInG1
-	}
-	subgroupCheck = _commitment.IsInSubGroup()
-	if !subgroupCheck {
-		return errDigestNotInG1
-	}
-
 	// comm(f(a))
 	var claimedValueG1Aff bls24315.G1Affine
 	var claimedValueBigInt big.Int
@@ -285,7 +353,7 @@ func (s *Scheme) Verify(commitment polynomial.Digest, proof polynomial.OpeningPr
 
 	// [f(alpha) - f(a)]G1Jac
 	var fminusfaG1Jac, tmpG1Jac bls24315.G1Jac
-	fminusfaG1Jac.FromAffine(_commitment)
+	fminusfaG1Jac.FromAffine(&_commitment)
 	tmpG1Jac.FromAffine(&claimedValueG1Aff)
 	fminusfaG1Jac.SubAssign(&tmpG1Jac)
 
@@ -379,7 +447,9 @@ func (s *Scheme) BatchOpenSinglePoint(point interface{}, digests []polynomial.Di
 	if err != nil {
 		return nil, err
 	}
-	res.H.Set(c.(*bls24315.G1Affine))
+
+	_c := c.(*Digest)
+	res.H.Set(&_c.data)
 
 	return &res, nil
 }
@@ -395,20 +465,6 @@ func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpenin
 		return errNbDigestsNeqNbPolynomials
 	}
 
-	// subgroup checks for digests and the proof
-	subgroupCheck := true
-	for i := 0; i < len(digests); i++ {
-		_digest := digests[i].(*bls24315.G1Affine)
-		subgroupCheck = subgroupCheck && _digest.IsInSubGroup()
-	}
-	if !subgroupCheck {
-		return errDigestNotInG1
-	}
-	subgroupCheck = subgroupCheck && _batchOpeningProof.H.IsInSubGroup()
-	if !subgroupCheck {
-		return errProofNotInG1
-	}
-
 	// derive the challenge gamma, binded to the point and the commitments
 	fs := fiatshamir.NewTranscript(fiatshamir.SHA256, "gamma")
 	err := fs.Bind("gamma", _batchOpeningProof.Point.Marshal())
@@ -451,7 +507,8 @@ func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpenin
 	var sumGammaiTimesDigestsG1Aff bls24315.G1Affine
 	_digests := make([]bls24315.G1Affine, len(digests))
 	for i := 0; i < len(digests); i++ {
-		_digests[i].Set(digests[i].(*bls24315.G1Affine))
+		_d := digests[i].(*Digest)
+		_digests[i].Set(&_d.data)
 	}
 
 	sumGammaiTimesDigestsG1Aff.MultiExp(_digests, gammai)
diff --git a/ecc/bls24-315/fr/polynomial/kzg/kzg_test.go b/ecc/bls24-315/fr/polynomial/kzg/kzg_test.go
index 16bc80016..d1dd368ce 100644
--- a/ecc/bls24-315/fr/polynomial/kzg/kzg_test.go
+++ b/ecc/bls24-315/fr/polynomial/kzg/kzg_test.go
@@ -129,7 +129,7 @@ func TestCommit(t *testing.T) {
 		t.Fatal(err)
 	}
 	var kzgCommit bls24315.G1Affine
-	kzgCommit.Set(_kzgCommit.(*bls24315.G1Affine))
+	kzgCommit.Unmarshal(_kzgCommit.Marshal())
 
 	// check commitment using manual commit
 	var x fr.Element
diff --git a/ecc/bls24-315/fr/polynomial/mockcommitment/doc.go b/ecc/bls24-315/fr/polynomial/mockcommitment/doc.go
deleted file mode 100644
index 5473a4d43..000000000
--- a/ecc/bls24-315/fr/polynomial/mockcommitment/doc.go
+++ /dev/null
@@ -1,18 +0,0 @@
-// Copyright 2020 ConsenSys Software Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Code generated by consensys/gnark-crypto DO NOT EDIT
-
-// Package mockcommitment provides a mock commitment scheme, for development and test purposes.
-package mockcommitment
diff --git a/ecc/bls24-315/fr/polynomial/mockcommitment/mock.go b/ecc/bls24-315/fr/polynomial/mockcommitment/mock.go
deleted file mode 100644
index fddf7fe91..000000000
--- a/ecc/bls24-315/fr/polynomial/mockcommitment/mock.go
+++ /dev/null
@@ -1,85 +0,0 @@
-// Copyright 2020 ConsenSys Software Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Code generated by consensys/gnark-crypto DO NOT EDIT
-
-package mockcommitment
-
-import (
-	"io"
-
-	"github.com/consensys/gnark-crypto/ecc/bls24-315/fr"
-	bls24315 "github.com/consensys/gnark-crypto/ecc/bls24-315/fr/polynomial"
-	"github.com/consensys/gnark-crypto/polynomial"
-)
-
-// Scheme mock commitment, useful for testing polynomial based IOP
-// like PLONK, where the scheme should not depend on which polynomial commitment scheme
-// is used.
-type Scheme struct{}
-
-// WriteTo panics
-func (s *Scheme) WriteTo(w io.Writer) (n int64, err error) {
-	panic("not implemented")
-}
-
-// ReadFrom panics
-func (s *Scheme) ReadFrom(r io.Reader) (n int64, err error) {
-	panic("not implemented")
-}
-
-// Commit returns the first coefficient of p
-func (s *Scheme) Commit(p polynomial.Polynomial) (polynomial.Digest, error) {
-	_p := p.(*bls24315.Polynomial)
-	var res fr.Element
-	res.SetInterface((*_p)[0])
-	return &res, nil
-}
-
-// Open computes an opening proof of _p at _val.
-// Returns a MockProof, which is an empty interface.
-func (s *Scheme) Open(point interface{}, p polynomial.Polynomial) (polynomial.OpeningProof, error) {
-
-	res := MockProof{}
-	res.Point.SetInterface(point)
-	res.ClaimedValue.SetInterface(p.Eval(point))
-
-	return &res, nil
-}
-
-// Verify mock implementation of verify
-func (s *Scheme) Verify(commitment polynomial.Digest, proof polynomial.OpeningProof) error {
-	return nil
-}
-
-// BatchOpenSinglePoint computes a batch opening proof for _p at _val.
-func (s *Scheme) BatchOpenSinglePoint(point interface{}, digests []polynomial.Digest, polynomials []polynomial.Polynomial) (polynomial.BatchOpeningProofSinglePoint, error) {
-
-	var res MockBatchProofsSinglePoint
-	res.ClaimedValues = make([]fr.Element, len(polynomials))
-	res.Point.SetInterface(point)
-
-	for i := 0; i < len(polynomials); i++ {
-		res.ClaimedValues[i].SetInterface(polynomials[i].Eval(point))
-	}
-
-	return &res, nil
-}
-
-// BatchVerifySinglePoint computes a batch opening proof for
-func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpeningProof polynomial.BatchOpeningProofSinglePoint) error {
-
-	return nil
-
-}
diff --git a/ecc/bls24-315/fr/polynomial/mockcommitment/mock_test.go b/ecc/bls24-315/fr/polynomial/mockcommitment/mock_test.go
deleted file mode 100644
index 1549398ea..000000000
--- a/ecc/bls24-315/fr/polynomial/mockcommitment/mock_test.go
+++ /dev/null
@@ -1,131 +0,0 @@
-// Copyright 2020 ConsenSys Software Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Code generated by consensys/gnark-crypto DO NOT EDIT
-
-package mockcommitment
-
-import (
-	"testing"
-
-	"github.com/consensys/gnark-crypto/ecc/bls24-315/fr"
-	bls24315_pol "github.com/consensys/gnark-crypto/ecc/bls24-315/fr/polynomial"
-	"github.com/consensys/gnark-crypto/polynomial"
-)
-
-func TestCommit(t *testing.T) {
-
-	size := 60
-	f := make(bls24315_pol.Polynomial, size)
-	for i := 0; i < size; i++ {
-		f[i].SetRandom()
-	}
-
-	var s Scheme
-
-	c, err := s.Commit(&f)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	var _c fr.Element
-	_c.SetInterface(c)
-
-	if !_c.Equal(&f[0]) {
-		t.Fatal("err mock commitment (commit)")
-	}
-}
-
-func TestVerifySinglePoint(t *testing.T) {
-
-	size := 60
-	f := make(bls24315_pol.Polynomial, size)
-	for i := 0; i < size; i++ {
-		f[i].SetRandom()
-	}
-
-	var s Scheme
-
-	c, err := s.Commit(&f)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	var point fr.Element
-	point.SetRandom()
-
-	o, err := s.Open(point, &f)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	// verify the claimed valued
-	res := o.(*MockProof)
-	expected := f.Eval(point).(fr.Element)
-	if !res.ClaimedValue.Equal(&expected) {
-		t.Fatal("err mock commitment (open)")
-	}
-
-	err = s.Verify(c, o)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-}
-
-func TestBatchVerifySinglePoint(t *testing.T) {
-
-	// create polynomials
-	size := 60
-	f := make([]polynomial.Polynomial, 10)
-	for i := 0; i < 10; i++ {
-		_f := make(bls24315_pol.Polynomial, size)
-		for i := 0; i < size; i++ {
-			_f[i].SetRandom()
-		}
-		f[i] = &_f
-	}
-
-	var s Scheme
-
-	// commit the polynomials
-	digests := make([]polynomial.Digest, 10)
-	for i := 0; i < 10; i++ {
-		digests[i], _ = s.Commit(f[i])
-	}
-
-	var point fr.Element
-	point.SetRandom()
-
-	proof, err := s.BatchOpenSinglePoint(&point, digests, f)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	// verify the claimed values
-	_proof := proof.(*MockBatchProofsSinglePoint)
-	for i := 0; i < 10; i++ {
-		expectedClaim := f[i].Eval(point).(fr.Element)
-		if !expectedClaim.Equal(&_proof.ClaimedValues[i]) {
-			t.Fatal("inconsistant claimed values")
-		}
-	}
-
-	// verify the proof
-	err = s.BatchVerifySinglePoint(digests, proof)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-}
diff --git a/ecc/bls24-315/fr/polynomial/mockcommitment/proof.go b/ecc/bls24-315/fr/polynomial/mockcommitment/proof.go
deleted file mode 100644
index afcb4473f..000000000
--- a/ecc/bls24-315/fr/polynomial/mockcommitment/proof.go
+++ /dev/null
@@ -1,29 +0,0 @@
-// Copyright 2020 ConsenSys Software Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Code generated by consensys/gnark-crypto DO NOT EDIT
-
-package mockcommitment
-
-import "github.com/consensys/gnark-crypto/ecc/bls24-315/fr"
-
-// MockProof empty struct
-type MockProof struct {
-	Point        fr.Element
-	ClaimedValue fr.Element
-}
-
-func (mp *MockProof) Marshal() []byte {
-	panic("not implemented")
-}
diff --git a/ecc/bls24-315/fr/polynomial/mockcommitment/proof_single_point.go b/ecc/bls24-315/fr/polynomial/mockcommitment/proof_single_point.go
deleted file mode 100644
index f021b34c0..000000000
--- a/ecc/bls24-315/fr/polynomial/mockcommitment/proof_single_point.go
+++ /dev/null
@@ -1,29 +0,0 @@
-// Copyright 2020 ConsenSys Software Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Code generated by consensys/gnark-crypto DO NOT EDIT
-
-package mockcommitment
-
-import "github.com/consensys/gnark-crypto/ecc/bls24-315/fr"
-
-// MockBatchProofsSinglePoint empty struct
-type MockBatchProofsSinglePoint struct {
-	Point         fr.Element
-	ClaimedValues []fr.Element
-}
-
-func (mp *MockBatchProofsSinglePoint) Marshal() []byte {
-	panic("not implemented")
-}
diff --git a/ecc/bn254/fr/polynomial/mockcommitment/doc.go b/ecc/bn254/fr/polynomial/mockcommitment/doc.go
deleted file mode 100644
index 5473a4d43..000000000
--- a/ecc/bn254/fr/polynomial/mockcommitment/doc.go
+++ /dev/null
@@ -1,18 +0,0 @@
-// Copyright 2020 ConsenSys Software Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Code generated by consensys/gnark-crypto DO NOT EDIT
-
-// Package mockcommitment provides a mock commitment scheme, for development and test purposes.
-package mockcommitment
diff --git a/ecc/bn254/fr/polynomial/mockcommitment/mock.go b/ecc/bn254/fr/polynomial/mockcommitment/mock.go
deleted file mode 100644
index 31f8e7ddb..000000000
--- a/ecc/bn254/fr/polynomial/mockcommitment/mock.go
+++ /dev/null
@@ -1,169 +0,0 @@
-// Copyright 2020 ConsenSys Software Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Code generated by consensys/gnark-crypto DO NOT EDIT
-
-package mockcommitment
-
-import (
-	"io"
-	"math/big"
-
-	"github.com/consensys/gnark-crypto/ecc/bn254/fr"
-	bn254 "github.com/consensys/gnark-crypto/ecc/bn254/fr/polynomial"
-	"github.com/consensys/gnark-crypto/polynomial"
-)
-
-// MockProof empty struct
-type MockProof struct {
-	Point        fr.Element
-	ClaimedValue fr.Element
-}
-
-func (mp *MockProof) Marshal() []byte {
-	panic("not implemented")
-}
-
-// GetClaimedValue returns the serialized claimed value.
-func (mp *MockProof) GetClaimedValue() []byte {
-	return mp.ClaimedValue.Marshal()
-}
-
-// MockBatchProofsSinglePoint empty struct
-type MockBatchProofsSinglePoint struct {
-	Point         fr.Element
-	ClaimedValues []fr.Element
-}
-
-func (mp *MockBatchProofsSinglePoint) Marshal() []byte {
-	panic("not implemented")
-}
-
-// GetClaimedValues returns a slice of the claimed values,
-// serialized.
-func (mp *MockBatchProofsSinglePoint) GetClaimedValues() [][]byte {
-	res := make([][]byte, len(mp.ClaimedValues))
-	for i := 0; i < len(mp.ClaimedValues); i++ {
-		res[i] = mp.ClaimedValues[i].Marshal()
-	}
-	return res
-}
-
-// Scheme mock commitment, useful for testing polynomial based IOP
-// like PLONK, where the scheme should not depend on which polynomial commitment scheme
-// is used.
-type Scheme struct{}
-
-// Digest commitment of a polynomials
-type Digest struct {
-	data fr.Element
-}
-
-// Clone returns a copy of the digest
-func (d *Digest) Clone() polynomial.Digest {
-	var res Digest
-	res.data.Set(&d.data)
-	return &res
-}
-
-// Marshal serializes the point as in bn254.G1Affine.
-func (d *Digest) Marshal() []byte {
-	return d.data.Marshal()
-}
-
-// Marshal serializes the digest.
-func (d *Digest) Unmarshal(buf []byte) error {
-	d.data.SetBytes(buf)
-	return nil
-}
-
-// Add adds two digest.
-func (d *Digest) Add(d1, d2 polynomial.Digest) polynomial.Digest {
-	_d1 := d1.(*Digest)
-	_d2 := d2.(*Digest)
-	d.data.Add(&_d1.data, &_d2.data)
-	return d
-}
-
-// Sub adds two digest.
-func (d *Digest) Sub(d1, d2 polynomial.Digest) polynomial.Digest {
-	_d1 := d1.(*Digest)
-	_d2 := d2.(*Digest)
-	d.data.Sub(&_d1.data, &_d2.data)
-	return d
-}
-
-// Add adds two digest.
-func (d *Digest) ScalarMul(d1 polynomial.Digest, s big.Int) polynomial.Digest {
-	_d1 := d1.(*Digest)
-	var _s fr.Element
-	_s.SetBigInt(&s)
-	d.data.Mul(&_s, &_d1.data)
-	return d
-}
-
-// WriteTo panics
-func (s *Scheme) WriteTo(w io.Writer) (n int64, err error) {
-	panic("not implemented")
-}
-
-// ReadFrom panics
-func (s *Scheme) ReadFrom(r io.Reader) (n int64, err error) {
-	panic("not implemented")
-}
-
-// Commit returns the first coefficient of p
-func (s *Scheme) Commit(p polynomial.Polynomial) (polynomial.Digest, error) {
-	_p := p.(*bn254.Polynomial)
-	var res Digest
-	res.data.SetInterface((*_p)[0])
-	return &res, nil
-}
-
-// Open computes an opening proof of _p at _val.
-// Returns a MockProof, which is an empty interface.
-func (s *Scheme) Open(point interface{}, p polynomial.Polynomial) (polynomial.OpeningProof, error) {
-
-	res := MockProof{}
-	res.Point.SetInterface(point)
-	res.ClaimedValue.SetInterface(p.Eval(point))
-
-	return &res, nil
-}
-
-// Verify mock implementation of verify
-func (s *Scheme) Verify(commitment polynomial.Digest, proof polynomial.OpeningProof) error {
-	return nil
-}
-
-// BatchOpenSinglePoint computes a batch opening proof for _p at _val.
-func (s *Scheme) BatchOpenSinglePoint(point interface{}, digests []polynomial.Digest, polynomials []polynomial.Polynomial) (polynomial.BatchOpeningProofSinglePoint, error) {
-
-	var res MockBatchProofsSinglePoint
-	res.ClaimedValues = make([]fr.Element, len(polynomials))
-	res.Point.SetInterface(point)
-
-	for i := 0; i < len(polynomials); i++ {
-		res.ClaimedValues[i].SetInterface(polynomials[i].Eval(point))
-	}
-
-	return &res, nil
-}
-
-// BatchVerifySinglePoint computes a batch opening proof for
-func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpeningProof polynomial.BatchOpeningProofSinglePoint) error {
-
-	return nil
-
-}
diff --git a/ecc/bn254/fr/polynomial/mockcommitment/mock_test.go b/ecc/bn254/fr/polynomial/mockcommitment/mock_test.go
deleted file mode 100644
index 8e5cde642..000000000
--- a/ecc/bn254/fr/polynomial/mockcommitment/mock_test.go
+++ /dev/null
@@ -1,131 +0,0 @@
-// Copyright 2020 ConsenSys Software Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Code generated by consensys/gnark-crypto DO NOT EDIT
-
-package mockcommitment
-
-import (
-	"testing"
-
-	"github.com/consensys/gnark-crypto/ecc/bn254/fr"
-	bn254_pol "github.com/consensys/gnark-crypto/ecc/bn254/fr/polynomial"
-	"github.com/consensys/gnark-crypto/polynomial"
-)
-
-func TestCommit(t *testing.T) {
-
-	size := 60
-	f := make(bn254_pol.Polynomial, size)
-	for i := 0; i < size; i++ {
-		f[i].SetRandom()
-	}
-
-	var s Scheme
-
-	c, err := s.Commit(&f)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	var _c fr.Element
-	_c.SetInterface(c.Marshal())
-
-	if !_c.Equal(&f[0]) {
-		t.Fatal("err mock commitment (commit)")
-	}
-}
-
-func TestVerifySinglePoint(t *testing.T) {
-
-	size := 60
-	f := make(bn254_pol.Polynomial, size)
-	for i := 0; i < size; i++ {
-		f[i].SetRandom()
-	}
-
-	var s Scheme
-
-	c, err := s.Commit(&f)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	var point fr.Element
-	point.SetRandom()
-
-	o, err := s.Open(point, &f)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	// verify the claimed valued
-	res := o.(*MockProof)
-	expected := f.Eval(point).(fr.Element)
-	if !res.ClaimedValue.Equal(&expected) {
-		t.Fatal("err mock commitment (open)")
-	}
-
-	err = s.Verify(c, o)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-}
-
-func TestBatchVerifySinglePoint(t *testing.T) {
-
-	// create polynomials
-	size := 60
-	f := make([]polynomial.Polynomial, 10)
-	for i := 0; i < 10; i++ {
-		_f := make(bn254_pol.Polynomial, size)
-		for i := 0; i < size; i++ {
-			_f[i].SetRandom()
-		}
-		f[i] = &_f
-	}
-
-	var s Scheme
-
-	// commit the polynomials
-	digests := make([]polynomial.Digest, 10)
-	for i := 0; i < 10; i++ {
-		digests[i], _ = s.Commit(f[i])
-	}
-
-	var point fr.Element
-	point.SetRandom()
-
-	proof, err := s.BatchOpenSinglePoint(&point, digests, f)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	// verify the claimed values
-	_proof := proof.(*MockBatchProofsSinglePoint)
-	for i := 0; i < 10; i++ {
-		expectedClaim := f[i].Eval(point).(fr.Element)
-		if !expectedClaim.Equal(&_proof.ClaimedValues[i]) {
-			t.Fatal("inconsistant claimed values")
-		}
-	}
-
-	// verify the proof
-	err = s.BatchVerifySinglePoint(digests, proof)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-}
diff --git a/ecc/bw6-761/fr/polynomial/mockcommitment/doc.go b/ecc/bw6-761/fr/polynomial/mockcommitment/doc.go
deleted file mode 100644
index 5473a4d43..000000000
--- a/ecc/bw6-761/fr/polynomial/mockcommitment/doc.go
+++ /dev/null
@@ -1,18 +0,0 @@
-// Copyright 2020 ConsenSys Software Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Code generated by consensys/gnark-crypto DO NOT EDIT
-
-// Package mockcommitment provides a mock commitment scheme, for development and test purposes.
-package mockcommitment
diff --git a/ecc/bw6-761/fr/polynomial/mockcommitment/mock.go b/ecc/bw6-761/fr/polynomial/mockcommitment/mock.go
deleted file mode 100644
index b8d6fd1b7..000000000
--- a/ecc/bw6-761/fr/polynomial/mockcommitment/mock.go
+++ /dev/null
@@ -1,169 +0,0 @@
-// Copyright 2020 ConsenSys Software Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Code generated by consensys/gnark-crypto DO NOT EDIT
-
-package mockcommitment
-
-import (
-	"io"
-	"math/big"
-
-	"github.com/consensys/gnark-crypto/ecc/bw6-761/fr"
-	bw6761 "github.com/consensys/gnark-crypto/ecc/bw6-761/fr/polynomial"
-	"github.com/consensys/gnark-crypto/polynomial"
-)
-
-// MockProof empty struct
-type MockProof struct {
-	Point        fr.Element
-	ClaimedValue fr.Element
-}
-
-func (mp *MockProof) Marshal() []byte {
-	panic("not implemented")
-}
-
-// GetClaimedValue returns the serialized claimed value.
-func (mp *MockProof) GetClaimedValue() []byte {
-	return mp.ClaimedValue.Marshal()
-}
-
-// MockBatchProofsSinglePoint empty struct
-type MockBatchProofsSinglePoint struct {
-	Point         fr.Element
-	ClaimedValues []fr.Element
-}
-
-func (mp *MockBatchProofsSinglePoint) Marshal() []byte {
-	panic("not implemented")
-}
-
-// GetClaimedValues returns a slice of the claimed values,
-// serialized.
-func (mp *MockBatchProofsSinglePoint) GetClaimedValues() [][]byte {
-	res := make([][]byte, len(mp.ClaimedValues))
-	for i := 0; i < len(mp.ClaimedValues); i++ {
-		res[i] = mp.ClaimedValues[i].Marshal()
-	}
-	return res
-}
-
-// Scheme mock commitment, useful for testing polynomial based IOP
-// like PLONK, where the scheme should not depend on which polynomial commitment scheme
-// is used.
-type Scheme struct{}
-
-// Digest commitment of a polynomials
-type Digest struct {
-	data fr.Element
-}
-
-// Clone returns a copy of the digest
-func (d *Digest) Clone() polynomial.Digest {
-	var res Digest
-	res.data.Set(&d.data)
-	return &res
-}
-
-// Marshal serializes the point as in bw6761.G1Affine.
-func (d *Digest) Marshal() []byte {
-	return d.data.Marshal()
-}
-
-// Marshal serializes the digest.
-func (d *Digest) Unmarshal(buf []byte) error {
-	d.data.SetBytes(buf)
-	return nil
-}
-
-// Add adds two digest.
-func (d *Digest) Add(d1, d2 polynomial.Digest) polynomial.Digest {
-	_d1 := d1.(*Digest)
-	_d2 := d2.(*Digest)
-	d.data.Add(&_d1.data, &_d2.data)
-	return d
-}
-
-// Sub adds two digest.
-func (d *Digest) Sub(d1, d2 polynomial.Digest) polynomial.Digest {
-	_d1 := d1.(*Digest)
-	_d2 := d2.(*Digest)
-	d.data.Sub(&_d1.data, &_d2.data)
-	return d
-}
-
-// Add adds two digest.
-func (d *Digest) ScalarMul(d1 polynomial.Digest, s big.Int) polynomial.Digest {
-	_d1 := d1.(*Digest)
-	var _s fr.Element
-	_s.SetBigInt(&s)
-	d.data.Mul(&_s, &_d1.data)
-	return d
-}
-
-// WriteTo panics
-func (s *Scheme) WriteTo(w io.Writer) (n int64, err error) {
-	panic("not implemented")
-}
-
-// ReadFrom panics
-func (s *Scheme) ReadFrom(r io.Reader) (n int64, err error) {
-	panic("not implemented")
-}
-
-// Commit returns the first coefficient of p
-func (s *Scheme) Commit(p polynomial.Polynomial) (polynomial.Digest, error) {
-	_p := p.(*bw6761.Polynomial)
-	var res Digest
-	res.data.SetInterface((*_p)[0])
-	return &res, nil
-}
-
-// Open computes an opening proof of _p at _val.
-// Returns a MockProof, which is an empty interface.
-func (s *Scheme) Open(point interface{}, p polynomial.Polynomial) (polynomial.OpeningProof, error) {
-
-	res := MockProof{}
-	res.Point.SetInterface(point)
-	res.ClaimedValue.SetInterface(p.Eval(point))
-
-	return &res, nil
-}
-
-// Verify mock implementation of verify
-func (s *Scheme) Verify(commitment polynomial.Digest, proof polynomial.OpeningProof) error {
-	return nil
-}
-
-// BatchOpenSinglePoint computes a batch opening proof for _p at _val.
-func (s *Scheme) BatchOpenSinglePoint(point interface{}, digests []polynomial.Digest, polynomials []polynomial.Polynomial) (polynomial.BatchOpeningProofSinglePoint, error) {
-
-	var res MockBatchProofsSinglePoint
-	res.ClaimedValues = make([]fr.Element, len(polynomials))
-	res.Point.SetInterface(point)
-
-	for i := 0; i < len(polynomials); i++ {
-		res.ClaimedValues[i].SetInterface(polynomials[i].Eval(point))
-	}
-
-	return &res, nil
-}
-
-// BatchVerifySinglePoint computes a batch opening proof for
-func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpeningProof polynomial.BatchOpeningProofSinglePoint) error {
-
-	return nil
-
-}
diff --git a/ecc/bw6-761/fr/polynomial/mockcommitment/mock_test.go b/ecc/bw6-761/fr/polynomial/mockcommitment/mock_test.go
deleted file mode 100644
index 52dbe3cbf..000000000
--- a/ecc/bw6-761/fr/polynomial/mockcommitment/mock_test.go
+++ /dev/null
@@ -1,131 +0,0 @@
-// Copyright 2020 ConsenSys Software Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Code generated by consensys/gnark-crypto DO NOT EDIT
-
-package mockcommitment
-
-import (
-	"testing"
-
-	"github.com/consensys/gnark-crypto/ecc/bw6-761/fr"
-	bw6761_pol "github.com/consensys/gnark-crypto/ecc/bw6-761/fr/polynomial"
-	"github.com/consensys/gnark-crypto/polynomial"
-)
-
-func TestCommit(t *testing.T) {
-
-	size := 60
-	f := make(bw6761_pol.Polynomial, size)
-	for i := 0; i < size; i++ {
-		f[i].SetRandom()
-	}
-
-	var s Scheme
-
-	c, err := s.Commit(&f)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	var _c fr.Element
-	_c.SetInterface(c.Marshal())
-
-	if !_c.Equal(&f[0]) {
-		t.Fatal("err mock commitment (commit)")
-	}
-}
-
-func TestVerifySinglePoint(t *testing.T) {
-
-	size := 60
-	f := make(bw6761_pol.Polynomial, size)
-	for i := 0; i < size; i++ {
-		f[i].SetRandom()
-	}
-
-	var s Scheme
-
-	c, err := s.Commit(&f)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	var point fr.Element
-	point.SetRandom()
-
-	o, err := s.Open(point, &f)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	// verify the claimed valued
-	res := o.(*MockProof)
-	expected := f.Eval(point).(fr.Element)
-	if !res.ClaimedValue.Equal(&expected) {
-		t.Fatal("err mock commitment (open)")
-	}
-
-	err = s.Verify(c, o)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-}
-
-func TestBatchVerifySinglePoint(t *testing.T) {
-
-	// create polynomials
-	size := 60
-	f := make([]polynomial.Polynomial, 10)
-	for i := 0; i < 10; i++ {
-		_f := make(bw6761_pol.Polynomial, size)
-		for i := 0; i < size; i++ {
-			_f[i].SetRandom()
-		}
-		f[i] = &_f
-	}
-
-	var s Scheme
-
-	// commit the polynomials
-	digests := make([]polynomial.Digest, 10)
-	for i := 0; i < 10; i++ {
-		digests[i], _ = s.Commit(f[i])
-	}
-
-	var point fr.Element
-	point.SetRandom()
-
-	proof, err := s.BatchOpenSinglePoint(&point, digests, f)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	// verify the claimed values
-	_proof := proof.(*MockBatchProofsSinglePoint)
-	for i := 0; i < 10; i++ {
-		expectedClaim := f[i].Eval(point).(fr.Element)
-		if !expectedClaim.Equal(&_proof.ClaimedValues[i]) {
-			t.Fatal("inconsistant claimed values")
-		}
-	}
-
-	// verify the proof
-	err = s.BatchVerifySinglePoint(digests, proof)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-}
diff --git a/internal/generator/polynomial/generate.go b/internal/generator/polynomial/generate.go
index 9f410a65b..ef1c65113 100644
--- a/internal/generator/polynomial/generate.go
+++ b/internal/generator/polynomial/generate.go
@@ -19,17 +19,6 @@ func Generate(conf config.Curve, baseDir string, bgen *bavard.BatchGenerator) er
 		return err
 	}
 
-	// mock commitment scheme
-	conf.Package = "mockcommitment"
-	entries = []bavard.Entry{
-		{File: filepath.Join(baseDir, "mockcommitment", "doc.go"), Templates: []string{"commitment_mock/doc.go.tmpl"}},
-		{File: filepath.Join(baseDir, "mockcommitment", "mock.go"), Templates: []string{"commitment_mock/mock.go.tmpl"}},
-		{File: filepath.Join(baseDir, "mockcommitment", "mock_test.go"), Templates: []string{"commitment_mock/mock.test.go.tmpl"}},
-	}
-	if err := bgen.Generate(conf, conf.Package, "./polynomial/template/", entries...); err != nil {
-		return err
-	}
-
 	// kzg commitment scheme
 	conf.Package = "kzg"
 	entries = []bavard.Entry{
diff --git a/internal/generator/polynomial/template/commitment_mock/doc.go.tmpl b/internal/generator/polynomial/template/commitment_mock/doc.go.tmpl
deleted file mode 100644
index b117dd97e..000000000
--- a/internal/generator/polynomial/template/commitment_mock/doc.go.tmpl
+++ /dev/null
@@ -1,2 +0,0 @@
-// Package {{.Package}} provides a mock commitment scheme, for development and test purposes.
-package {{.Package}}
\ No newline at end of file
diff --git a/internal/generator/polynomial/template/commitment_mock/mock.go.tmpl b/internal/generator/polynomial/template/commitment_mock/mock.go.tmpl
deleted file mode 100644
index b828eca95..000000000
--- a/internal/generator/polynomial/template/commitment_mock/mock.go.tmpl
+++ /dev/null
@@ -1,151 +0,0 @@
-import (
-	"io"
-	"math/big"
-
-	"github.com/consensys/gnark-crypto/ecc/{{ .Name }}/fr"
-	{{ .CurvePackage }} "github.com/consensys/gnark-crypto/ecc/{{ .Name }}/fr/polynomial"
-	"github.com/consensys/gnark-crypto/polynomial"
-)
-
-// MockProof empty struct
-type MockProof struct {
-	Point        fr.Element
-	ClaimedValue fr.Element
-}
-
-func (mp *MockProof) Marshal() []byte {
-	panic("not implemented")
-}
-
-// GetClaimedValue returns the serialized claimed value.
-func (mp *MockProof) GetClaimedValue() []byte {
-	return mp.ClaimedValue.Marshal()
-}
-
-// MockBatchProofsSinglePoint empty struct
-type MockBatchProofsSinglePoint struct {
-	Point         fr.Element
-	ClaimedValues []fr.Element
-}
-
-func (mp *MockBatchProofsSinglePoint) Marshal() []byte {
-	panic("not implemented")
-}
-
-// GetClaimedValues returns a slice of the claimed values,
-// serialized.
-func (mp *MockBatchProofsSinglePoint) GetClaimedValues() [][]byte {
-	res := make([][]byte, len(mp.ClaimedValues))
-	for i := 0; i < len(mp.ClaimedValues); i++ {
-		res[i] = mp.ClaimedValues[i].Marshal()
-	}
-	return res
-}
-
-// Scheme mock commitment, useful for testing polynomial based IOP
-// like PLONK, where the scheme should not depend on which polynomial commitment scheme
-// is used.
-type Scheme struct{}
-
-// Digest commitment of a polynomials
-type Digest struct {
-	data fr.Element
-}
-
-// Clone returns a copy of the digest
-func (d *Digest) Clone() polynomial.Digest {
-	var res Digest
-	res.data.Set(&d.data)
-	return &res
-}
-
-// Marshal serializes the point as in {{ .CurvePackage}}.G1Affine.
-func (d *Digest) Marshal() []byte {
-	return d.data.Marshal()
-}
-
-// Marshal serializes the digest.	
-func (d *Digest) Unmarshal(buf []byte) error {
-	d.data.SetBytes(buf)
-	return nil
-}
-
-// Add adds two digest.
-func (d *Digest) Add(d1, d2 polynomial.Digest) polynomial.Digest {
-	_d1 := d1.(*Digest)
-	_d2 := d2.(*Digest)
-	d.data.Add(&_d1.data, &_d2.data)
-	return d
-}
-
-// Sub adds two digest.
-func (d *Digest) Sub(d1, d2 polynomial.Digest) polynomial.Digest {
-	_d1 := d1.(*Digest)
-	_d2 := d2.(*Digest)
-	d.data.Sub(&_d1.data, &_d2.data)
-	return d
-}
-
-// Add adds two digest.
-func (d *Digest) ScalarMul(d1 polynomial.Digest, s big.Int) polynomial.Digest {
-	_d1 := d1.(*Digest)
-	var _s fr.Element
-	_s.SetBigInt(&s)
-	d.data.Mul(&_s, &_d1.data)
-	return d
-}
-
-// WriteTo panics
-func (s *Scheme) WriteTo(w io.Writer) (n int64, err error) {
-	panic("not implemented")
-}
-
-// ReadFrom panics
-func (s *Scheme) ReadFrom(r io.Reader) (n int64, err error) {
-	panic("not implemented")
-}
-
-// Commit returns the first coefficient of p
-func (s *Scheme) Commit(p polynomial.Polynomial) (polynomial.Digest, error) {
-	_p := p.(*{{ .CurvePackage}}.Polynomial)
-	var res Digest
-	res.data.SetInterface((*_p)[0])
-	return &res, nil
-}
-
-// Open computes an opening proof of _p at _val.
-// Returns a MockProof, which is an empty interface.
-func (s *Scheme) Open(point interface{}, p polynomial.Polynomial) (polynomial.OpeningProof, error) {
-
-	res := MockProof{}
-	res.Point.SetInterface(point)
-	res.ClaimedValue.SetInterface(p.Eval(point))
-
-	return &res, nil
-}
-
-// Verify mock implementation of verify
-func (s *Scheme) Verify(commitment polynomial.Digest, proof polynomial.OpeningProof) error {
-	return nil
-}
-
-// BatchOpenSinglePoint computes a batch opening proof for _p at _val.
-func (s *Scheme) BatchOpenSinglePoint(point interface{}, digests []polynomial.Digest, polynomials []polynomial.Polynomial) (polynomial.BatchOpeningProofSinglePoint, error) {
-
-	var res MockBatchProofsSinglePoint
-	res.ClaimedValues = make([]fr.Element, len(polynomials))
-	res.Point.SetInterface(point)
-
-	for i := 0; i < len(polynomials); i++ {
-		res.ClaimedValues[i].SetInterface(polynomials[i].Eval(point))
-	}
-
-	return &res, nil
-}
-
-// BatchVerifySinglePoint computes a batch opening proof for
-func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpeningProof polynomial.BatchOpeningProofSinglePoint) error {
-
-	return nil
-
-}
diff --git a/internal/generator/polynomial/template/commitment_mock/mock.test.go.tmpl b/internal/generator/polynomial/template/commitment_mock/mock.test.go.tmpl
deleted file mode 100644
index 50114054f..000000000
--- a/internal/generator/polynomial/template/commitment_mock/mock.test.go.tmpl
+++ /dev/null
@@ -1,113 +0,0 @@
-import (
-	"testing"
-
-	"github.com/consensys/gnark-crypto/ecc/{{ .Name }}/fr"
-	{{ .CurvePackage }}_pol "github.com/consensys/gnark-crypto/ecc/{{ .Name }}/fr/polynomial"
-	"github.com/consensys/gnark-crypto/polynomial"
-)
-
-func TestCommit(t *testing.T) {
-
-	size := 60
-	f := make({{ .CurvePackage }}_pol.Polynomial, size)
-	for i := 0; i < size; i++ {
-		f[i].SetRandom()
-	}
-
-	var s Scheme
-
-	c, err := s.Commit(&f)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	var _c fr.Element
-	_c.SetInterface(c.Marshal())
-
-	if !_c.Equal(&f[0]) {
-		t.Fatal("err mock commitment (commit)")
-	}
-}
-
-func TestVerifySinglePoint(t *testing.T) {
-
-	size := 60
-	f := make({{ .CurvePackage }}_pol.Polynomial, size)
-	for i := 0; i < size; i++ {
-		f[i].SetRandom()
-	}
-
-	var s Scheme
-
-	c, err := s.Commit(&f)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	var point fr.Element
-	point.SetRandom()
-
-	o, err := s.Open(point, &f)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	// verify the claimed valued
-	res := o.(*MockProof)
-	expected := f.Eval(point).(fr.Element)
-	if !res.ClaimedValue.Equal(&expected) {
-		t.Fatal("err mock commitment (open)")
-	}
-
-	err = s.Verify(c, o)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-}
-
-func TestBatchVerifySinglePoint(t *testing.T) {
-
-	// create polynomials
-	size := 60
-	f := make([]polynomial.Polynomial, 10)
-	for i := 0; i < 10; i++ {
-		_f := make({{ .CurvePackage }}_pol.Polynomial, size)
-		for i := 0; i < size; i++ {
-			_f[i].SetRandom()
-		}
-		f[i] = &_f
-	}
-
-	var s Scheme
-
-	// commit the polynomials
-	digests := make([]polynomial.Digest, 10)
-	for i := 0; i < 10; i++ {
-		digests[i], _ = s.Commit(f[i])
-	}
-
-	var point fr.Element
-	point.SetRandom()
-
-	proof, err := s.BatchOpenSinglePoint(&point, digests, f)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	// verify the claimed values
-	_proof := proof.(*MockBatchProofsSinglePoint)
-	for i := 0; i < 10; i++ {
-		expectedClaim := f[i].Eval(point).(fr.Element)
-		if !expectedClaim.Equal(&_proof.ClaimedValues[i]) {
-			t.Fatal("inconsistant claimed values")
-		}
-	}
-
-	// verify the proof
-	err = s.BatchVerifySinglePoint(digests, proof)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-}

From 9dc612b90657a7dff52be6c62ca75b29f5c6a96f Mon Sep 17 00:00:00 2001
From: Gautam Botrel <gautam.botrel@gmail.com>
Date: Tue, 15 Jun 2021 22:35:28 -0500
Subject: [PATCH 06/13] feat: kzg is now strongly typed with the curve

---
 ecc/bls12-377/fr/polynomial/kzg/kzg.go        | 129 +++++++++---------
 ecc/bls12-377/fr/polynomial/kzg/kzg_test.go   |  75 +++++-----
 ecc/bls12-377/fr/polynomial/polynomial.go     |  49 +++----
 .../fr/polynomial/polynomial_test.go          |  26 ++--
 ecc/bls12-381/fr/polynomial/kzg/kzg.go        | 129 +++++++++---------
 ecc/bls12-381/fr/polynomial/kzg/kzg_test.go   |  75 +++++-----
 ecc/bls12-381/fr/polynomial/polynomial.go     |  49 +++----
 .../fr/polynomial/polynomial_test.go          |  26 ++--
 ecc/bls24-315/fr/polynomial/kzg/kzg.go        | 129 +++++++++---------
 ecc/bls24-315/fr/polynomial/kzg/kzg_test.go   |  75 +++++-----
 ecc/bls24-315/fr/polynomial/polynomial.go     |  49 +++----
 .../fr/polynomial/polynomial_test.go          |  26 ++--
 ecc/bn254/fr/polynomial/kzg/kzg.go            | 129 +++++++++---------
 ecc/bn254/fr/polynomial/kzg/kzg_test.go       |  75 +++++-----
 ecc/bn254/fr/polynomial/polynomial.go         |  49 +++----
 ecc/bn254/fr/polynomial/polynomial_test.go    |  26 ++--
 ecc/bw6-761/fr/polynomial/kzg/kzg.go          | 129 +++++++++---------
 ecc/bw6-761/fr/polynomial/kzg/kzg_test.go     |  75 +++++-----
 ecc/bw6-761/fr/polynomial/polynomial.go       |  49 +++----
 ecc/bw6-761/fr/polynomial/polynomial_test.go  |  26 ++--
 .../template/commitment_kzg/kzg.go.tmpl       | 129 +++++++++---------
 .../template/commitment_kzg/kzg.test.go.tmpl  |  75 +++++-----
 .../polynomial/template/polynomial.go.tmpl    |  49 +++----
 .../template/polynomial.test.go.tmpl          |  26 ++--
 polynomial/commitment.go                      |  85 ------------
 polynomial/polynomial.go                      |  44 ------
 26 files changed, 775 insertions(+), 1028 deletions(-)
 delete mode 100644 polynomial/commitment.go
 delete mode 100644 polynomial/polynomial.go

diff --git a/ecc/bls12-377/fr/polynomial/kzg/kzg.go b/ecc/bls12-377/fr/polynomial/kzg/kzg.go
index a78380741..4a38cd60e 100644
--- a/ecc/bls12-377/fr/polynomial/kzg/kzg.go
+++ b/ecc/bls12-377/fr/polynomial/kzg/kzg.go
@@ -24,10 +24,9 @@ import (
 	"github.com/consensys/gnark-crypto/ecc/bls12-377"
 	"github.com/consensys/gnark-crypto/ecc/bls12-377/fr"
 	"github.com/consensys/gnark-crypto/ecc/bls12-377/fr/fft"
-	bls12377_pol "github.com/consensys/gnark-crypto/ecc/bls12-377/fr/polynomial"
+	"github.com/consensys/gnark-crypto/ecc/bls12-377/fr/polynomial"
 	fiatshamir "github.com/consensys/gnark-crypto/fiat-shamir"
 	"github.com/consensys/gnark-crypto/internal/parallel"
-	"github.com/consensys/gnark-crypto/polynomial"
 )
 
 var (
@@ -35,6 +34,11 @@ var (
 	errUnsupportedSize           = errors.New("the size of the polynomials exceeds the capacity of the SRS")
 )
 
+var (
+	ErrVerifyOpeningProof            = errors.New("error verifying opening proof")
+	ErrVerifyBatchOpeningSinglePoint = errors.New("error verifying batch opening proof at single point")
+)
+
 // Digest commitment of a polynomial.
 type Digest struct {
 	data bls12377.G1Affine
@@ -99,7 +103,7 @@ func NewScheme(size int, alpha fr.Element) *Scheme {
 }
 
 // Clone returns a copy of d
-func (d *Digest) Clone() polynomial.Digest {
+func (d *Digest) Clone() *Digest {
 	var res Digest
 	res.data.Set(&d.data)
 	return &res
@@ -121,12 +125,10 @@ func (d *Digest) Unmarshal(buf []byte) error {
 
 // Add adds two digest. The API and behaviour mimics bls12377.G1Affine's,
 // i.e. the caller is modified.
-func (d *Digest) Add(d1, d2 polynomial.Digest) polynomial.Digest {
-	_d1 := d1.(*Digest)
-	_d2 := d2.(*Digest)
+func (d *Digest) Add(d1, d2 *Digest) *Digest {
 	var p1, p2 bls12377.G1Jac
-	p1.FromAffine(&_d1.data)
-	p2.FromAffine(&_d2.data)
+	p1.FromAffine(&d1.data)
+	p2.FromAffine(&d2.data)
 	p1.AddAssign(&p2)
 	d.data.FromJacobian(&p1)
 	return d
@@ -134,12 +136,10 @@ func (d *Digest) Add(d1, d2 polynomial.Digest) polynomial.Digest {
 
 // Sub adds two digest. The API and behaviour mimics bls12377.G1Affine's,
 // i.e. the caller is modified.
-func (d *Digest) Sub(d1, d2 polynomial.Digest) polynomial.Digest {
-	_d1 := d1.(*Digest)
-	_d2 := d2.(*Digest)
+func (d *Digest) Sub(d1, d2 *Digest) *Digest {
 	var p1, p2 bls12377.G1Jac
-	p1.FromAffine(&_d1.data)
-	p2.FromAffine(&_d2.data)
+	p1.FromAffine(&d1.data)
+	p2.FromAffine(&d2.data)
 	p1.SubAssign(&p2)
 	d.data.FromJacobian(&p1)
 	return d
@@ -147,10 +147,9 @@ func (d *Digest) Sub(d1, d2 polynomial.Digest) polynomial.Digest {
 
 // Add adds two digest. The API and behaviour mimics bls12377.G1Affine's,
 // i.e. the caller is modified.
-func (d *Digest) ScalarMul(d1 polynomial.Digest, s big.Int) polynomial.Digest {
-	_d1 := d1.(*Digest)
+func (d *Digest) ScalarMul(d1 *Digest, s big.Int) *Digest {
 	var p1 bls12377.G1Affine
-	p1.Set(&_d1.data)
+	p1.Set(&d1.data)
 	p1.ScalarMultiplication(&p1, &s)
 	d.data.Set(&p1)
 	return d
@@ -282,20 +281,19 @@ func (s *Scheme) ReadFrom(r io.Reader) (int64, error) {
 
 // Commit commits to a polynomial using a multi exponentiation with the SRS.
 // It is assumed that the polynomial is in canonical form, in Montgomery form.
-func (s *Scheme) Commit(p polynomial.Polynomial) (polynomial.Digest, error) {
+func (s *Scheme) Commit(p polynomial.Polynomial) (Digest, error) {
 
 	if p.Degree() >= s.Domain.Cardinality {
-		return nil, errUnsupportedSize
+		return Digest{}, errUnsupportedSize
 	}
 
 	var _res bls12377.G1Affine
-	_p := p.(*bls12377_pol.Polynomial)
 
 	// ensure we don't modify p
-	pCopy := make(bls12377_pol.Polynomial, s.Domain.Cardinality)
-	copy(pCopy, *_p)
+	pCopy := make(polynomial.Polynomial, s.Domain.Cardinality)
+	copy(pCopy, p)
 
-	parallel.Execute(len(*_p), func(start, end int) {
+	parallel.Execute(len(p), func(start, end int) {
 		for i := start; i < end; i++ {
 			pCopy[i].FromMont()
 		}
@@ -305,50 +303,47 @@ func (s *Scheme) Commit(p polynomial.Polynomial) (polynomial.Digest, error) {
 	var res Digest
 	res.data.Set(&_res)
 
-	return &res, nil
+	return res, nil
 }
 
-// Open computes an opening proof of _p at _val.
+// Open computes an opening proof of p at _val.
 // Returns a MockProof, which is an empty interface.
-func (s *Scheme) Open(point interface{}, p polynomial.Polynomial) (polynomial.OpeningProof, error) {
+func (s *Scheme) Open(point *fr.Element, p polynomial.Polynomial) (Proof, error) {
 
 	if p.Degree() >= s.Domain.Cardinality {
 		panic("[Open] Size of polynomial exceeds the size supported by the scheme")
 	}
 
 	// build the proof
-	var res Proof
-	claimedValue := p.Eval(point)
-	res.Point.SetInterface(point)
-	res.ClaimedValue.SetInterface(claimedValue)
+	res := Proof{
+		Point:        *point,
+		ClaimedValue: p.Eval(point),
+	}
 
 	// compute H
-	_p := p.(*bls12377_pol.Polynomial)
-	h := dividePolyByXminusA(s.Domain, *_p, res.ClaimedValue, res.Point)
+
+	h := dividePolyByXminusA(s.Domain, p, res.ClaimedValue, res.Point)
 
 	// commit to H
-	c, err := s.Commit(&h)
+	c, err := s.Commit(h)
 	if err != nil {
-		return nil, err
+		return Proof{}, err
 	}
-	_c := c.(*Digest)
-	res.H.Set(&_c.data)
+	res.H.Set(&c.data)
 
-	return &res, nil
+	return res, nil
 }
 
 // Verify verifies a KZG opening proof at a single point
-func (s *Scheme) Verify(d polynomial.Digest, proof polynomial.OpeningProof) error {
+func (s *Scheme) Verify(d *Digest, proof *Proof) error {
 
-	_d := d.(*Digest)
 	var _commitment bls12377.G1Affine
-	_commitment.Set(&_d.data)
-	_proof := proof.(*Proof)
+	_commitment.Set(&d.data)
 
 	// comm(f(a))
 	var claimedValueG1Aff bls12377.G1Affine
 	var claimedValueBigInt big.Int
-	_proof.ClaimedValue.ToBigIntRegular(&claimedValueBigInt)
+	proof.ClaimedValue.ToBigIntRegular(&claimedValueBigInt)
 	claimedValueG1Aff.ScalarMultiplication(&s.SRS.G1[0], &claimedValueBigInt)
 
 	// [f(alpha) - f(a)]G1Jac
@@ -359,12 +354,12 @@ func (s *Scheme) Verify(d polynomial.Digest, proof polynomial.OpeningProof) erro
 
 	// [-H(alpha)]G1Aff
 	var negH bls12377.G1Affine
-	negH.Neg(&_proof.H)
+	negH.Neg(&proof.H)
 
 	// [alpha-a]G2Jac
 	var alphaMinusaG2Jac, genG2Jac, alphaG2Jac bls12377.G2Jac
 	var pointBigInt big.Int
-	_proof.Point.ToBigIntRegular(&pointBigInt)
+	proof.Point.ToBigIntRegular(&pointBigInt)
 	genG2Jac.FromAffine(&s.SRS.G2[0])
 	alphaG2Jac.FromAffine(&s.SRS.G2[1])
 	alphaMinusaG2Jac.ScalarMultiplication(&genG2Jac, &pointBigInt).
@@ -388,13 +383,17 @@ func (s *Scheme) Verify(d polynomial.Digest, proof polynomial.OpeningProof) erro
 		return err
 	}
 	if !check {
-		return polynomial.ErrVerifyOpeningProof
+		return ErrVerifyOpeningProof
 	}
 	return nil
 }
 
-// BatchOpenSinglePoint creates a batch opening proof of several polynomials at a single point
-func (s *Scheme) BatchOpenSinglePoint(point interface{}, digests []polynomial.Digest, polynomials []polynomial.Polynomial) (polynomial.BatchOpeningProofSinglePoint, error) {
+// BatchOpenSinglePoint creates a batch opening proof at _val of a list of polynomials.
+// It's an interactive protocol, made non interactive using Fiat Shamir.
+// point is the point at which the polynomials are opened.
+// digests is the list of committed polynomials to open, need to derive the challenge using Fiat Shamir.
+// polynomials is the list of polynomials to open.
+func (s *Scheme) BatchOpenSinglePoint(point *fr.Element, digests []Digest, polynomials []polynomial.Polynomial) (*BatchProofsSinglePoint, error) {
 
 	nbDigests := len(digests)
 	if nbDigests != len(polynomials) {
@@ -406,11 +405,11 @@ func (s *Scheme) BatchOpenSinglePoint(point interface{}, digests []polynomial.Di
 	// compute the purported values
 	res.ClaimedValues = make([]fr.Element, len(polynomials))
 	for i := 0; i < len(polynomials); i++ {
-		res.ClaimedValues[i] = polynomials[i].Eval(point).(fr.Element)
+		res.ClaimedValues[i] = polynomials[i].Eval(point)
 	}
 
 	// set the point at which the evaluation is done
-	res.Point.SetInterface(point)
+	res.Point.Set(point)
 
 	// derive the challenge gamma, binded to the point and the commitments
 	fs := fiatshamir.NewTranscript(fiatshamir.SHA256, "gamma")
@@ -441,33 +440,34 @@ func (s *Scheme) BatchOpenSinglePoint(point interface{}, digests []polynomial.Di
 	}
 
 	// compute H
-	_sumGammaiTimesPol := sumGammaiTimesPol.(*bls12377_pol.Polynomial)
-	h := dividePolyByXminusA(s.Domain, *_sumGammaiTimesPol, sumGammaiTimesEval, res.Point)
-	c, err := s.Commit(&h)
+	h := dividePolyByXminusA(s.Domain, sumGammaiTimesPol, sumGammaiTimesEval, res.Point)
+	c, err := s.Commit(h)
 	if err != nil {
 		return nil, err
 	}
 
-	_c := c.(*Digest)
-	res.H.Set(&_c.data)
+	res.H.Set(&c.data)
 
 	return &res, nil
 }
 
-func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpeningProof polynomial.BatchOpeningProofSinglePoint) error {
+// BatchVerifySinglePoint verifies a batched opening proof at a single point of a list of polynomials.
+// point: point at which the polynomials are evaluated
+// claimedValues: claimed values of the polynomials at _val
+// commitments: list of commitments to the polynomials which are opened
+// batchOpeningProof: the batched opening proof at a single point of the polynomials.
+func (s *Scheme) BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchProofsSinglePoint) error {
 
 	nbDigests := len(digests)
 
-	_batchOpeningProof := batchOpeningProof.(*BatchProofsSinglePoint)
-
 	// check consistancy between numbers of claims vs number of digests
-	if len(digests) != len(_batchOpeningProof.ClaimedValues) {
+	if len(digests) != len(batchOpeningProof.ClaimedValues) {
 		return errNbDigestsNeqNbPolynomials
 	}
 
 	// derive the challenge gamma, binded to the point and the commitments
 	fs := fiatshamir.NewTranscript(fiatshamir.SHA256, "gamma")
-	err := fs.Bind("gamma", _batchOpeningProof.Point.Marshal())
+	err := fs.Bind("gamma", batchOpeningProof.Point.Marshal())
 	if err != nil {
 		return err
 	}
@@ -485,10 +485,10 @@ func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpenin
 	gamma.SetBytes(gammaByte)
 
 	var sumGammaiTimesEval fr.Element
-	sumGammaiTimesEval.Set(&_batchOpeningProof.ClaimedValues[nbDigests-1])
+	sumGammaiTimesEval.Set(&batchOpeningProof.ClaimedValues[nbDigests-1])
 	for i := nbDigests - 2; i >= 0; i-- {
 		sumGammaiTimesEval.Mul(&sumGammaiTimesEval, &gamma).
-			Add(&sumGammaiTimesEval, &_batchOpeningProof.ClaimedValues[i])
+			Add(&sumGammaiTimesEval, &batchOpeningProof.ClaimedValues[i])
 	}
 
 	var sumGammaiTimesEvalBigInt big.Int
@@ -507,8 +507,7 @@ func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpenin
 	var sumGammaiTimesDigestsG1Aff bls12377.G1Affine
 	_digests := make([]bls12377.G1Affine, len(digests))
 	for i := 0; i < len(digests); i++ {
-		_d := digests[i].(*Digest)
-		_digests[i].Set(&_d.data)
+		_digests[i].Set(&digests[i].data)
 	}
 
 	sumGammaiTimesDigestsG1Aff.MultiExp(_digests, gammai)
@@ -524,7 +523,7 @@ func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpenin
 	// [alpha-a]G2Jac
 	var alphaMinusaG2Jac, genG2Jac, alphaG2Jac bls12377.G2Jac
 	var pointBigInt big.Int
-	_batchOpeningProof.Point.ToBigIntRegular(&pointBigInt)
+	batchOpeningProof.Point.ToBigIntRegular(&pointBigInt)
 	genG2Jac.FromAffine(&s.SRS.G2[0])
 	alphaG2Jac.FromAffine(&s.SRS.G2[1])
 	alphaMinusaG2Jac.ScalarMultiplication(&genG2Jac, &pointBigInt).
@@ -537,7 +536,7 @@ func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpenin
 
 	// [-H(alpha)]G1Aff
 	var negH bls12377.G1Affine
-	negH.Neg(&_batchOpeningProof.H)
+	negH.Neg(&batchOpeningProof.H)
 
 	// check the pairing equation
 	check, err := bls12377.PairingCheck(
@@ -548,7 +547,7 @@ func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpenin
 		return err
 	}
 	if !check {
-		return polynomial.ErrVerifyBatchOpeningSinglePoint
+		return ErrVerifyBatchOpeningSinglePoint
 	}
 	return nil
 }
diff --git a/ecc/bls12-377/fr/polynomial/kzg/kzg_test.go b/ecc/bls12-377/fr/polynomial/kzg/kzg_test.go
index ab90d4dda..4ff806555 100644
--- a/ecc/bls12-377/fr/polynomial/kzg/kzg_test.go
+++ b/ecc/bls12-377/fr/polynomial/kzg/kzg_test.go
@@ -25,8 +25,7 @@ import (
 	"github.com/consensys/gnark-crypto/ecc/bls12-377"
 	"github.com/consensys/gnark-crypto/ecc/bls12-377/fr"
 	"github.com/consensys/gnark-crypto/ecc/bls12-377/fr/fft"
-	bls12377_pol "github.com/consensys/gnark-crypto/ecc/bls12-377/fr/polynomial"
-	"github.com/consensys/gnark-crypto/polynomial"
+	"github.com/consensys/gnark-crypto/ecc/bls12-377/fr/polynomial"
 )
 
 var _alphaSetup fr.Element
@@ -36,8 +35,8 @@ func init() {
 	_alphaSetup.SetString("1234")
 }
 
-func randomPolynomial(size int) bls12377_pol.Polynomial {
-	f := make(bls12377_pol.Polynomial, size)
+func randomPolynomial(size int) polynomial.Polynomial {
+	f := make(polynomial.Polynomial, size)
 	for i := 0; i < size; i++ {
 		f[i].SetRandom()
 	}
@@ -51,7 +50,7 @@ func TestDividePolyByXminusA(t *testing.T) {
 	domain := fft.NewDomain(uint64(sizePol), 0, false)
 
 	// build random polynomial
-	pol := make(bls12377_pol.Polynomial, sizePol)
+	pol := make(polynomial.Polynomial, sizePol)
 	for i := 0; i < sizePol; i++ {
 		pol[i].SetRandom()
 	}
@@ -59,7 +58,7 @@ func TestDividePolyByXminusA(t *testing.T) {
 	// evaluate the polynomial at a random point
 	var point fr.Element
 	point.SetRandom()
-	evaluation := pol.Eval(&point).(fr.Element)
+	evaluation := pol.Eval(&point)
 
 	// compute f-f(a)/x-a
 	h := dividePolyByXminusA(*domain, pol, evaluation, point)
@@ -72,10 +71,10 @@ func TestDividePolyByXminusA(t *testing.T) {
 	var randPoint, xminusa fr.Element
 	randPoint.SetRandom()
 
-	polRandpoint := pol.Eval(&randPoint).(fr.Element)
+	polRandpoint := pol.Eval(&randPoint)
 	polRandpoint.Sub(&polRandpoint, &evaluation) // f(rand)-f(point)
 
-	hRandPoint := h.Eval(&randPoint).(fr.Element)
+	hRandPoint := h.Eval(&randPoint)
 	xminusa.Sub(&randPoint, &point) // rand-point
 
 	// f(rand)-f(point)	==? h(rand)*(rand-point)
@@ -118,13 +117,13 @@ func TestCommit(t *testing.T) {
 	s := NewScheme(64, _alphaSetup)
 
 	// create a polynomial
-	f := make(bls12377_pol.Polynomial, 60)
+	f := make(polynomial.Polynomial, 60)
 	for i := 0; i < 60; i++ {
 		f[i].SetRandom()
 	}
 
 	// commit using the method from KZG
-	_kzgCommit, err := s.Commit(&f)
+	_kzgCommit, err := s.Commit(f)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -134,7 +133,7 @@ func TestCommit(t *testing.T) {
 	// check commitment using manual commit
 	var x fr.Element
 	x.SetString("1234")
-	fx := f.Eval(&x).(fr.Element)
+	fx := f.Eval(&x)
 	var fxbi big.Int
 	fx.ToBigIntRegular(&fxbi)
 	var manualCommit bls12377.G1Affine
@@ -157,7 +156,7 @@ func TestVerifySinglePoint(t *testing.T) {
 	f := randomPolynomial(60)
 
 	// commit the polynomial
-	digest, err := s.Commit(&f)
+	digest, err := s.Commit(f)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -165,28 +164,26 @@ func TestVerifySinglePoint(t *testing.T) {
 	// compute opening proof at a random point
 	var point fr.Element
 	point.SetString("4321")
-	proof, err := s.Open(&point, &f)
+	proof, err := s.Open(&point, f)
 	if err != nil {
 		t.Fatal(err)
 	}
 
 	// verify the claimed valued
-	_proof := proof.(*Proof)
-	expected := f.Eval(point).(fr.Element)
-	if !_proof.ClaimedValue.Equal(&expected) {
+	expected := f.Eval(&point)
+	if !proof.ClaimedValue.Equal(&expected) {
 		t.Fatal("inconsistant claimed value")
 	}
 
 	// verify correct proof
-	err = s.Verify(digest, proof)
+	err = s.Verify(&digest, &proof)
 	if err != nil {
 		t.Fatal(err)
 	}
 
 	// verify wrong proof
-	_proof = proof.(*Proof)
-	_proof.ClaimedValue.Double(&_proof.ClaimedValue)
-	err = s.Verify(digest, _proof)
+	proof.ClaimedValue.Double(&proof.ClaimedValue)
+	err = s.Verify(&digest, &proof)
 	if err == nil {
 		t.Fatal("verifying wrong proof should have failed")
 	}
@@ -200,12 +197,11 @@ func TestBatchVerifySinglePoint(t *testing.T) {
 	// create polynomials
 	f := make([]polynomial.Polynomial, 10)
 	for i := 0; i < 10; i++ {
-		_f := randomPolynomial(60)
-		f[i] = &_f
+		f[i] = randomPolynomial(60)
 	}
 
 	// commit the polynomials
-	digests := make([]polynomial.Digest, 10)
+	digests := make([]Digest, 10)
 	for i := 0; i < 10; i++ {
 		digests[i], _ = s.Commit(f[i])
 
@@ -220,10 +216,9 @@ func TestBatchVerifySinglePoint(t *testing.T) {
 	}
 
 	// verify the claimed values
-	_proof := proof.(*BatchProofsSinglePoint)
 	for i := 0; i < 10; i++ {
-		expectedClaim := f[i].Eval(point).(fr.Element)
-		if !expectedClaim.Equal(&_proof.ClaimedValues[i]) {
+		expectedClaim := f[i].Eval(&point)
+		if !expectedClaim.Equal(&proof.ClaimedValues[i]) {
 			t.Fatal("inconsistant claimed values")
 		}
 	}
@@ -235,8 +230,8 @@ func TestBatchVerifySinglePoint(t *testing.T) {
 	}
 
 	// verify wrong proof
-	_proof.ClaimedValues[0].Double(&_proof.ClaimedValues[0])
-	err = s.BatchVerifySinglePoint(digests, _proof)
+	proof.ClaimedValues[0].Double(&proof.ClaimedValues[0])
+	err = s.BatchVerifySinglePoint(digests, proof)
 	if err == nil {
 		t.Fatal("verifying wrong proof should have failed")
 	}
@@ -254,7 +249,7 @@ func BenchmarkKZGCommit(b *testing.B) {
 
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
-		_, _ = s.Commit(&p)
+		_, _ = s.Commit(p)
 	}
 }
 
@@ -269,7 +264,7 @@ func BenchmarkKZGOpen(b *testing.B) {
 
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
-		_, _ = s.Open(r, &p)
+		_, _ = s.Open(&r, p)
 	}
 }
 
@@ -283,20 +278,20 @@ func BenchmarkKZGVerify(b *testing.B) {
 	r.SetRandom()
 
 	// commit
-	comm, err := s.Commit(&p)
+	comm, err := s.Commit(p)
 	if err != nil {
 		b.Fatal(err)
 	}
 
 	// open
-	openingProof, err := s.Open(r, &p)
+	openingProof, err := s.Open(&r, p)
 	if err != nil {
 		b.Fatal(err)
 	}
 
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
-		s.Verify(comm, openingProof)
+		s.Verify(&comm, &openingProof)
 	}
 }
 
@@ -307,12 +302,11 @@ func BenchmarkKZGBatchOpen10(b *testing.B) {
 	// 10 random polynomials
 	var ps [10]polynomial.Polynomial
 	for i := 0; i < 10; i++ {
-		_p := randomPolynomial(benchSize / 2)
-		ps[i] = &_p
+		ps[i] = randomPolynomial(benchSize / 2)
 	}
 
 	// commitments
-	var commitments [10]polynomial.Digest
+	var commitments [10]Digest
 	for i := 0; i < 10; i++ {
 		commitments[i], _ = s.Commit(ps[i])
 	}
@@ -322,7 +316,7 @@ func BenchmarkKZGBatchOpen10(b *testing.B) {
 
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
-		s.BatchOpenSinglePoint(r, commitments[:], ps[:])
+		s.BatchOpenSinglePoint(&r, commitments[:], ps[:])
 	}
 }
 
@@ -333,12 +327,11 @@ func BenchmarkKZGBatchVerify10(b *testing.B) {
 	// 10 random polynomials
 	var ps [10]polynomial.Polynomial
 	for i := 0; i < 10; i++ {
-		_p := randomPolynomial(benchSize / 2)
-		ps[i] = &_p
+		ps[i] = randomPolynomial(benchSize / 2)
 	}
 
 	// commitments
-	var commitments [10]polynomial.Digest
+	var commitments [10]Digest
 	for i := 0; i < 10; i++ {
 		commitments[i], _ = s.Commit(ps[i])
 	}
@@ -346,7 +339,7 @@ func BenchmarkKZGBatchVerify10(b *testing.B) {
 	var r fr.Element
 	r.SetRandom()
 
-	proof, err := s.BatchOpenSinglePoint(r, commitments[:], ps[:])
+	proof, err := s.BatchOpenSinglePoint(&r, commitments[:], ps[:])
 	if err != nil {
 		b.Fatal(err)
 	}
diff --git a/ecc/bls12-377/fr/polynomial/polynomial.go b/ecc/bls12-377/fr/polynomial/polynomial.go
index 750669eeb..1c381b458 100644
--- a/ecc/bls12-377/fr/polynomial/polynomial.go
+++ b/ecc/bls12-377/fr/polynomial/polynomial.go
@@ -18,7 +18,6 @@ package polynomial
 
 import (
 	"github.com/consensys/gnark-crypto/ecc/bls12-377/fr"
-	"github.com/consensys/gnark-crypto/polynomial"
 )
 
 // Polynomial polynomial represented by coefficients bn254 fr field.
@@ -31,13 +30,11 @@ func (p *Polynomial) Degree() uint64 {
 
 // Eval evaluates p at v
 // returns a fr.Element
-func (p *Polynomial) Eval(v interface{}) interface{} {
-	var _v fr.Element
-	_v.SetInterface(v)
+func (p *Polynomial) Eval(v *fr.Element) fr.Element {
 
 	res := (*p)[len(*p)-1]
 	for i := len(*p) - 2; i >= 0; i-- {
-		res.Mul(&res, &_v)
+		res.Mul(&res, v)
 		res.Add(&res, &(*p)[i])
 	}
 
@@ -45,48 +42,39 @@ func (p *Polynomial) Eval(v interface{}) interface{} {
 }
 
 // Clone returns a copy of the polynomial
-func (p *Polynomial) Clone() polynomial.Polynomial {
+func (p *Polynomial) Clone() Polynomial {
 	_p := make(Polynomial, len(*p))
 	copy(_p, *p)
-	return &_p
+	return _p
 }
 
 // AddConstantInPlace adds a constant to the polynomial, modifying p
-func (p *Polynomial) AddConstantInPlace(c interface{}) {
-	var _c fr.Element
-	_c.SetInterface(c)
-
+func (p *Polynomial) AddConstantInPlace(c *fr.Element) {
 	for i := 0; i < len(*p); i++ {
-		(*p)[i].Add(&(*p)[i], &_c)
+		(*p)[i].Add(&(*p)[i], c)
 	}
 }
 
 // SubConstantInPlace subs a constant to the polynomial, modifying p
-func (p *Polynomial) SubConstantInPlace(c interface{}) {
-	var _c fr.Element
-	_c.SetInterface(c)
-
+func (p *Polynomial) SubConstantInPlace(c *fr.Element) {
 	for i := 0; i < len(*p); i++ {
-		(*p)[i].Sub(&(*p)[i], &_c)
+		(*p)[i].Sub(&(*p)[i], c)
 	}
 }
 
 // ScaleInPlace multiplies p by v, modifying p
-func (p *Polynomial) ScaleInPlace(c interface{}) {
-	var _c fr.Element
-	_c.SetInterface(c)
-
+func (p *Polynomial) ScaleInPlace(c *fr.Element) {
 	for i := 0; i < len(*p); i++ {
-		(*p)[i].Mul(&(*p)[i], &_c)
+		(*p)[i].Mul(&(*p)[i], c)
 	}
 }
 
 // Add adds p1 to p2
 // This function allocates a new slice unless p == p1 or p == p2
-func (p *Polynomial) Add(p1, p2 polynomial.Polynomial) polynomial.Polynomial {
+func (p *Polynomial) Add(p1, p2 Polynomial) *Polynomial {
 
-	bigger := *(p1.(*Polynomial))
-	smaller := *(p2.(*Polynomial))
+	bigger := p1
+	smaller := p2
 	if len(bigger) < len(smaller) {
 		bigger, smaller = smaller, bigger
 	}
@@ -116,18 +104,17 @@ func (p *Polynomial) Add(p1, p2 polynomial.Polynomial) polynomial.Polynomial {
 }
 
 // Equal checks equality between two polynomials
-func (p *Polynomial) Equal(p1 polynomial.Polynomial) bool {
-	_p1 := *(p1.(*Polynomial))
-	if (p == nil) != (_p1 == nil) {
+func (p *Polynomial) Equal(p1 Polynomial) bool {
+	if (*p == nil) != (p1 == nil) {
 		return false
 	}
 
-	if len(*p) != len(_p1) {
+	if len(*p) != len(p1) {
 		return false
 	}
 
-	for i := range _p1 {
-		if !(*p)[i].Equal(&_p1[i]) {
+	for i := range p1 {
+		if !(*p)[i].Equal(&p1[i]) {
 			return false
 		}
 	}
diff --git a/ecc/bls12-377/fr/polynomial/polynomial_test.go b/ecc/bls12-377/fr/polynomial/polynomial_test.go
index f256d4a9b..f1d623be8 100644
--- a/ecc/bls12-377/fr/polynomial/polynomial_test.go
+++ b/ecc/bls12-377/fr/polynomial/polynomial_test.go
@@ -46,7 +46,7 @@ func TestPolynomialEval(t *testing.T) {
 	expectedEval.Div(&expectedEval, &den)
 
 	// compute purported evaluation
-	purportedEval := f.Eval(&point).(fr.Element)
+	purportedEval := f.Eval(&point)
 
 	// check
 	if !purportedEval.Equal(&expectedEval) {
@@ -160,27 +160,27 @@ func TestPolynomialAdd(t *testing.T) {
 
 	// caller is empty
 	var g Polynomial
-	g.Add(&f1, &f2)
-	if !g.Equal(&expectedSum) {
+	g.Add(f1, f2)
+	if !g.Equal(expectedSum) {
 		t.Fatal("add polynomials fails")
 	}
-	if !f1.Equal(&f1Backup) {
+	if !f1.Equal(f1Backup) {
 		t.Fatal("side effect, f1 should not have been modified")
 	}
-	if !f2.Equal(&f2Backup) {
+	if !f2.Equal(f2Backup) {
 		t.Fatal("side effect, f2 should not have been modified")
 	}
 
 	// all operands are distincts
 	_f1 := f1.Clone()
-	_f1.Add(&f1, &f2)
-	if !_f1.Equal(&expectedSum) {
+	_f1.Add(f1, f2)
+	if !_f1.Equal(expectedSum) {
 		t.Fatal("add polynomials fails")
 	}
-	if !f1.Equal(&f1Backup) {
+	if !f1.Equal(f1Backup) {
 		t.Fatal("side effect, f1 should not have been modified")
 	}
-	if !f2.Equal(&f2Backup) {
+	if !f2.Equal(f2Backup) {
 		t.Fatal("side effect, f2 should not have been modified")
 	}
 
@@ -188,10 +188,10 @@ func TestPolynomialAdd(t *testing.T) {
 	_f1 = f1.Clone()
 	_f2 := f2.Clone()
 	_f1.Add(_f1, _f2)
-	if !_f1.Equal(&expectedSum) {
+	if !_f1.Equal(expectedSum) {
 		t.Fatal("add polynomials fails")
 	}
-	if !_f2.Equal(&f2Backup) {
+	if !_f2.Equal(f2Backup) {
 		t.Fatal("side effect, _f2 should not have been modified")
 	}
 
@@ -199,10 +199,10 @@ func TestPolynomialAdd(t *testing.T) {
 	_f1 = f1.Clone()
 	_f2 = f2.Clone()
 	_f1.Add(_f2, _f1)
-	if !_f1.Equal(&expectedSum) {
+	if !_f1.Equal(expectedSum) {
 		t.Fatal("add polynomials fails")
 	}
-	if !_f2.Equal(&f2Backup) {
+	if !_f2.Equal(f2Backup) {
 		t.Fatal("side effect, _f2 should not have been modified")
 	}
 }
diff --git a/ecc/bls12-381/fr/polynomial/kzg/kzg.go b/ecc/bls12-381/fr/polynomial/kzg/kzg.go
index 8ca3007f2..479ffb596 100644
--- a/ecc/bls12-381/fr/polynomial/kzg/kzg.go
+++ b/ecc/bls12-381/fr/polynomial/kzg/kzg.go
@@ -24,10 +24,9 @@ import (
 	"github.com/consensys/gnark-crypto/ecc/bls12-381"
 	"github.com/consensys/gnark-crypto/ecc/bls12-381/fr"
 	"github.com/consensys/gnark-crypto/ecc/bls12-381/fr/fft"
-	bls12381_pol "github.com/consensys/gnark-crypto/ecc/bls12-381/fr/polynomial"
+	"github.com/consensys/gnark-crypto/ecc/bls12-381/fr/polynomial"
 	fiatshamir "github.com/consensys/gnark-crypto/fiat-shamir"
 	"github.com/consensys/gnark-crypto/internal/parallel"
-	"github.com/consensys/gnark-crypto/polynomial"
 )
 
 var (
@@ -35,6 +34,11 @@ var (
 	errUnsupportedSize           = errors.New("the size of the polynomials exceeds the capacity of the SRS")
 )
 
+var (
+	ErrVerifyOpeningProof            = errors.New("error verifying opening proof")
+	ErrVerifyBatchOpeningSinglePoint = errors.New("error verifying batch opening proof at single point")
+)
+
 // Digest commitment of a polynomial.
 type Digest struct {
 	data bls12381.G1Affine
@@ -99,7 +103,7 @@ func NewScheme(size int, alpha fr.Element) *Scheme {
 }
 
 // Clone returns a copy of d
-func (d *Digest) Clone() polynomial.Digest {
+func (d *Digest) Clone() *Digest {
 	var res Digest
 	res.data.Set(&d.data)
 	return &res
@@ -121,12 +125,10 @@ func (d *Digest) Unmarshal(buf []byte) error {
 
 // Add adds two digest. The API and behaviour mimics bls12381.G1Affine's,
 // i.e. the caller is modified.
-func (d *Digest) Add(d1, d2 polynomial.Digest) polynomial.Digest {
-	_d1 := d1.(*Digest)
-	_d2 := d2.(*Digest)
+func (d *Digest) Add(d1, d2 *Digest) *Digest {
 	var p1, p2 bls12381.G1Jac
-	p1.FromAffine(&_d1.data)
-	p2.FromAffine(&_d2.data)
+	p1.FromAffine(&d1.data)
+	p2.FromAffine(&d2.data)
 	p1.AddAssign(&p2)
 	d.data.FromJacobian(&p1)
 	return d
@@ -134,12 +136,10 @@ func (d *Digest) Add(d1, d2 polynomial.Digest) polynomial.Digest {
 
 // Sub adds two digest. The API and behaviour mimics bls12381.G1Affine's,
 // i.e. the caller is modified.
-func (d *Digest) Sub(d1, d2 polynomial.Digest) polynomial.Digest {
-	_d1 := d1.(*Digest)
-	_d2 := d2.(*Digest)
+func (d *Digest) Sub(d1, d2 *Digest) *Digest {
 	var p1, p2 bls12381.G1Jac
-	p1.FromAffine(&_d1.data)
-	p2.FromAffine(&_d2.data)
+	p1.FromAffine(&d1.data)
+	p2.FromAffine(&d2.data)
 	p1.SubAssign(&p2)
 	d.data.FromJacobian(&p1)
 	return d
@@ -147,10 +147,9 @@ func (d *Digest) Sub(d1, d2 polynomial.Digest) polynomial.Digest {
 
 // Add adds two digest. The API and behaviour mimics bls12381.G1Affine's,
 // i.e. the caller is modified.
-func (d *Digest) ScalarMul(d1 polynomial.Digest, s big.Int) polynomial.Digest {
-	_d1 := d1.(*Digest)
+func (d *Digest) ScalarMul(d1 *Digest, s big.Int) *Digest {
 	var p1 bls12381.G1Affine
-	p1.Set(&_d1.data)
+	p1.Set(&d1.data)
 	p1.ScalarMultiplication(&p1, &s)
 	d.data.Set(&p1)
 	return d
@@ -282,20 +281,19 @@ func (s *Scheme) ReadFrom(r io.Reader) (int64, error) {
 
 // Commit commits to a polynomial using a multi exponentiation with the SRS.
 // It is assumed that the polynomial is in canonical form, in Montgomery form.
-func (s *Scheme) Commit(p polynomial.Polynomial) (polynomial.Digest, error) {
+func (s *Scheme) Commit(p polynomial.Polynomial) (Digest, error) {
 
 	if p.Degree() >= s.Domain.Cardinality {
-		return nil, errUnsupportedSize
+		return Digest{}, errUnsupportedSize
 	}
 
 	var _res bls12381.G1Affine
-	_p := p.(*bls12381_pol.Polynomial)
 
 	// ensure we don't modify p
-	pCopy := make(bls12381_pol.Polynomial, s.Domain.Cardinality)
-	copy(pCopy, *_p)
+	pCopy := make(polynomial.Polynomial, s.Domain.Cardinality)
+	copy(pCopy, p)
 
-	parallel.Execute(len(*_p), func(start, end int) {
+	parallel.Execute(len(p), func(start, end int) {
 		for i := start; i < end; i++ {
 			pCopy[i].FromMont()
 		}
@@ -305,50 +303,47 @@ func (s *Scheme) Commit(p polynomial.Polynomial) (polynomial.Digest, error) {
 	var res Digest
 	res.data.Set(&_res)
 
-	return &res, nil
+	return res, nil
 }
 
-// Open computes an opening proof of _p at _val.
+// Open computes an opening proof of p at _val.
 // Returns a MockProof, which is an empty interface.
-func (s *Scheme) Open(point interface{}, p polynomial.Polynomial) (polynomial.OpeningProof, error) {
+func (s *Scheme) Open(point *fr.Element, p polynomial.Polynomial) (Proof, error) {
 
 	if p.Degree() >= s.Domain.Cardinality {
 		panic("[Open] Size of polynomial exceeds the size supported by the scheme")
 	}
 
 	// build the proof
-	var res Proof
-	claimedValue := p.Eval(point)
-	res.Point.SetInterface(point)
-	res.ClaimedValue.SetInterface(claimedValue)
+	res := Proof{
+		Point:        *point,
+		ClaimedValue: p.Eval(point),
+	}
 
 	// compute H
-	_p := p.(*bls12381_pol.Polynomial)
-	h := dividePolyByXminusA(s.Domain, *_p, res.ClaimedValue, res.Point)
+
+	h := dividePolyByXminusA(s.Domain, p, res.ClaimedValue, res.Point)
 
 	// commit to H
-	c, err := s.Commit(&h)
+	c, err := s.Commit(h)
 	if err != nil {
-		return nil, err
+		return Proof{}, err
 	}
-	_c := c.(*Digest)
-	res.H.Set(&_c.data)
+	res.H.Set(&c.data)
 
-	return &res, nil
+	return res, nil
 }
 
 // Verify verifies a KZG opening proof at a single point
-func (s *Scheme) Verify(d polynomial.Digest, proof polynomial.OpeningProof) error {
+func (s *Scheme) Verify(d *Digest, proof *Proof) error {
 
-	_d := d.(*Digest)
 	var _commitment bls12381.G1Affine
-	_commitment.Set(&_d.data)
-	_proof := proof.(*Proof)
+	_commitment.Set(&d.data)
 
 	// comm(f(a))
 	var claimedValueG1Aff bls12381.G1Affine
 	var claimedValueBigInt big.Int
-	_proof.ClaimedValue.ToBigIntRegular(&claimedValueBigInt)
+	proof.ClaimedValue.ToBigIntRegular(&claimedValueBigInt)
 	claimedValueG1Aff.ScalarMultiplication(&s.SRS.G1[0], &claimedValueBigInt)
 
 	// [f(alpha) - f(a)]G1Jac
@@ -359,12 +354,12 @@ func (s *Scheme) Verify(d polynomial.Digest, proof polynomial.OpeningProof) erro
 
 	// [-H(alpha)]G1Aff
 	var negH bls12381.G1Affine
-	negH.Neg(&_proof.H)
+	negH.Neg(&proof.H)
 
 	// [alpha-a]G2Jac
 	var alphaMinusaG2Jac, genG2Jac, alphaG2Jac bls12381.G2Jac
 	var pointBigInt big.Int
-	_proof.Point.ToBigIntRegular(&pointBigInt)
+	proof.Point.ToBigIntRegular(&pointBigInt)
 	genG2Jac.FromAffine(&s.SRS.G2[0])
 	alphaG2Jac.FromAffine(&s.SRS.G2[1])
 	alphaMinusaG2Jac.ScalarMultiplication(&genG2Jac, &pointBigInt).
@@ -388,13 +383,17 @@ func (s *Scheme) Verify(d polynomial.Digest, proof polynomial.OpeningProof) erro
 		return err
 	}
 	if !check {
-		return polynomial.ErrVerifyOpeningProof
+		return ErrVerifyOpeningProof
 	}
 	return nil
 }
 
-// BatchOpenSinglePoint creates a batch opening proof of several polynomials at a single point
-func (s *Scheme) BatchOpenSinglePoint(point interface{}, digests []polynomial.Digest, polynomials []polynomial.Polynomial) (polynomial.BatchOpeningProofSinglePoint, error) {
+// BatchOpenSinglePoint creates a batch opening proof at _val of a list of polynomials.
+// It's an interactive protocol, made non interactive using Fiat Shamir.
+// point is the point at which the polynomials are opened.
+// digests is the list of committed polynomials to open, need to derive the challenge using Fiat Shamir.
+// polynomials is the list of polynomials to open.
+func (s *Scheme) BatchOpenSinglePoint(point *fr.Element, digests []Digest, polynomials []polynomial.Polynomial) (*BatchProofsSinglePoint, error) {
 
 	nbDigests := len(digests)
 	if nbDigests != len(polynomials) {
@@ -406,11 +405,11 @@ func (s *Scheme) BatchOpenSinglePoint(point interface{}, digests []polynomial.Di
 	// compute the purported values
 	res.ClaimedValues = make([]fr.Element, len(polynomials))
 	for i := 0; i < len(polynomials); i++ {
-		res.ClaimedValues[i] = polynomials[i].Eval(point).(fr.Element)
+		res.ClaimedValues[i] = polynomials[i].Eval(point)
 	}
 
 	// set the point at which the evaluation is done
-	res.Point.SetInterface(point)
+	res.Point.Set(point)
 
 	// derive the challenge gamma, binded to the point and the commitments
 	fs := fiatshamir.NewTranscript(fiatshamir.SHA256, "gamma")
@@ -441,33 +440,34 @@ func (s *Scheme) BatchOpenSinglePoint(point interface{}, digests []polynomial.Di
 	}
 
 	// compute H
-	_sumGammaiTimesPol := sumGammaiTimesPol.(*bls12381_pol.Polynomial)
-	h := dividePolyByXminusA(s.Domain, *_sumGammaiTimesPol, sumGammaiTimesEval, res.Point)
-	c, err := s.Commit(&h)
+	h := dividePolyByXminusA(s.Domain, sumGammaiTimesPol, sumGammaiTimesEval, res.Point)
+	c, err := s.Commit(h)
 	if err != nil {
 		return nil, err
 	}
 
-	_c := c.(*Digest)
-	res.H.Set(&_c.data)
+	res.H.Set(&c.data)
 
 	return &res, nil
 }
 
-func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpeningProof polynomial.BatchOpeningProofSinglePoint) error {
+// BatchVerifySinglePoint verifies a batched opening proof at a single point of a list of polynomials.
+// point: point at which the polynomials are evaluated
+// claimedValues: claimed values of the polynomials at _val
+// commitments: list of commitments to the polynomials which are opened
+// batchOpeningProof: the batched opening proof at a single point of the polynomials.
+func (s *Scheme) BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchProofsSinglePoint) error {
 
 	nbDigests := len(digests)
 
-	_batchOpeningProof := batchOpeningProof.(*BatchProofsSinglePoint)
-
 	// check consistancy between numbers of claims vs number of digests
-	if len(digests) != len(_batchOpeningProof.ClaimedValues) {
+	if len(digests) != len(batchOpeningProof.ClaimedValues) {
 		return errNbDigestsNeqNbPolynomials
 	}
 
 	// derive the challenge gamma, binded to the point and the commitments
 	fs := fiatshamir.NewTranscript(fiatshamir.SHA256, "gamma")
-	err := fs.Bind("gamma", _batchOpeningProof.Point.Marshal())
+	err := fs.Bind("gamma", batchOpeningProof.Point.Marshal())
 	if err != nil {
 		return err
 	}
@@ -485,10 +485,10 @@ func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpenin
 	gamma.SetBytes(gammaByte)
 
 	var sumGammaiTimesEval fr.Element
-	sumGammaiTimesEval.Set(&_batchOpeningProof.ClaimedValues[nbDigests-1])
+	sumGammaiTimesEval.Set(&batchOpeningProof.ClaimedValues[nbDigests-1])
 	for i := nbDigests - 2; i >= 0; i-- {
 		sumGammaiTimesEval.Mul(&sumGammaiTimesEval, &gamma).
-			Add(&sumGammaiTimesEval, &_batchOpeningProof.ClaimedValues[i])
+			Add(&sumGammaiTimesEval, &batchOpeningProof.ClaimedValues[i])
 	}
 
 	var sumGammaiTimesEvalBigInt big.Int
@@ -507,8 +507,7 @@ func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpenin
 	var sumGammaiTimesDigestsG1Aff bls12381.G1Affine
 	_digests := make([]bls12381.G1Affine, len(digests))
 	for i := 0; i < len(digests); i++ {
-		_d := digests[i].(*Digest)
-		_digests[i].Set(&_d.data)
+		_digests[i].Set(&digests[i].data)
 	}
 
 	sumGammaiTimesDigestsG1Aff.MultiExp(_digests, gammai)
@@ -524,7 +523,7 @@ func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpenin
 	// [alpha-a]G2Jac
 	var alphaMinusaG2Jac, genG2Jac, alphaG2Jac bls12381.G2Jac
 	var pointBigInt big.Int
-	_batchOpeningProof.Point.ToBigIntRegular(&pointBigInt)
+	batchOpeningProof.Point.ToBigIntRegular(&pointBigInt)
 	genG2Jac.FromAffine(&s.SRS.G2[0])
 	alphaG2Jac.FromAffine(&s.SRS.G2[1])
 	alphaMinusaG2Jac.ScalarMultiplication(&genG2Jac, &pointBigInt).
@@ -537,7 +536,7 @@ func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpenin
 
 	// [-H(alpha)]G1Aff
 	var negH bls12381.G1Affine
-	negH.Neg(&_batchOpeningProof.H)
+	negH.Neg(&batchOpeningProof.H)
 
 	// check the pairing equation
 	check, err := bls12381.PairingCheck(
@@ -548,7 +547,7 @@ func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpenin
 		return err
 	}
 	if !check {
-		return polynomial.ErrVerifyBatchOpeningSinglePoint
+		return ErrVerifyBatchOpeningSinglePoint
 	}
 	return nil
 }
diff --git a/ecc/bls12-381/fr/polynomial/kzg/kzg_test.go b/ecc/bls12-381/fr/polynomial/kzg/kzg_test.go
index 55b6b5857..39ef60e70 100644
--- a/ecc/bls12-381/fr/polynomial/kzg/kzg_test.go
+++ b/ecc/bls12-381/fr/polynomial/kzg/kzg_test.go
@@ -25,8 +25,7 @@ import (
 	"github.com/consensys/gnark-crypto/ecc/bls12-381"
 	"github.com/consensys/gnark-crypto/ecc/bls12-381/fr"
 	"github.com/consensys/gnark-crypto/ecc/bls12-381/fr/fft"
-	bls12381_pol "github.com/consensys/gnark-crypto/ecc/bls12-381/fr/polynomial"
-	"github.com/consensys/gnark-crypto/polynomial"
+	"github.com/consensys/gnark-crypto/ecc/bls12-381/fr/polynomial"
 )
 
 var _alphaSetup fr.Element
@@ -36,8 +35,8 @@ func init() {
 	_alphaSetup.SetString("1234")
 }
 
-func randomPolynomial(size int) bls12381_pol.Polynomial {
-	f := make(bls12381_pol.Polynomial, size)
+func randomPolynomial(size int) polynomial.Polynomial {
+	f := make(polynomial.Polynomial, size)
 	for i := 0; i < size; i++ {
 		f[i].SetRandom()
 	}
@@ -51,7 +50,7 @@ func TestDividePolyByXminusA(t *testing.T) {
 	domain := fft.NewDomain(uint64(sizePol), 0, false)
 
 	// build random polynomial
-	pol := make(bls12381_pol.Polynomial, sizePol)
+	pol := make(polynomial.Polynomial, sizePol)
 	for i := 0; i < sizePol; i++ {
 		pol[i].SetRandom()
 	}
@@ -59,7 +58,7 @@ func TestDividePolyByXminusA(t *testing.T) {
 	// evaluate the polynomial at a random point
 	var point fr.Element
 	point.SetRandom()
-	evaluation := pol.Eval(&point).(fr.Element)
+	evaluation := pol.Eval(&point)
 
 	// compute f-f(a)/x-a
 	h := dividePolyByXminusA(*domain, pol, evaluation, point)
@@ -72,10 +71,10 @@ func TestDividePolyByXminusA(t *testing.T) {
 	var randPoint, xminusa fr.Element
 	randPoint.SetRandom()
 
-	polRandpoint := pol.Eval(&randPoint).(fr.Element)
+	polRandpoint := pol.Eval(&randPoint)
 	polRandpoint.Sub(&polRandpoint, &evaluation) // f(rand)-f(point)
 
-	hRandPoint := h.Eval(&randPoint).(fr.Element)
+	hRandPoint := h.Eval(&randPoint)
 	xminusa.Sub(&randPoint, &point) // rand-point
 
 	// f(rand)-f(point)	==? h(rand)*(rand-point)
@@ -118,13 +117,13 @@ func TestCommit(t *testing.T) {
 	s := NewScheme(64, _alphaSetup)
 
 	// create a polynomial
-	f := make(bls12381_pol.Polynomial, 60)
+	f := make(polynomial.Polynomial, 60)
 	for i := 0; i < 60; i++ {
 		f[i].SetRandom()
 	}
 
 	// commit using the method from KZG
-	_kzgCommit, err := s.Commit(&f)
+	_kzgCommit, err := s.Commit(f)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -134,7 +133,7 @@ func TestCommit(t *testing.T) {
 	// check commitment using manual commit
 	var x fr.Element
 	x.SetString("1234")
-	fx := f.Eval(&x).(fr.Element)
+	fx := f.Eval(&x)
 	var fxbi big.Int
 	fx.ToBigIntRegular(&fxbi)
 	var manualCommit bls12381.G1Affine
@@ -157,7 +156,7 @@ func TestVerifySinglePoint(t *testing.T) {
 	f := randomPolynomial(60)
 
 	// commit the polynomial
-	digest, err := s.Commit(&f)
+	digest, err := s.Commit(f)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -165,28 +164,26 @@ func TestVerifySinglePoint(t *testing.T) {
 	// compute opening proof at a random point
 	var point fr.Element
 	point.SetString("4321")
-	proof, err := s.Open(&point, &f)
+	proof, err := s.Open(&point, f)
 	if err != nil {
 		t.Fatal(err)
 	}
 
 	// verify the claimed valued
-	_proof := proof.(*Proof)
-	expected := f.Eval(point).(fr.Element)
-	if !_proof.ClaimedValue.Equal(&expected) {
+	expected := f.Eval(&point)
+	if !proof.ClaimedValue.Equal(&expected) {
 		t.Fatal("inconsistant claimed value")
 	}
 
 	// verify correct proof
-	err = s.Verify(digest, proof)
+	err = s.Verify(&digest, &proof)
 	if err != nil {
 		t.Fatal(err)
 	}
 
 	// verify wrong proof
-	_proof = proof.(*Proof)
-	_proof.ClaimedValue.Double(&_proof.ClaimedValue)
-	err = s.Verify(digest, _proof)
+	proof.ClaimedValue.Double(&proof.ClaimedValue)
+	err = s.Verify(&digest, &proof)
 	if err == nil {
 		t.Fatal("verifying wrong proof should have failed")
 	}
@@ -200,12 +197,11 @@ func TestBatchVerifySinglePoint(t *testing.T) {
 	// create polynomials
 	f := make([]polynomial.Polynomial, 10)
 	for i := 0; i < 10; i++ {
-		_f := randomPolynomial(60)
-		f[i] = &_f
+		f[i] = randomPolynomial(60)
 	}
 
 	// commit the polynomials
-	digests := make([]polynomial.Digest, 10)
+	digests := make([]Digest, 10)
 	for i := 0; i < 10; i++ {
 		digests[i], _ = s.Commit(f[i])
 
@@ -220,10 +216,9 @@ func TestBatchVerifySinglePoint(t *testing.T) {
 	}
 
 	// verify the claimed values
-	_proof := proof.(*BatchProofsSinglePoint)
 	for i := 0; i < 10; i++ {
-		expectedClaim := f[i].Eval(point).(fr.Element)
-		if !expectedClaim.Equal(&_proof.ClaimedValues[i]) {
+		expectedClaim := f[i].Eval(&point)
+		if !expectedClaim.Equal(&proof.ClaimedValues[i]) {
 			t.Fatal("inconsistant claimed values")
 		}
 	}
@@ -235,8 +230,8 @@ func TestBatchVerifySinglePoint(t *testing.T) {
 	}
 
 	// verify wrong proof
-	_proof.ClaimedValues[0].Double(&_proof.ClaimedValues[0])
-	err = s.BatchVerifySinglePoint(digests, _proof)
+	proof.ClaimedValues[0].Double(&proof.ClaimedValues[0])
+	err = s.BatchVerifySinglePoint(digests, proof)
 	if err == nil {
 		t.Fatal("verifying wrong proof should have failed")
 	}
@@ -254,7 +249,7 @@ func BenchmarkKZGCommit(b *testing.B) {
 
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
-		_, _ = s.Commit(&p)
+		_, _ = s.Commit(p)
 	}
 }
 
@@ -269,7 +264,7 @@ func BenchmarkKZGOpen(b *testing.B) {
 
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
-		_, _ = s.Open(r, &p)
+		_, _ = s.Open(&r, p)
 	}
 }
 
@@ -283,20 +278,20 @@ func BenchmarkKZGVerify(b *testing.B) {
 	r.SetRandom()
 
 	// commit
-	comm, err := s.Commit(&p)
+	comm, err := s.Commit(p)
 	if err != nil {
 		b.Fatal(err)
 	}
 
 	// open
-	openingProof, err := s.Open(r, &p)
+	openingProof, err := s.Open(&r, p)
 	if err != nil {
 		b.Fatal(err)
 	}
 
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
-		s.Verify(comm, openingProof)
+		s.Verify(&comm, &openingProof)
 	}
 }
 
@@ -307,12 +302,11 @@ func BenchmarkKZGBatchOpen10(b *testing.B) {
 	// 10 random polynomials
 	var ps [10]polynomial.Polynomial
 	for i := 0; i < 10; i++ {
-		_p := randomPolynomial(benchSize / 2)
-		ps[i] = &_p
+		ps[i] = randomPolynomial(benchSize / 2)
 	}
 
 	// commitments
-	var commitments [10]polynomial.Digest
+	var commitments [10]Digest
 	for i := 0; i < 10; i++ {
 		commitments[i], _ = s.Commit(ps[i])
 	}
@@ -322,7 +316,7 @@ func BenchmarkKZGBatchOpen10(b *testing.B) {
 
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
-		s.BatchOpenSinglePoint(r, commitments[:], ps[:])
+		s.BatchOpenSinglePoint(&r, commitments[:], ps[:])
 	}
 }
 
@@ -333,12 +327,11 @@ func BenchmarkKZGBatchVerify10(b *testing.B) {
 	// 10 random polynomials
 	var ps [10]polynomial.Polynomial
 	for i := 0; i < 10; i++ {
-		_p := randomPolynomial(benchSize / 2)
-		ps[i] = &_p
+		ps[i] = randomPolynomial(benchSize / 2)
 	}
 
 	// commitments
-	var commitments [10]polynomial.Digest
+	var commitments [10]Digest
 	for i := 0; i < 10; i++ {
 		commitments[i], _ = s.Commit(ps[i])
 	}
@@ -346,7 +339,7 @@ func BenchmarkKZGBatchVerify10(b *testing.B) {
 	var r fr.Element
 	r.SetRandom()
 
-	proof, err := s.BatchOpenSinglePoint(r, commitments[:], ps[:])
+	proof, err := s.BatchOpenSinglePoint(&r, commitments[:], ps[:])
 	if err != nil {
 		b.Fatal(err)
 	}
diff --git a/ecc/bls12-381/fr/polynomial/polynomial.go b/ecc/bls12-381/fr/polynomial/polynomial.go
index 2a20d24a0..db153e56d 100644
--- a/ecc/bls12-381/fr/polynomial/polynomial.go
+++ b/ecc/bls12-381/fr/polynomial/polynomial.go
@@ -18,7 +18,6 @@ package polynomial
 
 import (
 	"github.com/consensys/gnark-crypto/ecc/bls12-381/fr"
-	"github.com/consensys/gnark-crypto/polynomial"
 )
 
 // Polynomial polynomial represented by coefficients bn254 fr field.
@@ -31,13 +30,11 @@ func (p *Polynomial) Degree() uint64 {
 
 // Eval evaluates p at v
 // returns a fr.Element
-func (p *Polynomial) Eval(v interface{}) interface{} {
-	var _v fr.Element
-	_v.SetInterface(v)
+func (p *Polynomial) Eval(v *fr.Element) fr.Element {
 
 	res := (*p)[len(*p)-1]
 	for i := len(*p) - 2; i >= 0; i-- {
-		res.Mul(&res, &_v)
+		res.Mul(&res, v)
 		res.Add(&res, &(*p)[i])
 	}
 
@@ -45,48 +42,39 @@ func (p *Polynomial) Eval(v interface{}) interface{} {
 }
 
 // Clone returns a copy of the polynomial
-func (p *Polynomial) Clone() polynomial.Polynomial {
+func (p *Polynomial) Clone() Polynomial {
 	_p := make(Polynomial, len(*p))
 	copy(_p, *p)
-	return &_p
+	return _p
 }
 
 // AddConstantInPlace adds a constant to the polynomial, modifying p
-func (p *Polynomial) AddConstantInPlace(c interface{}) {
-	var _c fr.Element
-	_c.SetInterface(c)
-
+func (p *Polynomial) AddConstantInPlace(c *fr.Element) {
 	for i := 0; i < len(*p); i++ {
-		(*p)[i].Add(&(*p)[i], &_c)
+		(*p)[i].Add(&(*p)[i], c)
 	}
 }
 
 // SubConstantInPlace subs a constant to the polynomial, modifying p
-func (p *Polynomial) SubConstantInPlace(c interface{}) {
-	var _c fr.Element
-	_c.SetInterface(c)
-
+func (p *Polynomial) SubConstantInPlace(c *fr.Element) {
 	for i := 0; i < len(*p); i++ {
-		(*p)[i].Sub(&(*p)[i], &_c)
+		(*p)[i].Sub(&(*p)[i], c)
 	}
 }
 
 // ScaleInPlace multiplies p by v, modifying p
-func (p *Polynomial) ScaleInPlace(c interface{}) {
-	var _c fr.Element
-	_c.SetInterface(c)
-
+func (p *Polynomial) ScaleInPlace(c *fr.Element) {
 	for i := 0; i < len(*p); i++ {
-		(*p)[i].Mul(&(*p)[i], &_c)
+		(*p)[i].Mul(&(*p)[i], c)
 	}
 }
 
 // Add adds p1 to p2
 // This function allocates a new slice unless p == p1 or p == p2
-func (p *Polynomial) Add(p1, p2 polynomial.Polynomial) polynomial.Polynomial {
+func (p *Polynomial) Add(p1, p2 Polynomial) *Polynomial {
 
-	bigger := *(p1.(*Polynomial))
-	smaller := *(p2.(*Polynomial))
+	bigger := p1
+	smaller := p2
 	if len(bigger) < len(smaller) {
 		bigger, smaller = smaller, bigger
 	}
@@ -116,18 +104,17 @@ func (p *Polynomial) Add(p1, p2 polynomial.Polynomial) polynomial.Polynomial {
 }
 
 // Equal checks equality between two polynomials
-func (p *Polynomial) Equal(p1 polynomial.Polynomial) bool {
-	_p1 := *(p1.(*Polynomial))
-	if (p == nil) != (_p1 == nil) {
+func (p *Polynomial) Equal(p1 Polynomial) bool {
+	if (*p == nil) != (p1 == nil) {
 		return false
 	}
 
-	if len(*p) != len(_p1) {
+	if len(*p) != len(p1) {
 		return false
 	}
 
-	for i := range _p1 {
-		if !(*p)[i].Equal(&_p1[i]) {
+	for i := range p1 {
+		if !(*p)[i].Equal(&p1[i]) {
 			return false
 		}
 	}
diff --git a/ecc/bls12-381/fr/polynomial/polynomial_test.go b/ecc/bls12-381/fr/polynomial/polynomial_test.go
index 4a06a271a..0376d294c 100644
--- a/ecc/bls12-381/fr/polynomial/polynomial_test.go
+++ b/ecc/bls12-381/fr/polynomial/polynomial_test.go
@@ -46,7 +46,7 @@ func TestPolynomialEval(t *testing.T) {
 	expectedEval.Div(&expectedEval, &den)
 
 	// compute purported evaluation
-	purportedEval := f.Eval(&point).(fr.Element)
+	purportedEval := f.Eval(&point)
 
 	// check
 	if !purportedEval.Equal(&expectedEval) {
@@ -160,27 +160,27 @@ func TestPolynomialAdd(t *testing.T) {
 
 	// caller is empty
 	var g Polynomial
-	g.Add(&f1, &f2)
-	if !g.Equal(&expectedSum) {
+	g.Add(f1, f2)
+	if !g.Equal(expectedSum) {
 		t.Fatal("add polynomials fails")
 	}
-	if !f1.Equal(&f1Backup) {
+	if !f1.Equal(f1Backup) {
 		t.Fatal("side effect, f1 should not have been modified")
 	}
-	if !f2.Equal(&f2Backup) {
+	if !f2.Equal(f2Backup) {
 		t.Fatal("side effect, f2 should not have been modified")
 	}
 
 	// all operands are distincts
 	_f1 := f1.Clone()
-	_f1.Add(&f1, &f2)
-	if !_f1.Equal(&expectedSum) {
+	_f1.Add(f1, f2)
+	if !_f1.Equal(expectedSum) {
 		t.Fatal("add polynomials fails")
 	}
-	if !f1.Equal(&f1Backup) {
+	if !f1.Equal(f1Backup) {
 		t.Fatal("side effect, f1 should not have been modified")
 	}
-	if !f2.Equal(&f2Backup) {
+	if !f2.Equal(f2Backup) {
 		t.Fatal("side effect, f2 should not have been modified")
 	}
 
@@ -188,10 +188,10 @@ func TestPolynomialAdd(t *testing.T) {
 	_f1 = f1.Clone()
 	_f2 := f2.Clone()
 	_f1.Add(_f1, _f2)
-	if !_f1.Equal(&expectedSum) {
+	if !_f1.Equal(expectedSum) {
 		t.Fatal("add polynomials fails")
 	}
-	if !_f2.Equal(&f2Backup) {
+	if !_f2.Equal(f2Backup) {
 		t.Fatal("side effect, _f2 should not have been modified")
 	}
 
@@ -199,10 +199,10 @@ func TestPolynomialAdd(t *testing.T) {
 	_f1 = f1.Clone()
 	_f2 = f2.Clone()
 	_f1.Add(_f2, _f1)
-	if !_f1.Equal(&expectedSum) {
+	if !_f1.Equal(expectedSum) {
 		t.Fatal("add polynomials fails")
 	}
-	if !_f2.Equal(&f2Backup) {
+	if !_f2.Equal(f2Backup) {
 		t.Fatal("side effect, _f2 should not have been modified")
 	}
 }
diff --git a/ecc/bls24-315/fr/polynomial/kzg/kzg.go b/ecc/bls24-315/fr/polynomial/kzg/kzg.go
index 298822f7b..0a32cf2e0 100644
--- a/ecc/bls24-315/fr/polynomial/kzg/kzg.go
+++ b/ecc/bls24-315/fr/polynomial/kzg/kzg.go
@@ -24,10 +24,9 @@ import (
 	"github.com/consensys/gnark-crypto/ecc/bls24-315"
 	"github.com/consensys/gnark-crypto/ecc/bls24-315/fr"
 	"github.com/consensys/gnark-crypto/ecc/bls24-315/fr/fft"
-	bls24315_pol "github.com/consensys/gnark-crypto/ecc/bls24-315/fr/polynomial"
+	"github.com/consensys/gnark-crypto/ecc/bls24-315/fr/polynomial"
 	fiatshamir "github.com/consensys/gnark-crypto/fiat-shamir"
 	"github.com/consensys/gnark-crypto/internal/parallel"
-	"github.com/consensys/gnark-crypto/polynomial"
 )
 
 var (
@@ -35,6 +34,11 @@ var (
 	errUnsupportedSize           = errors.New("the size of the polynomials exceeds the capacity of the SRS")
 )
 
+var (
+	ErrVerifyOpeningProof            = errors.New("error verifying opening proof")
+	ErrVerifyBatchOpeningSinglePoint = errors.New("error verifying batch opening proof at single point")
+)
+
 // Digest commitment of a polynomial.
 type Digest struct {
 	data bls24315.G1Affine
@@ -99,7 +103,7 @@ func NewScheme(size int, alpha fr.Element) *Scheme {
 }
 
 // Clone returns a copy of d
-func (d *Digest) Clone() polynomial.Digest {
+func (d *Digest) Clone() *Digest {
 	var res Digest
 	res.data.Set(&d.data)
 	return &res
@@ -121,12 +125,10 @@ func (d *Digest) Unmarshal(buf []byte) error {
 
 // Add adds two digest. The API and behaviour mimics bls24315.G1Affine's,
 // i.e. the caller is modified.
-func (d *Digest) Add(d1, d2 polynomial.Digest) polynomial.Digest {
-	_d1 := d1.(*Digest)
-	_d2 := d2.(*Digest)
+func (d *Digest) Add(d1, d2 *Digest) *Digest {
 	var p1, p2 bls24315.G1Jac
-	p1.FromAffine(&_d1.data)
-	p2.FromAffine(&_d2.data)
+	p1.FromAffine(&d1.data)
+	p2.FromAffine(&d2.data)
 	p1.AddAssign(&p2)
 	d.data.FromJacobian(&p1)
 	return d
@@ -134,12 +136,10 @@ func (d *Digest) Add(d1, d2 polynomial.Digest) polynomial.Digest {
 
 // Sub adds two digest. The API and behaviour mimics bls24315.G1Affine's,
 // i.e. the caller is modified.
-func (d *Digest) Sub(d1, d2 polynomial.Digest) polynomial.Digest {
-	_d1 := d1.(*Digest)
-	_d2 := d2.(*Digest)
+func (d *Digest) Sub(d1, d2 *Digest) *Digest {
 	var p1, p2 bls24315.G1Jac
-	p1.FromAffine(&_d1.data)
-	p2.FromAffine(&_d2.data)
+	p1.FromAffine(&d1.data)
+	p2.FromAffine(&d2.data)
 	p1.SubAssign(&p2)
 	d.data.FromJacobian(&p1)
 	return d
@@ -147,10 +147,9 @@ func (d *Digest) Sub(d1, d2 polynomial.Digest) polynomial.Digest {
 
 // Add adds two digest. The API and behaviour mimics bls24315.G1Affine's,
 // i.e. the caller is modified.
-func (d *Digest) ScalarMul(d1 polynomial.Digest, s big.Int) polynomial.Digest {
-	_d1 := d1.(*Digest)
+func (d *Digest) ScalarMul(d1 *Digest, s big.Int) *Digest {
 	var p1 bls24315.G1Affine
-	p1.Set(&_d1.data)
+	p1.Set(&d1.data)
 	p1.ScalarMultiplication(&p1, &s)
 	d.data.Set(&p1)
 	return d
@@ -282,20 +281,19 @@ func (s *Scheme) ReadFrom(r io.Reader) (int64, error) {
 
 // Commit commits to a polynomial using a multi exponentiation with the SRS.
 // It is assumed that the polynomial is in canonical form, in Montgomery form.
-func (s *Scheme) Commit(p polynomial.Polynomial) (polynomial.Digest, error) {
+func (s *Scheme) Commit(p polynomial.Polynomial) (Digest, error) {
 
 	if p.Degree() >= s.Domain.Cardinality {
-		return nil, errUnsupportedSize
+		return Digest{}, errUnsupportedSize
 	}
 
 	var _res bls24315.G1Affine
-	_p := p.(*bls24315_pol.Polynomial)
 
 	// ensure we don't modify p
-	pCopy := make(bls24315_pol.Polynomial, s.Domain.Cardinality)
-	copy(pCopy, *_p)
+	pCopy := make(polynomial.Polynomial, s.Domain.Cardinality)
+	copy(pCopy, p)
 
-	parallel.Execute(len(*_p), func(start, end int) {
+	parallel.Execute(len(p), func(start, end int) {
 		for i := start; i < end; i++ {
 			pCopy[i].FromMont()
 		}
@@ -305,50 +303,47 @@ func (s *Scheme) Commit(p polynomial.Polynomial) (polynomial.Digest, error) {
 	var res Digest
 	res.data.Set(&_res)
 
-	return &res, nil
+	return res, nil
 }
 
-// Open computes an opening proof of _p at _val.
+// Open computes an opening proof of p at _val.
 // Returns a MockProof, which is an empty interface.
-func (s *Scheme) Open(point interface{}, p polynomial.Polynomial) (polynomial.OpeningProof, error) {
+func (s *Scheme) Open(point *fr.Element, p polynomial.Polynomial) (Proof, error) {
 
 	if p.Degree() >= s.Domain.Cardinality {
 		panic("[Open] Size of polynomial exceeds the size supported by the scheme")
 	}
 
 	// build the proof
-	var res Proof
-	claimedValue := p.Eval(point)
-	res.Point.SetInterface(point)
-	res.ClaimedValue.SetInterface(claimedValue)
+	res := Proof{
+		Point:        *point,
+		ClaimedValue: p.Eval(point),
+	}
 
 	// compute H
-	_p := p.(*bls24315_pol.Polynomial)
-	h := dividePolyByXminusA(s.Domain, *_p, res.ClaimedValue, res.Point)
+
+	h := dividePolyByXminusA(s.Domain, p, res.ClaimedValue, res.Point)
 
 	// commit to H
-	c, err := s.Commit(&h)
+	c, err := s.Commit(h)
 	if err != nil {
-		return nil, err
+		return Proof{}, err
 	}
-	_c := c.(*Digest)
-	res.H.Set(&_c.data)
+	res.H.Set(&c.data)
 
-	return &res, nil
+	return res, nil
 }
 
 // Verify verifies a KZG opening proof at a single point
-func (s *Scheme) Verify(d polynomial.Digest, proof polynomial.OpeningProof) error {
+func (s *Scheme) Verify(d *Digest, proof *Proof) error {
 
-	_d := d.(*Digest)
 	var _commitment bls24315.G1Affine
-	_commitment.Set(&_d.data)
-	_proof := proof.(*Proof)
+	_commitment.Set(&d.data)
 
 	// comm(f(a))
 	var claimedValueG1Aff bls24315.G1Affine
 	var claimedValueBigInt big.Int
-	_proof.ClaimedValue.ToBigIntRegular(&claimedValueBigInt)
+	proof.ClaimedValue.ToBigIntRegular(&claimedValueBigInt)
 	claimedValueG1Aff.ScalarMultiplication(&s.SRS.G1[0], &claimedValueBigInt)
 
 	// [f(alpha) - f(a)]G1Jac
@@ -359,12 +354,12 @@ func (s *Scheme) Verify(d polynomial.Digest, proof polynomial.OpeningProof) erro
 
 	// [-H(alpha)]G1Aff
 	var negH bls24315.G1Affine
-	negH.Neg(&_proof.H)
+	negH.Neg(&proof.H)
 
 	// [alpha-a]G2Jac
 	var alphaMinusaG2Jac, genG2Jac, alphaG2Jac bls24315.G2Jac
 	var pointBigInt big.Int
-	_proof.Point.ToBigIntRegular(&pointBigInt)
+	proof.Point.ToBigIntRegular(&pointBigInt)
 	genG2Jac.FromAffine(&s.SRS.G2[0])
 	alphaG2Jac.FromAffine(&s.SRS.G2[1])
 	alphaMinusaG2Jac.ScalarMultiplication(&genG2Jac, &pointBigInt).
@@ -388,13 +383,17 @@ func (s *Scheme) Verify(d polynomial.Digest, proof polynomial.OpeningProof) erro
 		return err
 	}
 	if !check {
-		return polynomial.ErrVerifyOpeningProof
+		return ErrVerifyOpeningProof
 	}
 	return nil
 }
 
-// BatchOpenSinglePoint creates a batch opening proof of several polynomials at a single point
-func (s *Scheme) BatchOpenSinglePoint(point interface{}, digests []polynomial.Digest, polynomials []polynomial.Polynomial) (polynomial.BatchOpeningProofSinglePoint, error) {
+// BatchOpenSinglePoint creates a batch opening proof at _val of a list of polynomials.
+// It's an interactive protocol, made non interactive using Fiat Shamir.
+// point is the point at which the polynomials are opened.
+// digests is the list of committed polynomials to open, need to derive the challenge using Fiat Shamir.
+// polynomials is the list of polynomials to open.
+func (s *Scheme) BatchOpenSinglePoint(point *fr.Element, digests []Digest, polynomials []polynomial.Polynomial) (*BatchProofsSinglePoint, error) {
 
 	nbDigests := len(digests)
 	if nbDigests != len(polynomials) {
@@ -406,11 +405,11 @@ func (s *Scheme) BatchOpenSinglePoint(point interface{}, digests []polynomial.Di
 	// compute the purported values
 	res.ClaimedValues = make([]fr.Element, len(polynomials))
 	for i := 0; i < len(polynomials); i++ {
-		res.ClaimedValues[i] = polynomials[i].Eval(point).(fr.Element)
+		res.ClaimedValues[i] = polynomials[i].Eval(point)
 	}
 
 	// set the point at which the evaluation is done
-	res.Point.SetInterface(point)
+	res.Point.Set(point)
 
 	// derive the challenge gamma, binded to the point and the commitments
 	fs := fiatshamir.NewTranscript(fiatshamir.SHA256, "gamma")
@@ -441,33 +440,34 @@ func (s *Scheme) BatchOpenSinglePoint(point interface{}, digests []polynomial.Di
 	}
 
 	// compute H
-	_sumGammaiTimesPol := sumGammaiTimesPol.(*bls24315_pol.Polynomial)
-	h := dividePolyByXminusA(s.Domain, *_sumGammaiTimesPol, sumGammaiTimesEval, res.Point)
-	c, err := s.Commit(&h)
+	h := dividePolyByXminusA(s.Domain, sumGammaiTimesPol, sumGammaiTimesEval, res.Point)
+	c, err := s.Commit(h)
 	if err != nil {
 		return nil, err
 	}
 
-	_c := c.(*Digest)
-	res.H.Set(&_c.data)
+	res.H.Set(&c.data)
 
 	return &res, nil
 }
 
-func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpeningProof polynomial.BatchOpeningProofSinglePoint) error {
+// BatchVerifySinglePoint verifies a batched opening proof at a single point of a list of polynomials.
+// point: point at which the polynomials are evaluated
+// claimedValues: claimed values of the polynomials at _val
+// commitments: list of commitments to the polynomials which are opened
+// batchOpeningProof: the batched opening proof at a single point of the polynomials.
+func (s *Scheme) BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchProofsSinglePoint) error {
 
 	nbDigests := len(digests)
 
-	_batchOpeningProof := batchOpeningProof.(*BatchProofsSinglePoint)
-
 	// check consistancy between numbers of claims vs number of digests
-	if len(digests) != len(_batchOpeningProof.ClaimedValues) {
+	if len(digests) != len(batchOpeningProof.ClaimedValues) {
 		return errNbDigestsNeqNbPolynomials
 	}
 
 	// derive the challenge gamma, binded to the point and the commitments
 	fs := fiatshamir.NewTranscript(fiatshamir.SHA256, "gamma")
-	err := fs.Bind("gamma", _batchOpeningProof.Point.Marshal())
+	err := fs.Bind("gamma", batchOpeningProof.Point.Marshal())
 	if err != nil {
 		return err
 	}
@@ -485,10 +485,10 @@ func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpenin
 	gamma.SetBytes(gammaByte)
 
 	var sumGammaiTimesEval fr.Element
-	sumGammaiTimesEval.Set(&_batchOpeningProof.ClaimedValues[nbDigests-1])
+	sumGammaiTimesEval.Set(&batchOpeningProof.ClaimedValues[nbDigests-1])
 	for i := nbDigests - 2; i >= 0; i-- {
 		sumGammaiTimesEval.Mul(&sumGammaiTimesEval, &gamma).
-			Add(&sumGammaiTimesEval, &_batchOpeningProof.ClaimedValues[i])
+			Add(&sumGammaiTimesEval, &batchOpeningProof.ClaimedValues[i])
 	}
 
 	var sumGammaiTimesEvalBigInt big.Int
@@ -507,8 +507,7 @@ func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpenin
 	var sumGammaiTimesDigestsG1Aff bls24315.G1Affine
 	_digests := make([]bls24315.G1Affine, len(digests))
 	for i := 0; i < len(digests); i++ {
-		_d := digests[i].(*Digest)
-		_digests[i].Set(&_d.data)
+		_digests[i].Set(&digests[i].data)
 	}
 
 	sumGammaiTimesDigestsG1Aff.MultiExp(_digests, gammai)
@@ -524,7 +523,7 @@ func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpenin
 	// [alpha-a]G2Jac
 	var alphaMinusaG2Jac, genG2Jac, alphaG2Jac bls24315.G2Jac
 	var pointBigInt big.Int
-	_batchOpeningProof.Point.ToBigIntRegular(&pointBigInt)
+	batchOpeningProof.Point.ToBigIntRegular(&pointBigInt)
 	genG2Jac.FromAffine(&s.SRS.G2[0])
 	alphaG2Jac.FromAffine(&s.SRS.G2[1])
 	alphaMinusaG2Jac.ScalarMultiplication(&genG2Jac, &pointBigInt).
@@ -537,7 +536,7 @@ func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpenin
 
 	// [-H(alpha)]G1Aff
 	var negH bls24315.G1Affine
-	negH.Neg(&_batchOpeningProof.H)
+	negH.Neg(&batchOpeningProof.H)
 
 	// check the pairing equation
 	check, err := bls24315.PairingCheck(
@@ -548,7 +547,7 @@ func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpenin
 		return err
 	}
 	if !check {
-		return polynomial.ErrVerifyBatchOpeningSinglePoint
+		return ErrVerifyBatchOpeningSinglePoint
 	}
 	return nil
 }
diff --git a/ecc/bls24-315/fr/polynomial/kzg/kzg_test.go b/ecc/bls24-315/fr/polynomial/kzg/kzg_test.go
index d1dd368ce..b54811964 100644
--- a/ecc/bls24-315/fr/polynomial/kzg/kzg_test.go
+++ b/ecc/bls24-315/fr/polynomial/kzg/kzg_test.go
@@ -25,8 +25,7 @@ import (
 	"github.com/consensys/gnark-crypto/ecc/bls24-315"
 	"github.com/consensys/gnark-crypto/ecc/bls24-315/fr"
 	"github.com/consensys/gnark-crypto/ecc/bls24-315/fr/fft"
-	bls24315_pol "github.com/consensys/gnark-crypto/ecc/bls24-315/fr/polynomial"
-	"github.com/consensys/gnark-crypto/polynomial"
+	"github.com/consensys/gnark-crypto/ecc/bls24-315/fr/polynomial"
 )
 
 var _alphaSetup fr.Element
@@ -36,8 +35,8 @@ func init() {
 	_alphaSetup.SetString("1234")
 }
 
-func randomPolynomial(size int) bls24315_pol.Polynomial {
-	f := make(bls24315_pol.Polynomial, size)
+func randomPolynomial(size int) polynomial.Polynomial {
+	f := make(polynomial.Polynomial, size)
 	for i := 0; i < size; i++ {
 		f[i].SetRandom()
 	}
@@ -51,7 +50,7 @@ func TestDividePolyByXminusA(t *testing.T) {
 	domain := fft.NewDomain(uint64(sizePol), 0, false)
 
 	// build random polynomial
-	pol := make(bls24315_pol.Polynomial, sizePol)
+	pol := make(polynomial.Polynomial, sizePol)
 	for i := 0; i < sizePol; i++ {
 		pol[i].SetRandom()
 	}
@@ -59,7 +58,7 @@ func TestDividePolyByXminusA(t *testing.T) {
 	// evaluate the polynomial at a random point
 	var point fr.Element
 	point.SetRandom()
-	evaluation := pol.Eval(&point).(fr.Element)
+	evaluation := pol.Eval(&point)
 
 	// compute f-f(a)/x-a
 	h := dividePolyByXminusA(*domain, pol, evaluation, point)
@@ -72,10 +71,10 @@ func TestDividePolyByXminusA(t *testing.T) {
 	var randPoint, xminusa fr.Element
 	randPoint.SetRandom()
 
-	polRandpoint := pol.Eval(&randPoint).(fr.Element)
+	polRandpoint := pol.Eval(&randPoint)
 	polRandpoint.Sub(&polRandpoint, &evaluation) // f(rand)-f(point)
 
-	hRandPoint := h.Eval(&randPoint).(fr.Element)
+	hRandPoint := h.Eval(&randPoint)
 	xminusa.Sub(&randPoint, &point) // rand-point
 
 	// f(rand)-f(point)	==? h(rand)*(rand-point)
@@ -118,13 +117,13 @@ func TestCommit(t *testing.T) {
 	s := NewScheme(64, _alphaSetup)
 
 	// create a polynomial
-	f := make(bls24315_pol.Polynomial, 60)
+	f := make(polynomial.Polynomial, 60)
 	for i := 0; i < 60; i++ {
 		f[i].SetRandom()
 	}
 
 	// commit using the method from KZG
-	_kzgCommit, err := s.Commit(&f)
+	_kzgCommit, err := s.Commit(f)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -134,7 +133,7 @@ func TestCommit(t *testing.T) {
 	// check commitment using manual commit
 	var x fr.Element
 	x.SetString("1234")
-	fx := f.Eval(&x).(fr.Element)
+	fx := f.Eval(&x)
 	var fxbi big.Int
 	fx.ToBigIntRegular(&fxbi)
 	var manualCommit bls24315.G1Affine
@@ -157,7 +156,7 @@ func TestVerifySinglePoint(t *testing.T) {
 	f := randomPolynomial(60)
 
 	// commit the polynomial
-	digest, err := s.Commit(&f)
+	digest, err := s.Commit(f)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -165,28 +164,26 @@ func TestVerifySinglePoint(t *testing.T) {
 	// compute opening proof at a random point
 	var point fr.Element
 	point.SetString("4321")
-	proof, err := s.Open(&point, &f)
+	proof, err := s.Open(&point, f)
 	if err != nil {
 		t.Fatal(err)
 	}
 
 	// verify the claimed valued
-	_proof := proof.(*Proof)
-	expected := f.Eval(point).(fr.Element)
-	if !_proof.ClaimedValue.Equal(&expected) {
+	expected := f.Eval(&point)
+	if !proof.ClaimedValue.Equal(&expected) {
 		t.Fatal("inconsistant claimed value")
 	}
 
 	// verify correct proof
-	err = s.Verify(digest, proof)
+	err = s.Verify(&digest, &proof)
 	if err != nil {
 		t.Fatal(err)
 	}
 
 	// verify wrong proof
-	_proof = proof.(*Proof)
-	_proof.ClaimedValue.Double(&_proof.ClaimedValue)
-	err = s.Verify(digest, _proof)
+	proof.ClaimedValue.Double(&proof.ClaimedValue)
+	err = s.Verify(&digest, &proof)
 	if err == nil {
 		t.Fatal("verifying wrong proof should have failed")
 	}
@@ -200,12 +197,11 @@ func TestBatchVerifySinglePoint(t *testing.T) {
 	// create polynomials
 	f := make([]polynomial.Polynomial, 10)
 	for i := 0; i < 10; i++ {
-		_f := randomPolynomial(60)
-		f[i] = &_f
+		f[i] = randomPolynomial(60)
 	}
 
 	// commit the polynomials
-	digests := make([]polynomial.Digest, 10)
+	digests := make([]Digest, 10)
 	for i := 0; i < 10; i++ {
 		digests[i], _ = s.Commit(f[i])
 
@@ -220,10 +216,9 @@ func TestBatchVerifySinglePoint(t *testing.T) {
 	}
 
 	// verify the claimed values
-	_proof := proof.(*BatchProofsSinglePoint)
 	for i := 0; i < 10; i++ {
-		expectedClaim := f[i].Eval(point).(fr.Element)
-		if !expectedClaim.Equal(&_proof.ClaimedValues[i]) {
+		expectedClaim := f[i].Eval(&point)
+		if !expectedClaim.Equal(&proof.ClaimedValues[i]) {
 			t.Fatal("inconsistant claimed values")
 		}
 	}
@@ -235,8 +230,8 @@ func TestBatchVerifySinglePoint(t *testing.T) {
 	}
 
 	// verify wrong proof
-	_proof.ClaimedValues[0].Double(&_proof.ClaimedValues[0])
-	err = s.BatchVerifySinglePoint(digests, _proof)
+	proof.ClaimedValues[0].Double(&proof.ClaimedValues[0])
+	err = s.BatchVerifySinglePoint(digests, proof)
 	if err == nil {
 		t.Fatal("verifying wrong proof should have failed")
 	}
@@ -254,7 +249,7 @@ func BenchmarkKZGCommit(b *testing.B) {
 
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
-		_, _ = s.Commit(&p)
+		_, _ = s.Commit(p)
 	}
 }
 
@@ -269,7 +264,7 @@ func BenchmarkKZGOpen(b *testing.B) {
 
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
-		_, _ = s.Open(r, &p)
+		_, _ = s.Open(&r, p)
 	}
 }
 
@@ -283,20 +278,20 @@ func BenchmarkKZGVerify(b *testing.B) {
 	r.SetRandom()
 
 	// commit
-	comm, err := s.Commit(&p)
+	comm, err := s.Commit(p)
 	if err != nil {
 		b.Fatal(err)
 	}
 
 	// open
-	openingProof, err := s.Open(r, &p)
+	openingProof, err := s.Open(&r, p)
 	if err != nil {
 		b.Fatal(err)
 	}
 
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
-		s.Verify(comm, openingProof)
+		s.Verify(&comm, &openingProof)
 	}
 }
 
@@ -307,12 +302,11 @@ func BenchmarkKZGBatchOpen10(b *testing.B) {
 	// 10 random polynomials
 	var ps [10]polynomial.Polynomial
 	for i := 0; i < 10; i++ {
-		_p := randomPolynomial(benchSize / 2)
-		ps[i] = &_p
+		ps[i] = randomPolynomial(benchSize / 2)
 	}
 
 	// commitments
-	var commitments [10]polynomial.Digest
+	var commitments [10]Digest
 	for i := 0; i < 10; i++ {
 		commitments[i], _ = s.Commit(ps[i])
 	}
@@ -322,7 +316,7 @@ func BenchmarkKZGBatchOpen10(b *testing.B) {
 
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
-		s.BatchOpenSinglePoint(r, commitments[:], ps[:])
+		s.BatchOpenSinglePoint(&r, commitments[:], ps[:])
 	}
 }
 
@@ -333,12 +327,11 @@ func BenchmarkKZGBatchVerify10(b *testing.B) {
 	// 10 random polynomials
 	var ps [10]polynomial.Polynomial
 	for i := 0; i < 10; i++ {
-		_p := randomPolynomial(benchSize / 2)
-		ps[i] = &_p
+		ps[i] = randomPolynomial(benchSize / 2)
 	}
 
 	// commitments
-	var commitments [10]polynomial.Digest
+	var commitments [10]Digest
 	for i := 0; i < 10; i++ {
 		commitments[i], _ = s.Commit(ps[i])
 	}
@@ -346,7 +339,7 @@ func BenchmarkKZGBatchVerify10(b *testing.B) {
 	var r fr.Element
 	r.SetRandom()
 
-	proof, err := s.BatchOpenSinglePoint(r, commitments[:], ps[:])
+	proof, err := s.BatchOpenSinglePoint(&r, commitments[:], ps[:])
 	if err != nil {
 		b.Fatal(err)
 	}
diff --git a/ecc/bls24-315/fr/polynomial/polynomial.go b/ecc/bls24-315/fr/polynomial/polynomial.go
index 1ab9c44f0..4ec875f52 100644
--- a/ecc/bls24-315/fr/polynomial/polynomial.go
+++ b/ecc/bls24-315/fr/polynomial/polynomial.go
@@ -18,7 +18,6 @@ package polynomial
 
 import (
 	"github.com/consensys/gnark-crypto/ecc/bls24-315/fr"
-	"github.com/consensys/gnark-crypto/polynomial"
 )
 
 // Polynomial polynomial represented by coefficients bn254 fr field.
@@ -31,13 +30,11 @@ func (p *Polynomial) Degree() uint64 {
 
 // Eval evaluates p at v
 // returns a fr.Element
-func (p *Polynomial) Eval(v interface{}) interface{} {
-	var _v fr.Element
-	_v.SetInterface(v)
+func (p *Polynomial) Eval(v *fr.Element) fr.Element {
 
 	res := (*p)[len(*p)-1]
 	for i := len(*p) - 2; i >= 0; i-- {
-		res.Mul(&res, &_v)
+		res.Mul(&res, v)
 		res.Add(&res, &(*p)[i])
 	}
 
@@ -45,48 +42,39 @@ func (p *Polynomial) Eval(v interface{}) interface{} {
 }
 
 // Clone returns a copy of the polynomial
-func (p *Polynomial) Clone() polynomial.Polynomial {
+func (p *Polynomial) Clone() Polynomial {
 	_p := make(Polynomial, len(*p))
 	copy(_p, *p)
-	return &_p
+	return _p
 }
 
 // AddConstantInPlace adds a constant to the polynomial, modifying p
-func (p *Polynomial) AddConstantInPlace(c interface{}) {
-	var _c fr.Element
-	_c.SetInterface(c)
-
+func (p *Polynomial) AddConstantInPlace(c *fr.Element) {
 	for i := 0; i < len(*p); i++ {
-		(*p)[i].Add(&(*p)[i], &_c)
+		(*p)[i].Add(&(*p)[i], c)
 	}
 }
 
 // SubConstantInPlace subs a constant to the polynomial, modifying p
-func (p *Polynomial) SubConstantInPlace(c interface{}) {
-	var _c fr.Element
-	_c.SetInterface(c)
-
+func (p *Polynomial) SubConstantInPlace(c *fr.Element) {
 	for i := 0; i < len(*p); i++ {
-		(*p)[i].Sub(&(*p)[i], &_c)
+		(*p)[i].Sub(&(*p)[i], c)
 	}
 }
 
 // ScaleInPlace multiplies p by v, modifying p
-func (p *Polynomial) ScaleInPlace(c interface{}) {
-	var _c fr.Element
-	_c.SetInterface(c)
-
+func (p *Polynomial) ScaleInPlace(c *fr.Element) {
 	for i := 0; i < len(*p); i++ {
-		(*p)[i].Mul(&(*p)[i], &_c)
+		(*p)[i].Mul(&(*p)[i], c)
 	}
 }
 
 // Add adds p1 to p2
 // This function allocates a new slice unless p == p1 or p == p2
-func (p *Polynomial) Add(p1, p2 polynomial.Polynomial) polynomial.Polynomial {
+func (p *Polynomial) Add(p1, p2 Polynomial) *Polynomial {
 
-	bigger := *(p1.(*Polynomial))
-	smaller := *(p2.(*Polynomial))
+	bigger := p1
+	smaller := p2
 	if len(bigger) < len(smaller) {
 		bigger, smaller = smaller, bigger
 	}
@@ -116,18 +104,17 @@ func (p *Polynomial) Add(p1, p2 polynomial.Polynomial) polynomial.Polynomial {
 }
 
 // Equal checks equality between two polynomials
-func (p *Polynomial) Equal(p1 polynomial.Polynomial) bool {
-	_p1 := *(p1.(*Polynomial))
-	if (p == nil) != (_p1 == nil) {
+func (p *Polynomial) Equal(p1 Polynomial) bool {
+	if (*p == nil) != (p1 == nil) {
 		return false
 	}
 
-	if len(*p) != len(_p1) {
+	if len(*p) != len(p1) {
 		return false
 	}
 
-	for i := range _p1 {
-		if !(*p)[i].Equal(&_p1[i]) {
+	for i := range p1 {
+		if !(*p)[i].Equal(&p1[i]) {
 			return false
 		}
 	}
diff --git a/ecc/bls24-315/fr/polynomial/polynomial_test.go b/ecc/bls24-315/fr/polynomial/polynomial_test.go
index 6bcb4a186..c23d86197 100644
--- a/ecc/bls24-315/fr/polynomial/polynomial_test.go
+++ b/ecc/bls24-315/fr/polynomial/polynomial_test.go
@@ -46,7 +46,7 @@ func TestPolynomialEval(t *testing.T) {
 	expectedEval.Div(&expectedEval, &den)
 
 	// compute purported evaluation
-	purportedEval := f.Eval(&point).(fr.Element)
+	purportedEval := f.Eval(&point)
 
 	// check
 	if !purportedEval.Equal(&expectedEval) {
@@ -160,27 +160,27 @@ func TestPolynomialAdd(t *testing.T) {
 
 	// caller is empty
 	var g Polynomial
-	g.Add(&f1, &f2)
-	if !g.Equal(&expectedSum) {
+	g.Add(f1, f2)
+	if !g.Equal(expectedSum) {
 		t.Fatal("add polynomials fails")
 	}
-	if !f1.Equal(&f1Backup) {
+	if !f1.Equal(f1Backup) {
 		t.Fatal("side effect, f1 should not have been modified")
 	}
-	if !f2.Equal(&f2Backup) {
+	if !f2.Equal(f2Backup) {
 		t.Fatal("side effect, f2 should not have been modified")
 	}
 
 	// all operands are distincts
 	_f1 := f1.Clone()
-	_f1.Add(&f1, &f2)
-	if !_f1.Equal(&expectedSum) {
+	_f1.Add(f1, f2)
+	if !_f1.Equal(expectedSum) {
 		t.Fatal("add polynomials fails")
 	}
-	if !f1.Equal(&f1Backup) {
+	if !f1.Equal(f1Backup) {
 		t.Fatal("side effect, f1 should not have been modified")
 	}
-	if !f2.Equal(&f2Backup) {
+	if !f2.Equal(f2Backup) {
 		t.Fatal("side effect, f2 should not have been modified")
 	}
 
@@ -188,10 +188,10 @@ func TestPolynomialAdd(t *testing.T) {
 	_f1 = f1.Clone()
 	_f2 := f2.Clone()
 	_f1.Add(_f1, _f2)
-	if !_f1.Equal(&expectedSum) {
+	if !_f1.Equal(expectedSum) {
 		t.Fatal("add polynomials fails")
 	}
-	if !_f2.Equal(&f2Backup) {
+	if !_f2.Equal(f2Backup) {
 		t.Fatal("side effect, _f2 should not have been modified")
 	}
 
@@ -199,10 +199,10 @@ func TestPolynomialAdd(t *testing.T) {
 	_f1 = f1.Clone()
 	_f2 = f2.Clone()
 	_f1.Add(_f2, _f1)
-	if !_f1.Equal(&expectedSum) {
+	if !_f1.Equal(expectedSum) {
 		t.Fatal("add polynomials fails")
 	}
-	if !_f2.Equal(&f2Backup) {
+	if !_f2.Equal(f2Backup) {
 		t.Fatal("side effect, _f2 should not have been modified")
 	}
 }
diff --git a/ecc/bn254/fr/polynomial/kzg/kzg.go b/ecc/bn254/fr/polynomial/kzg/kzg.go
index 4aa3d4aad..87642d6f6 100644
--- a/ecc/bn254/fr/polynomial/kzg/kzg.go
+++ b/ecc/bn254/fr/polynomial/kzg/kzg.go
@@ -24,10 +24,9 @@ import (
 	"github.com/consensys/gnark-crypto/ecc/bn254"
 	"github.com/consensys/gnark-crypto/ecc/bn254/fr"
 	"github.com/consensys/gnark-crypto/ecc/bn254/fr/fft"
-	bn254_pol "github.com/consensys/gnark-crypto/ecc/bn254/fr/polynomial"
+	"github.com/consensys/gnark-crypto/ecc/bn254/fr/polynomial"
 	fiatshamir "github.com/consensys/gnark-crypto/fiat-shamir"
 	"github.com/consensys/gnark-crypto/internal/parallel"
-	"github.com/consensys/gnark-crypto/polynomial"
 )
 
 var (
@@ -35,6 +34,11 @@ var (
 	errUnsupportedSize           = errors.New("the size of the polynomials exceeds the capacity of the SRS")
 )
 
+var (
+	ErrVerifyOpeningProof            = errors.New("error verifying opening proof")
+	ErrVerifyBatchOpeningSinglePoint = errors.New("error verifying batch opening proof at single point")
+)
+
 // Digest commitment of a polynomial.
 type Digest struct {
 	data bn254.G1Affine
@@ -99,7 +103,7 @@ func NewScheme(size int, alpha fr.Element) *Scheme {
 }
 
 // Clone returns a copy of d
-func (d *Digest) Clone() polynomial.Digest {
+func (d *Digest) Clone() *Digest {
 	var res Digest
 	res.data.Set(&d.data)
 	return &res
@@ -121,12 +125,10 @@ func (d *Digest) Unmarshal(buf []byte) error {
 
 // Add adds two digest. The API and behaviour mimics bn254.G1Affine's,
 // i.e. the caller is modified.
-func (d *Digest) Add(d1, d2 polynomial.Digest) polynomial.Digest {
-	_d1 := d1.(*Digest)
-	_d2 := d2.(*Digest)
+func (d *Digest) Add(d1, d2 *Digest) *Digest {
 	var p1, p2 bn254.G1Jac
-	p1.FromAffine(&_d1.data)
-	p2.FromAffine(&_d2.data)
+	p1.FromAffine(&d1.data)
+	p2.FromAffine(&d2.data)
 	p1.AddAssign(&p2)
 	d.data.FromJacobian(&p1)
 	return d
@@ -134,12 +136,10 @@ func (d *Digest) Add(d1, d2 polynomial.Digest) polynomial.Digest {
 
 // Sub adds two digest. The API and behaviour mimics bn254.G1Affine's,
 // i.e. the caller is modified.
-func (d *Digest) Sub(d1, d2 polynomial.Digest) polynomial.Digest {
-	_d1 := d1.(*Digest)
-	_d2 := d2.(*Digest)
+func (d *Digest) Sub(d1, d2 *Digest) *Digest {
 	var p1, p2 bn254.G1Jac
-	p1.FromAffine(&_d1.data)
-	p2.FromAffine(&_d2.data)
+	p1.FromAffine(&d1.data)
+	p2.FromAffine(&d2.data)
 	p1.SubAssign(&p2)
 	d.data.FromJacobian(&p1)
 	return d
@@ -147,10 +147,9 @@ func (d *Digest) Sub(d1, d2 polynomial.Digest) polynomial.Digest {
 
 // Add adds two digest. The API and behaviour mimics bn254.G1Affine's,
 // i.e. the caller is modified.
-func (d *Digest) ScalarMul(d1 polynomial.Digest, s big.Int) polynomial.Digest {
-	_d1 := d1.(*Digest)
+func (d *Digest) ScalarMul(d1 *Digest, s big.Int) *Digest {
 	var p1 bn254.G1Affine
-	p1.Set(&_d1.data)
+	p1.Set(&d1.data)
 	p1.ScalarMultiplication(&p1, &s)
 	d.data.Set(&p1)
 	return d
@@ -282,20 +281,19 @@ func (s *Scheme) ReadFrom(r io.Reader) (int64, error) {
 
 // Commit commits to a polynomial using a multi exponentiation with the SRS.
 // It is assumed that the polynomial is in canonical form, in Montgomery form.
-func (s *Scheme) Commit(p polynomial.Polynomial) (polynomial.Digest, error) {
+func (s *Scheme) Commit(p polynomial.Polynomial) (Digest, error) {
 
 	if p.Degree() >= s.Domain.Cardinality {
-		return nil, errUnsupportedSize
+		return Digest{}, errUnsupportedSize
 	}
 
 	var _res bn254.G1Affine
-	_p := p.(*bn254_pol.Polynomial)
 
 	// ensure we don't modify p
-	pCopy := make(bn254_pol.Polynomial, s.Domain.Cardinality)
-	copy(pCopy, *_p)
+	pCopy := make(polynomial.Polynomial, s.Domain.Cardinality)
+	copy(pCopy, p)
 
-	parallel.Execute(len(*_p), func(start, end int) {
+	parallel.Execute(len(p), func(start, end int) {
 		for i := start; i < end; i++ {
 			pCopy[i].FromMont()
 		}
@@ -305,50 +303,47 @@ func (s *Scheme) Commit(p polynomial.Polynomial) (polynomial.Digest, error) {
 	var res Digest
 	res.data.Set(&_res)
 
-	return &res, nil
+	return res, nil
 }
 
-// Open computes an opening proof of _p at _val.
+// Open computes an opening proof of p at _val.
 // Returns a MockProof, which is an empty interface.
-func (s *Scheme) Open(point interface{}, p polynomial.Polynomial) (polynomial.OpeningProof, error) {
+func (s *Scheme) Open(point *fr.Element, p polynomial.Polynomial) (Proof, error) {
 
 	if p.Degree() >= s.Domain.Cardinality {
 		panic("[Open] Size of polynomial exceeds the size supported by the scheme")
 	}
 
 	// build the proof
-	var res Proof
-	claimedValue := p.Eval(point)
-	res.Point.SetInterface(point)
-	res.ClaimedValue.SetInterface(claimedValue)
+	res := Proof{
+		Point:        *point,
+		ClaimedValue: p.Eval(point),
+	}
 
 	// compute H
-	_p := p.(*bn254_pol.Polynomial)
-	h := dividePolyByXminusA(s.Domain, *_p, res.ClaimedValue, res.Point)
+
+	h := dividePolyByXminusA(s.Domain, p, res.ClaimedValue, res.Point)
 
 	// commit to H
-	c, err := s.Commit(&h)
+	c, err := s.Commit(h)
 	if err != nil {
-		return nil, err
+		return Proof{}, err
 	}
-	_c := c.(*Digest)
-	res.H.Set(&_c.data)
+	res.H.Set(&c.data)
 
-	return &res, nil
+	return res, nil
 }
 
 // Verify verifies a KZG opening proof at a single point
-func (s *Scheme) Verify(d polynomial.Digest, proof polynomial.OpeningProof) error {
+func (s *Scheme) Verify(d *Digest, proof *Proof) error {
 
-	_d := d.(*Digest)
 	var _commitment bn254.G1Affine
-	_commitment.Set(&_d.data)
-	_proof := proof.(*Proof)
+	_commitment.Set(&d.data)
 
 	// comm(f(a))
 	var claimedValueG1Aff bn254.G1Affine
 	var claimedValueBigInt big.Int
-	_proof.ClaimedValue.ToBigIntRegular(&claimedValueBigInt)
+	proof.ClaimedValue.ToBigIntRegular(&claimedValueBigInt)
 	claimedValueG1Aff.ScalarMultiplication(&s.SRS.G1[0], &claimedValueBigInt)
 
 	// [f(alpha) - f(a)]G1Jac
@@ -359,12 +354,12 @@ func (s *Scheme) Verify(d polynomial.Digest, proof polynomial.OpeningProof) erro
 
 	// [-H(alpha)]G1Aff
 	var negH bn254.G1Affine
-	negH.Neg(&_proof.H)
+	negH.Neg(&proof.H)
 
 	// [alpha-a]G2Jac
 	var alphaMinusaG2Jac, genG2Jac, alphaG2Jac bn254.G2Jac
 	var pointBigInt big.Int
-	_proof.Point.ToBigIntRegular(&pointBigInt)
+	proof.Point.ToBigIntRegular(&pointBigInt)
 	genG2Jac.FromAffine(&s.SRS.G2[0])
 	alphaG2Jac.FromAffine(&s.SRS.G2[1])
 	alphaMinusaG2Jac.ScalarMultiplication(&genG2Jac, &pointBigInt).
@@ -388,13 +383,17 @@ func (s *Scheme) Verify(d polynomial.Digest, proof polynomial.OpeningProof) erro
 		return err
 	}
 	if !check {
-		return polynomial.ErrVerifyOpeningProof
+		return ErrVerifyOpeningProof
 	}
 	return nil
 }
 
-// BatchOpenSinglePoint creates a batch opening proof of several polynomials at a single point
-func (s *Scheme) BatchOpenSinglePoint(point interface{}, digests []polynomial.Digest, polynomials []polynomial.Polynomial) (polynomial.BatchOpeningProofSinglePoint, error) {
+// BatchOpenSinglePoint creates a batch opening proof at _val of a list of polynomials.
+// It's an interactive protocol, made non interactive using Fiat Shamir.
+// point is the point at which the polynomials are opened.
+// digests is the list of committed polynomials to open, need to derive the challenge using Fiat Shamir.
+// polynomials is the list of polynomials to open.
+func (s *Scheme) BatchOpenSinglePoint(point *fr.Element, digests []Digest, polynomials []polynomial.Polynomial) (*BatchProofsSinglePoint, error) {
 
 	nbDigests := len(digests)
 	if nbDigests != len(polynomials) {
@@ -406,11 +405,11 @@ func (s *Scheme) BatchOpenSinglePoint(point interface{}, digests []polynomial.Di
 	// compute the purported values
 	res.ClaimedValues = make([]fr.Element, len(polynomials))
 	for i := 0; i < len(polynomials); i++ {
-		res.ClaimedValues[i] = polynomials[i].Eval(point).(fr.Element)
+		res.ClaimedValues[i] = polynomials[i].Eval(point)
 	}
 
 	// set the point at which the evaluation is done
-	res.Point.SetInterface(point)
+	res.Point.Set(point)
 
 	// derive the challenge gamma, binded to the point and the commitments
 	fs := fiatshamir.NewTranscript(fiatshamir.SHA256, "gamma")
@@ -441,33 +440,34 @@ func (s *Scheme) BatchOpenSinglePoint(point interface{}, digests []polynomial.Di
 	}
 
 	// compute H
-	_sumGammaiTimesPol := sumGammaiTimesPol.(*bn254_pol.Polynomial)
-	h := dividePolyByXminusA(s.Domain, *_sumGammaiTimesPol, sumGammaiTimesEval, res.Point)
-	c, err := s.Commit(&h)
+	h := dividePolyByXminusA(s.Domain, sumGammaiTimesPol, sumGammaiTimesEval, res.Point)
+	c, err := s.Commit(h)
 	if err != nil {
 		return nil, err
 	}
 
-	_c := c.(*Digest)
-	res.H.Set(&_c.data)
+	res.H.Set(&c.data)
 
 	return &res, nil
 }
 
-func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpeningProof polynomial.BatchOpeningProofSinglePoint) error {
+// BatchVerifySinglePoint verifies a batched opening proof at a single point of a list of polynomials.
+// point: point at which the polynomials are evaluated
+// claimedValues: claimed values of the polynomials at _val
+// commitments: list of commitments to the polynomials which are opened
+// batchOpeningProof: the batched opening proof at a single point of the polynomials.
+func (s *Scheme) BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchProofsSinglePoint) error {
 
 	nbDigests := len(digests)
 
-	_batchOpeningProof := batchOpeningProof.(*BatchProofsSinglePoint)
-
 	// check consistancy between numbers of claims vs number of digests
-	if len(digests) != len(_batchOpeningProof.ClaimedValues) {
+	if len(digests) != len(batchOpeningProof.ClaimedValues) {
 		return errNbDigestsNeqNbPolynomials
 	}
 
 	// derive the challenge gamma, binded to the point and the commitments
 	fs := fiatshamir.NewTranscript(fiatshamir.SHA256, "gamma")
-	err := fs.Bind("gamma", _batchOpeningProof.Point.Marshal())
+	err := fs.Bind("gamma", batchOpeningProof.Point.Marshal())
 	if err != nil {
 		return err
 	}
@@ -485,10 +485,10 @@ func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpenin
 	gamma.SetBytes(gammaByte)
 
 	var sumGammaiTimesEval fr.Element
-	sumGammaiTimesEval.Set(&_batchOpeningProof.ClaimedValues[nbDigests-1])
+	sumGammaiTimesEval.Set(&batchOpeningProof.ClaimedValues[nbDigests-1])
 	for i := nbDigests - 2; i >= 0; i-- {
 		sumGammaiTimesEval.Mul(&sumGammaiTimesEval, &gamma).
-			Add(&sumGammaiTimesEval, &_batchOpeningProof.ClaimedValues[i])
+			Add(&sumGammaiTimesEval, &batchOpeningProof.ClaimedValues[i])
 	}
 
 	var sumGammaiTimesEvalBigInt big.Int
@@ -507,8 +507,7 @@ func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpenin
 	var sumGammaiTimesDigestsG1Aff bn254.G1Affine
 	_digests := make([]bn254.G1Affine, len(digests))
 	for i := 0; i < len(digests); i++ {
-		_d := digests[i].(*Digest)
-		_digests[i].Set(&_d.data)
+		_digests[i].Set(&digests[i].data)
 	}
 
 	sumGammaiTimesDigestsG1Aff.MultiExp(_digests, gammai)
@@ -524,7 +523,7 @@ func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpenin
 	// [alpha-a]G2Jac
 	var alphaMinusaG2Jac, genG2Jac, alphaG2Jac bn254.G2Jac
 	var pointBigInt big.Int
-	_batchOpeningProof.Point.ToBigIntRegular(&pointBigInt)
+	batchOpeningProof.Point.ToBigIntRegular(&pointBigInt)
 	genG2Jac.FromAffine(&s.SRS.G2[0])
 	alphaG2Jac.FromAffine(&s.SRS.G2[1])
 	alphaMinusaG2Jac.ScalarMultiplication(&genG2Jac, &pointBigInt).
@@ -537,7 +536,7 @@ func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpenin
 
 	// [-H(alpha)]G1Aff
 	var negH bn254.G1Affine
-	negH.Neg(&_batchOpeningProof.H)
+	negH.Neg(&batchOpeningProof.H)
 
 	// check the pairing equation
 	check, err := bn254.PairingCheck(
@@ -548,7 +547,7 @@ func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpenin
 		return err
 	}
 	if !check {
-		return polynomial.ErrVerifyBatchOpeningSinglePoint
+		return ErrVerifyBatchOpeningSinglePoint
 	}
 	return nil
 }
diff --git a/ecc/bn254/fr/polynomial/kzg/kzg_test.go b/ecc/bn254/fr/polynomial/kzg/kzg_test.go
index 9a26b46ef..b51e9ce14 100644
--- a/ecc/bn254/fr/polynomial/kzg/kzg_test.go
+++ b/ecc/bn254/fr/polynomial/kzg/kzg_test.go
@@ -25,8 +25,7 @@ import (
 	"github.com/consensys/gnark-crypto/ecc/bn254"
 	"github.com/consensys/gnark-crypto/ecc/bn254/fr"
 	"github.com/consensys/gnark-crypto/ecc/bn254/fr/fft"
-	bn254_pol "github.com/consensys/gnark-crypto/ecc/bn254/fr/polynomial"
-	"github.com/consensys/gnark-crypto/polynomial"
+	"github.com/consensys/gnark-crypto/ecc/bn254/fr/polynomial"
 )
 
 var _alphaSetup fr.Element
@@ -36,8 +35,8 @@ func init() {
 	_alphaSetup.SetString("1234")
 }
 
-func randomPolynomial(size int) bn254_pol.Polynomial {
-	f := make(bn254_pol.Polynomial, size)
+func randomPolynomial(size int) polynomial.Polynomial {
+	f := make(polynomial.Polynomial, size)
 	for i := 0; i < size; i++ {
 		f[i].SetRandom()
 	}
@@ -51,7 +50,7 @@ func TestDividePolyByXminusA(t *testing.T) {
 	domain := fft.NewDomain(uint64(sizePol), 0, false)
 
 	// build random polynomial
-	pol := make(bn254_pol.Polynomial, sizePol)
+	pol := make(polynomial.Polynomial, sizePol)
 	for i := 0; i < sizePol; i++ {
 		pol[i].SetRandom()
 	}
@@ -59,7 +58,7 @@ func TestDividePolyByXminusA(t *testing.T) {
 	// evaluate the polynomial at a random point
 	var point fr.Element
 	point.SetRandom()
-	evaluation := pol.Eval(&point).(fr.Element)
+	evaluation := pol.Eval(&point)
 
 	// compute f-f(a)/x-a
 	h := dividePolyByXminusA(*domain, pol, evaluation, point)
@@ -72,10 +71,10 @@ func TestDividePolyByXminusA(t *testing.T) {
 	var randPoint, xminusa fr.Element
 	randPoint.SetRandom()
 
-	polRandpoint := pol.Eval(&randPoint).(fr.Element)
+	polRandpoint := pol.Eval(&randPoint)
 	polRandpoint.Sub(&polRandpoint, &evaluation) // f(rand)-f(point)
 
-	hRandPoint := h.Eval(&randPoint).(fr.Element)
+	hRandPoint := h.Eval(&randPoint)
 	xminusa.Sub(&randPoint, &point) // rand-point
 
 	// f(rand)-f(point)	==? h(rand)*(rand-point)
@@ -118,13 +117,13 @@ func TestCommit(t *testing.T) {
 	s := NewScheme(64, _alphaSetup)
 
 	// create a polynomial
-	f := make(bn254_pol.Polynomial, 60)
+	f := make(polynomial.Polynomial, 60)
 	for i := 0; i < 60; i++ {
 		f[i].SetRandom()
 	}
 
 	// commit using the method from KZG
-	_kzgCommit, err := s.Commit(&f)
+	_kzgCommit, err := s.Commit(f)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -134,7 +133,7 @@ func TestCommit(t *testing.T) {
 	// check commitment using manual commit
 	var x fr.Element
 	x.SetString("1234")
-	fx := f.Eval(&x).(fr.Element)
+	fx := f.Eval(&x)
 	var fxbi big.Int
 	fx.ToBigIntRegular(&fxbi)
 	var manualCommit bn254.G1Affine
@@ -157,7 +156,7 @@ func TestVerifySinglePoint(t *testing.T) {
 	f := randomPolynomial(60)
 
 	// commit the polynomial
-	digest, err := s.Commit(&f)
+	digest, err := s.Commit(f)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -165,28 +164,26 @@ func TestVerifySinglePoint(t *testing.T) {
 	// compute opening proof at a random point
 	var point fr.Element
 	point.SetString("4321")
-	proof, err := s.Open(&point, &f)
+	proof, err := s.Open(&point, f)
 	if err != nil {
 		t.Fatal(err)
 	}
 
 	// verify the claimed valued
-	_proof := proof.(*Proof)
-	expected := f.Eval(point).(fr.Element)
-	if !_proof.ClaimedValue.Equal(&expected) {
+	expected := f.Eval(&point)
+	if !proof.ClaimedValue.Equal(&expected) {
 		t.Fatal("inconsistant claimed value")
 	}
 
 	// verify correct proof
-	err = s.Verify(digest, proof)
+	err = s.Verify(&digest, &proof)
 	if err != nil {
 		t.Fatal(err)
 	}
 
 	// verify wrong proof
-	_proof = proof.(*Proof)
-	_proof.ClaimedValue.Double(&_proof.ClaimedValue)
-	err = s.Verify(digest, _proof)
+	proof.ClaimedValue.Double(&proof.ClaimedValue)
+	err = s.Verify(&digest, &proof)
 	if err == nil {
 		t.Fatal("verifying wrong proof should have failed")
 	}
@@ -200,12 +197,11 @@ func TestBatchVerifySinglePoint(t *testing.T) {
 	// create polynomials
 	f := make([]polynomial.Polynomial, 10)
 	for i := 0; i < 10; i++ {
-		_f := randomPolynomial(60)
-		f[i] = &_f
+		f[i] = randomPolynomial(60)
 	}
 
 	// commit the polynomials
-	digests := make([]polynomial.Digest, 10)
+	digests := make([]Digest, 10)
 	for i := 0; i < 10; i++ {
 		digests[i], _ = s.Commit(f[i])
 
@@ -220,10 +216,9 @@ func TestBatchVerifySinglePoint(t *testing.T) {
 	}
 
 	// verify the claimed values
-	_proof := proof.(*BatchProofsSinglePoint)
 	for i := 0; i < 10; i++ {
-		expectedClaim := f[i].Eval(point).(fr.Element)
-		if !expectedClaim.Equal(&_proof.ClaimedValues[i]) {
+		expectedClaim := f[i].Eval(&point)
+		if !expectedClaim.Equal(&proof.ClaimedValues[i]) {
 			t.Fatal("inconsistant claimed values")
 		}
 	}
@@ -235,8 +230,8 @@ func TestBatchVerifySinglePoint(t *testing.T) {
 	}
 
 	// verify wrong proof
-	_proof.ClaimedValues[0].Double(&_proof.ClaimedValues[0])
-	err = s.BatchVerifySinglePoint(digests, _proof)
+	proof.ClaimedValues[0].Double(&proof.ClaimedValues[0])
+	err = s.BatchVerifySinglePoint(digests, proof)
 	if err == nil {
 		t.Fatal("verifying wrong proof should have failed")
 	}
@@ -254,7 +249,7 @@ func BenchmarkKZGCommit(b *testing.B) {
 
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
-		_, _ = s.Commit(&p)
+		_, _ = s.Commit(p)
 	}
 }
 
@@ -269,7 +264,7 @@ func BenchmarkKZGOpen(b *testing.B) {
 
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
-		_, _ = s.Open(r, &p)
+		_, _ = s.Open(&r, p)
 	}
 }
 
@@ -283,20 +278,20 @@ func BenchmarkKZGVerify(b *testing.B) {
 	r.SetRandom()
 
 	// commit
-	comm, err := s.Commit(&p)
+	comm, err := s.Commit(p)
 	if err != nil {
 		b.Fatal(err)
 	}
 
 	// open
-	openingProof, err := s.Open(r, &p)
+	openingProof, err := s.Open(&r, p)
 	if err != nil {
 		b.Fatal(err)
 	}
 
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
-		s.Verify(comm, openingProof)
+		s.Verify(&comm, &openingProof)
 	}
 }
 
@@ -307,12 +302,11 @@ func BenchmarkKZGBatchOpen10(b *testing.B) {
 	// 10 random polynomials
 	var ps [10]polynomial.Polynomial
 	for i := 0; i < 10; i++ {
-		_p := randomPolynomial(benchSize / 2)
-		ps[i] = &_p
+		ps[i] = randomPolynomial(benchSize / 2)
 	}
 
 	// commitments
-	var commitments [10]polynomial.Digest
+	var commitments [10]Digest
 	for i := 0; i < 10; i++ {
 		commitments[i], _ = s.Commit(ps[i])
 	}
@@ -322,7 +316,7 @@ func BenchmarkKZGBatchOpen10(b *testing.B) {
 
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
-		s.BatchOpenSinglePoint(r, commitments[:], ps[:])
+		s.BatchOpenSinglePoint(&r, commitments[:], ps[:])
 	}
 }
 
@@ -333,12 +327,11 @@ func BenchmarkKZGBatchVerify10(b *testing.B) {
 	// 10 random polynomials
 	var ps [10]polynomial.Polynomial
 	for i := 0; i < 10; i++ {
-		_p := randomPolynomial(benchSize / 2)
-		ps[i] = &_p
+		ps[i] = randomPolynomial(benchSize / 2)
 	}
 
 	// commitments
-	var commitments [10]polynomial.Digest
+	var commitments [10]Digest
 	for i := 0; i < 10; i++ {
 		commitments[i], _ = s.Commit(ps[i])
 	}
@@ -346,7 +339,7 @@ func BenchmarkKZGBatchVerify10(b *testing.B) {
 	var r fr.Element
 	r.SetRandom()
 
-	proof, err := s.BatchOpenSinglePoint(r, commitments[:], ps[:])
+	proof, err := s.BatchOpenSinglePoint(&r, commitments[:], ps[:])
 	if err != nil {
 		b.Fatal(err)
 	}
diff --git a/ecc/bn254/fr/polynomial/polynomial.go b/ecc/bn254/fr/polynomial/polynomial.go
index 66206062e..4fe785940 100644
--- a/ecc/bn254/fr/polynomial/polynomial.go
+++ b/ecc/bn254/fr/polynomial/polynomial.go
@@ -18,7 +18,6 @@ package polynomial
 
 import (
 	"github.com/consensys/gnark-crypto/ecc/bn254/fr"
-	"github.com/consensys/gnark-crypto/polynomial"
 )
 
 // Polynomial polynomial represented by coefficients bn254 fr field.
@@ -31,13 +30,11 @@ func (p *Polynomial) Degree() uint64 {
 
 // Eval evaluates p at v
 // returns a fr.Element
-func (p *Polynomial) Eval(v interface{}) interface{} {
-	var _v fr.Element
-	_v.SetInterface(v)
+func (p *Polynomial) Eval(v *fr.Element) fr.Element {
 
 	res := (*p)[len(*p)-1]
 	for i := len(*p) - 2; i >= 0; i-- {
-		res.Mul(&res, &_v)
+		res.Mul(&res, v)
 		res.Add(&res, &(*p)[i])
 	}
 
@@ -45,48 +42,39 @@ func (p *Polynomial) Eval(v interface{}) interface{} {
 }
 
 // Clone returns a copy of the polynomial
-func (p *Polynomial) Clone() polynomial.Polynomial {
+func (p *Polynomial) Clone() Polynomial {
 	_p := make(Polynomial, len(*p))
 	copy(_p, *p)
-	return &_p
+	return _p
 }
 
 // AddConstantInPlace adds a constant to the polynomial, modifying p
-func (p *Polynomial) AddConstantInPlace(c interface{}) {
-	var _c fr.Element
-	_c.SetInterface(c)
-
+func (p *Polynomial) AddConstantInPlace(c *fr.Element) {
 	for i := 0; i < len(*p); i++ {
-		(*p)[i].Add(&(*p)[i], &_c)
+		(*p)[i].Add(&(*p)[i], c)
 	}
 }
 
 // SubConstantInPlace subs a constant to the polynomial, modifying p
-func (p *Polynomial) SubConstantInPlace(c interface{}) {
-	var _c fr.Element
-	_c.SetInterface(c)
-
+func (p *Polynomial) SubConstantInPlace(c *fr.Element) {
 	for i := 0; i < len(*p); i++ {
-		(*p)[i].Sub(&(*p)[i], &_c)
+		(*p)[i].Sub(&(*p)[i], c)
 	}
 }
 
 // ScaleInPlace multiplies p by v, modifying p
-func (p *Polynomial) ScaleInPlace(c interface{}) {
-	var _c fr.Element
-	_c.SetInterface(c)
-
+func (p *Polynomial) ScaleInPlace(c *fr.Element) {
 	for i := 0; i < len(*p); i++ {
-		(*p)[i].Mul(&(*p)[i], &_c)
+		(*p)[i].Mul(&(*p)[i], c)
 	}
 }
 
 // Add adds p1 to p2
 // This function allocates a new slice unless p == p1 or p == p2
-func (p *Polynomial) Add(p1, p2 polynomial.Polynomial) polynomial.Polynomial {
+func (p *Polynomial) Add(p1, p2 Polynomial) *Polynomial {
 
-	bigger := *(p1.(*Polynomial))
-	smaller := *(p2.(*Polynomial))
+	bigger := p1
+	smaller := p2
 	if len(bigger) < len(smaller) {
 		bigger, smaller = smaller, bigger
 	}
@@ -116,18 +104,17 @@ func (p *Polynomial) Add(p1, p2 polynomial.Polynomial) polynomial.Polynomial {
 }
 
 // Equal checks equality between two polynomials
-func (p *Polynomial) Equal(p1 polynomial.Polynomial) bool {
-	_p1 := *(p1.(*Polynomial))
-	if (p == nil) != (_p1 == nil) {
+func (p *Polynomial) Equal(p1 Polynomial) bool {
+	if (*p == nil) != (p1 == nil) {
 		return false
 	}
 
-	if len(*p) != len(_p1) {
+	if len(*p) != len(p1) {
 		return false
 	}
 
-	for i := range _p1 {
-		if !(*p)[i].Equal(&_p1[i]) {
+	for i := range p1 {
+		if !(*p)[i].Equal(&p1[i]) {
 			return false
 		}
 	}
diff --git a/ecc/bn254/fr/polynomial/polynomial_test.go b/ecc/bn254/fr/polynomial/polynomial_test.go
index f96991e70..2664c30e2 100644
--- a/ecc/bn254/fr/polynomial/polynomial_test.go
+++ b/ecc/bn254/fr/polynomial/polynomial_test.go
@@ -46,7 +46,7 @@ func TestPolynomialEval(t *testing.T) {
 	expectedEval.Div(&expectedEval, &den)
 
 	// compute purported evaluation
-	purportedEval := f.Eval(&point).(fr.Element)
+	purportedEval := f.Eval(&point)
 
 	// check
 	if !purportedEval.Equal(&expectedEval) {
@@ -160,27 +160,27 @@ func TestPolynomialAdd(t *testing.T) {
 
 	// caller is empty
 	var g Polynomial
-	g.Add(&f1, &f2)
-	if !g.Equal(&expectedSum) {
+	g.Add(f1, f2)
+	if !g.Equal(expectedSum) {
 		t.Fatal("add polynomials fails")
 	}
-	if !f1.Equal(&f1Backup) {
+	if !f1.Equal(f1Backup) {
 		t.Fatal("side effect, f1 should not have been modified")
 	}
-	if !f2.Equal(&f2Backup) {
+	if !f2.Equal(f2Backup) {
 		t.Fatal("side effect, f2 should not have been modified")
 	}
 
 	// all operands are distincts
 	_f1 := f1.Clone()
-	_f1.Add(&f1, &f2)
-	if !_f1.Equal(&expectedSum) {
+	_f1.Add(f1, f2)
+	if !_f1.Equal(expectedSum) {
 		t.Fatal("add polynomials fails")
 	}
-	if !f1.Equal(&f1Backup) {
+	if !f1.Equal(f1Backup) {
 		t.Fatal("side effect, f1 should not have been modified")
 	}
-	if !f2.Equal(&f2Backup) {
+	if !f2.Equal(f2Backup) {
 		t.Fatal("side effect, f2 should not have been modified")
 	}
 
@@ -188,10 +188,10 @@ func TestPolynomialAdd(t *testing.T) {
 	_f1 = f1.Clone()
 	_f2 := f2.Clone()
 	_f1.Add(_f1, _f2)
-	if !_f1.Equal(&expectedSum) {
+	if !_f1.Equal(expectedSum) {
 		t.Fatal("add polynomials fails")
 	}
-	if !_f2.Equal(&f2Backup) {
+	if !_f2.Equal(f2Backup) {
 		t.Fatal("side effect, _f2 should not have been modified")
 	}
 
@@ -199,10 +199,10 @@ func TestPolynomialAdd(t *testing.T) {
 	_f1 = f1.Clone()
 	_f2 = f2.Clone()
 	_f1.Add(_f2, _f1)
-	if !_f1.Equal(&expectedSum) {
+	if !_f1.Equal(expectedSum) {
 		t.Fatal("add polynomials fails")
 	}
-	if !_f2.Equal(&f2Backup) {
+	if !_f2.Equal(f2Backup) {
 		t.Fatal("side effect, _f2 should not have been modified")
 	}
 }
diff --git a/ecc/bw6-761/fr/polynomial/kzg/kzg.go b/ecc/bw6-761/fr/polynomial/kzg/kzg.go
index 89c5a29a8..e9adc716a 100644
--- a/ecc/bw6-761/fr/polynomial/kzg/kzg.go
+++ b/ecc/bw6-761/fr/polynomial/kzg/kzg.go
@@ -24,10 +24,9 @@ import (
 	"github.com/consensys/gnark-crypto/ecc/bw6-761"
 	"github.com/consensys/gnark-crypto/ecc/bw6-761/fr"
 	"github.com/consensys/gnark-crypto/ecc/bw6-761/fr/fft"
-	bw6761_pol "github.com/consensys/gnark-crypto/ecc/bw6-761/fr/polynomial"
+	"github.com/consensys/gnark-crypto/ecc/bw6-761/fr/polynomial"
 	fiatshamir "github.com/consensys/gnark-crypto/fiat-shamir"
 	"github.com/consensys/gnark-crypto/internal/parallel"
-	"github.com/consensys/gnark-crypto/polynomial"
 )
 
 var (
@@ -35,6 +34,11 @@ var (
 	errUnsupportedSize           = errors.New("the size of the polynomials exceeds the capacity of the SRS")
 )
 
+var (
+	ErrVerifyOpeningProof            = errors.New("error verifying opening proof")
+	ErrVerifyBatchOpeningSinglePoint = errors.New("error verifying batch opening proof at single point")
+)
+
 // Digest commitment of a polynomial.
 type Digest struct {
 	data bw6761.G1Affine
@@ -99,7 +103,7 @@ func NewScheme(size int, alpha fr.Element) *Scheme {
 }
 
 // Clone returns a copy of d
-func (d *Digest) Clone() polynomial.Digest {
+func (d *Digest) Clone() *Digest {
 	var res Digest
 	res.data.Set(&d.data)
 	return &res
@@ -121,12 +125,10 @@ func (d *Digest) Unmarshal(buf []byte) error {
 
 // Add adds two digest. The API and behaviour mimics bw6761.G1Affine's,
 // i.e. the caller is modified.
-func (d *Digest) Add(d1, d2 polynomial.Digest) polynomial.Digest {
-	_d1 := d1.(*Digest)
-	_d2 := d2.(*Digest)
+func (d *Digest) Add(d1, d2 *Digest) *Digest {
 	var p1, p2 bw6761.G1Jac
-	p1.FromAffine(&_d1.data)
-	p2.FromAffine(&_d2.data)
+	p1.FromAffine(&d1.data)
+	p2.FromAffine(&d2.data)
 	p1.AddAssign(&p2)
 	d.data.FromJacobian(&p1)
 	return d
@@ -134,12 +136,10 @@ func (d *Digest) Add(d1, d2 polynomial.Digest) polynomial.Digest {
 
 // Sub adds two digest. The API and behaviour mimics bw6761.G1Affine's,
 // i.e. the caller is modified.
-func (d *Digest) Sub(d1, d2 polynomial.Digest) polynomial.Digest {
-	_d1 := d1.(*Digest)
-	_d2 := d2.(*Digest)
+func (d *Digest) Sub(d1, d2 *Digest) *Digest {
 	var p1, p2 bw6761.G1Jac
-	p1.FromAffine(&_d1.data)
-	p2.FromAffine(&_d2.data)
+	p1.FromAffine(&d1.data)
+	p2.FromAffine(&d2.data)
 	p1.SubAssign(&p2)
 	d.data.FromJacobian(&p1)
 	return d
@@ -147,10 +147,9 @@ func (d *Digest) Sub(d1, d2 polynomial.Digest) polynomial.Digest {
 
 // Add adds two digest. The API and behaviour mimics bw6761.G1Affine's,
 // i.e. the caller is modified.
-func (d *Digest) ScalarMul(d1 polynomial.Digest, s big.Int) polynomial.Digest {
-	_d1 := d1.(*Digest)
+func (d *Digest) ScalarMul(d1 *Digest, s big.Int) *Digest {
 	var p1 bw6761.G1Affine
-	p1.Set(&_d1.data)
+	p1.Set(&d1.data)
 	p1.ScalarMultiplication(&p1, &s)
 	d.data.Set(&p1)
 	return d
@@ -282,20 +281,19 @@ func (s *Scheme) ReadFrom(r io.Reader) (int64, error) {
 
 // Commit commits to a polynomial using a multi exponentiation with the SRS.
 // It is assumed that the polynomial is in canonical form, in Montgomery form.
-func (s *Scheme) Commit(p polynomial.Polynomial) (polynomial.Digest, error) {
+func (s *Scheme) Commit(p polynomial.Polynomial) (Digest, error) {
 
 	if p.Degree() >= s.Domain.Cardinality {
-		return nil, errUnsupportedSize
+		return Digest{}, errUnsupportedSize
 	}
 
 	var _res bw6761.G1Affine
-	_p := p.(*bw6761_pol.Polynomial)
 
 	// ensure we don't modify p
-	pCopy := make(bw6761_pol.Polynomial, s.Domain.Cardinality)
-	copy(pCopy, *_p)
+	pCopy := make(polynomial.Polynomial, s.Domain.Cardinality)
+	copy(pCopy, p)
 
-	parallel.Execute(len(*_p), func(start, end int) {
+	parallel.Execute(len(p), func(start, end int) {
 		for i := start; i < end; i++ {
 			pCopy[i].FromMont()
 		}
@@ -305,50 +303,47 @@ func (s *Scheme) Commit(p polynomial.Polynomial) (polynomial.Digest, error) {
 	var res Digest
 	res.data.Set(&_res)
 
-	return &res, nil
+	return res, nil
 }
 
-// Open computes an opening proof of _p at _val.
+// Open computes an opening proof of p at _val.
 // Returns a MockProof, which is an empty interface.
-func (s *Scheme) Open(point interface{}, p polynomial.Polynomial) (polynomial.OpeningProof, error) {
+func (s *Scheme) Open(point *fr.Element, p polynomial.Polynomial) (Proof, error) {
 
 	if p.Degree() >= s.Domain.Cardinality {
 		panic("[Open] Size of polynomial exceeds the size supported by the scheme")
 	}
 
 	// build the proof
-	var res Proof
-	claimedValue := p.Eval(point)
-	res.Point.SetInterface(point)
-	res.ClaimedValue.SetInterface(claimedValue)
+	res := Proof{
+		Point:        *point,
+		ClaimedValue: p.Eval(point),
+	}
 
 	// compute H
-	_p := p.(*bw6761_pol.Polynomial)
-	h := dividePolyByXminusA(s.Domain, *_p, res.ClaimedValue, res.Point)
+
+	h := dividePolyByXminusA(s.Domain, p, res.ClaimedValue, res.Point)
 
 	// commit to H
-	c, err := s.Commit(&h)
+	c, err := s.Commit(h)
 	if err != nil {
-		return nil, err
+		return Proof{}, err
 	}
-	_c := c.(*Digest)
-	res.H.Set(&_c.data)
+	res.H.Set(&c.data)
 
-	return &res, nil
+	return res, nil
 }
 
 // Verify verifies a KZG opening proof at a single point
-func (s *Scheme) Verify(d polynomial.Digest, proof polynomial.OpeningProof) error {
+func (s *Scheme) Verify(d *Digest, proof *Proof) error {
 
-	_d := d.(*Digest)
 	var _commitment bw6761.G1Affine
-	_commitment.Set(&_d.data)
-	_proof := proof.(*Proof)
+	_commitment.Set(&d.data)
 
 	// comm(f(a))
 	var claimedValueG1Aff bw6761.G1Affine
 	var claimedValueBigInt big.Int
-	_proof.ClaimedValue.ToBigIntRegular(&claimedValueBigInt)
+	proof.ClaimedValue.ToBigIntRegular(&claimedValueBigInt)
 	claimedValueG1Aff.ScalarMultiplication(&s.SRS.G1[0], &claimedValueBigInt)
 
 	// [f(alpha) - f(a)]G1Jac
@@ -359,12 +354,12 @@ func (s *Scheme) Verify(d polynomial.Digest, proof polynomial.OpeningProof) erro
 
 	// [-H(alpha)]G1Aff
 	var negH bw6761.G1Affine
-	negH.Neg(&_proof.H)
+	negH.Neg(&proof.H)
 
 	// [alpha-a]G2Jac
 	var alphaMinusaG2Jac, genG2Jac, alphaG2Jac bw6761.G2Jac
 	var pointBigInt big.Int
-	_proof.Point.ToBigIntRegular(&pointBigInt)
+	proof.Point.ToBigIntRegular(&pointBigInt)
 	genG2Jac.FromAffine(&s.SRS.G2[0])
 	alphaG2Jac.FromAffine(&s.SRS.G2[1])
 	alphaMinusaG2Jac.ScalarMultiplication(&genG2Jac, &pointBigInt).
@@ -388,13 +383,17 @@ func (s *Scheme) Verify(d polynomial.Digest, proof polynomial.OpeningProof) erro
 		return err
 	}
 	if !check {
-		return polynomial.ErrVerifyOpeningProof
+		return ErrVerifyOpeningProof
 	}
 	return nil
 }
 
-// BatchOpenSinglePoint creates a batch opening proof of several polynomials at a single point
-func (s *Scheme) BatchOpenSinglePoint(point interface{}, digests []polynomial.Digest, polynomials []polynomial.Polynomial) (polynomial.BatchOpeningProofSinglePoint, error) {
+// BatchOpenSinglePoint creates a batch opening proof at _val of a list of polynomials.
+// It's an interactive protocol, made non interactive using Fiat Shamir.
+// point is the point at which the polynomials are opened.
+// digests is the list of committed polynomials to open, need to derive the challenge using Fiat Shamir.
+// polynomials is the list of polynomials to open.
+func (s *Scheme) BatchOpenSinglePoint(point *fr.Element, digests []Digest, polynomials []polynomial.Polynomial) (*BatchProofsSinglePoint, error) {
 
 	nbDigests := len(digests)
 	if nbDigests != len(polynomials) {
@@ -406,11 +405,11 @@ func (s *Scheme) BatchOpenSinglePoint(point interface{}, digests []polynomial.Di
 	// compute the purported values
 	res.ClaimedValues = make([]fr.Element, len(polynomials))
 	for i := 0; i < len(polynomials); i++ {
-		res.ClaimedValues[i] = polynomials[i].Eval(point).(fr.Element)
+		res.ClaimedValues[i] = polynomials[i].Eval(point)
 	}
 
 	// set the point at which the evaluation is done
-	res.Point.SetInterface(point)
+	res.Point.Set(point)
 
 	// derive the challenge gamma, binded to the point and the commitments
 	fs := fiatshamir.NewTranscript(fiatshamir.SHA256, "gamma")
@@ -441,33 +440,34 @@ func (s *Scheme) BatchOpenSinglePoint(point interface{}, digests []polynomial.Di
 	}
 
 	// compute H
-	_sumGammaiTimesPol := sumGammaiTimesPol.(*bw6761_pol.Polynomial)
-	h := dividePolyByXminusA(s.Domain, *_sumGammaiTimesPol, sumGammaiTimesEval, res.Point)
-	c, err := s.Commit(&h)
+	h := dividePolyByXminusA(s.Domain, sumGammaiTimesPol, sumGammaiTimesEval, res.Point)
+	c, err := s.Commit(h)
 	if err != nil {
 		return nil, err
 	}
 
-	_c := c.(*Digest)
-	res.H.Set(&_c.data)
+	res.H.Set(&c.data)
 
 	return &res, nil
 }
 
-func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpeningProof polynomial.BatchOpeningProofSinglePoint) error {
+// BatchVerifySinglePoint verifies a batched opening proof at a single point of a list of polynomials.
+// point: point at which the polynomials are evaluated
+// claimedValues: claimed values of the polynomials at _val
+// commitments: list of commitments to the polynomials which are opened
+// batchOpeningProof: the batched opening proof at a single point of the polynomials.
+func (s *Scheme) BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchProofsSinglePoint) error {
 
 	nbDigests := len(digests)
 
-	_batchOpeningProof := batchOpeningProof.(*BatchProofsSinglePoint)
-
 	// check consistancy between numbers of claims vs number of digests
-	if len(digests) != len(_batchOpeningProof.ClaimedValues) {
+	if len(digests) != len(batchOpeningProof.ClaimedValues) {
 		return errNbDigestsNeqNbPolynomials
 	}
 
 	// derive the challenge gamma, binded to the point and the commitments
 	fs := fiatshamir.NewTranscript(fiatshamir.SHA256, "gamma")
-	err := fs.Bind("gamma", _batchOpeningProof.Point.Marshal())
+	err := fs.Bind("gamma", batchOpeningProof.Point.Marshal())
 	if err != nil {
 		return err
 	}
@@ -485,10 +485,10 @@ func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpenin
 	gamma.SetBytes(gammaByte)
 
 	var sumGammaiTimesEval fr.Element
-	sumGammaiTimesEval.Set(&_batchOpeningProof.ClaimedValues[nbDigests-1])
+	sumGammaiTimesEval.Set(&batchOpeningProof.ClaimedValues[nbDigests-1])
 	for i := nbDigests - 2; i >= 0; i-- {
 		sumGammaiTimesEval.Mul(&sumGammaiTimesEval, &gamma).
-			Add(&sumGammaiTimesEval, &_batchOpeningProof.ClaimedValues[i])
+			Add(&sumGammaiTimesEval, &batchOpeningProof.ClaimedValues[i])
 	}
 
 	var sumGammaiTimesEvalBigInt big.Int
@@ -507,8 +507,7 @@ func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpenin
 	var sumGammaiTimesDigestsG1Aff bw6761.G1Affine
 	_digests := make([]bw6761.G1Affine, len(digests))
 	for i := 0; i < len(digests); i++ {
-		_d := digests[i].(*Digest)
-		_digests[i].Set(&_d.data)
+		_digests[i].Set(&digests[i].data)
 	}
 
 	sumGammaiTimesDigestsG1Aff.MultiExp(_digests, gammai)
@@ -524,7 +523,7 @@ func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpenin
 	// [alpha-a]G2Jac
 	var alphaMinusaG2Jac, genG2Jac, alphaG2Jac bw6761.G2Jac
 	var pointBigInt big.Int
-	_batchOpeningProof.Point.ToBigIntRegular(&pointBigInt)
+	batchOpeningProof.Point.ToBigIntRegular(&pointBigInt)
 	genG2Jac.FromAffine(&s.SRS.G2[0])
 	alphaG2Jac.FromAffine(&s.SRS.G2[1])
 	alphaMinusaG2Jac.ScalarMultiplication(&genG2Jac, &pointBigInt).
@@ -537,7 +536,7 @@ func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpenin
 
 	// [-H(alpha)]G1Aff
 	var negH bw6761.G1Affine
-	negH.Neg(&_batchOpeningProof.H)
+	negH.Neg(&batchOpeningProof.H)
 
 	// check the pairing equation
 	check, err := bw6761.PairingCheck(
@@ -548,7 +547,7 @@ func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpenin
 		return err
 	}
 	if !check {
-		return polynomial.ErrVerifyBatchOpeningSinglePoint
+		return ErrVerifyBatchOpeningSinglePoint
 	}
 	return nil
 }
diff --git a/ecc/bw6-761/fr/polynomial/kzg/kzg_test.go b/ecc/bw6-761/fr/polynomial/kzg/kzg_test.go
index 20c393ef0..4c27fd0fe 100644
--- a/ecc/bw6-761/fr/polynomial/kzg/kzg_test.go
+++ b/ecc/bw6-761/fr/polynomial/kzg/kzg_test.go
@@ -25,8 +25,7 @@ import (
 	"github.com/consensys/gnark-crypto/ecc/bw6-761"
 	"github.com/consensys/gnark-crypto/ecc/bw6-761/fr"
 	"github.com/consensys/gnark-crypto/ecc/bw6-761/fr/fft"
-	bw6761_pol "github.com/consensys/gnark-crypto/ecc/bw6-761/fr/polynomial"
-	"github.com/consensys/gnark-crypto/polynomial"
+	"github.com/consensys/gnark-crypto/ecc/bw6-761/fr/polynomial"
 )
 
 var _alphaSetup fr.Element
@@ -36,8 +35,8 @@ func init() {
 	_alphaSetup.SetString("1234")
 }
 
-func randomPolynomial(size int) bw6761_pol.Polynomial {
-	f := make(bw6761_pol.Polynomial, size)
+func randomPolynomial(size int) polynomial.Polynomial {
+	f := make(polynomial.Polynomial, size)
 	for i := 0; i < size; i++ {
 		f[i].SetRandom()
 	}
@@ -51,7 +50,7 @@ func TestDividePolyByXminusA(t *testing.T) {
 	domain := fft.NewDomain(uint64(sizePol), 0, false)
 
 	// build random polynomial
-	pol := make(bw6761_pol.Polynomial, sizePol)
+	pol := make(polynomial.Polynomial, sizePol)
 	for i := 0; i < sizePol; i++ {
 		pol[i].SetRandom()
 	}
@@ -59,7 +58,7 @@ func TestDividePolyByXminusA(t *testing.T) {
 	// evaluate the polynomial at a random point
 	var point fr.Element
 	point.SetRandom()
-	evaluation := pol.Eval(&point).(fr.Element)
+	evaluation := pol.Eval(&point)
 
 	// compute f-f(a)/x-a
 	h := dividePolyByXminusA(*domain, pol, evaluation, point)
@@ -72,10 +71,10 @@ func TestDividePolyByXminusA(t *testing.T) {
 	var randPoint, xminusa fr.Element
 	randPoint.SetRandom()
 
-	polRandpoint := pol.Eval(&randPoint).(fr.Element)
+	polRandpoint := pol.Eval(&randPoint)
 	polRandpoint.Sub(&polRandpoint, &evaluation) // f(rand)-f(point)
 
-	hRandPoint := h.Eval(&randPoint).(fr.Element)
+	hRandPoint := h.Eval(&randPoint)
 	xminusa.Sub(&randPoint, &point) // rand-point
 
 	// f(rand)-f(point)	==? h(rand)*(rand-point)
@@ -118,13 +117,13 @@ func TestCommit(t *testing.T) {
 	s := NewScheme(64, _alphaSetup)
 
 	// create a polynomial
-	f := make(bw6761_pol.Polynomial, 60)
+	f := make(polynomial.Polynomial, 60)
 	for i := 0; i < 60; i++ {
 		f[i].SetRandom()
 	}
 
 	// commit using the method from KZG
-	_kzgCommit, err := s.Commit(&f)
+	_kzgCommit, err := s.Commit(f)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -134,7 +133,7 @@ func TestCommit(t *testing.T) {
 	// check commitment using manual commit
 	var x fr.Element
 	x.SetString("1234")
-	fx := f.Eval(&x).(fr.Element)
+	fx := f.Eval(&x)
 	var fxbi big.Int
 	fx.ToBigIntRegular(&fxbi)
 	var manualCommit bw6761.G1Affine
@@ -157,7 +156,7 @@ func TestVerifySinglePoint(t *testing.T) {
 	f := randomPolynomial(60)
 
 	// commit the polynomial
-	digest, err := s.Commit(&f)
+	digest, err := s.Commit(f)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -165,28 +164,26 @@ func TestVerifySinglePoint(t *testing.T) {
 	// compute opening proof at a random point
 	var point fr.Element
 	point.SetString("4321")
-	proof, err := s.Open(&point, &f)
+	proof, err := s.Open(&point, f)
 	if err != nil {
 		t.Fatal(err)
 	}
 
 	// verify the claimed valued
-	_proof := proof.(*Proof)
-	expected := f.Eval(point).(fr.Element)
-	if !_proof.ClaimedValue.Equal(&expected) {
+	expected := f.Eval(&point)
+	if !proof.ClaimedValue.Equal(&expected) {
 		t.Fatal("inconsistant claimed value")
 	}
 
 	// verify correct proof
-	err = s.Verify(digest, proof)
+	err = s.Verify(&digest, &proof)
 	if err != nil {
 		t.Fatal(err)
 	}
 
 	// verify wrong proof
-	_proof = proof.(*Proof)
-	_proof.ClaimedValue.Double(&_proof.ClaimedValue)
-	err = s.Verify(digest, _proof)
+	proof.ClaimedValue.Double(&proof.ClaimedValue)
+	err = s.Verify(&digest, &proof)
 	if err == nil {
 		t.Fatal("verifying wrong proof should have failed")
 	}
@@ -200,12 +197,11 @@ func TestBatchVerifySinglePoint(t *testing.T) {
 	// create polynomials
 	f := make([]polynomial.Polynomial, 10)
 	for i := 0; i < 10; i++ {
-		_f := randomPolynomial(60)
-		f[i] = &_f
+		f[i] = randomPolynomial(60)
 	}
 
 	// commit the polynomials
-	digests := make([]polynomial.Digest, 10)
+	digests := make([]Digest, 10)
 	for i := 0; i < 10; i++ {
 		digests[i], _ = s.Commit(f[i])
 
@@ -220,10 +216,9 @@ func TestBatchVerifySinglePoint(t *testing.T) {
 	}
 
 	// verify the claimed values
-	_proof := proof.(*BatchProofsSinglePoint)
 	for i := 0; i < 10; i++ {
-		expectedClaim := f[i].Eval(point).(fr.Element)
-		if !expectedClaim.Equal(&_proof.ClaimedValues[i]) {
+		expectedClaim := f[i].Eval(&point)
+		if !expectedClaim.Equal(&proof.ClaimedValues[i]) {
 			t.Fatal("inconsistant claimed values")
 		}
 	}
@@ -235,8 +230,8 @@ func TestBatchVerifySinglePoint(t *testing.T) {
 	}
 
 	// verify wrong proof
-	_proof.ClaimedValues[0].Double(&_proof.ClaimedValues[0])
-	err = s.BatchVerifySinglePoint(digests, _proof)
+	proof.ClaimedValues[0].Double(&proof.ClaimedValues[0])
+	err = s.BatchVerifySinglePoint(digests, proof)
 	if err == nil {
 		t.Fatal("verifying wrong proof should have failed")
 	}
@@ -254,7 +249,7 @@ func BenchmarkKZGCommit(b *testing.B) {
 
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
-		_, _ = s.Commit(&p)
+		_, _ = s.Commit(p)
 	}
 }
 
@@ -269,7 +264,7 @@ func BenchmarkKZGOpen(b *testing.B) {
 
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
-		_, _ = s.Open(r, &p)
+		_, _ = s.Open(&r, p)
 	}
 }
 
@@ -283,20 +278,20 @@ func BenchmarkKZGVerify(b *testing.B) {
 	r.SetRandom()
 
 	// commit
-	comm, err := s.Commit(&p)
+	comm, err := s.Commit(p)
 	if err != nil {
 		b.Fatal(err)
 	}
 
 	// open
-	openingProof, err := s.Open(r, &p)
+	openingProof, err := s.Open(&r, p)
 	if err != nil {
 		b.Fatal(err)
 	}
 
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
-		s.Verify(comm, openingProof)
+		s.Verify(&comm, &openingProof)
 	}
 }
 
@@ -307,12 +302,11 @@ func BenchmarkKZGBatchOpen10(b *testing.B) {
 	// 10 random polynomials
 	var ps [10]polynomial.Polynomial
 	for i := 0; i < 10; i++ {
-		_p := randomPolynomial(benchSize / 2)
-		ps[i] = &_p
+		ps[i] = randomPolynomial(benchSize / 2)
 	}
 
 	// commitments
-	var commitments [10]polynomial.Digest
+	var commitments [10]Digest
 	for i := 0; i < 10; i++ {
 		commitments[i], _ = s.Commit(ps[i])
 	}
@@ -322,7 +316,7 @@ func BenchmarkKZGBatchOpen10(b *testing.B) {
 
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
-		s.BatchOpenSinglePoint(r, commitments[:], ps[:])
+		s.BatchOpenSinglePoint(&r, commitments[:], ps[:])
 	}
 }
 
@@ -333,12 +327,11 @@ func BenchmarkKZGBatchVerify10(b *testing.B) {
 	// 10 random polynomials
 	var ps [10]polynomial.Polynomial
 	for i := 0; i < 10; i++ {
-		_p := randomPolynomial(benchSize / 2)
-		ps[i] = &_p
+		ps[i] = randomPolynomial(benchSize / 2)
 	}
 
 	// commitments
-	var commitments [10]polynomial.Digest
+	var commitments [10]Digest
 	for i := 0; i < 10; i++ {
 		commitments[i], _ = s.Commit(ps[i])
 	}
@@ -346,7 +339,7 @@ func BenchmarkKZGBatchVerify10(b *testing.B) {
 	var r fr.Element
 	r.SetRandom()
 
-	proof, err := s.BatchOpenSinglePoint(r, commitments[:], ps[:])
+	proof, err := s.BatchOpenSinglePoint(&r, commitments[:], ps[:])
 	if err != nil {
 		b.Fatal(err)
 	}
diff --git a/ecc/bw6-761/fr/polynomial/polynomial.go b/ecc/bw6-761/fr/polynomial/polynomial.go
index 325a0ad40..002ba542d 100644
--- a/ecc/bw6-761/fr/polynomial/polynomial.go
+++ b/ecc/bw6-761/fr/polynomial/polynomial.go
@@ -18,7 +18,6 @@ package polynomial
 
 import (
 	"github.com/consensys/gnark-crypto/ecc/bw6-761/fr"
-	"github.com/consensys/gnark-crypto/polynomial"
 )
 
 // Polynomial polynomial represented by coefficients bn254 fr field.
@@ -31,13 +30,11 @@ func (p *Polynomial) Degree() uint64 {
 
 // Eval evaluates p at v
 // returns a fr.Element
-func (p *Polynomial) Eval(v interface{}) interface{} {
-	var _v fr.Element
-	_v.SetInterface(v)
+func (p *Polynomial) Eval(v *fr.Element) fr.Element {
 
 	res := (*p)[len(*p)-1]
 	for i := len(*p) - 2; i >= 0; i-- {
-		res.Mul(&res, &_v)
+		res.Mul(&res, v)
 		res.Add(&res, &(*p)[i])
 	}
 
@@ -45,48 +42,39 @@ func (p *Polynomial) Eval(v interface{}) interface{} {
 }
 
 // Clone returns a copy of the polynomial
-func (p *Polynomial) Clone() polynomial.Polynomial {
+func (p *Polynomial) Clone() Polynomial {
 	_p := make(Polynomial, len(*p))
 	copy(_p, *p)
-	return &_p
+	return _p
 }
 
 // AddConstantInPlace adds a constant to the polynomial, modifying p
-func (p *Polynomial) AddConstantInPlace(c interface{}) {
-	var _c fr.Element
-	_c.SetInterface(c)
-
+func (p *Polynomial) AddConstantInPlace(c *fr.Element) {
 	for i := 0; i < len(*p); i++ {
-		(*p)[i].Add(&(*p)[i], &_c)
+		(*p)[i].Add(&(*p)[i], c)
 	}
 }
 
 // SubConstantInPlace subs a constant to the polynomial, modifying p
-func (p *Polynomial) SubConstantInPlace(c interface{}) {
-	var _c fr.Element
-	_c.SetInterface(c)
-
+func (p *Polynomial) SubConstantInPlace(c *fr.Element) {
 	for i := 0; i < len(*p); i++ {
-		(*p)[i].Sub(&(*p)[i], &_c)
+		(*p)[i].Sub(&(*p)[i], c)
 	}
 }
 
 // ScaleInPlace multiplies p by v, modifying p
-func (p *Polynomial) ScaleInPlace(c interface{}) {
-	var _c fr.Element
-	_c.SetInterface(c)
-
+func (p *Polynomial) ScaleInPlace(c *fr.Element) {
 	for i := 0; i < len(*p); i++ {
-		(*p)[i].Mul(&(*p)[i], &_c)
+		(*p)[i].Mul(&(*p)[i], c)
 	}
 }
 
 // Add adds p1 to p2
 // This function allocates a new slice unless p == p1 or p == p2
-func (p *Polynomial) Add(p1, p2 polynomial.Polynomial) polynomial.Polynomial {
+func (p *Polynomial) Add(p1, p2 Polynomial) *Polynomial {
 
-	bigger := *(p1.(*Polynomial))
-	smaller := *(p2.(*Polynomial))
+	bigger := p1
+	smaller := p2
 	if len(bigger) < len(smaller) {
 		bigger, smaller = smaller, bigger
 	}
@@ -116,18 +104,17 @@ func (p *Polynomial) Add(p1, p2 polynomial.Polynomial) polynomial.Polynomial {
 }
 
 // Equal checks equality between two polynomials
-func (p *Polynomial) Equal(p1 polynomial.Polynomial) bool {
-	_p1 := *(p1.(*Polynomial))
-	if (p == nil) != (_p1 == nil) {
+func (p *Polynomial) Equal(p1 Polynomial) bool {
+	if (*p == nil) != (p1 == nil) {
 		return false
 	}
 
-	if len(*p) != len(_p1) {
+	if len(*p) != len(p1) {
 		return false
 	}
 
-	for i := range _p1 {
-		if !(*p)[i].Equal(&_p1[i]) {
+	for i := range p1 {
+		if !(*p)[i].Equal(&p1[i]) {
 			return false
 		}
 	}
diff --git a/ecc/bw6-761/fr/polynomial/polynomial_test.go b/ecc/bw6-761/fr/polynomial/polynomial_test.go
index c01bc531c..8a00a1daa 100644
--- a/ecc/bw6-761/fr/polynomial/polynomial_test.go
+++ b/ecc/bw6-761/fr/polynomial/polynomial_test.go
@@ -46,7 +46,7 @@ func TestPolynomialEval(t *testing.T) {
 	expectedEval.Div(&expectedEval, &den)
 
 	// compute purported evaluation
-	purportedEval := f.Eval(&point).(fr.Element)
+	purportedEval := f.Eval(&point)
 
 	// check
 	if !purportedEval.Equal(&expectedEval) {
@@ -160,27 +160,27 @@ func TestPolynomialAdd(t *testing.T) {
 
 	// caller is empty
 	var g Polynomial
-	g.Add(&f1, &f2)
-	if !g.Equal(&expectedSum) {
+	g.Add(f1, f2)
+	if !g.Equal(expectedSum) {
 		t.Fatal("add polynomials fails")
 	}
-	if !f1.Equal(&f1Backup) {
+	if !f1.Equal(f1Backup) {
 		t.Fatal("side effect, f1 should not have been modified")
 	}
-	if !f2.Equal(&f2Backup) {
+	if !f2.Equal(f2Backup) {
 		t.Fatal("side effect, f2 should not have been modified")
 	}
 
 	// all operands are distincts
 	_f1 := f1.Clone()
-	_f1.Add(&f1, &f2)
-	if !_f1.Equal(&expectedSum) {
+	_f1.Add(f1, f2)
+	if !_f1.Equal(expectedSum) {
 		t.Fatal("add polynomials fails")
 	}
-	if !f1.Equal(&f1Backup) {
+	if !f1.Equal(f1Backup) {
 		t.Fatal("side effect, f1 should not have been modified")
 	}
-	if !f2.Equal(&f2Backup) {
+	if !f2.Equal(f2Backup) {
 		t.Fatal("side effect, f2 should not have been modified")
 	}
 
@@ -188,10 +188,10 @@ func TestPolynomialAdd(t *testing.T) {
 	_f1 = f1.Clone()
 	_f2 := f2.Clone()
 	_f1.Add(_f1, _f2)
-	if !_f1.Equal(&expectedSum) {
+	if !_f1.Equal(expectedSum) {
 		t.Fatal("add polynomials fails")
 	}
-	if !_f2.Equal(&f2Backup) {
+	if !_f2.Equal(f2Backup) {
 		t.Fatal("side effect, _f2 should not have been modified")
 	}
 
@@ -199,10 +199,10 @@ func TestPolynomialAdd(t *testing.T) {
 	_f1 = f1.Clone()
 	_f2 = f2.Clone()
 	_f1.Add(_f2, _f1)
-	if !_f1.Equal(&expectedSum) {
+	if !_f1.Equal(expectedSum) {
 		t.Fatal("add polynomials fails")
 	}
-	if !_f2.Equal(&f2Backup) {
+	if !_f2.Equal(f2Backup) {
 		t.Fatal("side effect, _f2 should not have been modified")
 	}
 }
diff --git a/internal/generator/polynomial/template/commitment_kzg/kzg.go.tmpl b/internal/generator/polynomial/template/commitment_kzg/kzg.go.tmpl
index 80ac72b7a..6fb038392 100644
--- a/internal/generator/polynomial/template/commitment_kzg/kzg.go.tmpl
+++ b/internal/generator/polynomial/template/commitment_kzg/kzg.go.tmpl
@@ -6,10 +6,9 @@ import (
 	"github.com/consensys/gnark-crypto/ecc/{{ .Name }}"
 	"github.com/consensys/gnark-crypto/ecc/{{ .Name }}/fr"
 	"github.com/consensys/gnark-crypto/ecc/{{ .Name }}/fr/fft"
-	{{ .CurvePackage }}_pol "github.com/consensys/gnark-crypto/ecc/{{ .Name }}/fr/polynomial"
+	"github.com/consensys/gnark-crypto/ecc/{{ .Name }}/fr/polynomial"
 	fiatshamir "github.com/consensys/gnark-crypto/fiat-shamir"
 	"github.com/consensys/gnark-crypto/internal/parallel"
-	"github.com/consensys/gnark-crypto/polynomial"
 )
 
 var (
@@ -17,6 +16,11 @@ var (
 	errUnsupportedSize           = errors.New("the size of the polynomials exceeds the capacity of the SRS")
 )
 
+var (
+	ErrVerifyOpeningProof            = errors.New("error verifying opening proof")
+	ErrVerifyBatchOpeningSinglePoint = errors.New("error verifying batch opening proof at single point")
+)
+
 // Digest commitment of a polynomial.
 type Digest struct {
 	data {{ .CurvePackage }}.G1Affine
@@ -81,7 +85,7 @@ func NewScheme(size int, alpha fr.Element) *Scheme {
 }
 
 // Clone returns a copy of d
-func (d *Digest) Clone() polynomial.Digest {
+func (d *Digest) Clone() *Digest {
 	var res Digest
 	res.data.Set(&d.data)
 	return &res
@@ -103,12 +107,10 @@ func (d *Digest) Unmarshal(buf []byte) error {
 
 // Add adds two digest. The API and behaviour mimics {{ .CurvePackage }}.G1Affine's,
 // i.e. the caller is modified.
-func (d *Digest) Add(d1, d2 polynomial.Digest) polynomial.Digest {
-	_d1 := d1.(*Digest)
-	_d2 := d2.(*Digest)
+func (d *Digest) Add(d1, d2 *Digest) *Digest {
 	var p1, p2 {{ .CurvePackage }}.G1Jac
-	p1.FromAffine(&_d1.data)
-	p2.FromAffine(&_d2.data)
+	p1.FromAffine(&d1.data)
+	p2.FromAffine(&d2.data)
 	p1.AddAssign(&p2)
 	d.data.FromJacobian(&p1)
 	return d
@@ -116,12 +118,10 @@ func (d *Digest) Add(d1, d2 polynomial.Digest) polynomial.Digest {
 
 // Sub adds two digest. The API and behaviour mimics {{ .CurvePackage }}.G1Affine's,
 // i.e. the caller is modified.
-func (d *Digest) Sub(d1, d2 polynomial.Digest) polynomial.Digest {
-	_d1 := d1.(*Digest)
-	_d2 := d2.(*Digest)
+func (d *Digest) Sub(d1, d2 *Digest) *Digest {
 	var p1, p2 {{ .CurvePackage }}.G1Jac
-	p1.FromAffine(&_d1.data)
-	p2.FromAffine(&_d2.data)
+	p1.FromAffine(&d1.data)
+	p2.FromAffine(&d2.data)
 	p1.SubAssign(&p2)
 	d.data.FromJacobian(&p1)
 	return d
@@ -129,10 +129,9 @@ func (d *Digest) Sub(d1, d2 polynomial.Digest) polynomial.Digest {
 
 // Add adds two digest. The API and behaviour mimics {{ .CurvePackage }}.G1Affine's,
 // i.e. the caller is modified.
-func (d *Digest) ScalarMul(d1 polynomial.Digest, s big.Int) polynomial.Digest {
-	_d1 := d1.(*Digest)
+func (d *Digest) ScalarMul(d1 *Digest, s big.Int) *Digest {
 	var p1 {{ .CurvePackage }}.G1Affine
-	p1.Set(&_d1.data)
+	p1.Set(&d1.data)
 	p1.ScalarMultiplication(&p1, &s)
 	d.data.Set(&p1)
 	return d
@@ -264,20 +263,20 @@ func (s *Scheme) ReadFrom(r io.Reader) (int64, error) {
 
 // Commit commits to a polynomial using a multi exponentiation with the SRS.
 // It is assumed that the polynomial is in canonical form, in Montgomery form.
-func (s *Scheme) Commit(p polynomial.Polynomial) (polynomial.Digest, error) {
+func (s *Scheme) Commit(p polynomial.Polynomial) (Digest, error) {
 
 	if p.Degree() >= s.Domain.Cardinality {
-		return nil, errUnsupportedSize
+		return Digest{}, errUnsupportedSize
 	}
 
 	var _res {{ .CurvePackage }}.G1Affine
-	_p := p.(*{{ .CurvePackage }}_pol.Polynomial)
+	
 
 	// ensure we don't modify p
-	pCopy := make({{ .CurvePackage }}_pol.Polynomial, s.Domain.Cardinality)
-	copy(pCopy, *_p)
+	pCopy := make(polynomial.Polynomial, s.Domain.Cardinality)
+	copy(pCopy, p)
 
-	parallel.Execute(len(*_p), func(start, end int) {
+	parallel.Execute(len(p), func(start, end int) {
 		for i := start; i < end; i++ {
 			pCopy[i].FromMont()
 		}
@@ -287,50 +286,47 @@ func (s *Scheme) Commit(p polynomial.Polynomial) (polynomial.Digest, error) {
 	var res Digest
 	res.data.Set(&_res)
 
-	return &res, nil
+	return res, nil
 }
 
-// Open computes an opening proof of _p at _val.
+// Open computes an opening proof of p at _val.
 // Returns a MockProof, which is an empty interface.
-func (s *Scheme) Open(point interface{}, p polynomial.Polynomial) (polynomial.OpeningProof, error) {
+func (s *Scheme) Open(point *fr.Element, p polynomial.Polynomial) (Proof, error) {
 
 	if p.Degree() >= s.Domain.Cardinality {
 		panic("[Open] Size of polynomial exceeds the size supported by the scheme")
 	}
 
 	// build the proof
-	var res Proof
-	claimedValue := p.Eval(point)
-	res.Point.SetInterface(point)
-	res.ClaimedValue.SetInterface(claimedValue)
+	res := Proof{
+		Point: *point,
+		ClaimedValue: p.Eval(point),
+	}
 
 	// compute H
-	_p := p.(*{{ .CurvePackage }}_pol.Polynomial)
-	h := dividePolyByXminusA(s.Domain, *_p, res.ClaimedValue, res.Point)
+	
+	h := dividePolyByXminusA(s.Domain, p, res.ClaimedValue, res.Point)
 
 	// commit to H
-	c, err := s.Commit(&h)
+	c, err := s.Commit(h)
 	if err != nil {
-		return nil, err
+		return Proof{}, err
 	}
-	_c := c.(*Digest)
-	res.H.Set(&_c.data)
+	res.H.Set(&c.data)
 
-	return &res, nil
+	return res, nil
 }
 
 // Verify verifies a KZG opening proof at a single point
-func (s *Scheme) Verify(d polynomial.Digest, proof polynomial.OpeningProof) error {
+func (s *Scheme) Verify(d *Digest, proof *Proof) error {
 
-	_d := d.(*Digest)
 	var _commitment {{ .CurvePackage }}.G1Affine
-	_commitment.Set(&_d.data)
-	_proof := proof.(*Proof)
+	_commitment.Set(&d.data)
 
 	// comm(f(a))
 	var claimedValueG1Aff {{ .CurvePackage }}.G1Affine
 	var claimedValueBigInt big.Int
-	_proof.ClaimedValue.ToBigIntRegular(&claimedValueBigInt)
+	proof.ClaimedValue.ToBigIntRegular(&claimedValueBigInt)
 	claimedValueG1Aff.ScalarMultiplication(&s.SRS.G1[0], &claimedValueBigInt)
 
 	// [f(alpha) - f(a)]G1Jac
@@ -341,12 +337,12 @@ func (s *Scheme) Verify(d polynomial.Digest, proof polynomial.OpeningProof) erro
 
 	// [-H(alpha)]G1Aff
 	var negH {{ .CurvePackage }}.G1Affine
-	negH.Neg(&_proof.H)
+	negH.Neg(&proof.H)
 
 	// [alpha-a]G2Jac
 	var alphaMinusaG2Jac, genG2Jac, alphaG2Jac {{ .CurvePackage }}.G2Jac
 	var pointBigInt big.Int
-	_proof.Point.ToBigIntRegular(&pointBigInt)
+	proof.Point.ToBigIntRegular(&pointBigInt)
 	genG2Jac.FromAffine(&s.SRS.G2[0])
 	alphaG2Jac.FromAffine(&s.SRS.G2[1])
 	alphaMinusaG2Jac.ScalarMultiplication(&genG2Jac, &pointBigInt).
@@ -370,13 +366,17 @@ func (s *Scheme) Verify(d polynomial.Digest, proof polynomial.OpeningProof) erro
 		return err
 	}
 	if !check {
-		return polynomial.ErrVerifyOpeningProof
+		return ErrVerifyOpeningProof
 	}
 	return nil
 }
 
-// BatchOpenSinglePoint creates a batch opening proof of several polynomials at a single point
-func (s *Scheme) BatchOpenSinglePoint(point interface{}, digests []polynomial.Digest, polynomials []polynomial.Polynomial) (polynomial.BatchOpeningProofSinglePoint, error) {
+// BatchOpenSinglePoint creates a batch opening proof at _val of a list of polynomials.
+// It's an interactive protocol, made non interactive using Fiat Shamir.
+// point is the point at which the polynomials are opened.
+// digests is the list of committed polynomials to open, need to derive the challenge using Fiat Shamir.
+// polynomials is the list of polynomials to open.
+func (s *Scheme) BatchOpenSinglePoint(point *fr.Element, digests []Digest, polynomials []polynomial.Polynomial) (*BatchProofsSinglePoint, error) {
 
 	nbDigests := len(digests)
 	if nbDigests != len(polynomials) {
@@ -388,11 +388,11 @@ func (s *Scheme) BatchOpenSinglePoint(point interface{}, digests []polynomial.Di
 	// compute the purported values
 	res.ClaimedValues = make([]fr.Element, len(polynomials))
 	for i := 0; i < len(polynomials); i++ {
-		res.ClaimedValues[i] = polynomials[i].Eval(point).(fr.Element)
+		res.ClaimedValues[i] = polynomials[i].Eval(point)
 	}
 
 	// set the point at which the evaluation is done
-	res.Point.SetInterface(point)
+	res.Point.Set(point)
 
 	// derive the challenge gamma, binded to the point and the commitments
 	fs := fiatshamir.NewTranscript(fiatshamir.SHA256, "gamma")
@@ -423,33 +423,35 @@ func (s *Scheme) BatchOpenSinglePoint(point interface{}, digests []polynomial.Di
 	}
 
 	// compute H
-	_sumGammaiTimesPol := sumGammaiTimesPol.(*{{ .CurvePackage }}_pol.Polynomial)
-	h := dividePolyByXminusA(s.Domain, *_sumGammaiTimesPol, sumGammaiTimesEval, res.Point)
-	c, err := s.Commit(&h)
+	h := dividePolyByXminusA(s.Domain, sumGammaiTimesPol, sumGammaiTimesEval, res.Point)
+	c, err := s.Commit(h)
 	if err != nil {
 		return nil, err
 	}
 
-	_c := c.(*Digest)
-	res.H.Set(&_c.data)
+	res.H.Set(&c.data)
 
 	return &res, nil
 }
 
-func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpeningProof polynomial.BatchOpeningProofSinglePoint) error {
+// BatchVerifySinglePoint verifies a batched opening proof at a single point of a list of polynomials.
+// point: point at which the polynomials are evaluated
+// claimedValues: claimed values of the polynomials at _val
+// commitments: list of commitments to the polynomials which are opened
+// batchOpeningProof: the batched opening proof at a single point of the polynomials.
+func (s *Scheme) BatchVerifySinglePoint(digests []Digest, batchOpeningProof *BatchProofsSinglePoint) error {
 
 	nbDigests := len(digests)
 
-	_batchOpeningProof := batchOpeningProof.(*BatchProofsSinglePoint)
 
 	// check consistancy between numbers of claims vs number of digests
-	if len(digests) != len(_batchOpeningProof.ClaimedValues) {
+	if len(digests) != len(batchOpeningProof.ClaimedValues) {
 		return errNbDigestsNeqNbPolynomials
 	}
 
 	// derive the challenge gamma, binded to the point and the commitments
 	fs := fiatshamir.NewTranscript(fiatshamir.SHA256, "gamma")
-	err := fs.Bind("gamma", _batchOpeningProof.Point.Marshal())
+	err := fs.Bind("gamma", batchOpeningProof.Point.Marshal())
 	if err != nil {
 		return err
 	}
@@ -467,10 +469,10 @@ func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpenin
 	gamma.SetBytes(gammaByte)
 
 	var sumGammaiTimesEval fr.Element
-	sumGammaiTimesEval.Set(&_batchOpeningProof.ClaimedValues[nbDigests-1])
+	sumGammaiTimesEval.Set(&batchOpeningProof.ClaimedValues[nbDigests-1])
 	for i := nbDigests - 2; i >= 0; i-- {
 		sumGammaiTimesEval.Mul(&sumGammaiTimesEval, &gamma).
-			Add(&sumGammaiTimesEval, &_batchOpeningProof.ClaimedValues[i])
+			Add(&sumGammaiTimesEval, &batchOpeningProof.ClaimedValues[i])
 	}
 
 	var sumGammaiTimesEvalBigInt big.Int
@@ -489,8 +491,7 @@ func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpenin
 	var sumGammaiTimesDigestsG1Aff {{ .CurvePackage }}.G1Affine
 	_digests := make([]{{ .CurvePackage }}.G1Affine, len(digests))
 	for i := 0; i < len(digests); i++ {
-		_d := digests[i].(*Digest)
-		_digests[i].Set(&_d.data)
+		_digests[i].Set(&digests[i].data)
 	}
 
 	sumGammaiTimesDigestsG1Aff.MultiExp(_digests, gammai)
@@ -506,7 +507,7 @@ func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpenin
 	// [alpha-a]G2Jac
 	var alphaMinusaG2Jac, genG2Jac, alphaG2Jac {{ .CurvePackage }}.G2Jac
 	var pointBigInt big.Int
-	_batchOpeningProof.Point.ToBigIntRegular(&pointBigInt)
+	batchOpeningProof.Point.ToBigIntRegular(&pointBigInt)
 	genG2Jac.FromAffine(&s.SRS.G2[0])
 	alphaG2Jac.FromAffine(&s.SRS.G2[1])
 	alphaMinusaG2Jac.ScalarMultiplication(&genG2Jac, &pointBigInt).
@@ -519,7 +520,7 @@ func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpenin
 
 	// [-H(alpha)]G1Aff
 	var negH {{ .CurvePackage }}.G1Affine
-	negH.Neg(&_batchOpeningProof.H)
+	negH.Neg(&batchOpeningProof.H)
 
 	// check the pairing equation
 	check, err := {{ .CurvePackage }}.PairingCheck(
@@ -530,7 +531,7 @@ func (s *Scheme) BatchVerifySinglePoint(digests []polynomial.Digest, batchOpenin
 		return err
 	}
 	if !check {
-		return polynomial.ErrVerifyBatchOpeningSinglePoint
+		return ErrVerifyBatchOpeningSinglePoint
 	}
 	return nil
 }
diff --git a/internal/generator/polynomial/template/commitment_kzg/kzg.test.go.tmpl b/internal/generator/polynomial/template/commitment_kzg/kzg.test.go.tmpl
index e071dd64f..a76e213ef 100644
--- a/internal/generator/polynomial/template/commitment_kzg/kzg.test.go.tmpl
+++ b/internal/generator/polynomial/template/commitment_kzg/kzg.test.go.tmpl
@@ -7,8 +7,7 @@ import (
 	"github.com/consensys/gnark-crypto/ecc/{{ .Name }}"
 	"github.com/consensys/gnark-crypto/ecc/{{ .Name }}/fr"
 	"github.com/consensys/gnark-crypto/ecc/{{ .Name }}/fr/fft"
-	{{ .CurvePackage }}_pol "github.com/consensys/gnark-crypto/ecc/{{ .Name }}/fr/polynomial"
-	"github.com/consensys/gnark-crypto/polynomial"
+	"github.com/consensys/gnark-crypto/ecc/{{ .Name }}/fr/polynomial"
 )
 
 var _alphaSetup fr.Element
@@ -18,8 +17,8 @@ func init() {
 	_alphaSetup.SetString("1234")
 }
 
-func randomPolynomial(size int) {{ .CurvePackage }}_pol.Polynomial {
-	f := make({{ .CurvePackage }}_pol.Polynomial, size)
+func randomPolynomial(size int) polynomial.Polynomial {
+	f := make(polynomial.Polynomial, size)
 	for i := 0; i < size; i++ {
 		f[i].SetRandom()
 	}
@@ -33,7 +32,7 @@ func TestDividePolyByXminusA(t *testing.T) {
 	domain := fft.NewDomain(uint64(sizePol), 0, false)
 
 	// build random polynomial
-	pol := make({{ .CurvePackage }}_pol.Polynomial, sizePol)
+	pol := make(polynomial.Polynomial, sizePol)
 	for i := 0; i < sizePol; i++ {
 		pol[i].SetRandom()
 	}
@@ -41,7 +40,7 @@ func TestDividePolyByXminusA(t *testing.T) {
 	// evaluate the polynomial at a random point
 	var point fr.Element
 	point.SetRandom()
-	evaluation := pol.Eval(&point).(fr.Element)
+	evaluation := pol.Eval(&point)
 
 	// compute f-f(a)/x-a
 	h := dividePolyByXminusA(*domain, pol, evaluation, point)
@@ -54,10 +53,10 @@ func TestDividePolyByXminusA(t *testing.T) {
 	var randPoint, xminusa fr.Element
 	randPoint.SetRandom()
 
-	polRandpoint := pol.Eval(&randPoint).(fr.Element)
+	polRandpoint := pol.Eval(&randPoint)
 	polRandpoint.Sub(&polRandpoint, &evaluation) // f(rand)-f(point)
 
-	hRandPoint := h.Eval(&randPoint).(fr.Element)
+	hRandPoint := h.Eval(&randPoint)
 	xminusa.Sub(&randPoint, &point) // rand-point
 
 	// f(rand)-f(point)	==? h(rand)*(rand-point)
@@ -100,13 +99,13 @@ func TestCommit(t *testing.T) {
 	s := NewScheme(64, _alphaSetup)
 
 	// create a polynomial
-	f := make({{ .CurvePackage }}_pol.Polynomial, 60)
+	f := make(polynomial.Polynomial, 60)
 	for i := 0; i < 60; i++ {
 		f[i].SetRandom()
 	}
 
 	// commit using the method from KZG
-	_kzgCommit, err := s.Commit(&f)
+	_kzgCommit, err := s.Commit(f)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -116,7 +115,7 @@ func TestCommit(t *testing.T) {
 	// check commitment using manual commit
 	var x fr.Element
 	x.SetString("1234")
-	fx := f.Eval(&x).(fr.Element)
+	fx := f.Eval(&x)
 	var fxbi big.Int
 	fx.ToBigIntRegular(&fxbi)
 	var manualCommit {{ .CurvePackage }}.G1Affine
@@ -139,7 +138,7 @@ func TestVerifySinglePoint(t *testing.T) {
 	f := randomPolynomial(60)
 
 	// commit the polynomial
-	digest, err := s.Commit(&f)
+	digest, err := s.Commit(f)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -147,28 +146,26 @@ func TestVerifySinglePoint(t *testing.T) {
 	// compute opening proof at a random point
 	var point fr.Element
 	point.SetString("4321")
-	proof, err := s.Open(&point, &f)
+	proof, err := s.Open(&point, f)
 	if err != nil {
 		t.Fatal(err)
 	}
 
 	// verify the claimed valued
-	_proof := proof.(*Proof)
-	expected := f.Eval(point).(fr.Element)
-	if !_proof.ClaimedValue.Equal(&expected) {
+	expected := f.Eval(&point)
+	if !proof.ClaimedValue.Equal(&expected) {
 		t.Fatal("inconsistant claimed value")
 	}
 
 	// verify correct proof
-	err = s.Verify(digest, proof)
+	err = s.Verify(&digest, &proof)
 	if err != nil {
 		t.Fatal(err)
 	}
 
 	// verify wrong proof
-	_proof = proof.(*Proof)
-	_proof.ClaimedValue.Double(&_proof.ClaimedValue)
-	err = s.Verify(digest, _proof)
+	proof.ClaimedValue.Double(&proof.ClaimedValue)
+	err = s.Verify(&digest, &proof)
 	if err == nil {
 		t.Fatal("verifying wrong proof should have failed")
 	}
@@ -182,12 +179,11 @@ func TestBatchVerifySinglePoint(t *testing.T) {
 	// create polynomials
 	f := make([]polynomial.Polynomial, 10)
 	for i := 0; i < 10; i++ {
-		_f := randomPolynomial(60)
-		f[i] = &_f
+		f[i] = randomPolynomial(60)
 	}
 
 	// commit the polynomials
-	digests := make([]polynomial.Digest, 10)
+	digests := make([]Digest, 10)
 	for i := 0; i < 10; i++ {
 		digests[i], _ = s.Commit(f[i])
 
@@ -202,10 +198,9 @@ func TestBatchVerifySinglePoint(t *testing.T) {
 	}
 
 	// verify the claimed values
-	_proof := proof.(*BatchProofsSinglePoint)
 	for i := 0; i < 10; i++ {
-		expectedClaim := f[i].Eval(point).(fr.Element)
-		if !expectedClaim.Equal(&_proof.ClaimedValues[i]) {
+		expectedClaim := f[i].Eval(&point)
+		if !expectedClaim.Equal(&proof.ClaimedValues[i]) {
 			t.Fatal("inconsistant claimed values")
 		}
 	}
@@ -217,8 +212,8 @@ func TestBatchVerifySinglePoint(t *testing.T) {
 	}
 
 	// verify wrong proof
-	_proof.ClaimedValues[0].Double(&_proof.ClaimedValues[0])
-	err = s.BatchVerifySinglePoint(digests, _proof)
+	proof.ClaimedValues[0].Double(&proof.ClaimedValues[0])
+	err = s.BatchVerifySinglePoint(digests, proof)
 	if err == nil {
 		t.Fatal("verifying wrong proof should have failed")
 	}
@@ -236,7 +231,7 @@ func BenchmarkKZGCommit(b *testing.B) {
 
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
-		_, _ = s.Commit(&p)
+		_, _ = s.Commit(p)
 	}
 }
 
@@ -251,7 +246,7 @@ func BenchmarkKZGOpen(b *testing.B) {
 
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
-		_, _ = s.Open(r, &p)
+		_, _ = s.Open(&r, p)
 	}
 }
 
@@ -265,20 +260,20 @@ func BenchmarkKZGVerify(b *testing.B) {
 	r.SetRandom()
 
 	// commit
-	comm, err := s.Commit(&p)
+	comm, err := s.Commit(p)
 	if err != nil {
 		b.Fatal(err)
 	}
 
 	// open
-	openingProof, err := s.Open(r, &p)
+	openingProof, err := s.Open(&r, p)
 	if err != nil {
 		b.Fatal(err)
 	}
 
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
-		s.Verify(comm, openingProof)
+		s.Verify(&comm, &openingProof)
 	}
 }
 
@@ -289,12 +284,11 @@ func BenchmarkKZGBatchOpen10(b *testing.B) {
 	// 10 random polynomials
 	var ps [10]polynomial.Polynomial
 	for i := 0; i < 10; i++ {
-		_p := randomPolynomial(benchSize / 2)
-		ps[i] = &_p
+		ps[i] = randomPolynomial(benchSize / 2)
 	}
 
 	// commitments
-	var commitments [10]polynomial.Digest
+	var commitments [10]Digest
 	for i := 0; i < 10; i++ {
 		commitments[i], _ = s.Commit(ps[i])
 	}
@@ -304,7 +298,7 @@ func BenchmarkKZGBatchOpen10(b *testing.B) {
 
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
-		s.BatchOpenSinglePoint(r, commitments[:], ps[:])
+		s.BatchOpenSinglePoint(&r, commitments[:], ps[:])
 	}
 }
 
@@ -315,12 +309,11 @@ func BenchmarkKZGBatchVerify10(b *testing.B) {
 	// 10 random polynomials
 	var ps [10]polynomial.Polynomial
 	for i := 0; i < 10; i++ {
-		_p := randomPolynomial(benchSize / 2)
-		ps[i] = &_p
+		ps[i] = randomPolynomial(benchSize / 2)
 	}
 
 	// commitments
-	var commitments [10]polynomial.Digest
+	var commitments [10]Digest
 	for i := 0; i < 10; i++ {
 		commitments[i], _ = s.Commit(ps[i])
 	}
@@ -328,7 +321,7 @@ func BenchmarkKZGBatchVerify10(b *testing.B) {
 	var r fr.Element
 	r.SetRandom()
 
-	proof, err := s.BatchOpenSinglePoint(r, commitments[:], ps[:])
+	proof, err := s.BatchOpenSinglePoint(&r, commitments[:], ps[:])
 	if err != nil {
 		b.Fatal(err)
 	}
diff --git a/internal/generator/polynomial/template/polynomial.go.tmpl b/internal/generator/polynomial/template/polynomial.go.tmpl
index ae705fd8d..4e4317218 100644
--- a/internal/generator/polynomial/template/polynomial.go.tmpl
+++ b/internal/generator/polynomial/template/polynomial.go.tmpl
@@ -1,6 +1,5 @@
 import (
 	"github.com/consensys/gnark-crypto/ecc/{{ .Name }}/fr"
-	"github.com/consensys/gnark-crypto/polynomial"
 )
 
 // Polynomial polynomial represented by coefficients bn254 fr field.
@@ -13,13 +12,11 @@ func (p *Polynomial) Degree() uint64 {
 
 // Eval evaluates p at v
 // returns a fr.Element 
-func (p *Polynomial) Eval(v interface{}) interface{} {
-	var _v fr.Element
-	_v.SetInterface(v)
+func (p *Polynomial) Eval(v *fr.Element) fr.Element {
 
 	res := (*p)[len(*p) - 1]
 	for i := len(*p) - 2; i >= 0; i-- {
-		res.Mul(&res, &_v)
+		res.Mul(&res, v)
 		res.Add(&res, &(*p)[i])
 	}
 
@@ -27,48 +24,39 @@ func (p *Polynomial) Eval(v interface{}) interface{} {
 }
 
 // Clone returns a copy of the polynomial
-func (p *Polynomial) Clone() polynomial.Polynomial {
+func (p *Polynomial) Clone() Polynomial {
 	_p := make(Polynomial, len(*p))
 	copy(_p, *p)
-	return &_p
+	return _p
 }
 
 // AddConstantInPlace adds a constant to the polynomial, modifying p
-func (p *Polynomial) AddConstantInPlace(c interface{}) {
-	var _c fr.Element
-	_c.SetInterface(c)
-
+func (p *Polynomial) AddConstantInPlace(c *fr.Element) {
 	for i := 0; i < len(*p); i++ {
-		(*p)[i].Add(&(*p)[i], &_c)
+		(*p)[i].Add(&(*p)[i], c)
 	}
 }
 
 // SubConstantInPlace subs a constant to the polynomial, modifying p
-func (p *Polynomial) SubConstantInPlace(c interface{}) {
-	var _c fr.Element
-	_c.SetInterface(c)
-
+func (p *Polynomial) SubConstantInPlace(c *fr.Element) {
 	for i := 0; i < len(*p); i++ {
-		(*p)[i].Sub(&(*p)[i], &_c)
+		(*p)[i].Sub(&(*p)[i], c)
 	}
 }
 
 // ScaleInPlace multiplies p by v, modifying p
-func (p *Polynomial) ScaleInPlace(c interface{}) {
-	var _c fr.Element
-	_c.SetInterface(c)
-
+func (p *Polynomial) ScaleInPlace(c *fr.Element) {
 	for i := 0; i < len(*p); i++ {
-		(*p)[i].Mul(&(*p)[i], &_c)
+		(*p)[i].Mul(&(*p)[i], c)
 	}
 }
 
 // Add adds p1 to p2
 // This function allocates a new slice unless p == p1 or p == p2
-func (p *Polynomial) Add(p1, p2 polynomial.Polynomial) polynomial.Polynomial {
+func (p *Polynomial) Add(p1, p2 Polynomial) *Polynomial {
 
-	bigger := *(p1.(*Polynomial))
-	smaller := *(p2.(*Polynomial))
+	bigger := p1
+	smaller := p2
 	if len(bigger) < len(smaller) {
 		bigger, smaller = smaller, bigger 
 	}
@@ -98,18 +86,17 @@ func (p *Polynomial) Add(p1, p2 polynomial.Polynomial) polynomial.Polynomial {
 }
 
 // Equal checks equality between two polynomials
-func (p *Polynomial) Equal(p1 polynomial.Polynomial) bool {
-	_p1 := *(p1.(*Polynomial))
-    if (p == nil) != (_p1 == nil) { 
+func (p *Polynomial) Equal(p1 Polynomial) bool {
+    if (*p == nil) != (p1 == nil) { 
         return false
     }
 
-    if len(*p) != len(_p1) {
+    if len(*p) != len(p1) {
         return false
     }
 
-    for i := range _p1 {
-		if !(*p)[i].Equal(&_p1[i]) {
+    for i := range p1 {
+		if !(*p)[i].Equal(&p1[i]) {
 			return false
 		}
     }
diff --git a/internal/generator/polynomial/template/polynomial.test.go.tmpl b/internal/generator/polynomial/template/polynomial.test.go.tmpl
index eb227e2ea..6a96e77ad 100644
--- a/internal/generator/polynomial/template/polynomial.test.go.tmpl
+++ b/internal/generator/polynomial/template/polynomial.test.go.tmpl
@@ -28,7 +28,7 @@ func TestPolynomialEval(t *testing.T) {
 	expectedEval.Div(&expectedEval, &den)
 
 	// compute purported evaluation
-	purportedEval := f.Eval(&point).(fr.Element)
+	purportedEval := f.Eval(&point)
 
 	// check
 	if !purportedEval.Equal(&expectedEval) {
@@ -142,27 +142,27 @@ func TestPolynomialAdd(t *testing.T) {
 
 	// caller is empty
 	var g Polynomial
-	g.Add(&f1, &f2)
-	if !g.Equal(&expectedSum) {
+	g.Add(f1, f2)
+	if !g.Equal(expectedSum) {
 		t.Fatal("add polynomials fails")
 	}
-	if !f1.Equal(&f1Backup) {
+	if !f1.Equal(f1Backup) {
 		t.Fatal("side effect, f1 should not have been modified")
 	}
-	if !f2.Equal(&f2Backup) {
+	if !f2.Equal(f2Backup) {
 		t.Fatal("side effect, f2 should not have been modified")
 	}
 
 	// all operands are distincts
 	_f1 := f1.Clone()
-	_f1.Add(&f1, &f2)
-	if !_f1.Equal(&expectedSum) {
+	_f1.Add(f1, f2)
+	if !_f1.Equal(expectedSum) {
 		t.Fatal("add polynomials fails")
 	}
-	if !f1.Equal(&f1Backup) {
+	if !f1.Equal(f1Backup) {
 		t.Fatal("side effect, f1 should not have been modified")
 	}
-	if !f2.Equal(&f2Backup) {
+	if !f2.Equal(f2Backup) {
 		t.Fatal("side effect, f2 should not have been modified")
 	}
 
@@ -170,10 +170,10 @@ func TestPolynomialAdd(t *testing.T) {
 	_f1 = f1.Clone()
 	_f2 := f2.Clone()
 	_f1.Add(_f1, _f2)
-	if !_f1.Equal(&expectedSum) {
+	if !_f1.Equal(expectedSum) {
 		t.Fatal("add polynomials fails")
 	}
-	if !_f2.Equal(&f2Backup) {
+	if !_f2.Equal(f2Backup) {
 		t.Fatal("side effect, _f2 should not have been modified")
 	}
 
@@ -181,10 +181,10 @@ func TestPolynomialAdd(t *testing.T) {
 	_f1 = f1.Clone()
 	_f2 = f2.Clone()
 	_f1.Add(_f2, _f1)
-	if !_f1.Equal(&expectedSum) {
+	if !_f1.Equal(expectedSum) {
 		t.Fatal("add polynomials fails")
 	}
-	if !_f2.Equal(&f2Backup) {
+	if !_f2.Equal(f2Backup) {
 		t.Fatal("side effect, _f2 should not have been modified")
 	}
 }
\ No newline at end of file
diff --git a/polynomial/commitment.go b/polynomial/commitment.go
deleted file mode 100644
index 12725f171..000000000
--- a/polynomial/commitment.go
+++ /dev/null
@@ -1,85 +0,0 @@
-// Copyright 2020 ConsenSys Software Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Package polynomial provides interfaces for polynomial and polynomial commitment schemes defined in gnark-crypto/ecc/.../fr.
-package polynomial
-
-import (
-	"errors"
-	"io"
-	"math/big"
-)
-
-var (
-	ErrVerifyOpeningProof            = errors.New("error verifying opening proof")
-	ErrVerifyBatchOpeningSinglePoint = errors.New("error verifying batch opening proof at single point")
-)
-
-// Digest interface that an additively homomorphic
-// polynomial commitment should implement.
-type Digest interface {
-	Clone() Digest
-	Add(d1, d2 Digest) Digest
-	Sub(d1, d2 Digest) Digest
-	ScalarMul(d Digest, s big.Int) Digest
-	Marshal() []byte
-	Unmarshal(buf []byte) error
-}
-
-// OpeningProof interface that an opening proof
-// should implement.
-type OpeningProof interface {
-	Marshal() []byte
-	GetClaimedValue() []byte
-}
-
-// BatchOpeningProofSinglePoint interface that a bacth opening proof (single point)
-// should implement.
-type BatchOpeningProofSinglePoint interface {
-	Marshal() []byte
-
-	// GetClaimedValues get the claimed values, in the order in which the polynomials
-	// are given in the opening proof.
-	GetClaimedValues() [][]byte
-}
-
-// CommitmentScheme interface for an additively homomorphic
-// polynomial commitment scheme.
-// The function BatchOpenSinglePoint is proper to an additively
-// homomorphic commitment scheme.
-type CommitmentScheme interface {
-	io.WriterTo
-	io.ReaderFrom
-
-	Commit(p Polynomial) (Digest, error)
-
-	Open(point interface{}, p Polynomial) (OpeningProof, error)
-
-	// Verify verifies an opening proof of commitment at point
-	Verify(commitment Digest, proof OpeningProof) error
-
-	// BatchOpenSinglePoint creates a batch opening proof at _val of a list of polynomials.
-	// It's an interactive protocol, made non interactive using Fiat Shamir.
-	// point is the point at which the polynomials are opened.
-	// digests is the list of committed polynomials to open, need to derive the challenge using Fiat Shamir.
-	// polynomials is the list of polynomials to open.
-	BatchOpenSinglePoint(point interface{}, digests []Digest, polynomials []Polynomial) (BatchOpeningProofSinglePoint, error)
-
-	// BatchVerifySinglePoint verifies a batched opening proof at a single point of a list of polynomials.
-	// point: point at which the polynomials are evaluated
-	// claimedValues: claimed values of the polynomials at _val
-	// commitments: list of commitments to the polynomials which are opened
-	// batchOpeningProof: the batched opening proof at a single point of the polynomials.
-	BatchVerifySinglePoint(digests []Digest, batchOpeningProof BatchOpeningProofSinglePoint) error
-}
diff --git a/polynomial/polynomial.go b/polynomial/polynomial.go
deleted file mode 100644
index 3f63aa9d3..000000000
--- a/polynomial/polynomial.go
+++ /dev/null
@@ -1,44 +0,0 @@
-// Copyright 2020 ConsenSys Software Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Package polynomial provides interfaces for polynomial commitment schemes defined in gnark-crypto/ecc/.../fr.
-package polynomial
-
-// Polynomial interface that a polynomial should implement
-type Polynomial interface {
-
-	// Degree returns the degree of the polynomial
-	Degree() uint64
-
-	// Eval computes the evaluation of the polynomial at v
-	Eval(v interface{}) interface{}
-
-	// Returns a copy of the polynomial
-	Clone() Polynomial
-
-	// Add adds p1 to p, modifying p
-	Add(p1, p2 Polynomial) Polynomial
-
-	// AddConstantInPlace adds a constant to the polynomial, modifying p
-	AddConstantInPlace(c interface{})
-
-	// AddConstantInPlace subs a constant to the polynomial, modifying p
-	SubConstantInPlace(c interface{})
-
-	// ScaleInPlace multiplies the polynomial by a constant c, modifying p
-	ScaleInPlace(c interface{})
-
-	// Equal checks equality between two polynomials
-	Equal(p1 Polynomial) bool
-}

From e315a127c8578b2fa203ce8368729dd976c1983a Mon Sep 17 00:00:00 2001
From: Gautam Botrel <gautam.botrel@gmail.com>
Date: Tue, 15 Jun 2021 22:55:07 -0500
Subject: [PATCH 07/13] fix: kzg return type more homogeneous

---
 ecc/bls12-377/fr/polynomial/kzg/kzg.go             | 14 +++++++-------
 ecc/bls12-377/fr/polynomial/kzg/kzg_test.go        |  6 +++---
 ecc/bls12-381/fr/polynomial/kzg/kzg.go             | 14 +++++++-------
 ecc/bls12-381/fr/polynomial/kzg/kzg_test.go        |  6 +++---
 ecc/bls24-315/fr/polynomial/kzg/kzg.go             | 14 +++++++-------
 ecc/bls24-315/fr/polynomial/kzg/kzg_test.go        |  6 +++---
 ecc/bn254/fr/polynomial/kzg/kzg.go                 | 14 +++++++-------
 ecc/bn254/fr/polynomial/kzg/kzg_test.go            |  6 +++---
 ecc/bw6-761/fr/polynomial/kzg/kzg.go               | 14 +++++++-------
 ecc/bw6-761/fr/polynomial/kzg/kzg_test.go          |  6 +++---
 .../polynomial/template/commitment_kzg/kzg.go.tmpl | 14 +++++++-------
 .../template/commitment_kzg/kzg.test.go.tmpl       |  6 +++---
 12 files changed, 60 insertions(+), 60 deletions(-)

diff --git a/ecc/bls12-377/fr/polynomial/kzg/kzg.go b/ecc/bls12-377/fr/polynomial/kzg/kzg.go
index 4a38cd60e..fefa86b4c 100644
--- a/ecc/bls12-377/fr/polynomial/kzg/kzg.go
+++ b/ecc/bls12-377/fr/polynomial/kzg/kzg.go
@@ -393,11 +393,11 @@ func (s *Scheme) Verify(d *Digest, proof *Proof) error {
 // point is the point at which the polynomials are opened.
 // digests is the list of committed polynomials to open, need to derive the challenge using Fiat Shamir.
 // polynomials is the list of polynomials to open.
-func (s *Scheme) BatchOpenSinglePoint(point *fr.Element, digests []Digest, polynomials []polynomial.Polynomial) (*BatchProofsSinglePoint, error) {
+func (s *Scheme) BatchOpenSinglePoint(point *fr.Element, digests []Digest, polynomials []polynomial.Polynomial) (BatchProofsSinglePoint, error) {
 
 	nbDigests := len(digests)
 	if nbDigests != len(polynomials) {
-		return nil, errNbDigestsNeqNbPolynomials
+		return BatchProofsSinglePoint{}, errNbDigestsNeqNbPolynomials
 	}
 
 	var res BatchProofsSinglePoint
@@ -414,16 +414,16 @@ func (s *Scheme) BatchOpenSinglePoint(point *fr.Element, digests []Digest, polyn
 	// derive the challenge gamma, binded to the point and the commitments
 	fs := fiatshamir.NewTranscript(fiatshamir.SHA256, "gamma")
 	if err := fs.Bind("gamma", res.Point.Marshal()); err != nil {
-		return nil, err
+		return BatchProofsSinglePoint{}, err
 	}
 	for i := 0; i < len(digests); i++ {
 		if err := fs.Bind("gamma", digests[i].Marshal()); err != nil {
-			return nil, err
+			return BatchProofsSinglePoint{}, err
 		}
 	}
 	gammaByte, err := fs.ComputeChallenge("gamma")
 	if err != nil {
-		return nil, err
+		return BatchProofsSinglePoint{}, err
 	}
 	var gamma fr.Element
 	gamma.SetBytes(gammaByte)
@@ -443,12 +443,12 @@ func (s *Scheme) BatchOpenSinglePoint(point *fr.Element, digests []Digest, polyn
 	h := dividePolyByXminusA(s.Domain, sumGammaiTimesPol, sumGammaiTimesEval, res.Point)
 	c, err := s.Commit(h)
 	if err != nil {
-		return nil, err
+		return BatchProofsSinglePoint{}, err
 	}
 
 	res.H.Set(&c.data)
 
-	return &res, nil
+	return res, nil
 }
 
 // BatchVerifySinglePoint verifies a batched opening proof at a single point of a list of polynomials.
diff --git a/ecc/bls12-377/fr/polynomial/kzg/kzg_test.go b/ecc/bls12-377/fr/polynomial/kzg/kzg_test.go
index 4ff806555..4537198c8 100644
--- a/ecc/bls12-377/fr/polynomial/kzg/kzg_test.go
+++ b/ecc/bls12-377/fr/polynomial/kzg/kzg_test.go
@@ -224,14 +224,14 @@ func TestBatchVerifySinglePoint(t *testing.T) {
 	}
 
 	// verify correct proof
-	err = s.BatchVerifySinglePoint(digests, proof)
+	err = s.BatchVerifySinglePoint(digests, &proof)
 	if err != nil {
 		t.Fatal(err)
 	}
 
 	// verify wrong proof
 	proof.ClaimedValues[0].Double(&proof.ClaimedValues[0])
-	err = s.BatchVerifySinglePoint(digests, proof)
+	err = s.BatchVerifySinglePoint(digests, &proof)
 	if err == nil {
 		t.Fatal("verifying wrong proof should have failed")
 	}
@@ -346,6 +346,6 @@ func BenchmarkKZGBatchVerify10(b *testing.B) {
 
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
-		s.BatchVerifySinglePoint(commitments[:], proof)
+		s.BatchVerifySinglePoint(commitments[:], &proof)
 	}
 }
diff --git a/ecc/bls12-381/fr/polynomial/kzg/kzg.go b/ecc/bls12-381/fr/polynomial/kzg/kzg.go
index 479ffb596..b1c92b5d3 100644
--- a/ecc/bls12-381/fr/polynomial/kzg/kzg.go
+++ b/ecc/bls12-381/fr/polynomial/kzg/kzg.go
@@ -393,11 +393,11 @@ func (s *Scheme) Verify(d *Digest, proof *Proof) error {
 // point is the point at which the polynomials are opened.
 // digests is the list of committed polynomials to open, need to derive the challenge using Fiat Shamir.
 // polynomials is the list of polynomials to open.
-func (s *Scheme) BatchOpenSinglePoint(point *fr.Element, digests []Digest, polynomials []polynomial.Polynomial) (*BatchProofsSinglePoint, error) {
+func (s *Scheme) BatchOpenSinglePoint(point *fr.Element, digests []Digest, polynomials []polynomial.Polynomial) (BatchProofsSinglePoint, error) {
 
 	nbDigests := len(digests)
 	if nbDigests != len(polynomials) {
-		return nil, errNbDigestsNeqNbPolynomials
+		return BatchProofsSinglePoint{}, errNbDigestsNeqNbPolynomials
 	}
 
 	var res BatchProofsSinglePoint
@@ -414,16 +414,16 @@ func (s *Scheme) BatchOpenSinglePoint(point *fr.Element, digests []Digest, polyn
 	// derive the challenge gamma, binded to the point and the commitments
 	fs := fiatshamir.NewTranscript(fiatshamir.SHA256, "gamma")
 	if err := fs.Bind("gamma", res.Point.Marshal()); err != nil {
-		return nil, err
+		return BatchProofsSinglePoint{}, err
 	}
 	for i := 0; i < len(digests); i++ {
 		if err := fs.Bind("gamma", digests[i].Marshal()); err != nil {
-			return nil, err
+			return BatchProofsSinglePoint{}, err
 		}
 	}
 	gammaByte, err := fs.ComputeChallenge("gamma")
 	if err != nil {
-		return nil, err
+		return BatchProofsSinglePoint{}, err
 	}
 	var gamma fr.Element
 	gamma.SetBytes(gammaByte)
@@ -443,12 +443,12 @@ func (s *Scheme) BatchOpenSinglePoint(point *fr.Element, digests []Digest, polyn
 	h := dividePolyByXminusA(s.Domain, sumGammaiTimesPol, sumGammaiTimesEval, res.Point)
 	c, err := s.Commit(h)
 	if err != nil {
-		return nil, err
+		return BatchProofsSinglePoint{}, err
 	}
 
 	res.H.Set(&c.data)
 
-	return &res, nil
+	return res, nil
 }
 
 // BatchVerifySinglePoint verifies a batched opening proof at a single point of a list of polynomials.
diff --git a/ecc/bls12-381/fr/polynomial/kzg/kzg_test.go b/ecc/bls12-381/fr/polynomial/kzg/kzg_test.go
index 39ef60e70..221ac2240 100644
--- a/ecc/bls12-381/fr/polynomial/kzg/kzg_test.go
+++ b/ecc/bls12-381/fr/polynomial/kzg/kzg_test.go
@@ -224,14 +224,14 @@ func TestBatchVerifySinglePoint(t *testing.T) {
 	}
 
 	// verify correct proof
-	err = s.BatchVerifySinglePoint(digests, proof)
+	err = s.BatchVerifySinglePoint(digests, &proof)
 	if err != nil {
 		t.Fatal(err)
 	}
 
 	// verify wrong proof
 	proof.ClaimedValues[0].Double(&proof.ClaimedValues[0])
-	err = s.BatchVerifySinglePoint(digests, proof)
+	err = s.BatchVerifySinglePoint(digests, &proof)
 	if err == nil {
 		t.Fatal("verifying wrong proof should have failed")
 	}
@@ -346,6 +346,6 @@ func BenchmarkKZGBatchVerify10(b *testing.B) {
 
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
-		s.BatchVerifySinglePoint(commitments[:], proof)
+		s.BatchVerifySinglePoint(commitments[:], &proof)
 	}
 }
diff --git a/ecc/bls24-315/fr/polynomial/kzg/kzg.go b/ecc/bls24-315/fr/polynomial/kzg/kzg.go
index 0a32cf2e0..dbc0c0e4e 100644
--- a/ecc/bls24-315/fr/polynomial/kzg/kzg.go
+++ b/ecc/bls24-315/fr/polynomial/kzg/kzg.go
@@ -393,11 +393,11 @@ func (s *Scheme) Verify(d *Digest, proof *Proof) error {
 // point is the point at which the polynomials are opened.
 // digests is the list of committed polynomials to open, need to derive the challenge using Fiat Shamir.
 // polynomials is the list of polynomials to open.
-func (s *Scheme) BatchOpenSinglePoint(point *fr.Element, digests []Digest, polynomials []polynomial.Polynomial) (*BatchProofsSinglePoint, error) {
+func (s *Scheme) BatchOpenSinglePoint(point *fr.Element, digests []Digest, polynomials []polynomial.Polynomial) (BatchProofsSinglePoint, error) {
 
 	nbDigests := len(digests)
 	if nbDigests != len(polynomials) {
-		return nil, errNbDigestsNeqNbPolynomials
+		return BatchProofsSinglePoint{}, errNbDigestsNeqNbPolynomials
 	}
 
 	var res BatchProofsSinglePoint
@@ -414,16 +414,16 @@ func (s *Scheme) BatchOpenSinglePoint(point *fr.Element, digests []Digest, polyn
 	// derive the challenge gamma, binded to the point and the commitments
 	fs := fiatshamir.NewTranscript(fiatshamir.SHA256, "gamma")
 	if err := fs.Bind("gamma", res.Point.Marshal()); err != nil {
-		return nil, err
+		return BatchProofsSinglePoint{}, err
 	}
 	for i := 0; i < len(digests); i++ {
 		if err := fs.Bind("gamma", digests[i].Marshal()); err != nil {
-			return nil, err
+			return BatchProofsSinglePoint{}, err
 		}
 	}
 	gammaByte, err := fs.ComputeChallenge("gamma")
 	if err != nil {
-		return nil, err
+		return BatchProofsSinglePoint{}, err
 	}
 	var gamma fr.Element
 	gamma.SetBytes(gammaByte)
@@ -443,12 +443,12 @@ func (s *Scheme) BatchOpenSinglePoint(point *fr.Element, digests []Digest, polyn
 	h := dividePolyByXminusA(s.Domain, sumGammaiTimesPol, sumGammaiTimesEval, res.Point)
 	c, err := s.Commit(h)
 	if err != nil {
-		return nil, err
+		return BatchProofsSinglePoint{}, err
 	}
 
 	res.H.Set(&c.data)
 
-	return &res, nil
+	return res, nil
 }
 
 // BatchVerifySinglePoint verifies a batched opening proof at a single point of a list of polynomials.
diff --git a/ecc/bls24-315/fr/polynomial/kzg/kzg_test.go b/ecc/bls24-315/fr/polynomial/kzg/kzg_test.go
index b54811964..0114cff35 100644
--- a/ecc/bls24-315/fr/polynomial/kzg/kzg_test.go
+++ b/ecc/bls24-315/fr/polynomial/kzg/kzg_test.go
@@ -224,14 +224,14 @@ func TestBatchVerifySinglePoint(t *testing.T) {
 	}
 
 	// verify correct proof
-	err = s.BatchVerifySinglePoint(digests, proof)
+	err = s.BatchVerifySinglePoint(digests, &proof)
 	if err != nil {
 		t.Fatal(err)
 	}
 
 	// verify wrong proof
 	proof.ClaimedValues[0].Double(&proof.ClaimedValues[0])
-	err = s.BatchVerifySinglePoint(digests, proof)
+	err = s.BatchVerifySinglePoint(digests, &proof)
 	if err == nil {
 		t.Fatal("verifying wrong proof should have failed")
 	}
@@ -346,6 +346,6 @@ func BenchmarkKZGBatchVerify10(b *testing.B) {
 
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
-		s.BatchVerifySinglePoint(commitments[:], proof)
+		s.BatchVerifySinglePoint(commitments[:], &proof)
 	}
 }
diff --git a/ecc/bn254/fr/polynomial/kzg/kzg.go b/ecc/bn254/fr/polynomial/kzg/kzg.go
index 87642d6f6..03738f430 100644
--- a/ecc/bn254/fr/polynomial/kzg/kzg.go
+++ b/ecc/bn254/fr/polynomial/kzg/kzg.go
@@ -393,11 +393,11 @@ func (s *Scheme) Verify(d *Digest, proof *Proof) error {
 // point is the point at which the polynomials are opened.
 // digests is the list of committed polynomials to open, need to derive the challenge using Fiat Shamir.
 // polynomials is the list of polynomials to open.
-func (s *Scheme) BatchOpenSinglePoint(point *fr.Element, digests []Digest, polynomials []polynomial.Polynomial) (*BatchProofsSinglePoint, error) {
+func (s *Scheme) BatchOpenSinglePoint(point *fr.Element, digests []Digest, polynomials []polynomial.Polynomial) (BatchProofsSinglePoint, error) {
 
 	nbDigests := len(digests)
 	if nbDigests != len(polynomials) {
-		return nil, errNbDigestsNeqNbPolynomials
+		return BatchProofsSinglePoint{}, errNbDigestsNeqNbPolynomials
 	}
 
 	var res BatchProofsSinglePoint
@@ -414,16 +414,16 @@ func (s *Scheme) BatchOpenSinglePoint(point *fr.Element, digests []Digest, polyn
 	// derive the challenge gamma, binded to the point and the commitments
 	fs := fiatshamir.NewTranscript(fiatshamir.SHA256, "gamma")
 	if err := fs.Bind("gamma", res.Point.Marshal()); err != nil {
-		return nil, err
+		return BatchProofsSinglePoint{}, err
 	}
 	for i := 0; i < len(digests); i++ {
 		if err := fs.Bind("gamma", digests[i].Marshal()); err != nil {
-			return nil, err
+			return BatchProofsSinglePoint{}, err
 		}
 	}
 	gammaByte, err := fs.ComputeChallenge("gamma")
 	if err != nil {
-		return nil, err
+		return BatchProofsSinglePoint{}, err
 	}
 	var gamma fr.Element
 	gamma.SetBytes(gammaByte)
@@ -443,12 +443,12 @@ func (s *Scheme) BatchOpenSinglePoint(point *fr.Element, digests []Digest, polyn
 	h := dividePolyByXminusA(s.Domain, sumGammaiTimesPol, sumGammaiTimesEval, res.Point)
 	c, err := s.Commit(h)
 	if err != nil {
-		return nil, err
+		return BatchProofsSinglePoint{}, err
 	}
 
 	res.H.Set(&c.data)
 
-	return &res, nil
+	return res, nil
 }
 
 // BatchVerifySinglePoint verifies a batched opening proof at a single point of a list of polynomials.
diff --git a/ecc/bn254/fr/polynomial/kzg/kzg_test.go b/ecc/bn254/fr/polynomial/kzg/kzg_test.go
index b51e9ce14..bc8a30470 100644
--- a/ecc/bn254/fr/polynomial/kzg/kzg_test.go
+++ b/ecc/bn254/fr/polynomial/kzg/kzg_test.go
@@ -224,14 +224,14 @@ func TestBatchVerifySinglePoint(t *testing.T) {
 	}
 
 	// verify correct proof
-	err = s.BatchVerifySinglePoint(digests, proof)
+	err = s.BatchVerifySinglePoint(digests, &proof)
 	if err != nil {
 		t.Fatal(err)
 	}
 
 	// verify wrong proof
 	proof.ClaimedValues[0].Double(&proof.ClaimedValues[0])
-	err = s.BatchVerifySinglePoint(digests, proof)
+	err = s.BatchVerifySinglePoint(digests, &proof)
 	if err == nil {
 		t.Fatal("verifying wrong proof should have failed")
 	}
@@ -346,6 +346,6 @@ func BenchmarkKZGBatchVerify10(b *testing.B) {
 
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
-		s.BatchVerifySinglePoint(commitments[:], proof)
+		s.BatchVerifySinglePoint(commitments[:], &proof)
 	}
 }
diff --git a/ecc/bw6-761/fr/polynomial/kzg/kzg.go b/ecc/bw6-761/fr/polynomial/kzg/kzg.go
index e9adc716a..6772aefdc 100644
--- a/ecc/bw6-761/fr/polynomial/kzg/kzg.go
+++ b/ecc/bw6-761/fr/polynomial/kzg/kzg.go
@@ -393,11 +393,11 @@ func (s *Scheme) Verify(d *Digest, proof *Proof) error {
 // point is the point at which the polynomials are opened.
 // digests is the list of committed polynomials to open, need to derive the challenge using Fiat Shamir.
 // polynomials is the list of polynomials to open.
-func (s *Scheme) BatchOpenSinglePoint(point *fr.Element, digests []Digest, polynomials []polynomial.Polynomial) (*BatchProofsSinglePoint, error) {
+func (s *Scheme) BatchOpenSinglePoint(point *fr.Element, digests []Digest, polynomials []polynomial.Polynomial) (BatchProofsSinglePoint, error) {
 
 	nbDigests := len(digests)
 	if nbDigests != len(polynomials) {
-		return nil, errNbDigestsNeqNbPolynomials
+		return BatchProofsSinglePoint{}, errNbDigestsNeqNbPolynomials
 	}
 
 	var res BatchProofsSinglePoint
@@ -414,16 +414,16 @@ func (s *Scheme) BatchOpenSinglePoint(point *fr.Element, digests []Digest, polyn
 	// derive the challenge gamma, binded to the point and the commitments
 	fs := fiatshamir.NewTranscript(fiatshamir.SHA256, "gamma")
 	if err := fs.Bind("gamma", res.Point.Marshal()); err != nil {
-		return nil, err
+		return BatchProofsSinglePoint{}, err
 	}
 	for i := 0; i < len(digests); i++ {
 		if err := fs.Bind("gamma", digests[i].Marshal()); err != nil {
-			return nil, err
+			return BatchProofsSinglePoint{}, err
 		}
 	}
 	gammaByte, err := fs.ComputeChallenge("gamma")
 	if err != nil {
-		return nil, err
+		return BatchProofsSinglePoint{}, err
 	}
 	var gamma fr.Element
 	gamma.SetBytes(gammaByte)
@@ -443,12 +443,12 @@ func (s *Scheme) BatchOpenSinglePoint(point *fr.Element, digests []Digest, polyn
 	h := dividePolyByXminusA(s.Domain, sumGammaiTimesPol, sumGammaiTimesEval, res.Point)
 	c, err := s.Commit(h)
 	if err != nil {
-		return nil, err
+		return BatchProofsSinglePoint{}, err
 	}
 
 	res.H.Set(&c.data)
 
-	return &res, nil
+	return res, nil
 }
 
 // BatchVerifySinglePoint verifies a batched opening proof at a single point of a list of polynomials.
diff --git a/ecc/bw6-761/fr/polynomial/kzg/kzg_test.go b/ecc/bw6-761/fr/polynomial/kzg/kzg_test.go
index 4c27fd0fe..011a3ead7 100644
--- a/ecc/bw6-761/fr/polynomial/kzg/kzg_test.go
+++ b/ecc/bw6-761/fr/polynomial/kzg/kzg_test.go
@@ -224,14 +224,14 @@ func TestBatchVerifySinglePoint(t *testing.T) {
 	}
 
 	// verify correct proof
-	err = s.BatchVerifySinglePoint(digests, proof)
+	err = s.BatchVerifySinglePoint(digests, &proof)
 	if err != nil {
 		t.Fatal(err)
 	}
 
 	// verify wrong proof
 	proof.ClaimedValues[0].Double(&proof.ClaimedValues[0])
-	err = s.BatchVerifySinglePoint(digests, proof)
+	err = s.BatchVerifySinglePoint(digests, &proof)
 	if err == nil {
 		t.Fatal("verifying wrong proof should have failed")
 	}
@@ -346,6 +346,6 @@ func BenchmarkKZGBatchVerify10(b *testing.B) {
 
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
-		s.BatchVerifySinglePoint(commitments[:], proof)
+		s.BatchVerifySinglePoint(commitments[:], &proof)
 	}
 }
diff --git a/internal/generator/polynomial/template/commitment_kzg/kzg.go.tmpl b/internal/generator/polynomial/template/commitment_kzg/kzg.go.tmpl
index 6fb038392..bd0a32d45 100644
--- a/internal/generator/polynomial/template/commitment_kzg/kzg.go.tmpl
+++ b/internal/generator/polynomial/template/commitment_kzg/kzg.go.tmpl
@@ -376,11 +376,11 @@ func (s *Scheme) Verify(d *Digest, proof *Proof) error {
 // point is the point at which the polynomials are opened.
 // digests is the list of committed polynomials to open, need to derive the challenge using Fiat Shamir.
 // polynomials is the list of polynomials to open.
-func (s *Scheme) BatchOpenSinglePoint(point *fr.Element, digests []Digest, polynomials []polynomial.Polynomial) (*BatchProofsSinglePoint, error) {
+func (s *Scheme) BatchOpenSinglePoint(point *fr.Element, digests []Digest, polynomials []polynomial.Polynomial) (BatchProofsSinglePoint, error) {
 
 	nbDigests := len(digests)
 	if nbDigests != len(polynomials) {
-		return nil, errNbDigestsNeqNbPolynomials
+		return BatchProofsSinglePoint{}, errNbDigestsNeqNbPolynomials
 	}
 
 	var res BatchProofsSinglePoint
@@ -397,16 +397,16 @@ func (s *Scheme) BatchOpenSinglePoint(point *fr.Element, digests []Digest, polyn
 	// derive the challenge gamma, binded to the point and the commitments
 	fs := fiatshamir.NewTranscript(fiatshamir.SHA256, "gamma")
 	if err := fs.Bind("gamma", res.Point.Marshal()); err != nil {
-		return nil, err
+		return BatchProofsSinglePoint{}, err
 	}
 	for i := 0; i < len(digests); i++ {
 		if err := fs.Bind("gamma", digests[i].Marshal()); err != nil {
-			return nil, err
+			return BatchProofsSinglePoint{}, err
 		}
 	}
 	gammaByte, err := fs.ComputeChallenge("gamma")
 	if err != nil {
-		return nil, err
+		return BatchProofsSinglePoint{}, err
 	}
 	var gamma fr.Element
 	gamma.SetBytes(gammaByte)
@@ -426,12 +426,12 @@ func (s *Scheme) BatchOpenSinglePoint(point *fr.Element, digests []Digest, polyn
 	h := dividePolyByXminusA(s.Domain, sumGammaiTimesPol, sumGammaiTimesEval, res.Point)
 	c, err := s.Commit(h)
 	if err != nil {
-		return nil, err
+		return BatchProofsSinglePoint{}, err
 	}
 
 	res.H.Set(&c.data)
 
-	return &res, nil
+	return res, nil
 }
 
 // BatchVerifySinglePoint verifies a batched opening proof at a single point of a list of polynomials.
diff --git a/internal/generator/polynomial/template/commitment_kzg/kzg.test.go.tmpl b/internal/generator/polynomial/template/commitment_kzg/kzg.test.go.tmpl
index a76e213ef..d88d22398 100644
--- a/internal/generator/polynomial/template/commitment_kzg/kzg.test.go.tmpl
+++ b/internal/generator/polynomial/template/commitment_kzg/kzg.test.go.tmpl
@@ -206,14 +206,14 @@ func TestBatchVerifySinglePoint(t *testing.T) {
 	}
 
 	// verify correct proof
-	err = s.BatchVerifySinglePoint(digests, proof)
+	err = s.BatchVerifySinglePoint(digests, &proof)
 	if err != nil {
 		t.Fatal(err)
 	}
 
 	// verify wrong proof
 	proof.ClaimedValues[0].Double(&proof.ClaimedValues[0])
-	err = s.BatchVerifySinglePoint(digests, proof)
+	err = s.BatchVerifySinglePoint(digests, &proof)
 	if err == nil {
 		t.Fatal("verifying wrong proof should have failed")
 	}
@@ -328,6 +328,6 @@ func BenchmarkKZGBatchVerify10(b *testing.B) {
 
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
-		s.BatchVerifySinglePoint(commitments[:], proof)
+		s.BatchVerifySinglePoint(commitments[:], &proof)
 	}
 }

From 09c209a4f9e7da9a9e1d0d6e4717432390afe581 Mon Sep 17 00:00:00 2001
From: Gautam Botrel <gautam.botrel@gmail.com>
Date: Wed, 16 Jun 2021 09:24:43 -0500
Subject: [PATCH 08/13] feat: affine add, remove digest methods

---
 ecc/bls12-377/fr/polynomial/kzg/kzg.go        | 77 ++-----------------
 ecc/bls12-377/g1.go                           | 24 ++++++
 ecc/bls12-377/g2.go                           | 24 ++++++
 ecc/bls12-381/fr/polynomial/kzg/kzg.go        | 77 ++-----------------
 ecc/bls12-381/g1.go                           | 24 ++++++
 ecc/bls12-381/g2.go                           | 24 ++++++
 ecc/bls24-315/fr/polynomial/kzg/kzg.go        | 77 ++-----------------
 ecc/bls24-315/g1.go                           | 24 ++++++
 ecc/bls24-315/g2.go                           | 24 ++++++
 ecc/bn254/fr/polynomial/kzg/kzg.go            | 77 ++-----------------
 ecc/bn254/g1.go                               | 24 ++++++
 ecc/bn254/g2.go                               | 24 ++++++
 ecc/bw6-761/fr/polynomial/kzg/kzg.go          | 77 ++-----------------
 ecc/bw6-761/g1.go                             | 24 ++++++
 ecc/bw6-761/g2.go                             | 24 ++++++
 internal/generator/ecc/template/point.go.tmpl | 23 ++++++
 .../template/commitment_kzg/kzg.go.tmpl       | 76 ++----------------
 17 files changed, 311 insertions(+), 413 deletions(-)

diff --git a/ecc/bls12-377/fr/polynomial/kzg/kzg.go b/ecc/bls12-377/fr/polynomial/kzg/kzg.go
index fefa86b4c..fe0ad0b3b 100644
--- a/ecc/bls12-377/fr/polynomial/kzg/kzg.go
+++ b/ecc/bls12-377/fr/polynomial/kzg/kzg.go
@@ -40,9 +40,7 @@ var (
 )
 
 // Digest commitment of a polynomial.
-type Digest struct {
-	data bls12377.G1Affine
-}
+type Digest = bls12377.G1Affine
 
 // Scheme stores KZG data
 type Scheme struct {
@@ -102,59 +100,6 @@ func NewScheme(size int, alpha fr.Element) *Scheme {
 	return s
 }
 
-// Clone returns a copy of d
-func (d *Digest) Clone() *Digest {
-	var res Digest
-	res.data.Set(&d.data)
-	return &res
-}
-
-// Marshal serializes the point as in bls12377.G1Affine.
-func (d *Digest) Marshal() []byte {
-	return d.data.Marshal()
-}
-
-// Marshal serializes the point as in bls12377.G1Affine.
-func (d *Digest) Unmarshal(buf []byte) error {
-	err := d.data.Unmarshal(buf)
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
-// Add adds two digest. The API and behaviour mimics bls12377.G1Affine's,
-// i.e. the caller is modified.
-func (d *Digest) Add(d1, d2 *Digest) *Digest {
-	var p1, p2 bls12377.G1Jac
-	p1.FromAffine(&d1.data)
-	p2.FromAffine(&d2.data)
-	p1.AddAssign(&p2)
-	d.data.FromJacobian(&p1)
-	return d
-}
-
-// Sub adds two digest. The API and behaviour mimics bls12377.G1Affine's,
-// i.e. the caller is modified.
-func (d *Digest) Sub(d1, d2 *Digest) *Digest {
-	var p1, p2 bls12377.G1Jac
-	p1.FromAffine(&d1.data)
-	p2.FromAffine(&d2.data)
-	p1.SubAssign(&p2)
-	d.data.FromJacobian(&p1)
-	return d
-}
-
-// Add adds two digest. The API and behaviour mimics bls12377.G1Affine's,
-// i.e. the caller is modified.
-func (d *Digest) ScalarMul(d1 *Digest, s big.Int) *Digest {
-	var p1 bls12377.G1Affine
-	p1.Set(&d1.data)
-	p1.ScalarMultiplication(&p1, &s)
-	d.data.Set(&p1)
-	return d
-}
-
 // Marshal serializes a proof as H||point||claimed_value.
 // The point H is not compressed.
 func (p *Proof) Marshal() []byte {
@@ -287,7 +232,7 @@ func (s *Scheme) Commit(p polynomial.Polynomial) (Digest, error) {
 		return Digest{}, errUnsupportedSize
 	}
 
-	var _res bls12377.G1Affine
+	var res bls12377.G1Affine
 
 	// ensure we don't modify p
 	pCopy := make(polynomial.Polynomial, s.Domain.Cardinality)
@@ -298,10 +243,7 @@ func (s *Scheme) Commit(p polynomial.Polynomial) (Digest, error) {
 			pCopy[i].FromMont()
 		}
 	})
-	_res.MultiExp(s.SRS.G1, pCopy)
-
-	var res Digest
-	res.data.Set(&_res)
+	res.MultiExp(s.SRS.G1, pCopy)
 
 	return res, nil
 }
@@ -329,16 +271,13 @@ func (s *Scheme) Open(point *fr.Element, p polynomial.Polynomial) (Proof, error)
 	if err != nil {
 		return Proof{}, err
 	}
-	res.H.Set(&c.data)
+	res.H.Set(&c)
 
 	return res, nil
 }
 
 // Verify verifies a KZG opening proof at a single point
-func (s *Scheme) Verify(d *Digest, proof *Proof) error {
-
-	var _commitment bls12377.G1Affine
-	_commitment.Set(&d.data)
+func (s *Scheme) Verify(commitment *Digest, proof *Proof) error {
 
 	// comm(f(a))
 	var claimedValueG1Aff bls12377.G1Affine
@@ -348,7 +287,7 @@ func (s *Scheme) Verify(d *Digest, proof *Proof) error {
 
 	// [f(alpha) - f(a)]G1Jac
 	var fminusfaG1Jac, tmpG1Jac bls12377.G1Jac
-	fminusfaG1Jac.FromAffine(&_commitment)
+	fminusfaG1Jac.FromAffine(commitment)
 	tmpG1Jac.FromAffine(&claimedValueG1Aff)
 	fminusfaG1Jac.SubAssign(&tmpG1Jac)
 
@@ -446,7 +385,7 @@ func (s *Scheme) BatchOpenSinglePoint(point *fr.Element, digests []Digest, polyn
 		return BatchProofsSinglePoint{}, err
 	}
 
-	res.H.Set(&c.data)
+	res.H.Set(&c)
 
 	return res, nil
 }
@@ -507,7 +446,7 @@ func (s *Scheme) BatchVerifySinglePoint(digests []Digest, batchOpeningProof *Bat
 	var sumGammaiTimesDigestsG1Aff bls12377.G1Affine
 	_digests := make([]bls12377.G1Affine, len(digests))
 	for i := 0; i < len(digests); i++ {
-		_digests[i].Set(&digests[i].data)
+		_digests[i].Set(&digests[i])
 	}
 
 	sumGammaiTimesDigestsG1Aff.MultiExp(_digests, gammai)
diff --git a/ecc/bls12-377/g1.go b/ecc/bls12-377/g1.go
index c01318e63..df1d9f505 100644
--- a/ecc/bls12-377/g1.go
+++ b/ecc/bls12-377/g1.go
@@ -59,6 +59,30 @@ func (p *G1Affine) ScalarMultiplication(a *G1Affine, s *big.Int) *G1Affine {
 	return p
 }
 
+// Add adds two point in affine coordinates.
+// This should rarely be used as it is very inneficient compared to Jacobian
+// TODO implement affine addition formula
+func (p *G1Affine) Add(a, b *G1Affine) *G1Affine {
+	var p1, p2 G1Jac
+	p1.FromAffine(a)
+	p2.FromAffine(b)
+	p1.AddAssign(&p2)
+	p.FromJacobian(&p1)
+	return p
+}
+
+// Sub subs two point in affine coordinates.
+// This should rarely be used as it is very inneficient compared to Jacobian
+// TODO implement affine addition formula
+func (p *G1Affine) Sub(a, b *G1Affine) *G1Affine {
+	var p1, p2 G1Jac
+	p1.FromAffine(a)
+	p2.FromAffine(b)
+	p1.SubAssign(&p2)
+	p.FromJacobian(&p1)
+	return p
+}
+
 // Equal tests if two points (in Affine coordinates) are equal
 func (p *G1Affine) Equal(a *G1Affine) bool {
 	return p.X.Equal(&a.X) && p.Y.Equal(&a.Y)
diff --git a/ecc/bls12-377/g2.go b/ecc/bls12-377/g2.go
index 30571e08e..f15a3a4b8 100644
--- a/ecc/bls12-377/g2.go
+++ b/ecc/bls12-377/g2.go
@@ -64,6 +64,30 @@ func (p *G2Affine) ScalarMultiplication(a *G2Affine, s *big.Int) *G2Affine {
 	return p
 }
 
+// Add adds two point in affine coordinates.
+// This should rarely be used as it is very inneficient compared to Jacobian
+// TODO implement affine addition formula
+func (p *G2Affine) Add(a, b *G2Affine) *G2Affine {
+	var p1, p2 G2Jac
+	p1.FromAffine(a)
+	p2.FromAffine(b)
+	p1.AddAssign(&p2)
+	p.FromJacobian(&p1)
+	return p
+}
+
+// Sub subs two point in affine coordinates.
+// This should rarely be used as it is very inneficient compared to Jacobian
+// TODO implement affine addition formula
+func (p *G2Affine) Sub(a, b *G2Affine) *G2Affine {
+	var p1, p2 G2Jac
+	p1.FromAffine(a)
+	p2.FromAffine(b)
+	p1.SubAssign(&p2)
+	p.FromJacobian(&p1)
+	return p
+}
+
 // Equal tests if two points (in Affine coordinates) are equal
 func (p *G2Affine) Equal(a *G2Affine) bool {
 	return p.X.Equal(&a.X) && p.Y.Equal(&a.Y)
diff --git a/ecc/bls12-381/fr/polynomial/kzg/kzg.go b/ecc/bls12-381/fr/polynomial/kzg/kzg.go
index b1c92b5d3..2c03f1996 100644
--- a/ecc/bls12-381/fr/polynomial/kzg/kzg.go
+++ b/ecc/bls12-381/fr/polynomial/kzg/kzg.go
@@ -40,9 +40,7 @@ var (
 )
 
 // Digest commitment of a polynomial.
-type Digest struct {
-	data bls12381.G1Affine
-}
+type Digest = bls12381.G1Affine
 
 // Scheme stores KZG data
 type Scheme struct {
@@ -102,59 +100,6 @@ func NewScheme(size int, alpha fr.Element) *Scheme {
 	return s
 }
 
-// Clone returns a copy of d
-func (d *Digest) Clone() *Digest {
-	var res Digest
-	res.data.Set(&d.data)
-	return &res
-}
-
-// Marshal serializes the point as in bls12381.G1Affine.
-func (d *Digest) Marshal() []byte {
-	return d.data.Marshal()
-}
-
-// Marshal serializes the point as in bls12381.G1Affine.
-func (d *Digest) Unmarshal(buf []byte) error {
-	err := d.data.Unmarshal(buf)
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
-// Add adds two digest. The API and behaviour mimics bls12381.G1Affine's,
-// i.e. the caller is modified.
-func (d *Digest) Add(d1, d2 *Digest) *Digest {
-	var p1, p2 bls12381.G1Jac
-	p1.FromAffine(&d1.data)
-	p2.FromAffine(&d2.data)
-	p1.AddAssign(&p2)
-	d.data.FromJacobian(&p1)
-	return d
-}
-
-// Sub adds two digest. The API and behaviour mimics bls12381.G1Affine's,
-// i.e. the caller is modified.
-func (d *Digest) Sub(d1, d2 *Digest) *Digest {
-	var p1, p2 bls12381.G1Jac
-	p1.FromAffine(&d1.data)
-	p2.FromAffine(&d2.data)
-	p1.SubAssign(&p2)
-	d.data.FromJacobian(&p1)
-	return d
-}
-
-// Add adds two digest. The API and behaviour mimics bls12381.G1Affine's,
-// i.e. the caller is modified.
-func (d *Digest) ScalarMul(d1 *Digest, s big.Int) *Digest {
-	var p1 bls12381.G1Affine
-	p1.Set(&d1.data)
-	p1.ScalarMultiplication(&p1, &s)
-	d.data.Set(&p1)
-	return d
-}
-
 // Marshal serializes a proof as H||point||claimed_value.
 // The point H is not compressed.
 func (p *Proof) Marshal() []byte {
@@ -287,7 +232,7 @@ func (s *Scheme) Commit(p polynomial.Polynomial) (Digest, error) {
 		return Digest{}, errUnsupportedSize
 	}
 
-	var _res bls12381.G1Affine
+	var res bls12381.G1Affine
 
 	// ensure we don't modify p
 	pCopy := make(polynomial.Polynomial, s.Domain.Cardinality)
@@ -298,10 +243,7 @@ func (s *Scheme) Commit(p polynomial.Polynomial) (Digest, error) {
 			pCopy[i].FromMont()
 		}
 	})
-	_res.MultiExp(s.SRS.G1, pCopy)
-
-	var res Digest
-	res.data.Set(&_res)
+	res.MultiExp(s.SRS.G1, pCopy)
 
 	return res, nil
 }
@@ -329,16 +271,13 @@ func (s *Scheme) Open(point *fr.Element, p polynomial.Polynomial) (Proof, error)
 	if err != nil {
 		return Proof{}, err
 	}
-	res.H.Set(&c.data)
+	res.H.Set(&c)
 
 	return res, nil
 }
 
 // Verify verifies a KZG opening proof at a single point
-func (s *Scheme) Verify(d *Digest, proof *Proof) error {
-
-	var _commitment bls12381.G1Affine
-	_commitment.Set(&d.data)
+func (s *Scheme) Verify(commitment *Digest, proof *Proof) error {
 
 	// comm(f(a))
 	var claimedValueG1Aff bls12381.G1Affine
@@ -348,7 +287,7 @@ func (s *Scheme) Verify(d *Digest, proof *Proof) error {
 
 	// [f(alpha) - f(a)]G1Jac
 	var fminusfaG1Jac, tmpG1Jac bls12381.G1Jac
-	fminusfaG1Jac.FromAffine(&_commitment)
+	fminusfaG1Jac.FromAffine(commitment)
 	tmpG1Jac.FromAffine(&claimedValueG1Aff)
 	fminusfaG1Jac.SubAssign(&tmpG1Jac)
 
@@ -446,7 +385,7 @@ func (s *Scheme) BatchOpenSinglePoint(point *fr.Element, digests []Digest, polyn
 		return BatchProofsSinglePoint{}, err
 	}
 
-	res.H.Set(&c.data)
+	res.H.Set(&c)
 
 	return res, nil
 }
@@ -507,7 +446,7 @@ func (s *Scheme) BatchVerifySinglePoint(digests []Digest, batchOpeningProof *Bat
 	var sumGammaiTimesDigestsG1Aff bls12381.G1Affine
 	_digests := make([]bls12381.G1Affine, len(digests))
 	for i := 0; i < len(digests); i++ {
-		_digests[i].Set(&digests[i].data)
+		_digests[i].Set(&digests[i])
 	}
 
 	sumGammaiTimesDigestsG1Aff.MultiExp(_digests, gammai)
diff --git a/ecc/bls12-381/g1.go b/ecc/bls12-381/g1.go
index d257adf34..af92abc03 100644
--- a/ecc/bls12-381/g1.go
+++ b/ecc/bls12-381/g1.go
@@ -59,6 +59,30 @@ func (p *G1Affine) ScalarMultiplication(a *G1Affine, s *big.Int) *G1Affine {
 	return p
 }
 
+// Add adds two point in affine coordinates.
+// This should rarely be used as it is very inneficient compared to Jacobian
+// TODO implement affine addition formula
+func (p *G1Affine) Add(a, b *G1Affine) *G1Affine {
+	var p1, p2 G1Jac
+	p1.FromAffine(a)
+	p2.FromAffine(b)
+	p1.AddAssign(&p2)
+	p.FromJacobian(&p1)
+	return p
+}
+
+// Sub subs two point in affine coordinates.
+// This should rarely be used as it is very inneficient compared to Jacobian
+// TODO implement affine addition formula
+func (p *G1Affine) Sub(a, b *G1Affine) *G1Affine {
+	var p1, p2 G1Jac
+	p1.FromAffine(a)
+	p2.FromAffine(b)
+	p1.SubAssign(&p2)
+	p.FromJacobian(&p1)
+	return p
+}
+
 // Equal tests if two points (in Affine coordinates) are equal
 func (p *G1Affine) Equal(a *G1Affine) bool {
 	return p.X.Equal(&a.X) && p.Y.Equal(&a.Y)
diff --git a/ecc/bls12-381/g2.go b/ecc/bls12-381/g2.go
index eb7115444..e694bd5e0 100644
--- a/ecc/bls12-381/g2.go
+++ b/ecc/bls12-381/g2.go
@@ -64,6 +64,30 @@ func (p *G2Affine) ScalarMultiplication(a *G2Affine, s *big.Int) *G2Affine {
 	return p
 }
 
+// Add adds two point in affine coordinates.
+// This should rarely be used as it is very inneficient compared to Jacobian
+// TODO implement affine addition formula
+func (p *G2Affine) Add(a, b *G2Affine) *G2Affine {
+	var p1, p2 G2Jac
+	p1.FromAffine(a)
+	p2.FromAffine(b)
+	p1.AddAssign(&p2)
+	p.FromJacobian(&p1)
+	return p
+}
+
+// Sub subs two point in affine coordinates.
+// This should rarely be used as it is very inneficient compared to Jacobian
+// TODO implement affine addition formula
+func (p *G2Affine) Sub(a, b *G2Affine) *G2Affine {
+	var p1, p2 G2Jac
+	p1.FromAffine(a)
+	p2.FromAffine(b)
+	p1.SubAssign(&p2)
+	p.FromJacobian(&p1)
+	return p
+}
+
 // Equal tests if two points (in Affine coordinates) are equal
 func (p *G2Affine) Equal(a *G2Affine) bool {
 	return p.X.Equal(&a.X) && p.Y.Equal(&a.Y)
diff --git a/ecc/bls24-315/fr/polynomial/kzg/kzg.go b/ecc/bls24-315/fr/polynomial/kzg/kzg.go
index dbc0c0e4e..b3f78998d 100644
--- a/ecc/bls24-315/fr/polynomial/kzg/kzg.go
+++ b/ecc/bls24-315/fr/polynomial/kzg/kzg.go
@@ -40,9 +40,7 @@ var (
 )
 
 // Digest commitment of a polynomial.
-type Digest struct {
-	data bls24315.G1Affine
-}
+type Digest = bls24315.G1Affine
 
 // Scheme stores KZG data
 type Scheme struct {
@@ -102,59 +100,6 @@ func NewScheme(size int, alpha fr.Element) *Scheme {
 	return s
 }
 
-// Clone returns a copy of d
-func (d *Digest) Clone() *Digest {
-	var res Digest
-	res.data.Set(&d.data)
-	return &res
-}
-
-// Marshal serializes the point as in bls24315.G1Affine.
-func (d *Digest) Marshal() []byte {
-	return d.data.Marshal()
-}
-
-// Marshal serializes the point as in bls24315.G1Affine.
-func (d *Digest) Unmarshal(buf []byte) error {
-	err := d.data.Unmarshal(buf)
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
-// Add adds two digest. The API and behaviour mimics bls24315.G1Affine's,
-// i.e. the caller is modified.
-func (d *Digest) Add(d1, d2 *Digest) *Digest {
-	var p1, p2 bls24315.G1Jac
-	p1.FromAffine(&d1.data)
-	p2.FromAffine(&d2.data)
-	p1.AddAssign(&p2)
-	d.data.FromJacobian(&p1)
-	return d
-}
-
-// Sub adds two digest. The API and behaviour mimics bls24315.G1Affine's,
-// i.e. the caller is modified.
-func (d *Digest) Sub(d1, d2 *Digest) *Digest {
-	var p1, p2 bls24315.G1Jac
-	p1.FromAffine(&d1.data)
-	p2.FromAffine(&d2.data)
-	p1.SubAssign(&p2)
-	d.data.FromJacobian(&p1)
-	return d
-}
-
-// Add adds two digest. The API and behaviour mimics bls24315.G1Affine's,
-// i.e. the caller is modified.
-func (d *Digest) ScalarMul(d1 *Digest, s big.Int) *Digest {
-	var p1 bls24315.G1Affine
-	p1.Set(&d1.data)
-	p1.ScalarMultiplication(&p1, &s)
-	d.data.Set(&p1)
-	return d
-}
-
 // Marshal serializes a proof as H||point||claimed_value.
 // The point H is not compressed.
 func (p *Proof) Marshal() []byte {
@@ -287,7 +232,7 @@ func (s *Scheme) Commit(p polynomial.Polynomial) (Digest, error) {
 		return Digest{}, errUnsupportedSize
 	}
 
-	var _res bls24315.G1Affine
+	var res bls24315.G1Affine
 
 	// ensure we don't modify p
 	pCopy := make(polynomial.Polynomial, s.Domain.Cardinality)
@@ -298,10 +243,7 @@ func (s *Scheme) Commit(p polynomial.Polynomial) (Digest, error) {
 			pCopy[i].FromMont()
 		}
 	})
-	_res.MultiExp(s.SRS.G1, pCopy)
-
-	var res Digest
-	res.data.Set(&_res)
+	res.MultiExp(s.SRS.G1, pCopy)
 
 	return res, nil
 }
@@ -329,16 +271,13 @@ func (s *Scheme) Open(point *fr.Element, p polynomial.Polynomial) (Proof, error)
 	if err != nil {
 		return Proof{}, err
 	}
-	res.H.Set(&c.data)
+	res.H.Set(&c)
 
 	return res, nil
 }
 
 // Verify verifies a KZG opening proof at a single point
-func (s *Scheme) Verify(d *Digest, proof *Proof) error {
-
-	var _commitment bls24315.G1Affine
-	_commitment.Set(&d.data)
+func (s *Scheme) Verify(commitment *Digest, proof *Proof) error {
 
 	// comm(f(a))
 	var claimedValueG1Aff bls24315.G1Affine
@@ -348,7 +287,7 @@ func (s *Scheme) Verify(d *Digest, proof *Proof) error {
 
 	// [f(alpha) - f(a)]G1Jac
 	var fminusfaG1Jac, tmpG1Jac bls24315.G1Jac
-	fminusfaG1Jac.FromAffine(&_commitment)
+	fminusfaG1Jac.FromAffine(commitment)
 	tmpG1Jac.FromAffine(&claimedValueG1Aff)
 	fminusfaG1Jac.SubAssign(&tmpG1Jac)
 
@@ -446,7 +385,7 @@ func (s *Scheme) BatchOpenSinglePoint(point *fr.Element, digests []Digest, polyn
 		return BatchProofsSinglePoint{}, err
 	}
 
-	res.H.Set(&c.data)
+	res.H.Set(&c)
 
 	return res, nil
 }
@@ -507,7 +446,7 @@ func (s *Scheme) BatchVerifySinglePoint(digests []Digest, batchOpeningProof *Bat
 	var sumGammaiTimesDigestsG1Aff bls24315.G1Affine
 	_digests := make([]bls24315.G1Affine, len(digests))
 	for i := 0; i < len(digests); i++ {
-		_digests[i].Set(&digests[i].data)
+		_digests[i].Set(&digests[i])
 	}
 
 	sumGammaiTimesDigestsG1Aff.MultiExp(_digests, gammai)
diff --git a/ecc/bls24-315/g1.go b/ecc/bls24-315/g1.go
index f1d23570c..9a9f20713 100644
--- a/ecc/bls24-315/g1.go
+++ b/ecc/bls24-315/g1.go
@@ -59,6 +59,30 @@ func (p *G1Affine) ScalarMultiplication(a *G1Affine, s *big.Int) *G1Affine {
 	return p
 }
 
+// Add adds two point in affine coordinates.
+// This should rarely be used as it is very inneficient compared to Jacobian
+// TODO implement affine addition formula
+func (p *G1Affine) Add(a, b *G1Affine) *G1Affine {
+	var p1, p2 G1Jac
+	p1.FromAffine(a)
+	p2.FromAffine(b)
+	p1.AddAssign(&p2)
+	p.FromJacobian(&p1)
+	return p
+}
+
+// Sub subs two point in affine coordinates.
+// This should rarely be used as it is very inneficient compared to Jacobian
+// TODO implement affine addition formula
+func (p *G1Affine) Sub(a, b *G1Affine) *G1Affine {
+	var p1, p2 G1Jac
+	p1.FromAffine(a)
+	p2.FromAffine(b)
+	p1.SubAssign(&p2)
+	p.FromJacobian(&p1)
+	return p
+}
+
 // Equal tests if two points (in Affine coordinates) are equal
 func (p *G1Affine) Equal(a *G1Affine) bool {
 	return p.X.Equal(&a.X) && p.Y.Equal(&a.Y)
diff --git a/ecc/bls24-315/g2.go b/ecc/bls24-315/g2.go
index e5f2841d7..9bc9930ac 100644
--- a/ecc/bls24-315/g2.go
+++ b/ecc/bls24-315/g2.go
@@ -64,6 +64,30 @@ func (p *G2Affine) ScalarMultiplication(a *G2Affine, s *big.Int) *G2Affine {
 	return p
 }
 
+// Add adds two point in affine coordinates.
+// This should rarely be used as it is very inneficient compared to Jacobian
+// TODO implement affine addition formula
+func (p *G2Affine) Add(a, b *G2Affine) *G2Affine {
+	var p1, p2 G2Jac
+	p1.FromAffine(a)
+	p2.FromAffine(b)
+	p1.AddAssign(&p2)
+	p.FromJacobian(&p1)
+	return p
+}
+
+// Sub subs two point in affine coordinates.
+// This should rarely be used as it is very inneficient compared to Jacobian
+// TODO implement affine addition formula
+func (p *G2Affine) Sub(a, b *G2Affine) *G2Affine {
+	var p1, p2 G2Jac
+	p1.FromAffine(a)
+	p2.FromAffine(b)
+	p1.SubAssign(&p2)
+	p.FromJacobian(&p1)
+	return p
+}
+
 // Equal tests if two points (in Affine coordinates) are equal
 func (p *G2Affine) Equal(a *G2Affine) bool {
 	return p.X.Equal(&a.X) && p.Y.Equal(&a.Y)
diff --git a/ecc/bn254/fr/polynomial/kzg/kzg.go b/ecc/bn254/fr/polynomial/kzg/kzg.go
index 03738f430..ceb4c006b 100644
--- a/ecc/bn254/fr/polynomial/kzg/kzg.go
+++ b/ecc/bn254/fr/polynomial/kzg/kzg.go
@@ -40,9 +40,7 @@ var (
 )
 
 // Digest commitment of a polynomial.
-type Digest struct {
-	data bn254.G1Affine
-}
+type Digest = bn254.G1Affine
 
 // Scheme stores KZG data
 type Scheme struct {
@@ -102,59 +100,6 @@ func NewScheme(size int, alpha fr.Element) *Scheme {
 	return s
 }
 
-// Clone returns a copy of d
-func (d *Digest) Clone() *Digest {
-	var res Digest
-	res.data.Set(&d.data)
-	return &res
-}
-
-// Marshal serializes the point as in bn254.G1Affine.
-func (d *Digest) Marshal() []byte {
-	return d.data.Marshal()
-}
-
-// Marshal serializes the point as in bn254.G1Affine.
-func (d *Digest) Unmarshal(buf []byte) error {
-	err := d.data.Unmarshal(buf)
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
-// Add adds two digest. The API and behaviour mimics bn254.G1Affine's,
-// i.e. the caller is modified.
-func (d *Digest) Add(d1, d2 *Digest) *Digest {
-	var p1, p2 bn254.G1Jac
-	p1.FromAffine(&d1.data)
-	p2.FromAffine(&d2.data)
-	p1.AddAssign(&p2)
-	d.data.FromJacobian(&p1)
-	return d
-}
-
-// Sub adds two digest. The API and behaviour mimics bn254.G1Affine's,
-// i.e. the caller is modified.
-func (d *Digest) Sub(d1, d2 *Digest) *Digest {
-	var p1, p2 bn254.G1Jac
-	p1.FromAffine(&d1.data)
-	p2.FromAffine(&d2.data)
-	p1.SubAssign(&p2)
-	d.data.FromJacobian(&p1)
-	return d
-}
-
-// Add adds two digest. The API and behaviour mimics bn254.G1Affine's,
-// i.e. the caller is modified.
-func (d *Digest) ScalarMul(d1 *Digest, s big.Int) *Digest {
-	var p1 bn254.G1Affine
-	p1.Set(&d1.data)
-	p1.ScalarMultiplication(&p1, &s)
-	d.data.Set(&p1)
-	return d
-}
-
 // Marshal serializes a proof as H||point||claimed_value.
 // The point H is not compressed.
 func (p *Proof) Marshal() []byte {
@@ -287,7 +232,7 @@ func (s *Scheme) Commit(p polynomial.Polynomial) (Digest, error) {
 		return Digest{}, errUnsupportedSize
 	}
 
-	var _res bn254.G1Affine
+	var res bn254.G1Affine
 
 	// ensure we don't modify p
 	pCopy := make(polynomial.Polynomial, s.Domain.Cardinality)
@@ -298,10 +243,7 @@ func (s *Scheme) Commit(p polynomial.Polynomial) (Digest, error) {
 			pCopy[i].FromMont()
 		}
 	})
-	_res.MultiExp(s.SRS.G1, pCopy)
-
-	var res Digest
-	res.data.Set(&_res)
+	res.MultiExp(s.SRS.G1, pCopy)
 
 	return res, nil
 }
@@ -329,16 +271,13 @@ func (s *Scheme) Open(point *fr.Element, p polynomial.Polynomial) (Proof, error)
 	if err != nil {
 		return Proof{}, err
 	}
-	res.H.Set(&c.data)
+	res.H.Set(&c)
 
 	return res, nil
 }
 
 // Verify verifies a KZG opening proof at a single point
-func (s *Scheme) Verify(d *Digest, proof *Proof) error {
-
-	var _commitment bn254.G1Affine
-	_commitment.Set(&d.data)
+func (s *Scheme) Verify(commitment *Digest, proof *Proof) error {
 
 	// comm(f(a))
 	var claimedValueG1Aff bn254.G1Affine
@@ -348,7 +287,7 @@ func (s *Scheme) Verify(d *Digest, proof *Proof) error {
 
 	// [f(alpha) - f(a)]G1Jac
 	var fminusfaG1Jac, tmpG1Jac bn254.G1Jac
-	fminusfaG1Jac.FromAffine(&_commitment)
+	fminusfaG1Jac.FromAffine(commitment)
 	tmpG1Jac.FromAffine(&claimedValueG1Aff)
 	fminusfaG1Jac.SubAssign(&tmpG1Jac)
 
@@ -446,7 +385,7 @@ func (s *Scheme) BatchOpenSinglePoint(point *fr.Element, digests []Digest, polyn
 		return BatchProofsSinglePoint{}, err
 	}
 
-	res.H.Set(&c.data)
+	res.H.Set(&c)
 
 	return res, nil
 }
@@ -507,7 +446,7 @@ func (s *Scheme) BatchVerifySinglePoint(digests []Digest, batchOpeningProof *Bat
 	var sumGammaiTimesDigestsG1Aff bn254.G1Affine
 	_digests := make([]bn254.G1Affine, len(digests))
 	for i := 0; i < len(digests); i++ {
-		_digests[i].Set(&digests[i].data)
+		_digests[i].Set(&digests[i])
 	}
 
 	sumGammaiTimesDigestsG1Aff.MultiExp(_digests, gammai)
diff --git a/ecc/bn254/g1.go b/ecc/bn254/g1.go
index 11eca08f7..b92e8bb0a 100644
--- a/ecc/bn254/g1.go
+++ b/ecc/bn254/g1.go
@@ -59,6 +59,30 @@ func (p *G1Affine) ScalarMultiplication(a *G1Affine, s *big.Int) *G1Affine {
 	return p
 }
 
+// Add adds two point in affine coordinates.
+// This should rarely be used as it is very inneficient compared to Jacobian
+// TODO implement affine addition formula
+func (p *G1Affine) Add(a, b *G1Affine) *G1Affine {
+	var p1, p2 G1Jac
+	p1.FromAffine(a)
+	p2.FromAffine(b)
+	p1.AddAssign(&p2)
+	p.FromJacobian(&p1)
+	return p
+}
+
+// Sub subs two point in affine coordinates.
+// This should rarely be used as it is very inneficient compared to Jacobian
+// TODO implement affine addition formula
+func (p *G1Affine) Sub(a, b *G1Affine) *G1Affine {
+	var p1, p2 G1Jac
+	p1.FromAffine(a)
+	p2.FromAffine(b)
+	p1.SubAssign(&p2)
+	p.FromJacobian(&p1)
+	return p
+}
+
 // Equal tests if two points (in Affine coordinates) are equal
 func (p *G1Affine) Equal(a *G1Affine) bool {
 	return p.X.Equal(&a.X) && p.Y.Equal(&a.Y)
diff --git a/ecc/bn254/g2.go b/ecc/bn254/g2.go
index bdd53a471..8cd7322e6 100644
--- a/ecc/bn254/g2.go
+++ b/ecc/bn254/g2.go
@@ -64,6 +64,30 @@ func (p *G2Affine) ScalarMultiplication(a *G2Affine, s *big.Int) *G2Affine {
 	return p
 }
 
+// Add adds two point in affine coordinates.
+// This should rarely be used as it is very inneficient compared to Jacobian
+// TODO implement affine addition formula
+func (p *G2Affine) Add(a, b *G2Affine) *G2Affine {
+	var p1, p2 G2Jac
+	p1.FromAffine(a)
+	p2.FromAffine(b)
+	p1.AddAssign(&p2)
+	p.FromJacobian(&p1)
+	return p
+}
+
+// Sub subs two point in affine coordinates.
+// This should rarely be used as it is very inneficient compared to Jacobian
+// TODO implement affine addition formula
+func (p *G2Affine) Sub(a, b *G2Affine) *G2Affine {
+	var p1, p2 G2Jac
+	p1.FromAffine(a)
+	p2.FromAffine(b)
+	p1.SubAssign(&p2)
+	p.FromJacobian(&p1)
+	return p
+}
+
 // Equal tests if two points (in Affine coordinates) are equal
 func (p *G2Affine) Equal(a *G2Affine) bool {
 	return p.X.Equal(&a.X) && p.Y.Equal(&a.Y)
diff --git a/ecc/bw6-761/fr/polynomial/kzg/kzg.go b/ecc/bw6-761/fr/polynomial/kzg/kzg.go
index 6772aefdc..6850057b7 100644
--- a/ecc/bw6-761/fr/polynomial/kzg/kzg.go
+++ b/ecc/bw6-761/fr/polynomial/kzg/kzg.go
@@ -40,9 +40,7 @@ var (
 )
 
 // Digest commitment of a polynomial.
-type Digest struct {
-	data bw6761.G1Affine
-}
+type Digest = bw6761.G1Affine
 
 // Scheme stores KZG data
 type Scheme struct {
@@ -102,59 +100,6 @@ func NewScheme(size int, alpha fr.Element) *Scheme {
 	return s
 }
 
-// Clone returns a copy of d
-func (d *Digest) Clone() *Digest {
-	var res Digest
-	res.data.Set(&d.data)
-	return &res
-}
-
-// Marshal serializes the point as in bw6761.G1Affine.
-func (d *Digest) Marshal() []byte {
-	return d.data.Marshal()
-}
-
-// Marshal serializes the point as in bw6761.G1Affine.
-func (d *Digest) Unmarshal(buf []byte) error {
-	err := d.data.Unmarshal(buf)
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
-// Add adds two digest. The API and behaviour mimics bw6761.G1Affine's,
-// i.e. the caller is modified.
-func (d *Digest) Add(d1, d2 *Digest) *Digest {
-	var p1, p2 bw6761.G1Jac
-	p1.FromAffine(&d1.data)
-	p2.FromAffine(&d2.data)
-	p1.AddAssign(&p2)
-	d.data.FromJacobian(&p1)
-	return d
-}
-
-// Sub adds two digest. The API and behaviour mimics bw6761.G1Affine's,
-// i.e. the caller is modified.
-func (d *Digest) Sub(d1, d2 *Digest) *Digest {
-	var p1, p2 bw6761.G1Jac
-	p1.FromAffine(&d1.data)
-	p2.FromAffine(&d2.data)
-	p1.SubAssign(&p2)
-	d.data.FromJacobian(&p1)
-	return d
-}
-
-// Add adds two digest. The API and behaviour mimics bw6761.G1Affine's,
-// i.e. the caller is modified.
-func (d *Digest) ScalarMul(d1 *Digest, s big.Int) *Digest {
-	var p1 bw6761.G1Affine
-	p1.Set(&d1.data)
-	p1.ScalarMultiplication(&p1, &s)
-	d.data.Set(&p1)
-	return d
-}
-
 // Marshal serializes a proof as H||point||claimed_value.
 // The point H is not compressed.
 func (p *Proof) Marshal() []byte {
@@ -287,7 +232,7 @@ func (s *Scheme) Commit(p polynomial.Polynomial) (Digest, error) {
 		return Digest{}, errUnsupportedSize
 	}
 
-	var _res bw6761.G1Affine
+	var res bw6761.G1Affine
 
 	// ensure we don't modify p
 	pCopy := make(polynomial.Polynomial, s.Domain.Cardinality)
@@ -298,10 +243,7 @@ func (s *Scheme) Commit(p polynomial.Polynomial) (Digest, error) {
 			pCopy[i].FromMont()
 		}
 	})
-	_res.MultiExp(s.SRS.G1, pCopy)
-
-	var res Digest
-	res.data.Set(&_res)
+	res.MultiExp(s.SRS.G1, pCopy)
 
 	return res, nil
 }
@@ -329,16 +271,13 @@ func (s *Scheme) Open(point *fr.Element, p polynomial.Polynomial) (Proof, error)
 	if err != nil {
 		return Proof{}, err
 	}
-	res.H.Set(&c.data)
+	res.H.Set(&c)
 
 	return res, nil
 }
 
 // Verify verifies a KZG opening proof at a single point
-func (s *Scheme) Verify(d *Digest, proof *Proof) error {
-
-	var _commitment bw6761.G1Affine
-	_commitment.Set(&d.data)
+func (s *Scheme) Verify(commitment *Digest, proof *Proof) error {
 
 	// comm(f(a))
 	var claimedValueG1Aff bw6761.G1Affine
@@ -348,7 +287,7 @@ func (s *Scheme) Verify(d *Digest, proof *Proof) error {
 
 	// [f(alpha) - f(a)]G1Jac
 	var fminusfaG1Jac, tmpG1Jac bw6761.G1Jac
-	fminusfaG1Jac.FromAffine(&_commitment)
+	fminusfaG1Jac.FromAffine(commitment)
 	tmpG1Jac.FromAffine(&claimedValueG1Aff)
 	fminusfaG1Jac.SubAssign(&tmpG1Jac)
 
@@ -446,7 +385,7 @@ func (s *Scheme) BatchOpenSinglePoint(point *fr.Element, digests []Digest, polyn
 		return BatchProofsSinglePoint{}, err
 	}
 
-	res.H.Set(&c.data)
+	res.H.Set(&c)
 
 	return res, nil
 }
@@ -507,7 +446,7 @@ func (s *Scheme) BatchVerifySinglePoint(digests []Digest, batchOpeningProof *Bat
 	var sumGammaiTimesDigestsG1Aff bw6761.G1Affine
 	_digests := make([]bw6761.G1Affine, len(digests))
 	for i := 0; i < len(digests); i++ {
-		_digests[i].Set(&digests[i].data)
+		_digests[i].Set(&digests[i])
 	}
 
 	sumGammaiTimesDigestsG1Aff.MultiExp(_digests, gammai)
diff --git a/ecc/bw6-761/g1.go b/ecc/bw6-761/g1.go
index b33c58f69..0a62b9763 100644
--- a/ecc/bw6-761/g1.go
+++ b/ecc/bw6-761/g1.go
@@ -59,6 +59,30 @@ func (p *G1Affine) ScalarMultiplication(a *G1Affine, s *big.Int) *G1Affine {
 	return p
 }
 
+// Add adds two point in affine coordinates.
+// This should rarely be used as it is very inneficient compared to Jacobian
+// TODO implement affine addition formula
+func (p *G1Affine) Add(a, b *G1Affine) *G1Affine {
+	var p1, p2 G1Jac
+	p1.FromAffine(a)
+	p2.FromAffine(b)
+	p1.AddAssign(&p2)
+	p.FromJacobian(&p1)
+	return p
+}
+
+// Sub subs two point in affine coordinates.
+// This should rarely be used as it is very inneficient compared to Jacobian
+// TODO implement affine addition formula
+func (p *G1Affine) Sub(a, b *G1Affine) *G1Affine {
+	var p1, p2 G1Jac
+	p1.FromAffine(a)
+	p2.FromAffine(b)
+	p1.SubAssign(&p2)
+	p.FromJacobian(&p1)
+	return p
+}
+
 // Equal tests if two points (in Affine coordinates) are equal
 func (p *G1Affine) Equal(a *G1Affine) bool {
 	return p.X.Equal(&a.X) && p.Y.Equal(&a.Y)
diff --git a/ecc/bw6-761/g2.go b/ecc/bw6-761/g2.go
index 92ddefa31..a14a3ff85 100644
--- a/ecc/bw6-761/g2.go
+++ b/ecc/bw6-761/g2.go
@@ -64,6 +64,30 @@ func (p *G2Affine) ScalarMultiplication(a *G2Affine, s *big.Int) *G2Affine {
 	return p
 }
 
+// Add adds two point in affine coordinates.
+// This should rarely be used as it is very inneficient compared to Jacobian
+// TODO implement affine addition formula
+func (p *G2Affine) Add(a, b *G2Affine) *G2Affine {
+	var p1, p2 G2Jac
+	p1.FromAffine(a)
+	p2.FromAffine(b)
+	p1.AddAssign(&p2)
+	p.FromJacobian(&p1)
+	return p
+}
+
+// Sub subs two point in affine coordinates.
+// This should rarely be used as it is very inneficient compared to Jacobian
+// TODO implement affine addition formula
+func (p *G2Affine) Sub(a, b *G2Affine) *G2Affine {
+	var p1, p2 G2Jac
+	p1.FromAffine(a)
+	p2.FromAffine(b)
+	p1.SubAssign(&p2)
+	p.FromJacobian(&p1)
+	return p
+}
+
 // Equal tests if two points (in Affine coordinates) are equal
 func (p *G2Affine) Equal(a *G2Affine) bool {
 	return p.X.Equal(&a.X) && p.Y.Equal(&a.Y)
diff --git a/internal/generator/ecc/template/point.go.tmpl b/internal/generator/ecc/template/point.go.tmpl
index 3d20fece0..05849a34c 100644
--- a/internal/generator/ecc/template/point.go.tmpl
+++ b/internal/generator/ecc/template/point.go.tmpl
@@ -61,6 +61,29 @@ func (p *{{ $TAffine }}) ScalarMultiplication(a *{{ $TAffine }}, s *big.Int) *{{
 	return p
 }
 
+// Add adds two point in affine coordinates. 
+// This should rarely be used as it is very inneficient compared to Jacobian 
+// TODO implement affine addition formula
+func (p *{{ $TAffine }}) Add(a, b *{{ $TAffine }}) *{{ $TAffine }} {
+	var p1, p2 {{ $TJacobian }}
+	p1.FromAffine(a)
+	p2.FromAffine(b)
+	p1.AddAssign(&p2)
+	p.FromJacobian(&p1)
+	return p
+}
+
+// Sub subs two point in affine coordinates. 
+// This should rarely be used as it is very inneficient compared to Jacobian 
+// TODO implement affine addition formula
+func (p *{{ $TAffine }}) Sub(a, b *{{ $TAffine }}) *{{ $TAffine }} {
+	var p1, p2 {{ $TJacobian }}
+	p1.FromAffine(a)
+	p2.FromAffine(b)
+	p1.SubAssign(&p2)
+	p.FromJacobian(&p1)
+	return p
+}
 
 
 // Equal tests if two points (in Affine coordinates) are equal
diff --git a/internal/generator/polynomial/template/commitment_kzg/kzg.go.tmpl b/internal/generator/polynomial/template/commitment_kzg/kzg.go.tmpl
index bd0a32d45..1e8b42b7f 100644
--- a/internal/generator/polynomial/template/commitment_kzg/kzg.go.tmpl
+++ b/internal/generator/polynomial/template/commitment_kzg/kzg.go.tmpl
@@ -22,9 +22,7 @@ var (
 )
 
 // Digest commitment of a polynomial.
-type Digest struct {
-	data {{ .CurvePackage }}.G1Affine
-}
+type Digest = {{ .CurvePackage }}.G1Affine
 
 // Scheme stores KZG data
 type Scheme struct {
@@ -84,58 +82,6 @@ func NewScheme(size int, alpha fr.Element) *Scheme {
 	return s
 }
 
-// Clone returns a copy of d
-func (d *Digest) Clone() *Digest {
-	var res Digest
-	res.data.Set(&d.data)
-	return &res
-}
-
-// Marshal serializes the point as in {{ .CurvePackage }}.G1Affine.
-func (d *Digest) Marshal() []byte {
-	return d.data.Marshal()
-}
-
-// Marshal serializes the point as in {{ .CurvePackage }}.G1Affine.
-func (d *Digest) Unmarshal(buf []byte) error {
-	err := d.data.Unmarshal(buf)
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
-// Add adds two digest. The API and behaviour mimics {{ .CurvePackage }}.G1Affine's,
-// i.e. the caller is modified.
-func (d *Digest) Add(d1, d2 *Digest) *Digest {
-	var p1, p2 {{ .CurvePackage }}.G1Jac
-	p1.FromAffine(&d1.data)
-	p2.FromAffine(&d2.data)
-	p1.AddAssign(&p2)
-	d.data.FromJacobian(&p1)
-	return d
-}
-
-// Sub adds two digest. The API and behaviour mimics {{ .CurvePackage }}.G1Affine's,
-// i.e. the caller is modified.
-func (d *Digest) Sub(d1, d2 *Digest) *Digest {
-	var p1, p2 {{ .CurvePackage }}.G1Jac
-	p1.FromAffine(&d1.data)
-	p2.FromAffine(&d2.data)
-	p1.SubAssign(&p2)
-	d.data.FromJacobian(&p1)
-	return d
-}
-
-// Add adds two digest. The API and behaviour mimics {{ .CurvePackage }}.G1Affine's,
-// i.e. the caller is modified.
-func (d *Digest) ScalarMul(d1 *Digest, s big.Int) *Digest {
-	var p1 {{ .CurvePackage }}.G1Affine
-	p1.Set(&d1.data)
-	p1.ScalarMultiplication(&p1, &s)
-	d.data.Set(&p1)
-	return d
-}
 
 // Marshal serializes a proof as H||point||claimed_value.
 // The point H is not compressed.
@@ -269,7 +215,7 @@ func (s *Scheme) Commit(p polynomial.Polynomial) (Digest, error) {
 		return Digest{}, errUnsupportedSize
 	}
 
-	var _res {{ .CurvePackage }}.G1Affine
+	var res {{ .CurvePackage }}.G1Affine
 	
 
 	// ensure we don't modify p
@@ -281,10 +227,7 @@ func (s *Scheme) Commit(p polynomial.Polynomial) (Digest, error) {
 			pCopy[i].FromMont()
 		}
 	})
-	_res.MultiExp(s.SRS.G1, pCopy)
-
-	var res Digest
-	res.data.Set(&_res)
+	res.MultiExp(s.SRS.G1, pCopy)
 
 	return res, nil
 }
@@ -312,16 +255,13 @@ func (s *Scheme) Open(point *fr.Element, p polynomial.Polynomial) (Proof, error)
 	if err != nil {
 		return Proof{}, err
 	}
-	res.H.Set(&c.data)
+	res.H.Set(&c)
 
 	return res, nil
 }
 
 // Verify verifies a KZG opening proof at a single point
-func (s *Scheme) Verify(d *Digest, proof *Proof) error {
-
-	var _commitment {{ .CurvePackage }}.G1Affine
-	_commitment.Set(&d.data)
+func (s *Scheme) Verify(commitment *Digest, proof *Proof) error {
 
 	// comm(f(a))
 	var claimedValueG1Aff {{ .CurvePackage }}.G1Affine
@@ -331,7 +271,7 @@ func (s *Scheme) Verify(d *Digest, proof *Proof) error {
 
 	// [f(alpha) - f(a)]G1Jac
 	var fminusfaG1Jac, tmpG1Jac {{ .CurvePackage }}.G1Jac
-	fminusfaG1Jac.FromAffine(&_commitment)
+	fminusfaG1Jac.FromAffine(commitment)
 	tmpG1Jac.FromAffine(&claimedValueG1Aff)
 	fminusfaG1Jac.SubAssign(&tmpG1Jac)
 
@@ -429,7 +369,7 @@ func (s *Scheme) BatchOpenSinglePoint(point *fr.Element, digests []Digest, polyn
 		return BatchProofsSinglePoint{}, err
 	}
 
-	res.H.Set(&c.data)
+	res.H.Set(&c)
 
 	return res, nil
 }
@@ -491,7 +431,7 @@ func (s *Scheme) BatchVerifySinglePoint(digests []Digest, batchOpeningProof *Bat
 	var sumGammaiTimesDigestsG1Aff {{ .CurvePackage }}.G1Affine
 	_digests := make([]{{ .CurvePackage }}.G1Affine, len(digests))
 	for i := 0; i < len(digests); i++ {
-		_digests[i].Set(&digests[i].data)
+		_digests[i].Set(&digests[i])
 	}
 
 	sumGammaiTimesDigestsG1Aff.MultiExp(_digests, gammai)

From c6ce0b3012d92d51a85472fb869da8415f7d3721 Mon Sep 17 00:00:00 2001
From: Gautam Botrel <gautam.botrel@gmail.com>
Date: Wed, 16 Jun 2021 10:15:14 -0500
Subject: [PATCH 09/13] style: code cleaning in kzg

---
 ecc/bls12-377/fr/polynomial/kzg/kzg.go        | 22 ++++++++-----------
 ecc/bls12-381/fr/polynomial/kzg/kzg.go        | 22 ++++++++-----------
 ecc/bls24-315/fr/polynomial/kzg/kzg.go        | 22 ++++++++-----------
 ecc/bn254/fr/polynomial/kzg/kzg.go            | 22 ++++++++-----------
 ecc/bw6-761/fr/polynomial/kzg/kzg.go          | 22 ++++++++-----------
 .../template/commitment_kzg/kzg.go.tmpl       | 22 ++++++++-----------
 6 files changed, 54 insertions(+), 78 deletions(-)

diff --git a/ecc/bls12-377/fr/polynomial/kzg/kzg.go b/ecc/bls12-377/fr/polynomial/kzg/kzg.go
index fe0ad0b3b..2ad592456 100644
--- a/ecc/bls12-377/fr/polynomial/kzg/kzg.go
+++ b/ecc/bls12-377/fr/polynomial/kzg/kzg.go
@@ -25,18 +25,15 @@ import (
 	"github.com/consensys/gnark-crypto/ecc/bls12-377/fr"
 	"github.com/consensys/gnark-crypto/ecc/bls12-377/fr/fft"
 	"github.com/consensys/gnark-crypto/ecc/bls12-377/fr/polynomial"
-	fiatshamir "github.com/consensys/gnark-crypto/fiat-shamir"
+	"github.com/consensys/gnark-crypto/fiat-shamir"
 	"github.com/consensys/gnark-crypto/internal/parallel"
 )
 
 var (
-	errNbDigestsNeqNbPolynomials = errors.New("number of digests is not the same as the number of polynomials")
-	errUnsupportedSize           = errors.New("the size of the polynomials exceeds the capacity of the SRS")
-)
-
-var (
-	ErrVerifyOpeningProof            = errors.New("error verifying opening proof")
-	ErrVerifyBatchOpeningSinglePoint = errors.New("error verifying batch opening proof at single point")
+	ErrInvalidNbDigests              = errors.New("number of digests is not the same as the number of polynomials")
+	ErrInvalidSize                   = errors.New("the size of the polynomials exceeds the capacity of the SRS")
+	ErrVerifyOpeningProof            = errors.New("can't verify opening proof")
+	ErrVerifyBatchOpeningSinglePoint = errors.New("can't verify batch opening proof at single point")
 )
 
 // Digest commitment of a polynomial.
@@ -74,8 +71,7 @@ func NewScheme(size int, alpha fr.Element) *Scheme {
 
 	s := &Scheme{}
 
-	d := fft.NewDomain(uint64(size), 0, false)
-	s.Domain = *d
+	s.Domain = *fft.NewDomain(uint64(size), 0, false)
 	s.SRS.G1 = make([]bls12377.G1Affine, size)
 
 	var bAlpha big.Int
@@ -229,7 +225,7 @@ func (s *Scheme) ReadFrom(r io.Reader) (int64, error) {
 func (s *Scheme) Commit(p polynomial.Polynomial) (Digest, error) {
 
 	if p.Degree() >= s.Domain.Cardinality {
-		return Digest{}, errUnsupportedSize
+		return Digest{}, ErrInvalidSize
 	}
 
 	var res bls12377.G1Affine
@@ -336,7 +332,7 @@ func (s *Scheme) BatchOpenSinglePoint(point *fr.Element, digests []Digest, polyn
 
 	nbDigests := len(digests)
 	if nbDigests != len(polynomials) {
-		return BatchProofsSinglePoint{}, errNbDigestsNeqNbPolynomials
+		return BatchProofsSinglePoint{}, ErrInvalidNbDigests
 	}
 
 	var res BatchProofsSinglePoint
@@ -401,7 +397,7 @@ func (s *Scheme) BatchVerifySinglePoint(digests []Digest, batchOpeningProof *Bat
 
 	// check consistancy between numbers of claims vs number of digests
 	if len(digests) != len(batchOpeningProof.ClaimedValues) {
-		return errNbDigestsNeqNbPolynomials
+		return ErrInvalidNbDigests
 	}
 
 	// derive the challenge gamma, binded to the point and the commitments
diff --git a/ecc/bls12-381/fr/polynomial/kzg/kzg.go b/ecc/bls12-381/fr/polynomial/kzg/kzg.go
index 2c03f1996..1ebbec087 100644
--- a/ecc/bls12-381/fr/polynomial/kzg/kzg.go
+++ b/ecc/bls12-381/fr/polynomial/kzg/kzg.go
@@ -25,18 +25,15 @@ import (
 	"github.com/consensys/gnark-crypto/ecc/bls12-381/fr"
 	"github.com/consensys/gnark-crypto/ecc/bls12-381/fr/fft"
 	"github.com/consensys/gnark-crypto/ecc/bls12-381/fr/polynomial"
-	fiatshamir "github.com/consensys/gnark-crypto/fiat-shamir"
+	"github.com/consensys/gnark-crypto/fiat-shamir"
 	"github.com/consensys/gnark-crypto/internal/parallel"
 )
 
 var (
-	errNbDigestsNeqNbPolynomials = errors.New("number of digests is not the same as the number of polynomials")
-	errUnsupportedSize           = errors.New("the size of the polynomials exceeds the capacity of the SRS")
-)
-
-var (
-	ErrVerifyOpeningProof            = errors.New("error verifying opening proof")
-	ErrVerifyBatchOpeningSinglePoint = errors.New("error verifying batch opening proof at single point")
+	ErrInvalidNbDigests              = errors.New("number of digests is not the same as the number of polynomials")
+	ErrInvalidSize                   = errors.New("the size of the polynomials exceeds the capacity of the SRS")
+	ErrVerifyOpeningProof            = errors.New("can't verify opening proof")
+	ErrVerifyBatchOpeningSinglePoint = errors.New("can't verify batch opening proof at single point")
 )
 
 // Digest commitment of a polynomial.
@@ -74,8 +71,7 @@ func NewScheme(size int, alpha fr.Element) *Scheme {
 
 	s := &Scheme{}
 
-	d := fft.NewDomain(uint64(size), 0, false)
-	s.Domain = *d
+	s.Domain = *fft.NewDomain(uint64(size), 0, false)
 	s.SRS.G1 = make([]bls12381.G1Affine, size)
 
 	var bAlpha big.Int
@@ -229,7 +225,7 @@ func (s *Scheme) ReadFrom(r io.Reader) (int64, error) {
 func (s *Scheme) Commit(p polynomial.Polynomial) (Digest, error) {
 
 	if p.Degree() >= s.Domain.Cardinality {
-		return Digest{}, errUnsupportedSize
+		return Digest{}, ErrInvalidSize
 	}
 
 	var res bls12381.G1Affine
@@ -336,7 +332,7 @@ func (s *Scheme) BatchOpenSinglePoint(point *fr.Element, digests []Digest, polyn
 
 	nbDigests := len(digests)
 	if nbDigests != len(polynomials) {
-		return BatchProofsSinglePoint{}, errNbDigestsNeqNbPolynomials
+		return BatchProofsSinglePoint{}, ErrInvalidNbDigests
 	}
 
 	var res BatchProofsSinglePoint
@@ -401,7 +397,7 @@ func (s *Scheme) BatchVerifySinglePoint(digests []Digest, batchOpeningProof *Bat
 
 	// check consistancy between numbers of claims vs number of digests
 	if len(digests) != len(batchOpeningProof.ClaimedValues) {
-		return errNbDigestsNeqNbPolynomials
+		return ErrInvalidNbDigests
 	}
 
 	// derive the challenge gamma, binded to the point and the commitments
diff --git a/ecc/bls24-315/fr/polynomial/kzg/kzg.go b/ecc/bls24-315/fr/polynomial/kzg/kzg.go
index b3f78998d..26a38f953 100644
--- a/ecc/bls24-315/fr/polynomial/kzg/kzg.go
+++ b/ecc/bls24-315/fr/polynomial/kzg/kzg.go
@@ -25,18 +25,15 @@ import (
 	"github.com/consensys/gnark-crypto/ecc/bls24-315/fr"
 	"github.com/consensys/gnark-crypto/ecc/bls24-315/fr/fft"
 	"github.com/consensys/gnark-crypto/ecc/bls24-315/fr/polynomial"
-	fiatshamir "github.com/consensys/gnark-crypto/fiat-shamir"
+	"github.com/consensys/gnark-crypto/fiat-shamir"
 	"github.com/consensys/gnark-crypto/internal/parallel"
 )
 
 var (
-	errNbDigestsNeqNbPolynomials = errors.New("number of digests is not the same as the number of polynomials")
-	errUnsupportedSize           = errors.New("the size of the polynomials exceeds the capacity of the SRS")
-)
-
-var (
-	ErrVerifyOpeningProof            = errors.New("error verifying opening proof")
-	ErrVerifyBatchOpeningSinglePoint = errors.New("error verifying batch opening proof at single point")
+	ErrInvalidNbDigests              = errors.New("number of digests is not the same as the number of polynomials")
+	ErrInvalidSize                   = errors.New("the size of the polynomials exceeds the capacity of the SRS")
+	ErrVerifyOpeningProof            = errors.New("can't verify opening proof")
+	ErrVerifyBatchOpeningSinglePoint = errors.New("can't verify batch opening proof at single point")
 )
 
 // Digest commitment of a polynomial.
@@ -74,8 +71,7 @@ func NewScheme(size int, alpha fr.Element) *Scheme {
 
 	s := &Scheme{}
 
-	d := fft.NewDomain(uint64(size), 0, false)
-	s.Domain = *d
+	s.Domain = *fft.NewDomain(uint64(size), 0, false)
 	s.SRS.G1 = make([]bls24315.G1Affine, size)
 
 	var bAlpha big.Int
@@ -229,7 +225,7 @@ func (s *Scheme) ReadFrom(r io.Reader) (int64, error) {
 func (s *Scheme) Commit(p polynomial.Polynomial) (Digest, error) {
 
 	if p.Degree() >= s.Domain.Cardinality {
-		return Digest{}, errUnsupportedSize
+		return Digest{}, ErrInvalidSize
 	}
 
 	var res bls24315.G1Affine
@@ -336,7 +332,7 @@ func (s *Scheme) BatchOpenSinglePoint(point *fr.Element, digests []Digest, polyn
 
 	nbDigests := len(digests)
 	if nbDigests != len(polynomials) {
-		return BatchProofsSinglePoint{}, errNbDigestsNeqNbPolynomials
+		return BatchProofsSinglePoint{}, ErrInvalidNbDigests
 	}
 
 	var res BatchProofsSinglePoint
@@ -401,7 +397,7 @@ func (s *Scheme) BatchVerifySinglePoint(digests []Digest, batchOpeningProof *Bat
 
 	// check consistancy between numbers of claims vs number of digests
 	if len(digests) != len(batchOpeningProof.ClaimedValues) {
-		return errNbDigestsNeqNbPolynomials
+		return ErrInvalidNbDigests
 	}
 
 	// derive the challenge gamma, binded to the point and the commitments
diff --git a/ecc/bn254/fr/polynomial/kzg/kzg.go b/ecc/bn254/fr/polynomial/kzg/kzg.go
index ceb4c006b..e7bc39911 100644
--- a/ecc/bn254/fr/polynomial/kzg/kzg.go
+++ b/ecc/bn254/fr/polynomial/kzg/kzg.go
@@ -25,18 +25,15 @@ import (
 	"github.com/consensys/gnark-crypto/ecc/bn254/fr"
 	"github.com/consensys/gnark-crypto/ecc/bn254/fr/fft"
 	"github.com/consensys/gnark-crypto/ecc/bn254/fr/polynomial"
-	fiatshamir "github.com/consensys/gnark-crypto/fiat-shamir"
+	"github.com/consensys/gnark-crypto/fiat-shamir"
 	"github.com/consensys/gnark-crypto/internal/parallel"
 )
 
 var (
-	errNbDigestsNeqNbPolynomials = errors.New("number of digests is not the same as the number of polynomials")
-	errUnsupportedSize           = errors.New("the size of the polynomials exceeds the capacity of the SRS")
-)
-
-var (
-	ErrVerifyOpeningProof            = errors.New("error verifying opening proof")
-	ErrVerifyBatchOpeningSinglePoint = errors.New("error verifying batch opening proof at single point")
+	ErrInvalidNbDigests              = errors.New("number of digests is not the same as the number of polynomials")
+	ErrInvalidSize                   = errors.New("the size of the polynomials exceeds the capacity of the SRS")
+	ErrVerifyOpeningProof            = errors.New("can't verify opening proof")
+	ErrVerifyBatchOpeningSinglePoint = errors.New("can't verify batch opening proof at single point")
 )
 
 // Digest commitment of a polynomial.
@@ -74,8 +71,7 @@ func NewScheme(size int, alpha fr.Element) *Scheme {
 
 	s := &Scheme{}
 
-	d := fft.NewDomain(uint64(size), 0, false)
-	s.Domain = *d
+	s.Domain = *fft.NewDomain(uint64(size), 0, false)
 	s.SRS.G1 = make([]bn254.G1Affine, size)
 
 	var bAlpha big.Int
@@ -229,7 +225,7 @@ func (s *Scheme) ReadFrom(r io.Reader) (int64, error) {
 func (s *Scheme) Commit(p polynomial.Polynomial) (Digest, error) {
 
 	if p.Degree() >= s.Domain.Cardinality {
-		return Digest{}, errUnsupportedSize
+		return Digest{}, ErrInvalidSize
 	}
 
 	var res bn254.G1Affine
@@ -336,7 +332,7 @@ func (s *Scheme) BatchOpenSinglePoint(point *fr.Element, digests []Digest, polyn
 
 	nbDigests := len(digests)
 	if nbDigests != len(polynomials) {
-		return BatchProofsSinglePoint{}, errNbDigestsNeqNbPolynomials
+		return BatchProofsSinglePoint{}, ErrInvalidNbDigests
 	}
 
 	var res BatchProofsSinglePoint
@@ -401,7 +397,7 @@ func (s *Scheme) BatchVerifySinglePoint(digests []Digest, batchOpeningProof *Bat
 
 	// check consistancy between numbers of claims vs number of digests
 	if len(digests) != len(batchOpeningProof.ClaimedValues) {
-		return errNbDigestsNeqNbPolynomials
+		return ErrInvalidNbDigests
 	}
 
 	// derive the challenge gamma, binded to the point and the commitments
diff --git a/ecc/bw6-761/fr/polynomial/kzg/kzg.go b/ecc/bw6-761/fr/polynomial/kzg/kzg.go
index 6850057b7..71a779155 100644
--- a/ecc/bw6-761/fr/polynomial/kzg/kzg.go
+++ b/ecc/bw6-761/fr/polynomial/kzg/kzg.go
@@ -25,18 +25,15 @@ import (
 	"github.com/consensys/gnark-crypto/ecc/bw6-761/fr"
 	"github.com/consensys/gnark-crypto/ecc/bw6-761/fr/fft"
 	"github.com/consensys/gnark-crypto/ecc/bw6-761/fr/polynomial"
-	fiatshamir "github.com/consensys/gnark-crypto/fiat-shamir"
+	"github.com/consensys/gnark-crypto/fiat-shamir"
 	"github.com/consensys/gnark-crypto/internal/parallel"
 )
 
 var (
-	errNbDigestsNeqNbPolynomials = errors.New("number of digests is not the same as the number of polynomials")
-	errUnsupportedSize           = errors.New("the size of the polynomials exceeds the capacity of the SRS")
-)
-
-var (
-	ErrVerifyOpeningProof            = errors.New("error verifying opening proof")
-	ErrVerifyBatchOpeningSinglePoint = errors.New("error verifying batch opening proof at single point")
+	ErrInvalidNbDigests              = errors.New("number of digests is not the same as the number of polynomials")
+	ErrInvalidSize                   = errors.New("the size of the polynomials exceeds the capacity of the SRS")
+	ErrVerifyOpeningProof            = errors.New("can't verify opening proof")
+	ErrVerifyBatchOpeningSinglePoint = errors.New("can't verify batch opening proof at single point")
 )
 
 // Digest commitment of a polynomial.
@@ -74,8 +71,7 @@ func NewScheme(size int, alpha fr.Element) *Scheme {
 
 	s := &Scheme{}
 
-	d := fft.NewDomain(uint64(size), 0, false)
-	s.Domain = *d
+	s.Domain = *fft.NewDomain(uint64(size), 0, false)
 	s.SRS.G1 = make([]bw6761.G1Affine, size)
 
 	var bAlpha big.Int
@@ -229,7 +225,7 @@ func (s *Scheme) ReadFrom(r io.Reader) (int64, error) {
 func (s *Scheme) Commit(p polynomial.Polynomial) (Digest, error) {
 
 	if p.Degree() >= s.Domain.Cardinality {
-		return Digest{}, errUnsupportedSize
+		return Digest{}, ErrInvalidSize
 	}
 
 	var res bw6761.G1Affine
@@ -336,7 +332,7 @@ func (s *Scheme) BatchOpenSinglePoint(point *fr.Element, digests []Digest, polyn
 
 	nbDigests := len(digests)
 	if nbDigests != len(polynomials) {
-		return BatchProofsSinglePoint{}, errNbDigestsNeqNbPolynomials
+		return BatchProofsSinglePoint{}, ErrInvalidNbDigests
 	}
 
 	var res BatchProofsSinglePoint
@@ -401,7 +397,7 @@ func (s *Scheme) BatchVerifySinglePoint(digests []Digest, batchOpeningProof *Bat
 
 	// check consistancy between numbers of claims vs number of digests
 	if len(digests) != len(batchOpeningProof.ClaimedValues) {
-		return errNbDigestsNeqNbPolynomials
+		return ErrInvalidNbDigests
 	}
 
 	// derive the challenge gamma, binded to the point and the commitments
diff --git a/internal/generator/polynomial/template/commitment_kzg/kzg.go.tmpl b/internal/generator/polynomial/template/commitment_kzg/kzg.go.tmpl
index 1e8b42b7f..2f41d47e5 100644
--- a/internal/generator/polynomial/template/commitment_kzg/kzg.go.tmpl
+++ b/internal/generator/polynomial/template/commitment_kzg/kzg.go.tmpl
@@ -7,18 +7,15 @@ import (
 	"github.com/consensys/gnark-crypto/ecc/{{ .Name }}/fr"
 	"github.com/consensys/gnark-crypto/ecc/{{ .Name }}/fr/fft"
 	"github.com/consensys/gnark-crypto/ecc/{{ .Name }}/fr/polynomial"
-	fiatshamir "github.com/consensys/gnark-crypto/fiat-shamir"
+	"github.com/consensys/gnark-crypto/fiat-shamir"
 	"github.com/consensys/gnark-crypto/internal/parallel"
 )
 
 var (
-	errNbDigestsNeqNbPolynomials = errors.New("number of digests is not the same as the number of polynomials")
-	errUnsupportedSize           = errors.New("the size of the polynomials exceeds the capacity of the SRS")
-)
-
-var (
-	ErrVerifyOpeningProof            = errors.New("error verifying opening proof")
-	ErrVerifyBatchOpeningSinglePoint = errors.New("error verifying batch opening proof at single point")
+	ErrInvalidNbDigests 			 = errors.New("number of digests is not the same as the number of polynomials")
+	ErrInvalidSize           		 = errors.New("the size of the polynomials exceeds the capacity of the SRS")
+	ErrVerifyOpeningProof            = errors.New("can't verify opening proof")
+	ErrVerifyBatchOpeningSinglePoint = errors.New("can't verify batch opening proof at single point")
 )
 
 // Digest commitment of a polynomial.
@@ -56,8 +53,7 @@ func NewScheme(size int, alpha fr.Element) *Scheme {
 
 	s := &Scheme{}
 
-	d := fft.NewDomain(uint64(size), 0, false)
-	s.Domain = *d
+	s.Domain = *fft.NewDomain(uint64(size), 0, false)
 	s.SRS.G1 = make([]{{ .CurvePackage }}.G1Affine, size)
 
 	var bAlpha big.Int
@@ -212,7 +208,7 @@ func (s *Scheme) ReadFrom(r io.Reader) (int64, error) {
 func (s *Scheme) Commit(p polynomial.Polynomial) (Digest, error) {
 
 	if p.Degree() >= s.Domain.Cardinality {
-		return Digest{}, errUnsupportedSize
+		return Digest{}, ErrInvalidSize
 	}
 
 	var res {{ .CurvePackage }}.G1Affine
@@ -320,7 +316,7 @@ func (s *Scheme) BatchOpenSinglePoint(point *fr.Element, digests []Digest, polyn
 
 	nbDigests := len(digests)
 	if nbDigests != len(polynomials) {
-		return BatchProofsSinglePoint{}, errNbDigestsNeqNbPolynomials
+		return BatchProofsSinglePoint{}, ErrInvalidNbDigests
 	}
 
 	var res BatchProofsSinglePoint
@@ -386,7 +382,7 @@ func (s *Scheme) BatchVerifySinglePoint(digests []Digest, batchOpeningProof *Bat
 
 	// check consistancy between numbers of claims vs number of digests
 	if len(digests) != len(batchOpeningProof.ClaimedValues) {
-		return errNbDigestsNeqNbPolynomials
+		return ErrInvalidNbDigests
 	}
 
 	// derive the challenge gamma, binded to the point and the commitments

From f68746112c6f76ec90400fab977bf88b972cec0e Mon Sep 17 00:00:00 2001
From: Gautam Botrel <gautam.botrel@gmail.com>
Date: Wed, 16 Jun 2021 10:53:39 -0500
Subject: [PATCH 10/13] refactor: moved fr/polynomial/kzg to fr/kzg

---
 ecc/bls12-377/fr/{polynomial => }/kzg/doc.go  |  0
 ecc/bls12-377/fr/{polynomial => }/kzg/fuzz.go |  0
 .../fr/{polynomial => }/kzg/fuzz_test.go      |  0
 ecc/bls12-377/fr/{polynomial => }/kzg/kzg.go  | 50 +++++++++++-----
 .../fr/{polynomial => }/kzg/kzg_test.go       |  0
 ecc/bls12-377/fr/polynomial/kzg/util.go       | 59 -------------------
 ecc/bls12-381/fr/{polynomial => }/kzg/doc.go  |  0
 ecc/bls12-381/fr/{polynomial => }/kzg/fuzz.go |  0
 .../fr/{polynomial => }/kzg/fuzz_test.go      |  0
 ecc/bls12-381/fr/{polynomial => }/kzg/kzg.go  | 50 +++++++++++-----
 .../fr/{polynomial => }/kzg/kzg_test.go       |  0
 ecc/bls12-381/fr/polynomial/kzg/util.go       | 59 -------------------
 ecc/bls24-315/fr/{polynomial => }/kzg/doc.go  |  0
 ecc/bls24-315/fr/{polynomial => }/kzg/fuzz.go |  0
 .../fr/{polynomial => }/kzg/fuzz_test.go      |  0
 ecc/bls24-315/fr/{polynomial => }/kzg/kzg.go  | 50 +++++++++++-----
 .../fr/{polynomial => }/kzg/kzg_test.go       |  0
 ecc/bls24-315/fr/polynomial/kzg/util.go       | 59 -------------------
 ecc/bn254/fr/{polynomial => }/kzg/doc.go      |  0
 ecc/bn254/fr/{polynomial => }/kzg/fuzz.go     |  0
 .../fr/{polynomial => }/kzg/fuzz_test.go      |  0
 ecc/bn254/fr/{polynomial => }/kzg/kzg.go      | 50 +++++++++++-----
 ecc/bn254/fr/{polynomial => }/kzg/kzg_test.go |  0
 ecc/bn254/fr/polynomial/kzg/util.go           | 59 -------------------
 ecc/bw6-761/fr/{polynomial => }/kzg/doc.go    |  0
 ecc/bw6-761/fr/{polynomial => }/kzg/fuzz.go   |  0
 .../fr/{polynomial => }/kzg/fuzz_test.go      |  0
 ecc/bw6-761/fr/{polynomial => }/kzg/kzg.go    | 50 +++++++++++-----
 .../fr/{polynomial => }/kzg/kzg_test.go       |  0
 ecc/bw6-761/fr/polynomial/kzg/util.go         | 59 -------------------
 internal/generator/kzg/generate.go            | 23 ++++++++
 .../template}/doc.go.tmpl                     |  0
 .../template}/fuzz.go.tmpl                    |  0
 .../template}/fuzz.test.go.tmpl               |  0
 .../template}/kzg.go.tmpl                     | 52 +++++++++++-----
 .../template}/kzg.test.go.tmpl                |  0
 internal/generator/main.go                    |  4 ++
 internal/generator/polynomial/generate.go     | 21 +------
 .../template/commitment_kzg/util.go.tmpl      | 42 -------------
 39 files changed, 240 insertions(+), 447 deletions(-)
 rename ecc/bls12-377/fr/{polynomial => }/kzg/doc.go (100%)
 rename ecc/bls12-377/fr/{polynomial => }/kzg/fuzz.go (100%)
 rename ecc/bls12-377/fr/{polynomial => }/kzg/fuzz_test.go (100%)
 rename ecc/bls12-377/fr/{polynomial => }/kzg/kzg.go (93%)
 rename ecc/bls12-377/fr/{polynomial => }/kzg/kzg_test.go (100%)
 delete mode 100644 ecc/bls12-377/fr/polynomial/kzg/util.go
 rename ecc/bls12-381/fr/{polynomial => }/kzg/doc.go (100%)
 rename ecc/bls12-381/fr/{polynomial => }/kzg/fuzz.go (100%)
 rename ecc/bls12-381/fr/{polynomial => }/kzg/fuzz_test.go (100%)
 rename ecc/bls12-381/fr/{polynomial => }/kzg/kzg.go (93%)
 rename ecc/bls12-381/fr/{polynomial => }/kzg/kzg_test.go (100%)
 delete mode 100644 ecc/bls12-381/fr/polynomial/kzg/util.go
 rename ecc/bls24-315/fr/{polynomial => }/kzg/doc.go (100%)
 rename ecc/bls24-315/fr/{polynomial => }/kzg/fuzz.go (100%)
 rename ecc/bls24-315/fr/{polynomial => }/kzg/fuzz_test.go (100%)
 rename ecc/bls24-315/fr/{polynomial => }/kzg/kzg.go (93%)
 rename ecc/bls24-315/fr/{polynomial => }/kzg/kzg_test.go (100%)
 delete mode 100644 ecc/bls24-315/fr/polynomial/kzg/util.go
 rename ecc/bn254/fr/{polynomial => }/kzg/doc.go (100%)
 rename ecc/bn254/fr/{polynomial => }/kzg/fuzz.go (100%)
 rename ecc/bn254/fr/{polynomial => }/kzg/fuzz_test.go (100%)
 rename ecc/bn254/fr/{polynomial => }/kzg/kzg.go (93%)
 rename ecc/bn254/fr/{polynomial => }/kzg/kzg_test.go (100%)
 delete mode 100644 ecc/bn254/fr/polynomial/kzg/util.go
 rename ecc/bw6-761/fr/{polynomial => }/kzg/doc.go (100%)
 rename ecc/bw6-761/fr/{polynomial => }/kzg/fuzz.go (100%)
 rename ecc/bw6-761/fr/{polynomial => }/kzg/fuzz_test.go (100%)
 rename ecc/bw6-761/fr/{polynomial => }/kzg/kzg.go (93%)
 rename ecc/bw6-761/fr/{polynomial => }/kzg/kzg_test.go (100%)
 delete mode 100644 ecc/bw6-761/fr/polynomial/kzg/util.go
 create mode 100644 internal/generator/kzg/generate.go
 rename internal/generator/{polynomial/template/commitment_kzg => kzg/template}/doc.go.tmpl (100%)
 rename internal/generator/{polynomial/template/commitment_kzg => kzg/template}/fuzz.go.tmpl (100%)
 rename internal/generator/{polynomial/template/commitment_kzg => kzg/template}/fuzz.test.go.tmpl (100%)
 rename internal/generator/{polynomial/template/commitment_kzg => kzg/template}/kzg.go.tmpl (93%)
 rename internal/generator/{polynomial/template/commitment_kzg => kzg/template}/kzg.test.go.tmpl (100%)
 delete mode 100644 internal/generator/polynomial/template/commitment_kzg/util.go.tmpl

diff --git a/ecc/bls12-377/fr/polynomial/kzg/doc.go b/ecc/bls12-377/fr/kzg/doc.go
similarity index 100%
rename from ecc/bls12-377/fr/polynomial/kzg/doc.go
rename to ecc/bls12-377/fr/kzg/doc.go
diff --git a/ecc/bls12-377/fr/polynomial/kzg/fuzz.go b/ecc/bls12-377/fr/kzg/fuzz.go
similarity index 100%
rename from ecc/bls12-377/fr/polynomial/kzg/fuzz.go
rename to ecc/bls12-377/fr/kzg/fuzz.go
diff --git a/ecc/bls12-377/fr/polynomial/kzg/fuzz_test.go b/ecc/bls12-377/fr/kzg/fuzz_test.go
similarity index 100%
rename from ecc/bls12-377/fr/polynomial/kzg/fuzz_test.go
rename to ecc/bls12-377/fr/kzg/fuzz_test.go
diff --git a/ecc/bls12-377/fr/polynomial/kzg/kzg.go b/ecc/bls12-377/fr/kzg/kzg.go
similarity index 93%
rename from ecc/bls12-377/fr/polynomial/kzg/kzg.go
rename to ecc/bls12-377/fr/kzg/kzg.go
index 2ad592456..4617217d2 100644
--- a/ecc/bls12-377/fr/polynomial/kzg/kzg.go
+++ b/ecc/bls12-377/fr/kzg/kzg.go
@@ -20,6 +20,7 @@ import (
 	"errors"
 	"io"
 	"math/big"
+	"math/bits"
 
 	"github.com/consensys/gnark-crypto/ecc/bls12-377"
 	"github.com/consensys/gnark-crypto/ecc/bls12-377/fr"
@@ -112,11 +113,6 @@ func (p *Proof) Marshal() []byte {
 	return res[:]
 }
 
-// GetClaimedValue returns the serialized claimed value.
-func (p *Proof) GetClaimedValue() []byte {
-	return p.ClaimedValue.Marshal()
-}
-
 type BatchProofsSinglePoint struct {
 	// Point at which the polynomials are evaluated
 	Point fr.Element
@@ -150,16 +146,6 @@ func (p *BatchProofsSinglePoint) Marshal() []byte {
 	return res
 }
 
-// GetClaimedValues returns a slice of the claimed values,
-// serialized.
-func (p *BatchProofsSinglePoint) GetClaimedValues() [][]byte {
-	res := make([][]byte, len(p.ClaimedValues))
-	for i := 0; i < len(p.ClaimedValues); i++ {
-		res[i] = p.ClaimedValues[i].Marshal()
-	}
-	return res
-}
-
 // WriteTo writes binary encoding of the scheme data.
 // It writes only the SRS, the fft fomain is reconstructed
 // from it.
@@ -486,3 +472,37 @@ func (s *Scheme) BatchVerifySinglePoint(digests []Digest, batchOpeningProof *Bat
 	}
 	return nil
 }
+
+// dividePolyByXminusA computes (f-f(a))/(x-a), in canonical basis, in regular form
+func dividePolyByXminusA(d fft.Domain, f polynomial.Polynomial, fa, a fr.Element) polynomial.Polynomial {
+
+	// padd f so it has size d.Cardinality
+	_f := make([]fr.Element, d.Cardinality)
+	copy(_f, f)
+
+	// compute the quotient (f-f(a))/(x-a)
+	d.FFT(_f, fft.DIF, 0)
+
+	// bit reverse shift
+	bShift := uint64(64 - bits.TrailingZeros64(d.Cardinality))
+
+	accumulator := fr.One()
+
+	s := make([]fr.Element, len(_f))
+	for i := 0; i < len(s); i++ {
+		irev := bits.Reverse64(uint64(i)) >> bShift
+		s[irev].Sub(&accumulator, &a)
+		accumulator.Mul(&accumulator, &d.Generator)
+	}
+	s = fr.BatchInvert(s)
+
+	for i := 0; i < len(_f); i++ {
+		_f[i].Sub(&_f[i], &fa)
+		_f[i].Mul(&_f[i], &s[i])
+	}
+
+	d.FFTInverse(_f, fft.DIT, 0)
+
+	// the result is of degree deg(f)-1
+	return _f[:len(f)-1]
+}
diff --git a/ecc/bls12-377/fr/polynomial/kzg/kzg_test.go b/ecc/bls12-377/fr/kzg/kzg_test.go
similarity index 100%
rename from ecc/bls12-377/fr/polynomial/kzg/kzg_test.go
rename to ecc/bls12-377/fr/kzg/kzg_test.go
diff --git a/ecc/bls12-377/fr/polynomial/kzg/util.go b/ecc/bls12-377/fr/polynomial/kzg/util.go
deleted file mode 100644
index 6a36eda26..000000000
--- a/ecc/bls12-377/fr/polynomial/kzg/util.go
+++ /dev/null
@@ -1,59 +0,0 @@
-// Copyright 2020 ConsenSys Software Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Code generated by consensys/gnark-crypto DO NOT EDIT
-
-package kzg
-
-import (
-	"math/bits"
-
-	"github.com/consensys/gnark-crypto/ecc/bls12-377/fr"
-	"github.com/consensys/gnark-crypto/ecc/bls12-377/fr/fft"
-	bls12377_pol "github.com/consensys/gnark-crypto/ecc/bls12-377/fr/polynomial"
-)
-
-// dividePolyByXminusA computes (f-f(a))/(x-a), in canonical basis, in regular form
-func dividePolyByXminusA(d fft.Domain, f bls12377_pol.Polynomial, fa, a fr.Element) bls12377_pol.Polynomial {
-
-	// padd f so it has size d.Cardinality
-	_f := make([]fr.Element, d.Cardinality)
-	copy(_f, f)
-
-	// compute the quotient (f-f(a))/(x-a)
-	d.FFT(_f, fft.DIF, 0)
-
-	// bit reverse shift
-	bShift := uint64(64 - bits.TrailingZeros64(d.Cardinality))
-
-	accumulator := fr.One()
-
-	s := make([]fr.Element, len(_f))
-	for i := 0; i < len(s); i++ {
-		irev := bits.Reverse64(uint64(i)) >> bShift
-		s[irev].Sub(&accumulator, &a)
-		accumulator.Mul(&accumulator, &d.Generator)
-	}
-	s = fr.BatchInvert(s)
-
-	for i := 0; i < len(_f); i++ {
-		_f[i].Sub(&_f[i], &fa)
-		_f[i].Mul(&_f[i], &s[i])
-	}
-
-	d.FFTInverse(_f, fft.DIT, 0)
-
-	// the result is of degree deg(f)-1
-	return _f[:len(f)-1]
-}
diff --git a/ecc/bls12-381/fr/polynomial/kzg/doc.go b/ecc/bls12-381/fr/kzg/doc.go
similarity index 100%
rename from ecc/bls12-381/fr/polynomial/kzg/doc.go
rename to ecc/bls12-381/fr/kzg/doc.go
diff --git a/ecc/bls12-381/fr/polynomial/kzg/fuzz.go b/ecc/bls12-381/fr/kzg/fuzz.go
similarity index 100%
rename from ecc/bls12-381/fr/polynomial/kzg/fuzz.go
rename to ecc/bls12-381/fr/kzg/fuzz.go
diff --git a/ecc/bls12-381/fr/polynomial/kzg/fuzz_test.go b/ecc/bls12-381/fr/kzg/fuzz_test.go
similarity index 100%
rename from ecc/bls12-381/fr/polynomial/kzg/fuzz_test.go
rename to ecc/bls12-381/fr/kzg/fuzz_test.go
diff --git a/ecc/bls12-381/fr/polynomial/kzg/kzg.go b/ecc/bls12-381/fr/kzg/kzg.go
similarity index 93%
rename from ecc/bls12-381/fr/polynomial/kzg/kzg.go
rename to ecc/bls12-381/fr/kzg/kzg.go
index 1ebbec087..f48fa3644 100644
--- a/ecc/bls12-381/fr/polynomial/kzg/kzg.go
+++ b/ecc/bls12-381/fr/kzg/kzg.go
@@ -20,6 +20,7 @@ import (
 	"errors"
 	"io"
 	"math/big"
+	"math/bits"
 
 	"github.com/consensys/gnark-crypto/ecc/bls12-381"
 	"github.com/consensys/gnark-crypto/ecc/bls12-381/fr"
@@ -112,11 +113,6 @@ func (p *Proof) Marshal() []byte {
 	return res[:]
 }
 
-// GetClaimedValue returns the serialized claimed value.
-func (p *Proof) GetClaimedValue() []byte {
-	return p.ClaimedValue.Marshal()
-}
-
 type BatchProofsSinglePoint struct {
 	// Point at which the polynomials are evaluated
 	Point fr.Element
@@ -150,16 +146,6 @@ func (p *BatchProofsSinglePoint) Marshal() []byte {
 	return res
 }
 
-// GetClaimedValues returns a slice of the claimed values,
-// serialized.
-func (p *BatchProofsSinglePoint) GetClaimedValues() [][]byte {
-	res := make([][]byte, len(p.ClaimedValues))
-	for i := 0; i < len(p.ClaimedValues); i++ {
-		res[i] = p.ClaimedValues[i].Marshal()
-	}
-	return res
-}
-
 // WriteTo writes binary encoding of the scheme data.
 // It writes only the SRS, the fft fomain is reconstructed
 // from it.
@@ -486,3 +472,37 @@ func (s *Scheme) BatchVerifySinglePoint(digests []Digest, batchOpeningProof *Bat
 	}
 	return nil
 }
+
+// dividePolyByXminusA computes (f-f(a))/(x-a), in canonical basis, in regular form
+func dividePolyByXminusA(d fft.Domain, f polynomial.Polynomial, fa, a fr.Element) polynomial.Polynomial {
+
+	// padd f so it has size d.Cardinality
+	_f := make([]fr.Element, d.Cardinality)
+	copy(_f, f)
+
+	// compute the quotient (f-f(a))/(x-a)
+	d.FFT(_f, fft.DIF, 0)
+
+	// bit reverse shift
+	bShift := uint64(64 - bits.TrailingZeros64(d.Cardinality))
+
+	accumulator := fr.One()
+
+	s := make([]fr.Element, len(_f))
+	for i := 0; i < len(s); i++ {
+		irev := bits.Reverse64(uint64(i)) >> bShift
+		s[irev].Sub(&accumulator, &a)
+		accumulator.Mul(&accumulator, &d.Generator)
+	}
+	s = fr.BatchInvert(s)
+
+	for i := 0; i < len(_f); i++ {
+		_f[i].Sub(&_f[i], &fa)
+		_f[i].Mul(&_f[i], &s[i])
+	}
+
+	d.FFTInverse(_f, fft.DIT, 0)
+
+	// the result is of degree deg(f)-1
+	return _f[:len(f)-1]
+}
diff --git a/ecc/bls12-381/fr/polynomial/kzg/kzg_test.go b/ecc/bls12-381/fr/kzg/kzg_test.go
similarity index 100%
rename from ecc/bls12-381/fr/polynomial/kzg/kzg_test.go
rename to ecc/bls12-381/fr/kzg/kzg_test.go
diff --git a/ecc/bls12-381/fr/polynomial/kzg/util.go b/ecc/bls12-381/fr/polynomial/kzg/util.go
deleted file mode 100644
index 59708fe4f..000000000
--- a/ecc/bls12-381/fr/polynomial/kzg/util.go
+++ /dev/null
@@ -1,59 +0,0 @@
-// Copyright 2020 ConsenSys Software Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Code generated by consensys/gnark-crypto DO NOT EDIT
-
-package kzg
-
-import (
-	"math/bits"
-
-	"github.com/consensys/gnark-crypto/ecc/bls12-381/fr"
-	"github.com/consensys/gnark-crypto/ecc/bls12-381/fr/fft"
-	bls12381_pol "github.com/consensys/gnark-crypto/ecc/bls12-381/fr/polynomial"
-)
-
-// dividePolyByXminusA computes (f-f(a))/(x-a), in canonical basis, in regular form
-func dividePolyByXminusA(d fft.Domain, f bls12381_pol.Polynomial, fa, a fr.Element) bls12381_pol.Polynomial {
-
-	// padd f so it has size d.Cardinality
-	_f := make([]fr.Element, d.Cardinality)
-	copy(_f, f)
-
-	// compute the quotient (f-f(a))/(x-a)
-	d.FFT(_f, fft.DIF, 0)
-
-	// bit reverse shift
-	bShift := uint64(64 - bits.TrailingZeros64(d.Cardinality))
-
-	accumulator := fr.One()
-
-	s := make([]fr.Element, len(_f))
-	for i := 0; i < len(s); i++ {
-		irev := bits.Reverse64(uint64(i)) >> bShift
-		s[irev].Sub(&accumulator, &a)
-		accumulator.Mul(&accumulator, &d.Generator)
-	}
-	s = fr.BatchInvert(s)
-
-	for i := 0; i < len(_f); i++ {
-		_f[i].Sub(&_f[i], &fa)
-		_f[i].Mul(&_f[i], &s[i])
-	}
-
-	d.FFTInverse(_f, fft.DIT, 0)
-
-	// the result is of degree deg(f)-1
-	return _f[:len(f)-1]
-}
diff --git a/ecc/bls24-315/fr/polynomial/kzg/doc.go b/ecc/bls24-315/fr/kzg/doc.go
similarity index 100%
rename from ecc/bls24-315/fr/polynomial/kzg/doc.go
rename to ecc/bls24-315/fr/kzg/doc.go
diff --git a/ecc/bls24-315/fr/polynomial/kzg/fuzz.go b/ecc/bls24-315/fr/kzg/fuzz.go
similarity index 100%
rename from ecc/bls24-315/fr/polynomial/kzg/fuzz.go
rename to ecc/bls24-315/fr/kzg/fuzz.go
diff --git a/ecc/bls24-315/fr/polynomial/kzg/fuzz_test.go b/ecc/bls24-315/fr/kzg/fuzz_test.go
similarity index 100%
rename from ecc/bls24-315/fr/polynomial/kzg/fuzz_test.go
rename to ecc/bls24-315/fr/kzg/fuzz_test.go
diff --git a/ecc/bls24-315/fr/polynomial/kzg/kzg.go b/ecc/bls24-315/fr/kzg/kzg.go
similarity index 93%
rename from ecc/bls24-315/fr/polynomial/kzg/kzg.go
rename to ecc/bls24-315/fr/kzg/kzg.go
index 26a38f953..54947bf5e 100644
--- a/ecc/bls24-315/fr/polynomial/kzg/kzg.go
+++ b/ecc/bls24-315/fr/kzg/kzg.go
@@ -20,6 +20,7 @@ import (
 	"errors"
 	"io"
 	"math/big"
+	"math/bits"
 
 	"github.com/consensys/gnark-crypto/ecc/bls24-315"
 	"github.com/consensys/gnark-crypto/ecc/bls24-315/fr"
@@ -112,11 +113,6 @@ func (p *Proof) Marshal() []byte {
 	return res[:]
 }
 
-// GetClaimedValue returns the serialized claimed value.
-func (p *Proof) GetClaimedValue() []byte {
-	return p.ClaimedValue.Marshal()
-}
-
 type BatchProofsSinglePoint struct {
 	// Point at which the polynomials are evaluated
 	Point fr.Element
@@ -150,16 +146,6 @@ func (p *BatchProofsSinglePoint) Marshal() []byte {
 	return res
 }
 
-// GetClaimedValues returns a slice of the claimed values,
-// serialized.
-func (p *BatchProofsSinglePoint) GetClaimedValues() [][]byte {
-	res := make([][]byte, len(p.ClaimedValues))
-	for i := 0; i < len(p.ClaimedValues); i++ {
-		res[i] = p.ClaimedValues[i].Marshal()
-	}
-	return res
-}
-
 // WriteTo writes binary encoding of the scheme data.
 // It writes only the SRS, the fft fomain is reconstructed
 // from it.
@@ -486,3 +472,37 @@ func (s *Scheme) BatchVerifySinglePoint(digests []Digest, batchOpeningProof *Bat
 	}
 	return nil
 }
+
+// dividePolyByXminusA computes (f-f(a))/(x-a), in canonical basis, in regular form
+func dividePolyByXminusA(d fft.Domain, f polynomial.Polynomial, fa, a fr.Element) polynomial.Polynomial {
+
+	// padd f so it has size d.Cardinality
+	_f := make([]fr.Element, d.Cardinality)
+	copy(_f, f)
+
+	// compute the quotient (f-f(a))/(x-a)
+	d.FFT(_f, fft.DIF, 0)
+
+	// bit reverse shift
+	bShift := uint64(64 - bits.TrailingZeros64(d.Cardinality))
+
+	accumulator := fr.One()
+
+	s := make([]fr.Element, len(_f))
+	for i := 0; i < len(s); i++ {
+		irev := bits.Reverse64(uint64(i)) >> bShift
+		s[irev].Sub(&accumulator, &a)
+		accumulator.Mul(&accumulator, &d.Generator)
+	}
+	s = fr.BatchInvert(s)
+
+	for i := 0; i < len(_f); i++ {
+		_f[i].Sub(&_f[i], &fa)
+		_f[i].Mul(&_f[i], &s[i])
+	}
+
+	d.FFTInverse(_f, fft.DIT, 0)
+
+	// the result is of degree deg(f)-1
+	return _f[:len(f)-1]
+}
diff --git a/ecc/bls24-315/fr/polynomial/kzg/kzg_test.go b/ecc/bls24-315/fr/kzg/kzg_test.go
similarity index 100%
rename from ecc/bls24-315/fr/polynomial/kzg/kzg_test.go
rename to ecc/bls24-315/fr/kzg/kzg_test.go
diff --git a/ecc/bls24-315/fr/polynomial/kzg/util.go b/ecc/bls24-315/fr/polynomial/kzg/util.go
deleted file mode 100644
index aea1d2252..000000000
--- a/ecc/bls24-315/fr/polynomial/kzg/util.go
+++ /dev/null
@@ -1,59 +0,0 @@
-// Copyright 2020 ConsenSys Software Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Code generated by consensys/gnark-crypto DO NOT EDIT
-
-package kzg
-
-import (
-	"math/bits"
-
-	"github.com/consensys/gnark-crypto/ecc/bls24-315/fr"
-	"github.com/consensys/gnark-crypto/ecc/bls24-315/fr/fft"
-	bls24315_pol "github.com/consensys/gnark-crypto/ecc/bls24-315/fr/polynomial"
-)
-
-// dividePolyByXminusA computes (f-f(a))/(x-a), in canonical basis, in regular form
-func dividePolyByXminusA(d fft.Domain, f bls24315_pol.Polynomial, fa, a fr.Element) bls24315_pol.Polynomial {
-
-	// padd f so it has size d.Cardinality
-	_f := make([]fr.Element, d.Cardinality)
-	copy(_f, f)
-
-	// compute the quotient (f-f(a))/(x-a)
-	d.FFT(_f, fft.DIF, 0)
-
-	// bit reverse shift
-	bShift := uint64(64 - bits.TrailingZeros64(d.Cardinality))
-
-	accumulator := fr.One()
-
-	s := make([]fr.Element, len(_f))
-	for i := 0; i < len(s); i++ {
-		irev := bits.Reverse64(uint64(i)) >> bShift
-		s[irev].Sub(&accumulator, &a)
-		accumulator.Mul(&accumulator, &d.Generator)
-	}
-	s = fr.BatchInvert(s)
-
-	for i := 0; i < len(_f); i++ {
-		_f[i].Sub(&_f[i], &fa)
-		_f[i].Mul(&_f[i], &s[i])
-	}
-
-	d.FFTInverse(_f, fft.DIT, 0)
-
-	// the result is of degree deg(f)-1
-	return _f[:len(f)-1]
-}
diff --git a/ecc/bn254/fr/polynomial/kzg/doc.go b/ecc/bn254/fr/kzg/doc.go
similarity index 100%
rename from ecc/bn254/fr/polynomial/kzg/doc.go
rename to ecc/bn254/fr/kzg/doc.go
diff --git a/ecc/bn254/fr/polynomial/kzg/fuzz.go b/ecc/bn254/fr/kzg/fuzz.go
similarity index 100%
rename from ecc/bn254/fr/polynomial/kzg/fuzz.go
rename to ecc/bn254/fr/kzg/fuzz.go
diff --git a/ecc/bn254/fr/polynomial/kzg/fuzz_test.go b/ecc/bn254/fr/kzg/fuzz_test.go
similarity index 100%
rename from ecc/bn254/fr/polynomial/kzg/fuzz_test.go
rename to ecc/bn254/fr/kzg/fuzz_test.go
diff --git a/ecc/bn254/fr/polynomial/kzg/kzg.go b/ecc/bn254/fr/kzg/kzg.go
similarity index 93%
rename from ecc/bn254/fr/polynomial/kzg/kzg.go
rename to ecc/bn254/fr/kzg/kzg.go
index e7bc39911..e6b4d23ab 100644
--- a/ecc/bn254/fr/polynomial/kzg/kzg.go
+++ b/ecc/bn254/fr/kzg/kzg.go
@@ -20,6 +20,7 @@ import (
 	"errors"
 	"io"
 	"math/big"
+	"math/bits"
 
 	"github.com/consensys/gnark-crypto/ecc/bn254"
 	"github.com/consensys/gnark-crypto/ecc/bn254/fr"
@@ -112,11 +113,6 @@ func (p *Proof) Marshal() []byte {
 	return res[:]
 }
 
-// GetClaimedValue returns the serialized claimed value.
-func (p *Proof) GetClaimedValue() []byte {
-	return p.ClaimedValue.Marshal()
-}
-
 type BatchProofsSinglePoint struct {
 	// Point at which the polynomials are evaluated
 	Point fr.Element
@@ -150,16 +146,6 @@ func (p *BatchProofsSinglePoint) Marshal() []byte {
 	return res
 }
 
-// GetClaimedValues returns a slice of the claimed values,
-// serialized.
-func (p *BatchProofsSinglePoint) GetClaimedValues() [][]byte {
-	res := make([][]byte, len(p.ClaimedValues))
-	for i := 0; i < len(p.ClaimedValues); i++ {
-		res[i] = p.ClaimedValues[i].Marshal()
-	}
-	return res
-}
-
 // WriteTo writes binary encoding of the scheme data.
 // It writes only the SRS, the fft fomain is reconstructed
 // from it.
@@ -486,3 +472,37 @@ func (s *Scheme) BatchVerifySinglePoint(digests []Digest, batchOpeningProof *Bat
 	}
 	return nil
 }
+
+// dividePolyByXminusA computes (f-f(a))/(x-a), in canonical basis, in regular form
+func dividePolyByXminusA(d fft.Domain, f polynomial.Polynomial, fa, a fr.Element) polynomial.Polynomial {
+
+	// padd f so it has size d.Cardinality
+	_f := make([]fr.Element, d.Cardinality)
+	copy(_f, f)
+
+	// compute the quotient (f-f(a))/(x-a)
+	d.FFT(_f, fft.DIF, 0)
+
+	// bit reverse shift
+	bShift := uint64(64 - bits.TrailingZeros64(d.Cardinality))
+
+	accumulator := fr.One()
+
+	s := make([]fr.Element, len(_f))
+	for i := 0; i < len(s); i++ {
+		irev := bits.Reverse64(uint64(i)) >> bShift
+		s[irev].Sub(&accumulator, &a)
+		accumulator.Mul(&accumulator, &d.Generator)
+	}
+	s = fr.BatchInvert(s)
+
+	for i := 0; i < len(_f); i++ {
+		_f[i].Sub(&_f[i], &fa)
+		_f[i].Mul(&_f[i], &s[i])
+	}
+
+	d.FFTInverse(_f, fft.DIT, 0)
+
+	// the result is of degree deg(f)-1
+	return _f[:len(f)-1]
+}
diff --git a/ecc/bn254/fr/polynomial/kzg/kzg_test.go b/ecc/bn254/fr/kzg/kzg_test.go
similarity index 100%
rename from ecc/bn254/fr/polynomial/kzg/kzg_test.go
rename to ecc/bn254/fr/kzg/kzg_test.go
diff --git a/ecc/bn254/fr/polynomial/kzg/util.go b/ecc/bn254/fr/polynomial/kzg/util.go
deleted file mode 100644
index 12d474237..000000000
--- a/ecc/bn254/fr/polynomial/kzg/util.go
+++ /dev/null
@@ -1,59 +0,0 @@
-// Copyright 2020 ConsenSys Software Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Code generated by consensys/gnark-crypto DO NOT EDIT
-
-package kzg
-
-import (
-	"math/bits"
-
-	"github.com/consensys/gnark-crypto/ecc/bn254/fr"
-	"github.com/consensys/gnark-crypto/ecc/bn254/fr/fft"
-	bn254_pol "github.com/consensys/gnark-crypto/ecc/bn254/fr/polynomial"
-)
-
-// dividePolyByXminusA computes (f-f(a))/(x-a), in canonical basis, in regular form
-func dividePolyByXminusA(d fft.Domain, f bn254_pol.Polynomial, fa, a fr.Element) bn254_pol.Polynomial {
-
-	// padd f so it has size d.Cardinality
-	_f := make([]fr.Element, d.Cardinality)
-	copy(_f, f)
-
-	// compute the quotient (f-f(a))/(x-a)
-	d.FFT(_f, fft.DIF, 0)
-
-	// bit reverse shift
-	bShift := uint64(64 - bits.TrailingZeros64(d.Cardinality))
-
-	accumulator := fr.One()
-
-	s := make([]fr.Element, len(_f))
-	for i := 0; i < len(s); i++ {
-		irev := bits.Reverse64(uint64(i)) >> bShift
-		s[irev].Sub(&accumulator, &a)
-		accumulator.Mul(&accumulator, &d.Generator)
-	}
-	s = fr.BatchInvert(s)
-
-	for i := 0; i < len(_f); i++ {
-		_f[i].Sub(&_f[i], &fa)
-		_f[i].Mul(&_f[i], &s[i])
-	}
-
-	d.FFTInverse(_f, fft.DIT, 0)
-
-	// the result is of degree deg(f)-1
-	return _f[:len(f)-1]
-}
diff --git a/ecc/bw6-761/fr/polynomial/kzg/doc.go b/ecc/bw6-761/fr/kzg/doc.go
similarity index 100%
rename from ecc/bw6-761/fr/polynomial/kzg/doc.go
rename to ecc/bw6-761/fr/kzg/doc.go
diff --git a/ecc/bw6-761/fr/polynomial/kzg/fuzz.go b/ecc/bw6-761/fr/kzg/fuzz.go
similarity index 100%
rename from ecc/bw6-761/fr/polynomial/kzg/fuzz.go
rename to ecc/bw6-761/fr/kzg/fuzz.go
diff --git a/ecc/bw6-761/fr/polynomial/kzg/fuzz_test.go b/ecc/bw6-761/fr/kzg/fuzz_test.go
similarity index 100%
rename from ecc/bw6-761/fr/polynomial/kzg/fuzz_test.go
rename to ecc/bw6-761/fr/kzg/fuzz_test.go
diff --git a/ecc/bw6-761/fr/polynomial/kzg/kzg.go b/ecc/bw6-761/fr/kzg/kzg.go
similarity index 93%
rename from ecc/bw6-761/fr/polynomial/kzg/kzg.go
rename to ecc/bw6-761/fr/kzg/kzg.go
index 71a779155..5bcf0d9c5 100644
--- a/ecc/bw6-761/fr/polynomial/kzg/kzg.go
+++ b/ecc/bw6-761/fr/kzg/kzg.go
@@ -20,6 +20,7 @@ import (
 	"errors"
 	"io"
 	"math/big"
+	"math/bits"
 
 	"github.com/consensys/gnark-crypto/ecc/bw6-761"
 	"github.com/consensys/gnark-crypto/ecc/bw6-761/fr"
@@ -112,11 +113,6 @@ func (p *Proof) Marshal() []byte {
 	return res[:]
 }
 
-// GetClaimedValue returns the serialized claimed value.
-func (p *Proof) GetClaimedValue() []byte {
-	return p.ClaimedValue.Marshal()
-}
-
 type BatchProofsSinglePoint struct {
 	// Point at which the polynomials are evaluated
 	Point fr.Element
@@ -150,16 +146,6 @@ func (p *BatchProofsSinglePoint) Marshal() []byte {
 	return res
 }
 
-// GetClaimedValues returns a slice of the claimed values,
-// serialized.
-func (p *BatchProofsSinglePoint) GetClaimedValues() [][]byte {
-	res := make([][]byte, len(p.ClaimedValues))
-	for i := 0; i < len(p.ClaimedValues); i++ {
-		res[i] = p.ClaimedValues[i].Marshal()
-	}
-	return res
-}
-
 // WriteTo writes binary encoding of the scheme data.
 // It writes only the SRS, the fft fomain is reconstructed
 // from it.
@@ -486,3 +472,37 @@ func (s *Scheme) BatchVerifySinglePoint(digests []Digest, batchOpeningProof *Bat
 	}
 	return nil
 }
+
+// dividePolyByXminusA computes (f-f(a))/(x-a), in canonical basis, in regular form
+func dividePolyByXminusA(d fft.Domain, f polynomial.Polynomial, fa, a fr.Element) polynomial.Polynomial {
+
+	// padd f so it has size d.Cardinality
+	_f := make([]fr.Element, d.Cardinality)
+	copy(_f, f)
+
+	// compute the quotient (f-f(a))/(x-a)
+	d.FFT(_f, fft.DIF, 0)
+
+	// bit reverse shift
+	bShift := uint64(64 - bits.TrailingZeros64(d.Cardinality))
+
+	accumulator := fr.One()
+
+	s := make([]fr.Element, len(_f))
+	for i := 0; i < len(s); i++ {
+		irev := bits.Reverse64(uint64(i)) >> bShift
+		s[irev].Sub(&accumulator, &a)
+		accumulator.Mul(&accumulator, &d.Generator)
+	}
+	s = fr.BatchInvert(s)
+
+	for i := 0; i < len(_f); i++ {
+		_f[i].Sub(&_f[i], &fa)
+		_f[i].Mul(&_f[i], &s[i])
+	}
+
+	d.FFTInverse(_f, fft.DIT, 0)
+
+	// the result is of degree deg(f)-1
+	return _f[:len(f)-1]
+}
diff --git a/ecc/bw6-761/fr/polynomial/kzg/kzg_test.go b/ecc/bw6-761/fr/kzg/kzg_test.go
similarity index 100%
rename from ecc/bw6-761/fr/polynomial/kzg/kzg_test.go
rename to ecc/bw6-761/fr/kzg/kzg_test.go
diff --git a/ecc/bw6-761/fr/polynomial/kzg/util.go b/ecc/bw6-761/fr/polynomial/kzg/util.go
deleted file mode 100644
index d9c678272..000000000
--- a/ecc/bw6-761/fr/polynomial/kzg/util.go
+++ /dev/null
@@ -1,59 +0,0 @@
-// Copyright 2020 ConsenSys Software Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Code generated by consensys/gnark-crypto DO NOT EDIT
-
-package kzg
-
-import (
-	"math/bits"
-
-	"github.com/consensys/gnark-crypto/ecc/bw6-761/fr"
-	"github.com/consensys/gnark-crypto/ecc/bw6-761/fr/fft"
-	bw6761_pol "github.com/consensys/gnark-crypto/ecc/bw6-761/fr/polynomial"
-)
-
-// dividePolyByXminusA computes (f-f(a))/(x-a), in canonical basis, in regular form
-func dividePolyByXminusA(d fft.Domain, f bw6761_pol.Polynomial, fa, a fr.Element) bw6761_pol.Polynomial {
-
-	// padd f so it has size d.Cardinality
-	_f := make([]fr.Element, d.Cardinality)
-	copy(_f, f)
-
-	// compute the quotient (f-f(a))/(x-a)
-	d.FFT(_f, fft.DIF, 0)
-
-	// bit reverse shift
-	bShift := uint64(64 - bits.TrailingZeros64(d.Cardinality))
-
-	accumulator := fr.One()
-
-	s := make([]fr.Element, len(_f))
-	for i := 0; i < len(s); i++ {
-		irev := bits.Reverse64(uint64(i)) >> bShift
-		s[irev].Sub(&accumulator, &a)
-		accumulator.Mul(&accumulator, &d.Generator)
-	}
-	s = fr.BatchInvert(s)
-
-	for i := 0; i < len(_f); i++ {
-		_f[i].Sub(&_f[i], &fa)
-		_f[i].Mul(&_f[i], &s[i])
-	}
-
-	d.FFTInverse(_f, fft.DIT, 0)
-
-	// the result is of degree deg(f)-1
-	return _f[:len(f)-1]
-}
diff --git a/internal/generator/kzg/generate.go b/internal/generator/kzg/generate.go
new file mode 100644
index 000000000..8f8ed4201
--- /dev/null
+++ b/internal/generator/kzg/generate.go
@@ -0,0 +1,23 @@
+package kzg
+
+import (
+	"path/filepath"
+
+	"github.com/consensys/bavard"
+	"github.com/consensys/gnark-crypto/internal/generator/config"
+)
+
+func Generate(conf config.Curve, baseDir string, bgen *bavard.BatchGenerator) error {
+
+	// kzg commitment scheme
+	conf.Package = "kzg"
+	entries := []bavard.Entry{
+		{File: filepath.Join(baseDir, "doc.go"), Templates: []string{"doc.go.tmpl"}},
+		{File: filepath.Join(baseDir, "kzg.go"), Templates: []string{"kzg.go.tmpl"}},
+		{File: filepath.Join(baseDir, "kzg_test.go"), Templates: []string{"kzg.test.go.tmpl"}},
+		{File: filepath.Join(baseDir, "fuzz.go"), Templates: []string{"fuzz.go.tmpl"}, BuildTag: "gofuzz"},
+		{File: filepath.Join(baseDir, "fuzz_test.go"), Templates: []string{"fuzz.test.go.tmpl"}, BuildTag: "gofuzz"},
+	}
+	return bgen.Generate(conf, conf.Package, "./kzg/template/", entries...)
+
+}
diff --git a/internal/generator/polynomial/template/commitment_kzg/doc.go.tmpl b/internal/generator/kzg/template/doc.go.tmpl
similarity index 100%
rename from internal/generator/polynomial/template/commitment_kzg/doc.go.tmpl
rename to internal/generator/kzg/template/doc.go.tmpl
diff --git a/internal/generator/polynomial/template/commitment_kzg/fuzz.go.tmpl b/internal/generator/kzg/template/fuzz.go.tmpl
similarity index 100%
rename from internal/generator/polynomial/template/commitment_kzg/fuzz.go.tmpl
rename to internal/generator/kzg/template/fuzz.go.tmpl
diff --git a/internal/generator/polynomial/template/commitment_kzg/fuzz.test.go.tmpl b/internal/generator/kzg/template/fuzz.test.go.tmpl
similarity index 100%
rename from internal/generator/polynomial/template/commitment_kzg/fuzz.test.go.tmpl
rename to internal/generator/kzg/template/fuzz.test.go.tmpl
diff --git a/internal/generator/polynomial/template/commitment_kzg/kzg.go.tmpl b/internal/generator/kzg/template/kzg.go.tmpl
similarity index 93%
rename from internal/generator/polynomial/template/commitment_kzg/kzg.go.tmpl
rename to internal/generator/kzg/template/kzg.go.tmpl
index 2f41d47e5..2190df7b7 100644
--- a/internal/generator/polynomial/template/commitment_kzg/kzg.go.tmpl
+++ b/internal/generator/kzg/template/kzg.go.tmpl
@@ -2,6 +2,7 @@ import (
 	"errors"
 	"io"
 	"math/big"
+	"math/bits"
 
 	"github.com/consensys/gnark-crypto/ecc/{{ .Name }}"
 	"github.com/consensys/gnark-crypto/ecc/{{ .Name }}/fr"
@@ -95,11 +96,6 @@ func (p *Proof) Marshal() []byte {
 	return res[:]
 }
 
-// GetClaimedValue returns the serialized claimed value.
-func (p *Proof) GetClaimedValue() []byte {
-	return p.ClaimedValue.Marshal()
-}
-
 type BatchProofsSinglePoint struct {
 	// Point at which the polynomials are evaluated
 	Point fr.Element
@@ -133,16 +129,6 @@ func (p *BatchProofsSinglePoint) Marshal() []byte {
 	return res
 }
 
-// GetClaimedValues returns a slice of the claimed values,
-// serialized.
-func (p *BatchProofsSinglePoint) GetClaimedValues() [][]byte {
-	res := make([][]byte, len(p.ClaimedValues))
-	for i := 0; i < len(p.ClaimedValues); i++ {
-		res[i] = p.ClaimedValues[i].Marshal()
-	}
-	return res
-}
-
 // WriteTo writes binary encoding of the scheme data.
 // It writes only the SRS, the fft fomain is reconstructed
 // from it.
@@ -471,3 +457,39 @@ func (s *Scheme) BatchVerifySinglePoint(digests []Digest, batchOpeningProof *Bat
 	}
 	return nil
 }
+
+
+// dividePolyByXminusA computes (f-f(a))/(x-a), in canonical basis, in regular form
+func dividePolyByXminusA(d fft.Domain, f polynomial.Polynomial, fa, a fr.Element) polynomial.Polynomial {
+
+	// padd f so it has size d.Cardinality
+	_f := make([]fr.Element, d.Cardinality)
+	copy(_f, f)
+
+	// compute the quotient (f-f(a))/(x-a)
+	d.FFT(_f, fft.DIF, 0)
+
+
+	// bit reverse shift
+	bShift := uint64(64 - bits.TrailingZeros64(d.Cardinality))
+
+	accumulator := fr.One()
+
+	s := make([]fr.Element, len(_f))
+	for i := 0; i < len(s); i++ {
+		irev := bits.Reverse64(uint64(i)) >> bShift
+		s[irev].Sub(&accumulator, &a)
+		accumulator.Mul(&accumulator, &d.Generator)
+	}
+	s = fr.BatchInvert(s)
+
+	for i := 0; i < len(_f); i++ {
+		_f[i].Sub(&_f[i], &fa)
+		_f[i].Mul(&_f[i], &s[i])
+	}
+
+	d.FFTInverse(_f, fft.DIT, 0)
+
+	// the result is of degree deg(f)-1
+	return _f[:len(f)-1]
+}
diff --git a/internal/generator/polynomial/template/commitment_kzg/kzg.test.go.tmpl b/internal/generator/kzg/template/kzg.test.go.tmpl
similarity index 100%
rename from internal/generator/polynomial/template/commitment_kzg/kzg.test.go.tmpl
rename to internal/generator/kzg/template/kzg.test.go.tmpl
diff --git a/internal/generator/main.go b/internal/generator/main.go
index 4211a4036..2ddb5a776 100644
--- a/internal/generator/main.go
+++ b/internal/generator/main.go
@@ -16,6 +16,7 @@ import (
 	"github.com/consensys/gnark-crypto/internal/generator/ecc"
 	"github.com/consensys/gnark-crypto/internal/generator/edwards"
 	"github.com/consensys/gnark-crypto/internal/generator/fft"
+	"github.com/consensys/gnark-crypto/internal/generator/kzg"
 	"github.com/consensys/gnark-crypto/internal/generator/pairing"
 	"github.com/consensys/gnark-crypto/internal/generator/polynomial"
 	"github.com/consensys/gnark-crypto/internal/generator/tower"
@@ -56,6 +57,9 @@ func main() {
 			// generate polynomial on fr
 			assertNoError(polynomial.Generate(conf, filepath.Join(curveDir, "fr", "polynomial"), bgen))
 
+			// generate kzg on fr
+			assertNoError(kzg.Generate(conf, filepath.Join(curveDir, "fr", "kzg"), bgen))
+
 			// generate mimc on fr
 			assertNoError(mimc.Generate(conf, filepath.Join(curveDir, "fr", "mimc"), bgen))
 
diff --git a/internal/generator/polynomial/generate.go b/internal/generator/polynomial/generate.go
index ef1c65113..685742b6d 100644
--- a/internal/generator/polynomial/generate.go
+++ b/internal/generator/polynomial/generate.go
@@ -15,24 +15,5 @@ func Generate(conf config.Curve, baseDir string, bgen *bavard.BatchGenerator) er
 		{File: filepath.Join(baseDir, "polynomial.go"), Templates: []string{"polynomial.go.tmpl"}},
 		{File: filepath.Join(baseDir, "polynomial_test.go"), Templates: []string{"polynomial.test.go.tmpl"}},
 	}
-	if err := bgen.Generate(conf, conf.Package, "./polynomial/template/", entries...); err != nil {
-		return err
-	}
-
-	// kzg commitment scheme
-	conf.Package = "kzg"
-	entries = []bavard.Entry{
-		{File: filepath.Join(baseDir, "kzg", "doc.go"), Templates: []string{"commitment_kzg/doc.go.tmpl"}},
-		{File: filepath.Join(baseDir, "kzg", "kzg.go"), Templates: []string{"commitment_kzg/kzg.go.tmpl"}},
-		{File: filepath.Join(baseDir, "kzg", "kzg_test.go"), Templates: []string{"commitment_kzg/kzg.test.go.tmpl"}},
-		{File: filepath.Join(baseDir, "kzg", "util.go"), Templates: []string{"commitment_kzg/util.go.tmpl"}},
-		{File: filepath.Join(baseDir, "kzg", "fuzz.go"), Templates: []string{"commitment_kzg/fuzz.go.tmpl"}, BuildTag: "gofuzz"},
-		{File: filepath.Join(baseDir, "kzg", "fuzz_test.go"), Templates: []string{"commitment_kzg/fuzz.test.go.tmpl"}, BuildTag: "gofuzz"},
-	}
-	if err := bgen.Generate(conf, conf.Package, "./polynomial/template/", entries...); err != nil {
-		return err
-	}
-
-	return nil
-
+	return bgen.Generate(conf, conf.Package, "./polynomial/template/", entries...)
 }
diff --git a/internal/generator/polynomial/template/commitment_kzg/util.go.tmpl b/internal/generator/polynomial/template/commitment_kzg/util.go.tmpl
deleted file mode 100644
index 6f0ac3118..000000000
--- a/internal/generator/polynomial/template/commitment_kzg/util.go.tmpl
+++ /dev/null
@@ -1,42 +0,0 @@
-import (
-	"math/bits"
-
-	"github.com/consensys/gnark-crypto/ecc/{{ .Name }}/fr"
-	"github.com/consensys/gnark-crypto/ecc/{{ .Name }}/fr/fft"
-	{{ .CurvePackage }}_pol "github.com/consensys/gnark-crypto/ecc/{{ .Name }}/fr/polynomial"
-)
-
-// dividePolyByXminusA computes (f-f(a))/(x-a), in canonical basis, in regular form
-func dividePolyByXminusA(d fft.Domain, f {{ .CurvePackage }}_pol.Polynomial, fa, a fr.Element) {{ .CurvePackage }}_pol.Polynomial {
-
-	// padd f so it has size d.Cardinality
-	_f := make([]fr.Element, d.Cardinality)
-	copy(_f, f)
-
-	// compute the quotient (f-f(a))/(x-a)
-	d.FFT(_f, fft.DIF, 0)
-
-
-	// bit reverse shift
-	bShift := uint64(64 - bits.TrailingZeros64(d.Cardinality))
-
-	accumulator := fr.One()
-
-	s := make([]fr.Element, len(_f))
-	for i := 0; i < len(s); i++ {
-		irev := bits.Reverse64(uint64(i)) >> bShift
-		s[irev].Sub(&accumulator, &a)
-		accumulator.Mul(&accumulator, &d.Generator)
-	}
-	s = fr.BatchInvert(s)
-
-	for i := 0; i < len(_f); i++ {
-		_f[i].Sub(&_f[i], &fa)
-		_f[i].Mul(&_f[i], &s[i])
-	}
-
-	d.FFTInverse(_f, fft.DIT, 0)
-
-	// the result is of degree deg(f)-1
-	return _f[:len(f)-1]
-}

From bc0a29af63e94db1f94b4ff25a5903bdcc41750c Mon Sep 17 00:00:00 2001
From: Gautam Botrel <gautam.botrel@gmail.com>
Date: Wed, 16 Jun 2021 11:19:03 -0500
Subject: [PATCH 11/13] build: fix gofuzz target for kzg

---
 ecc/bls12-377/fr/kzg/fuzz.go                 | 19 ++++++++-----------
 ecc/bls12-381/fr/kzg/fuzz.go                 | 19 ++++++++-----------
 ecc/bls24-315/fr/kzg/fuzz.go                 | 19 ++++++++-----------
 ecc/bn254/fr/kzg/fuzz.go                     | 19 ++++++++-----------
 ecc/bw6-761/fr/kzg/fuzz.go                   | 19 ++++++++-----------
 internal/generator/kzg/template/fuzz.go.tmpl | 19 ++++++++-----------
 6 files changed, 48 insertions(+), 66 deletions(-)

diff --git a/ecc/bls12-377/fr/kzg/fuzz.go b/ecc/bls12-377/fr/kzg/fuzz.go
index 0b33dd550..8a3eb2715 100644
--- a/ecc/bls12-377/fr/kzg/fuzz.go
+++ b/ecc/bls12-377/fr/kzg/fuzz.go
@@ -21,8 +21,7 @@ package kzg
 import (
 	"bytes"
 	"github.com/consensys/gnark-crypto/ecc/bls12-377/fr"
-	bls12377_pol "github.com/consensys/gnark-crypto/ecc/bls12-377/fr/polynomial"
-	"github.com/consensys/gnark-crypto/polynomial"
+	"github.com/consensys/gnark-crypto/ecc/bls12-377/fr/polynomial"
 )
 
 const (
@@ -48,15 +47,14 @@ func Fuzz(data []byte) int {
 	// create polynomials
 	f := make([]polynomial.Polynomial, size/2)
 	for i := 0; i < len(f); i++ {
-		_f := make(bls12377_pol.Polynomial, size)
-		for j := 0; j < len(_f); j++ {
-			_f[j].SetRawBytes(r)
+		f[i] = make(polynomial.Polynomial, size)
+		for j := 0; j < len(f[i]); j++ {
+			f[i][j].SetRawBytes(r)
 		}
-		f[i] = &_f
 	}
 
 	// commit the polynomials
-	digests := make([]polynomial.Digest, size/2)
+	digests := make([]Digest, size/2)
 	for i := 0; i < len(digests); i++ {
 		digests[i], _ = s.Commit(f[i])
 
@@ -68,16 +66,15 @@ func Fuzz(data []byte) int {
 	}
 
 	// verify the claimed values
-	_proof := proof.(*BatchProofsSinglePoint)
 	for i := 0; i < len(f); i++ {
-		expectedClaim := f[i].Eval(point).(fr.Element)
-		if !expectedClaim.Equal(&_proof.ClaimedValues[i]) {
+		expectedClaim := f[i].Eval(&point)
+		if !expectedClaim.Equal(&proof.ClaimedValues[i]) {
 			panic("inconsistant claimed values")
 		}
 	}
 
 	// verify correct proof
-	err = s.BatchVerifySinglePoint(digests, proof)
+	err = s.BatchVerifySinglePoint(digests, &proof)
 	if err != nil {
 		panic(err)
 	}
diff --git a/ecc/bls12-381/fr/kzg/fuzz.go b/ecc/bls12-381/fr/kzg/fuzz.go
index 8e241b5ca..d90a93722 100644
--- a/ecc/bls12-381/fr/kzg/fuzz.go
+++ b/ecc/bls12-381/fr/kzg/fuzz.go
@@ -21,8 +21,7 @@ package kzg
 import (
 	"bytes"
 	"github.com/consensys/gnark-crypto/ecc/bls12-381/fr"
-	bls12381_pol "github.com/consensys/gnark-crypto/ecc/bls12-381/fr/polynomial"
-	"github.com/consensys/gnark-crypto/polynomial"
+	"github.com/consensys/gnark-crypto/ecc/bls12-381/fr/polynomial"
 )
 
 const (
@@ -48,15 +47,14 @@ func Fuzz(data []byte) int {
 	// create polynomials
 	f := make([]polynomial.Polynomial, size/2)
 	for i := 0; i < len(f); i++ {
-		_f := make(bls12381_pol.Polynomial, size)
-		for j := 0; j < len(_f); j++ {
-			_f[j].SetRawBytes(r)
+		f[i] = make(polynomial.Polynomial, size)
+		for j := 0; j < len(f[i]); j++ {
+			f[i][j].SetRawBytes(r)
 		}
-		f[i] = &_f
 	}
 
 	// commit the polynomials
-	digests := make([]polynomial.Digest, size/2)
+	digests := make([]Digest, size/2)
 	for i := 0; i < len(digests); i++ {
 		digests[i], _ = s.Commit(f[i])
 
@@ -68,16 +66,15 @@ func Fuzz(data []byte) int {
 	}
 
 	// verify the claimed values
-	_proof := proof.(*BatchProofsSinglePoint)
 	for i := 0; i < len(f); i++ {
-		expectedClaim := f[i].Eval(point).(fr.Element)
-		if !expectedClaim.Equal(&_proof.ClaimedValues[i]) {
+		expectedClaim := f[i].Eval(&point)
+		if !expectedClaim.Equal(&proof.ClaimedValues[i]) {
 			panic("inconsistant claimed values")
 		}
 	}
 
 	// verify correct proof
-	err = s.BatchVerifySinglePoint(digests, proof)
+	err = s.BatchVerifySinglePoint(digests, &proof)
 	if err != nil {
 		panic(err)
 	}
diff --git a/ecc/bls24-315/fr/kzg/fuzz.go b/ecc/bls24-315/fr/kzg/fuzz.go
index 1019559d9..0be56a765 100644
--- a/ecc/bls24-315/fr/kzg/fuzz.go
+++ b/ecc/bls24-315/fr/kzg/fuzz.go
@@ -21,8 +21,7 @@ package kzg
 import (
 	"bytes"
 	"github.com/consensys/gnark-crypto/ecc/bls24-315/fr"
-	bls24315_pol "github.com/consensys/gnark-crypto/ecc/bls24-315/fr/polynomial"
-	"github.com/consensys/gnark-crypto/polynomial"
+	"github.com/consensys/gnark-crypto/ecc/bls24-315/fr/polynomial"
 )
 
 const (
@@ -48,15 +47,14 @@ func Fuzz(data []byte) int {
 	// create polynomials
 	f := make([]polynomial.Polynomial, size/2)
 	for i := 0; i < len(f); i++ {
-		_f := make(bls24315_pol.Polynomial, size)
-		for j := 0; j < len(_f); j++ {
-			_f[j].SetRawBytes(r)
+		f[i] = make(polynomial.Polynomial, size)
+		for j := 0; j < len(f[i]); j++ {
+			f[i][j].SetRawBytes(r)
 		}
-		f[i] = &_f
 	}
 
 	// commit the polynomials
-	digests := make([]polynomial.Digest, size/2)
+	digests := make([]Digest, size/2)
 	for i := 0; i < len(digests); i++ {
 		digests[i], _ = s.Commit(f[i])
 
@@ -68,16 +66,15 @@ func Fuzz(data []byte) int {
 	}
 
 	// verify the claimed values
-	_proof := proof.(*BatchProofsSinglePoint)
 	for i := 0; i < len(f); i++ {
-		expectedClaim := f[i].Eval(point).(fr.Element)
-		if !expectedClaim.Equal(&_proof.ClaimedValues[i]) {
+		expectedClaim := f[i].Eval(&point)
+		if !expectedClaim.Equal(&proof.ClaimedValues[i]) {
 			panic("inconsistant claimed values")
 		}
 	}
 
 	// verify correct proof
-	err = s.BatchVerifySinglePoint(digests, proof)
+	err = s.BatchVerifySinglePoint(digests, &proof)
 	if err != nil {
 		panic(err)
 	}
diff --git a/ecc/bn254/fr/kzg/fuzz.go b/ecc/bn254/fr/kzg/fuzz.go
index f8a86dae0..62803e3be 100644
--- a/ecc/bn254/fr/kzg/fuzz.go
+++ b/ecc/bn254/fr/kzg/fuzz.go
@@ -21,8 +21,7 @@ package kzg
 import (
 	"bytes"
 	"github.com/consensys/gnark-crypto/ecc/bn254/fr"
-	bn254_pol "github.com/consensys/gnark-crypto/ecc/bn254/fr/polynomial"
-	"github.com/consensys/gnark-crypto/polynomial"
+	"github.com/consensys/gnark-crypto/ecc/bn254/fr/polynomial"
 )
 
 const (
@@ -48,15 +47,14 @@ func Fuzz(data []byte) int {
 	// create polynomials
 	f := make([]polynomial.Polynomial, size/2)
 	for i := 0; i < len(f); i++ {
-		_f := make(bn254_pol.Polynomial, size)
-		for j := 0; j < len(_f); j++ {
-			_f[j].SetRawBytes(r)
+		f[i] = make(polynomial.Polynomial, size)
+		for j := 0; j < len(f[i]); j++ {
+			f[i][j].SetRawBytes(r)
 		}
-		f[i] = &_f
 	}
 
 	// commit the polynomials
-	digests := make([]polynomial.Digest, size/2)
+	digests := make([]Digest, size/2)
 	for i := 0; i < len(digests); i++ {
 		digests[i], _ = s.Commit(f[i])
 
@@ -68,16 +66,15 @@ func Fuzz(data []byte) int {
 	}
 
 	// verify the claimed values
-	_proof := proof.(*BatchProofsSinglePoint)
 	for i := 0; i < len(f); i++ {
-		expectedClaim := f[i].Eval(point).(fr.Element)
-		if !expectedClaim.Equal(&_proof.ClaimedValues[i]) {
+		expectedClaim := f[i].Eval(&point)
+		if !expectedClaim.Equal(&proof.ClaimedValues[i]) {
 			panic("inconsistant claimed values")
 		}
 	}
 
 	// verify correct proof
-	err = s.BatchVerifySinglePoint(digests, proof)
+	err = s.BatchVerifySinglePoint(digests, &proof)
 	if err != nil {
 		panic(err)
 	}
diff --git a/ecc/bw6-761/fr/kzg/fuzz.go b/ecc/bw6-761/fr/kzg/fuzz.go
index cbca850c7..31effd3d2 100644
--- a/ecc/bw6-761/fr/kzg/fuzz.go
+++ b/ecc/bw6-761/fr/kzg/fuzz.go
@@ -21,8 +21,7 @@ package kzg
 import (
 	"bytes"
 	"github.com/consensys/gnark-crypto/ecc/bw6-761/fr"
-	bw6761_pol "github.com/consensys/gnark-crypto/ecc/bw6-761/fr/polynomial"
-	"github.com/consensys/gnark-crypto/polynomial"
+	"github.com/consensys/gnark-crypto/ecc/bw6-761/fr/polynomial"
 )
 
 const (
@@ -48,15 +47,14 @@ func Fuzz(data []byte) int {
 	// create polynomials
 	f := make([]polynomial.Polynomial, size/2)
 	for i := 0; i < len(f); i++ {
-		_f := make(bw6761_pol.Polynomial, size)
-		for j := 0; j < len(_f); j++ {
-			_f[j].SetRawBytes(r)
+		f[i] = make(polynomial.Polynomial, size)
+		for j := 0; j < len(f[i]); j++ {
+			f[i][j].SetRawBytes(r)
 		}
-		f[i] = &_f
 	}
 
 	// commit the polynomials
-	digests := make([]polynomial.Digest, size/2)
+	digests := make([]Digest, size/2)
 	for i := 0; i < len(digests); i++ {
 		digests[i], _ = s.Commit(f[i])
 
@@ -68,16 +66,15 @@ func Fuzz(data []byte) int {
 	}
 
 	// verify the claimed values
-	_proof := proof.(*BatchProofsSinglePoint)
 	for i := 0; i < len(f); i++ {
-		expectedClaim := f[i].Eval(point).(fr.Element)
-		if !expectedClaim.Equal(&_proof.ClaimedValues[i]) {
+		expectedClaim := f[i].Eval(&point)
+		if !expectedClaim.Equal(&proof.ClaimedValues[i]) {
 			panic("inconsistant claimed values")
 		}
 	}
 
 	// verify correct proof
-	err = s.BatchVerifySinglePoint(digests, proof)
+	err = s.BatchVerifySinglePoint(digests, &proof)
 	if err != nil {
 		panic(err)
 	}
diff --git a/internal/generator/kzg/template/fuzz.go.tmpl b/internal/generator/kzg/template/fuzz.go.tmpl
index cddad7b64..9ee81d02f 100644
--- a/internal/generator/kzg/template/fuzz.go.tmpl
+++ b/internal/generator/kzg/template/fuzz.go.tmpl
@@ -1,8 +1,7 @@
 import (
 	"bytes"
     "github.com/consensys/gnark-crypto/ecc/{{ .Name }}/fr"
-    {{ .CurvePackage }}_pol "github.com/consensys/gnark-crypto/ecc/{{ .Name }}/fr/polynomial"
-    "github.com/consensys/gnark-crypto/polynomial"
+    "github.com/consensys/gnark-crypto/ecc/{{ .Name }}/fr/polynomial"
 )
 
 const (
@@ -28,15 +27,14 @@ func Fuzz(data []byte) int {
 	// create polynomials
 	f := make([]polynomial.Polynomial, size /2 )
 	for i := 0; i < len(f); i++ {
-        _f := make({{ .CurvePackage }}_pol.Polynomial, size)
-        for j:=0;j<len(_f);j++ {
-            _f[j].SetRawBytes(r)
+        f[i] = make(polynomial.Polynomial, size)
+        for j:=0;j<len(f[i]);j++ {
+            f[i][j].SetRawBytes(r)
         }
-        f[i] = &_f
 	}
 
     // commit the polynomials
-	digests := make([]polynomial.Digest, size /2)
+	digests := make([]Digest, size /2)
 	for i := 0; i < len(digests); i++ {
 		digests[i], _ = s.Commit(f[i])
 
@@ -48,16 +46,15 @@ func Fuzz(data []byte) int {
 	}
 
     // verify the claimed values
-	_proof := proof.(*BatchProofsSinglePoint)
 	for i := 0; i < len(f); i++ {
-		expectedClaim := f[i].Eval(point).(fr.Element)
-		if !expectedClaim.Equal(&_proof.ClaimedValues[i]) {
+		expectedClaim := f[i].Eval(&point)
+		if !expectedClaim.Equal(&proof.ClaimedValues[i]) {
             panic("inconsistant claimed values")
 		}
 	}
 
 	// verify correct proof
-	err = s.BatchVerifySinglePoint(digests, proof)
+	err = s.BatchVerifySinglePoint(digests, &proof)
 	if err != nil {
 		panic(err)
 	}

From 0d59dca865fb4236d9b0eba8a5ae52e4b589f237 Mon Sep 17 00:00:00 2001
From: Gautam Botrel <gautam.botrel@gmail.com>
Date: Wed, 16 Jun 2021 11:48:46 -0500
Subject: [PATCH 12/13] feat: kzg.SRS is a separate struct

---
 ecc/bls12-377/fr/kzg/kzg.go                   | 111 ++++++++----------
 ecc/bls12-377/fr/kzg/kzg_test.go              |  22 +++-
 ecc/bls12-381/fr/kzg/kzg.go                   | 111 ++++++++----------
 ecc/bls12-381/fr/kzg/kzg_test.go              |  22 +++-
 ecc/bls24-315/fr/kzg/kzg.go                   | 111 ++++++++----------
 ecc/bls24-315/fr/kzg/kzg_test.go              |  22 +++-
 ecc/bn254/fr/kzg/kzg.go                       | 111 ++++++++----------
 ecc/bn254/fr/kzg/kzg_test.go                  |  22 +++-
 ecc/bw6-761/fr/kzg/kzg.go                     | 111 ++++++++----------
 ecc/bw6-761/fr/kzg/kzg_test.go                |  22 +++-
 internal/generator/kzg/template/kzg.go.tmpl   | 111 ++++++++----------
 .../generator/kzg/template/kzg.test.go.tmpl   |  22 +++-
 12 files changed, 372 insertions(+), 426 deletions(-)

diff --git a/ecc/bls12-377/fr/kzg/kzg.go b/ecc/bls12-377/fr/kzg/kzg.go
index 4617217d2..04601339a 100644
--- a/ecc/bls12-377/fr/kzg/kzg.go
+++ b/ecc/bls12-377/fr/kzg/kzg.go
@@ -42,46 +42,34 @@ type Digest = bls12377.G1Affine
 
 // Scheme stores KZG data
 type Scheme struct {
-
 	// Domain to perform polynomial division. The size of the domain is the lowest power of 2 greater than Size.
-	Domain fft.Domain
+	Domain *fft.Domain
 
 	// SRS stores the result of the MPC
-	SRS struct {
-		G1 []bls12377.G1Affine  // [gen [alpha]gen , [alpha**2]gen, ... ]
-		G2 [2]bls12377.G2Affine // [gen, [alpha]gen ]
-	}
+	SRS *SRS
 }
 
-// Proof KZG proof for opening at a single point.
-type Proof struct {
-
-	// Point at which the polynomial is evaluated
-	Point fr.Element
-
-	// ClaimedValue purported value
-	ClaimedValue fr.Element
-
-	// H quotient polynomial (f - f(z))/(x-z)
-	H bls12377.G1Affine
+// SRS stores the result of the MPC
+// len(SRS.G1) can be larger than domain size
+type SRS struct {
+	G1 []bls12377.G1Affine  // [gen [alpha]gen , [alpha**2]gen, ... ]
+	G2 [2]bls12377.G2Affine // [gen, [alpha]gen ]
 }
 
-// NewScheme returns a new KZG scheme.
-// This should be used for testing purpose only.
-func NewScheme(size int, alpha fr.Element) *Scheme {
-
-	s := &Scheme{}
-
-	s.Domain = *fft.NewDomain(uint64(size), 0, false)
-	s.SRS.G1 = make([]bls12377.G1Affine, size)
+// NewSRS returns a new SRS using alpha as randomness source
+//
+// In production, a SRS generated through MPC should be used.
+func NewSRS(size int, alpha fr.Element) *SRS {
+	var srs SRS
+	srs.G1 = make([]bls12377.G1Affine, size)
 
 	var bAlpha big.Int
 	alpha.ToBigIntRegular(&bAlpha)
 
 	_, _, gen1Aff, gen2Aff := bls12377.Generators()
-	s.SRS.G1[0] = gen1Aff
-	s.SRS.G2[0] = gen2Aff
-	s.SRS.G2[1].ScalarMultiplication(&gen2Aff, &bAlpha)
+	srs.G1[0] = gen1Aff
+	srs.G2[0] = gen2Aff
+	srs.G2[1].ScalarMultiplication(&gen2Aff, &bAlpha)
 
 	alphas := make([]fr.Element, size-1)
 	alphas[0] = alpha
@@ -92,9 +80,22 @@ func NewScheme(size int, alpha fr.Element) *Scheme {
 		alphas[i].FromMont()
 	}
 	g1s := bls12377.BatchScalarMultiplicationG1(&gen1Aff, alphas)
-	copy(s.SRS.G1[1:], g1s)
+	copy(srs.G1[1:], g1s)
+
+	return &srs
+}
+
+// Proof KZG proof for opening at a single point.
+type Proof struct {
+
+	// Point at which the polynomial is evaluated
+	Point fr.Element
 
-	return s
+	// ClaimedValue purported value
+	ClaimedValue fr.Element
+
+	// H quotient polynomial (f - f(z))/(x-z)
+	H bls12377.G1Affine
 }
 
 // Marshal serializes a proof as H||point||claimed_value.
@@ -146,64 +147,44 @@ func (p *BatchProofsSinglePoint) Marshal() []byte {
 	return res
 }
 
-// WriteTo writes binary encoding of the scheme data.
-// It writes only the SRS, the fft fomain is reconstructed
-// from it.
-func (s *Scheme) WriteTo(w io.Writer) (int64, error) {
-
-	// encode the fft
-	n, err := s.Domain.WriteTo(w)
-	if err != nil {
-		return n, err
-	}
-
+// WriteTo writes binary encoding of the SRS
+func (srs *SRS) WriteTo(w io.Writer) (int64, error) {
 	// encode the SRS
 	enc := bls12377.NewEncoder(w)
 
 	toEncode := []interface{}{
-		&s.SRS.G2[0],
-		&s.SRS.G2[1],
-		s.SRS.G1,
+		&srs.G2[0],
+		&srs.G2[1],
+		srs.G1,
 	}
 
 	for _, v := range toEncode {
 		if err := enc.Encode(v); err != nil {
-			return n + enc.BytesWritten(), err
+			return enc.BytesWritten(), err
 		}
 	}
 
-	return n + enc.BytesWritten(), nil
+	return enc.BytesWritten(), nil
 }
 
-// ReadFrom decodes KZG data from reader.
-// The kzg data should have been encoded using WriteTo.
-// Only the points from the SRS are actually encoded in the
-// reader, the fft domain is reconstructed from it.
-func (s *Scheme) ReadFrom(r io.Reader) (int64, error) {
-
-	// decode the fft
-	n, err := s.Domain.ReadFrom(r)
-	if err != nil {
-		return n, err
-	}
-
+// ReadFrom decodes SRS data from reader.
+func (srs *SRS) ReadFrom(r io.Reader) (int64, error) {
 	// decode the SRS
 	dec := bls12377.NewDecoder(r)
 
 	toDecode := []interface{}{
-		&s.SRS.G2[0],
-		&s.SRS.G2[1],
-		&s.SRS.G1,
+		&srs.G2[0],
+		&srs.G2[1],
+		&srs.G1,
 	}
 
 	for _, v := range toDecode {
 		if err := dec.Decode(v); err != nil {
-			return n + dec.BytesRead(), err
+			return dec.BytesRead(), err
 		}
 	}
 
-	return n + dec.BytesRead(), nil
-
+	return dec.BytesRead(), nil
 }
 
 // Commit commits to a polynomial using a multi exponentiation with the SRS.
@@ -474,7 +455,7 @@ func (s *Scheme) BatchVerifySinglePoint(digests []Digest, batchOpeningProof *Bat
 }
 
 // dividePolyByXminusA computes (f-f(a))/(x-a), in canonical basis, in regular form
-func dividePolyByXminusA(d fft.Domain, f polynomial.Polynomial, fa, a fr.Element) polynomial.Polynomial {
+func dividePolyByXminusA(d *fft.Domain, f polynomial.Polynomial, fa, a fr.Element) polynomial.Polynomial {
 
 	// padd f so it has size d.Cardinality
 	_f := make([]fr.Element, d.Cardinality)
diff --git a/ecc/bls12-377/fr/kzg/kzg_test.go b/ecc/bls12-377/fr/kzg/kzg_test.go
index 4537198c8..0865f80fa 100644
--- a/ecc/bls12-377/fr/kzg/kzg_test.go
+++ b/ecc/bls12-377/fr/kzg/kzg_test.go
@@ -35,6 +35,16 @@ func init() {
 	_alphaSetup.SetString("1234")
 }
 
+// NewScheme returns a new KZG scheme.
+// This should be used for testing purpose only
+// it creates a new FFT domain and a new SRS without randomness
+func NewScheme(size int, alpha fr.Element) *Scheme {
+	return &Scheme{
+		SRS:    NewSRS(size, alpha),
+		Domain: fft.NewDomain(uint64(size), 0, false),
+	}
+}
+
 func randomPolynomial(size int) polynomial.Polynomial {
 	f := make(polynomial.Polynomial, size)
 	for i := 0; i < size; i++ {
@@ -61,7 +71,7 @@ func TestDividePolyByXminusA(t *testing.T) {
 	evaluation := pol.Eval(&point)
 
 	// compute f-f(a)/x-a
-	h := dividePolyByXminusA(*domain, pol, evaluation, point)
+	h := dividePolyByXminusA(domain, pol, evaluation, point)
 
 	if len(h) != 229 {
 		t.Fatal("inconsistant size of quotient")
@@ -88,24 +98,24 @@ func TestDividePolyByXminusA(t *testing.T) {
 func TestSerialization(t *testing.T) {
 
 	// create a KZG scheme
-	s := NewScheme(64, _alphaSetup)
+	srs := NewSRS(64, _alphaSetup)
 
 	// serialize it...
 	var buf bytes.Buffer
-	_, err := s.WriteTo(&buf)
+	_, err := srs.WriteTo(&buf)
 	if err != nil {
 		t.Fatal(err)
 	}
 
 	// reconstruct the scheme
-	var _s Scheme
-	_, err = _s.ReadFrom(&buf)
+	var _srs SRS
+	_, err = _srs.ReadFrom(&buf)
 	if err != nil {
 		t.Fatal(err)
 	}
 
 	// compare
-	if !reflect.DeepEqual(s, &_s) {
+	if !reflect.DeepEqual(srs, &_srs) {
 		t.Fatal("scheme serialization failed")
 	}
 
diff --git a/ecc/bls12-381/fr/kzg/kzg.go b/ecc/bls12-381/fr/kzg/kzg.go
index f48fa3644..e96fd59f2 100644
--- a/ecc/bls12-381/fr/kzg/kzg.go
+++ b/ecc/bls12-381/fr/kzg/kzg.go
@@ -42,46 +42,34 @@ type Digest = bls12381.G1Affine
 
 // Scheme stores KZG data
 type Scheme struct {
-
 	// Domain to perform polynomial division. The size of the domain is the lowest power of 2 greater than Size.
-	Domain fft.Domain
+	Domain *fft.Domain
 
 	// SRS stores the result of the MPC
-	SRS struct {
-		G1 []bls12381.G1Affine  // [gen [alpha]gen , [alpha**2]gen, ... ]
-		G2 [2]bls12381.G2Affine // [gen, [alpha]gen ]
-	}
+	SRS *SRS
 }
 
-// Proof KZG proof for opening at a single point.
-type Proof struct {
-
-	// Point at which the polynomial is evaluated
-	Point fr.Element
-
-	// ClaimedValue purported value
-	ClaimedValue fr.Element
-
-	// H quotient polynomial (f - f(z))/(x-z)
-	H bls12381.G1Affine
+// SRS stores the result of the MPC
+// len(SRS.G1) can be larger than domain size
+type SRS struct {
+	G1 []bls12381.G1Affine  // [gen [alpha]gen , [alpha**2]gen, ... ]
+	G2 [2]bls12381.G2Affine // [gen, [alpha]gen ]
 }
 
-// NewScheme returns a new KZG scheme.
-// This should be used for testing purpose only.
-func NewScheme(size int, alpha fr.Element) *Scheme {
-
-	s := &Scheme{}
-
-	s.Domain = *fft.NewDomain(uint64(size), 0, false)
-	s.SRS.G1 = make([]bls12381.G1Affine, size)
+// NewSRS returns a new SRS using alpha as randomness source
+//
+// In production, a SRS generated through MPC should be used.
+func NewSRS(size int, alpha fr.Element) *SRS {
+	var srs SRS
+	srs.G1 = make([]bls12381.G1Affine, size)
 
 	var bAlpha big.Int
 	alpha.ToBigIntRegular(&bAlpha)
 
 	_, _, gen1Aff, gen2Aff := bls12381.Generators()
-	s.SRS.G1[0] = gen1Aff
-	s.SRS.G2[0] = gen2Aff
-	s.SRS.G2[1].ScalarMultiplication(&gen2Aff, &bAlpha)
+	srs.G1[0] = gen1Aff
+	srs.G2[0] = gen2Aff
+	srs.G2[1].ScalarMultiplication(&gen2Aff, &bAlpha)
 
 	alphas := make([]fr.Element, size-1)
 	alphas[0] = alpha
@@ -92,9 +80,22 @@ func NewScheme(size int, alpha fr.Element) *Scheme {
 		alphas[i].FromMont()
 	}
 	g1s := bls12381.BatchScalarMultiplicationG1(&gen1Aff, alphas)
-	copy(s.SRS.G1[1:], g1s)
+	copy(srs.G1[1:], g1s)
+
+	return &srs
+}
+
+// Proof KZG proof for opening at a single point.
+type Proof struct {
+
+	// Point at which the polynomial is evaluated
+	Point fr.Element
 
-	return s
+	// ClaimedValue purported value
+	ClaimedValue fr.Element
+
+	// H quotient polynomial (f - f(z))/(x-z)
+	H bls12381.G1Affine
 }
 
 // Marshal serializes a proof as H||point||claimed_value.
@@ -146,64 +147,44 @@ func (p *BatchProofsSinglePoint) Marshal() []byte {
 	return res
 }
 
-// WriteTo writes binary encoding of the scheme data.
-// It writes only the SRS, the fft fomain is reconstructed
-// from it.
-func (s *Scheme) WriteTo(w io.Writer) (int64, error) {
-
-	// encode the fft
-	n, err := s.Domain.WriteTo(w)
-	if err != nil {
-		return n, err
-	}
-
+// WriteTo writes binary encoding of the SRS
+func (srs *SRS) WriteTo(w io.Writer) (int64, error) {
 	// encode the SRS
 	enc := bls12381.NewEncoder(w)
 
 	toEncode := []interface{}{
-		&s.SRS.G2[0],
-		&s.SRS.G2[1],
-		s.SRS.G1,
+		&srs.G2[0],
+		&srs.G2[1],
+		srs.G1,
 	}
 
 	for _, v := range toEncode {
 		if err := enc.Encode(v); err != nil {
-			return n + enc.BytesWritten(), err
+			return enc.BytesWritten(), err
 		}
 	}
 
-	return n + enc.BytesWritten(), nil
+	return enc.BytesWritten(), nil
 }
 
-// ReadFrom decodes KZG data from reader.
-// The kzg data should have been encoded using WriteTo.
-// Only the points from the SRS are actually encoded in the
-// reader, the fft domain is reconstructed from it.
-func (s *Scheme) ReadFrom(r io.Reader) (int64, error) {
-
-	// decode the fft
-	n, err := s.Domain.ReadFrom(r)
-	if err != nil {
-		return n, err
-	}
-
+// ReadFrom decodes SRS data from reader.
+func (srs *SRS) ReadFrom(r io.Reader) (int64, error) {
 	// decode the SRS
 	dec := bls12381.NewDecoder(r)
 
 	toDecode := []interface{}{
-		&s.SRS.G2[0],
-		&s.SRS.G2[1],
-		&s.SRS.G1,
+		&srs.G2[0],
+		&srs.G2[1],
+		&srs.G1,
 	}
 
 	for _, v := range toDecode {
 		if err := dec.Decode(v); err != nil {
-			return n + dec.BytesRead(), err
+			return dec.BytesRead(), err
 		}
 	}
 
-	return n + dec.BytesRead(), nil
-
+	return dec.BytesRead(), nil
 }
 
 // Commit commits to a polynomial using a multi exponentiation with the SRS.
@@ -474,7 +455,7 @@ func (s *Scheme) BatchVerifySinglePoint(digests []Digest, batchOpeningProof *Bat
 }
 
 // dividePolyByXminusA computes (f-f(a))/(x-a), in canonical basis, in regular form
-func dividePolyByXminusA(d fft.Domain, f polynomial.Polynomial, fa, a fr.Element) polynomial.Polynomial {
+func dividePolyByXminusA(d *fft.Domain, f polynomial.Polynomial, fa, a fr.Element) polynomial.Polynomial {
 
 	// padd f so it has size d.Cardinality
 	_f := make([]fr.Element, d.Cardinality)
diff --git a/ecc/bls12-381/fr/kzg/kzg_test.go b/ecc/bls12-381/fr/kzg/kzg_test.go
index 221ac2240..eb1955442 100644
--- a/ecc/bls12-381/fr/kzg/kzg_test.go
+++ b/ecc/bls12-381/fr/kzg/kzg_test.go
@@ -35,6 +35,16 @@ func init() {
 	_alphaSetup.SetString("1234")
 }
 
+// NewScheme returns a new KZG scheme.
+// This should be used for testing purpose only
+// it creates a new FFT domain and a new SRS without randomness
+func NewScheme(size int, alpha fr.Element) *Scheme {
+	return &Scheme{
+		SRS:    NewSRS(size, alpha),
+		Domain: fft.NewDomain(uint64(size), 0, false),
+	}
+}
+
 func randomPolynomial(size int) polynomial.Polynomial {
 	f := make(polynomial.Polynomial, size)
 	for i := 0; i < size; i++ {
@@ -61,7 +71,7 @@ func TestDividePolyByXminusA(t *testing.T) {
 	evaluation := pol.Eval(&point)
 
 	// compute f-f(a)/x-a
-	h := dividePolyByXminusA(*domain, pol, evaluation, point)
+	h := dividePolyByXminusA(domain, pol, evaluation, point)
 
 	if len(h) != 229 {
 		t.Fatal("inconsistant size of quotient")
@@ -88,24 +98,24 @@ func TestDividePolyByXminusA(t *testing.T) {
 func TestSerialization(t *testing.T) {
 
 	// create a KZG scheme
-	s := NewScheme(64, _alphaSetup)
+	srs := NewSRS(64, _alphaSetup)
 
 	// serialize it...
 	var buf bytes.Buffer
-	_, err := s.WriteTo(&buf)
+	_, err := srs.WriteTo(&buf)
 	if err != nil {
 		t.Fatal(err)
 	}
 
 	// reconstruct the scheme
-	var _s Scheme
-	_, err = _s.ReadFrom(&buf)
+	var _srs SRS
+	_, err = _srs.ReadFrom(&buf)
 	if err != nil {
 		t.Fatal(err)
 	}
 
 	// compare
-	if !reflect.DeepEqual(s, &_s) {
+	if !reflect.DeepEqual(srs, &_srs) {
 		t.Fatal("scheme serialization failed")
 	}
 
diff --git a/ecc/bls24-315/fr/kzg/kzg.go b/ecc/bls24-315/fr/kzg/kzg.go
index 54947bf5e..9b236c9d0 100644
--- a/ecc/bls24-315/fr/kzg/kzg.go
+++ b/ecc/bls24-315/fr/kzg/kzg.go
@@ -42,46 +42,34 @@ type Digest = bls24315.G1Affine
 
 // Scheme stores KZG data
 type Scheme struct {
-
 	// Domain to perform polynomial division. The size of the domain is the lowest power of 2 greater than Size.
-	Domain fft.Domain
+	Domain *fft.Domain
 
 	// SRS stores the result of the MPC
-	SRS struct {
-		G1 []bls24315.G1Affine  // [gen [alpha]gen , [alpha**2]gen, ... ]
-		G2 [2]bls24315.G2Affine // [gen, [alpha]gen ]
-	}
+	SRS *SRS
 }
 
-// Proof KZG proof for opening at a single point.
-type Proof struct {
-
-	// Point at which the polynomial is evaluated
-	Point fr.Element
-
-	// ClaimedValue purported value
-	ClaimedValue fr.Element
-
-	// H quotient polynomial (f - f(z))/(x-z)
-	H bls24315.G1Affine
+// SRS stores the result of the MPC
+// len(SRS.G1) can be larger than domain size
+type SRS struct {
+	G1 []bls24315.G1Affine  // [gen [alpha]gen , [alpha**2]gen, ... ]
+	G2 [2]bls24315.G2Affine // [gen, [alpha]gen ]
 }
 
-// NewScheme returns a new KZG scheme.
-// This should be used for testing purpose only.
-func NewScheme(size int, alpha fr.Element) *Scheme {
-
-	s := &Scheme{}
-
-	s.Domain = *fft.NewDomain(uint64(size), 0, false)
-	s.SRS.G1 = make([]bls24315.G1Affine, size)
+// NewSRS returns a new SRS using alpha as randomness source
+//
+// In production, a SRS generated through MPC should be used.
+func NewSRS(size int, alpha fr.Element) *SRS {
+	var srs SRS
+	srs.G1 = make([]bls24315.G1Affine, size)
 
 	var bAlpha big.Int
 	alpha.ToBigIntRegular(&bAlpha)
 
 	_, _, gen1Aff, gen2Aff := bls24315.Generators()
-	s.SRS.G1[0] = gen1Aff
-	s.SRS.G2[0] = gen2Aff
-	s.SRS.G2[1].ScalarMultiplication(&gen2Aff, &bAlpha)
+	srs.G1[0] = gen1Aff
+	srs.G2[0] = gen2Aff
+	srs.G2[1].ScalarMultiplication(&gen2Aff, &bAlpha)
 
 	alphas := make([]fr.Element, size-1)
 	alphas[0] = alpha
@@ -92,9 +80,22 @@ func NewScheme(size int, alpha fr.Element) *Scheme {
 		alphas[i].FromMont()
 	}
 	g1s := bls24315.BatchScalarMultiplicationG1(&gen1Aff, alphas)
-	copy(s.SRS.G1[1:], g1s)
+	copy(srs.G1[1:], g1s)
+
+	return &srs
+}
+
+// Proof KZG proof for opening at a single point.
+type Proof struct {
+
+	// Point at which the polynomial is evaluated
+	Point fr.Element
 
-	return s
+	// ClaimedValue purported value
+	ClaimedValue fr.Element
+
+	// H quotient polynomial (f - f(z))/(x-z)
+	H bls24315.G1Affine
 }
 
 // Marshal serializes a proof as H||point||claimed_value.
@@ -146,64 +147,44 @@ func (p *BatchProofsSinglePoint) Marshal() []byte {
 	return res
 }
 
-// WriteTo writes binary encoding of the scheme data.
-// It writes only the SRS, the fft fomain is reconstructed
-// from it.
-func (s *Scheme) WriteTo(w io.Writer) (int64, error) {
-
-	// encode the fft
-	n, err := s.Domain.WriteTo(w)
-	if err != nil {
-		return n, err
-	}
-
+// WriteTo writes binary encoding of the SRS
+func (srs *SRS) WriteTo(w io.Writer) (int64, error) {
 	// encode the SRS
 	enc := bls24315.NewEncoder(w)
 
 	toEncode := []interface{}{
-		&s.SRS.G2[0],
-		&s.SRS.G2[1],
-		s.SRS.G1,
+		&srs.G2[0],
+		&srs.G2[1],
+		srs.G1,
 	}
 
 	for _, v := range toEncode {
 		if err := enc.Encode(v); err != nil {
-			return n + enc.BytesWritten(), err
+			return enc.BytesWritten(), err
 		}
 	}
 
-	return n + enc.BytesWritten(), nil
+	return enc.BytesWritten(), nil
 }
 
-// ReadFrom decodes KZG data from reader.
-// The kzg data should have been encoded using WriteTo.
-// Only the points from the SRS are actually encoded in the
-// reader, the fft domain is reconstructed from it.
-func (s *Scheme) ReadFrom(r io.Reader) (int64, error) {
-
-	// decode the fft
-	n, err := s.Domain.ReadFrom(r)
-	if err != nil {
-		return n, err
-	}
-
+// ReadFrom decodes SRS data from reader.
+func (srs *SRS) ReadFrom(r io.Reader) (int64, error) {
 	// decode the SRS
 	dec := bls24315.NewDecoder(r)
 
 	toDecode := []interface{}{
-		&s.SRS.G2[0],
-		&s.SRS.G2[1],
-		&s.SRS.G1,
+		&srs.G2[0],
+		&srs.G2[1],
+		&srs.G1,
 	}
 
 	for _, v := range toDecode {
 		if err := dec.Decode(v); err != nil {
-			return n + dec.BytesRead(), err
+			return dec.BytesRead(), err
 		}
 	}
 
-	return n + dec.BytesRead(), nil
-
+	return dec.BytesRead(), nil
 }
 
 // Commit commits to a polynomial using a multi exponentiation with the SRS.
@@ -474,7 +455,7 @@ func (s *Scheme) BatchVerifySinglePoint(digests []Digest, batchOpeningProof *Bat
 }
 
 // dividePolyByXminusA computes (f-f(a))/(x-a), in canonical basis, in regular form
-func dividePolyByXminusA(d fft.Domain, f polynomial.Polynomial, fa, a fr.Element) polynomial.Polynomial {
+func dividePolyByXminusA(d *fft.Domain, f polynomial.Polynomial, fa, a fr.Element) polynomial.Polynomial {
 
 	// padd f so it has size d.Cardinality
 	_f := make([]fr.Element, d.Cardinality)
diff --git a/ecc/bls24-315/fr/kzg/kzg_test.go b/ecc/bls24-315/fr/kzg/kzg_test.go
index 0114cff35..68df3d9f6 100644
--- a/ecc/bls24-315/fr/kzg/kzg_test.go
+++ b/ecc/bls24-315/fr/kzg/kzg_test.go
@@ -35,6 +35,16 @@ func init() {
 	_alphaSetup.SetString("1234")
 }
 
+// NewScheme returns a new KZG scheme.
+// This should be used for testing purpose only
+// it creates a new FFT domain and a new SRS without randomness
+func NewScheme(size int, alpha fr.Element) *Scheme {
+	return &Scheme{
+		SRS:    NewSRS(size, alpha),
+		Domain: fft.NewDomain(uint64(size), 0, false),
+	}
+}
+
 func randomPolynomial(size int) polynomial.Polynomial {
 	f := make(polynomial.Polynomial, size)
 	for i := 0; i < size; i++ {
@@ -61,7 +71,7 @@ func TestDividePolyByXminusA(t *testing.T) {
 	evaluation := pol.Eval(&point)
 
 	// compute f-f(a)/x-a
-	h := dividePolyByXminusA(*domain, pol, evaluation, point)
+	h := dividePolyByXminusA(domain, pol, evaluation, point)
 
 	if len(h) != 229 {
 		t.Fatal("inconsistant size of quotient")
@@ -88,24 +98,24 @@ func TestDividePolyByXminusA(t *testing.T) {
 func TestSerialization(t *testing.T) {
 
 	// create a KZG scheme
-	s := NewScheme(64, _alphaSetup)
+	srs := NewSRS(64, _alphaSetup)
 
 	// serialize it...
 	var buf bytes.Buffer
-	_, err := s.WriteTo(&buf)
+	_, err := srs.WriteTo(&buf)
 	if err != nil {
 		t.Fatal(err)
 	}
 
 	// reconstruct the scheme
-	var _s Scheme
-	_, err = _s.ReadFrom(&buf)
+	var _srs SRS
+	_, err = _srs.ReadFrom(&buf)
 	if err != nil {
 		t.Fatal(err)
 	}
 
 	// compare
-	if !reflect.DeepEqual(s, &_s) {
+	if !reflect.DeepEqual(srs, &_srs) {
 		t.Fatal("scheme serialization failed")
 	}
 
diff --git a/ecc/bn254/fr/kzg/kzg.go b/ecc/bn254/fr/kzg/kzg.go
index e6b4d23ab..8876ed250 100644
--- a/ecc/bn254/fr/kzg/kzg.go
+++ b/ecc/bn254/fr/kzg/kzg.go
@@ -42,46 +42,34 @@ type Digest = bn254.G1Affine
 
 // Scheme stores KZG data
 type Scheme struct {
-
 	// Domain to perform polynomial division. The size of the domain is the lowest power of 2 greater than Size.
-	Domain fft.Domain
+	Domain *fft.Domain
 
 	// SRS stores the result of the MPC
-	SRS struct {
-		G1 []bn254.G1Affine  // [gen [alpha]gen , [alpha**2]gen, ... ]
-		G2 [2]bn254.G2Affine // [gen, [alpha]gen ]
-	}
+	SRS *SRS
 }
 
-// Proof KZG proof for opening at a single point.
-type Proof struct {
-
-	// Point at which the polynomial is evaluated
-	Point fr.Element
-
-	// ClaimedValue purported value
-	ClaimedValue fr.Element
-
-	// H quotient polynomial (f - f(z))/(x-z)
-	H bn254.G1Affine
+// SRS stores the result of the MPC
+// len(SRS.G1) can be larger than domain size
+type SRS struct {
+	G1 []bn254.G1Affine  // [gen [alpha]gen , [alpha**2]gen, ... ]
+	G2 [2]bn254.G2Affine // [gen, [alpha]gen ]
 }
 
-// NewScheme returns a new KZG scheme.
-// This should be used for testing purpose only.
-func NewScheme(size int, alpha fr.Element) *Scheme {
-
-	s := &Scheme{}
-
-	s.Domain = *fft.NewDomain(uint64(size), 0, false)
-	s.SRS.G1 = make([]bn254.G1Affine, size)
+// NewSRS returns a new SRS using alpha as randomness source
+//
+// In production, a SRS generated through MPC should be used.
+func NewSRS(size int, alpha fr.Element) *SRS {
+	var srs SRS
+	srs.G1 = make([]bn254.G1Affine, size)
 
 	var bAlpha big.Int
 	alpha.ToBigIntRegular(&bAlpha)
 
 	_, _, gen1Aff, gen2Aff := bn254.Generators()
-	s.SRS.G1[0] = gen1Aff
-	s.SRS.G2[0] = gen2Aff
-	s.SRS.G2[1].ScalarMultiplication(&gen2Aff, &bAlpha)
+	srs.G1[0] = gen1Aff
+	srs.G2[0] = gen2Aff
+	srs.G2[1].ScalarMultiplication(&gen2Aff, &bAlpha)
 
 	alphas := make([]fr.Element, size-1)
 	alphas[0] = alpha
@@ -92,9 +80,22 @@ func NewScheme(size int, alpha fr.Element) *Scheme {
 		alphas[i].FromMont()
 	}
 	g1s := bn254.BatchScalarMultiplicationG1(&gen1Aff, alphas)
-	copy(s.SRS.G1[1:], g1s)
+	copy(srs.G1[1:], g1s)
+
+	return &srs
+}
+
+// Proof KZG proof for opening at a single point.
+type Proof struct {
+
+	// Point at which the polynomial is evaluated
+	Point fr.Element
 
-	return s
+	// ClaimedValue purported value
+	ClaimedValue fr.Element
+
+	// H quotient polynomial (f - f(z))/(x-z)
+	H bn254.G1Affine
 }
 
 // Marshal serializes a proof as H||point||claimed_value.
@@ -146,64 +147,44 @@ func (p *BatchProofsSinglePoint) Marshal() []byte {
 	return res
 }
 
-// WriteTo writes binary encoding of the scheme data.
-// It writes only the SRS, the fft fomain is reconstructed
-// from it.
-func (s *Scheme) WriteTo(w io.Writer) (int64, error) {
-
-	// encode the fft
-	n, err := s.Domain.WriteTo(w)
-	if err != nil {
-		return n, err
-	}
-
+// WriteTo writes binary encoding of the SRS
+func (srs *SRS) WriteTo(w io.Writer) (int64, error) {
 	// encode the SRS
 	enc := bn254.NewEncoder(w)
 
 	toEncode := []interface{}{
-		&s.SRS.G2[0],
-		&s.SRS.G2[1],
-		s.SRS.G1,
+		&srs.G2[0],
+		&srs.G2[1],
+		srs.G1,
 	}
 
 	for _, v := range toEncode {
 		if err := enc.Encode(v); err != nil {
-			return n + enc.BytesWritten(), err
+			return enc.BytesWritten(), err
 		}
 	}
 
-	return n + enc.BytesWritten(), nil
+	return enc.BytesWritten(), nil
 }
 
-// ReadFrom decodes KZG data from reader.
-// The kzg data should have been encoded using WriteTo.
-// Only the points from the SRS are actually encoded in the
-// reader, the fft domain is reconstructed from it.
-func (s *Scheme) ReadFrom(r io.Reader) (int64, error) {
-
-	// decode the fft
-	n, err := s.Domain.ReadFrom(r)
-	if err != nil {
-		return n, err
-	}
-
+// ReadFrom decodes SRS data from reader.
+func (srs *SRS) ReadFrom(r io.Reader) (int64, error) {
 	// decode the SRS
 	dec := bn254.NewDecoder(r)
 
 	toDecode := []interface{}{
-		&s.SRS.G2[0],
-		&s.SRS.G2[1],
-		&s.SRS.G1,
+		&srs.G2[0],
+		&srs.G2[1],
+		&srs.G1,
 	}
 
 	for _, v := range toDecode {
 		if err := dec.Decode(v); err != nil {
-			return n + dec.BytesRead(), err
+			return dec.BytesRead(), err
 		}
 	}
 
-	return n + dec.BytesRead(), nil
-
+	return dec.BytesRead(), nil
 }
 
 // Commit commits to a polynomial using a multi exponentiation with the SRS.
@@ -474,7 +455,7 @@ func (s *Scheme) BatchVerifySinglePoint(digests []Digest, batchOpeningProof *Bat
 }
 
 // dividePolyByXminusA computes (f-f(a))/(x-a), in canonical basis, in regular form
-func dividePolyByXminusA(d fft.Domain, f polynomial.Polynomial, fa, a fr.Element) polynomial.Polynomial {
+func dividePolyByXminusA(d *fft.Domain, f polynomial.Polynomial, fa, a fr.Element) polynomial.Polynomial {
 
 	// padd f so it has size d.Cardinality
 	_f := make([]fr.Element, d.Cardinality)
diff --git a/ecc/bn254/fr/kzg/kzg_test.go b/ecc/bn254/fr/kzg/kzg_test.go
index bc8a30470..c61171b4b 100644
--- a/ecc/bn254/fr/kzg/kzg_test.go
+++ b/ecc/bn254/fr/kzg/kzg_test.go
@@ -35,6 +35,16 @@ func init() {
 	_alphaSetup.SetString("1234")
 }
 
+// NewScheme returns a new KZG scheme.
+// This should be used for testing purpose only
+// it creates a new FFT domain and a new SRS without randomness
+func NewScheme(size int, alpha fr.Element) *Scheme {
+	return &Scheme{
+		SRS:    NewSRS(size, alpha),
+		Domain: fft.NewDomain(uint64(size), 0, false),
+	}
+}
+
 func randomPolynomial(size int) polynomial.Polynomial {
 	f := make(polynomial.Polynomial, size)
 	for i := 0; i < size; i++ {
@@ -61,7 +71,7 @@ func TestDividePolyByXminusA(t *testing.T) {
 	evaluation := pol.Eval(&point)
 
 	// compute f-f(a)/x-a
-	h := dividePolyByXminusA(*domain, pol, evaluation, point)
+	h := dividePolyByXminusA(domain, pol, evaluation, point)
 
 	if len(h) != 229 {
 		t.Fatal("inconsistant size of quotient")
@@ -88,24 +98,24 @@ func TestDividePolyByXminusA(t *testing.T) {
 func TestSerialization(t *testing.T) {
 
 	// create a KZG scheme
-	s := NewScheme(64, _alphaSetup)
+	srs := NewSRS(64, _alphaSetup)
 
 	// serialize it...
 	var buf bytes.Buffer
-	_, err := s.WriteTo(&buf)
+	_, err := srs.WriteTo(&buf)
 	if err != nil {
 		t.Fatal(err)
 	}
 
 	// reconstruct the scheme
-	var _s Scheme
-	_, err = _s.ReadFrom(&buf)
+	var _srs SRS
+	_, err = _srs.ReadFrom(&buf)
 	if err != nil {
 		t.Fatal(err)
 	}
 
 	// compare
-	if !reflect.DeepEqual(s, &_s) {
+	if !reflect.DeepEqual(srs, &_srs) {
 		t.Fatal("scheme serialization failed")
 	}
 
diff --git a/ecc/bw6-761/fr/kzg/kzg.go b/ecc/bw6-761/fr/kzg/kzg.go
index 5bcf0d9c5..dadeb7ac3 100644
--- a/ecc/bw6-761/fr/kzg/kzg.go
+++ b/ecc/bw6-761/fr/kzg/kzg.go
@@ -42,46 +42,34 @@ type Digest = bw6761.G1Affine
 
 // Scheme stores KZG data
 type Scheme struct {
-
 	// Domain to perform polynomial division. The size of the domain is the lowest power of 2 greater than Size.
-	Domain fft.Domain
+	Domain *fft.Domain
 
 	// SRS stores the result of the MPC
-	SRS struct {
-		G1 []bw6761.G1Affine  // [gen [alpha]gen , [alpha**2]gen, ... ]
-		G2 [2]bw6761.G2Affine // [gen, [alpha]gen ]
-	}
+	SRS *SRS
 }
 
-// Proof KZG proof for opening at a single point.
-type Proof struct {
-
-	// Point at which the polynomial is evaluated
-	Point fr.Element
-
-	// ClaimedValue purported value
-	ClaimedValue fr.Element
-
-	// H quotient polynomial (f - f(z))/(x-z)
-	H bw6761.G1Affine
+// SRS stores the result of the MPC
+// len(SRS.G1) can be larger than domain size
+type SRS struct {
+	G1 []bw6761.G1Affine  // [gen [alpha]gen , [alpha**2]gen, ... ]
+	G2 [2]bw6761.G2Affine // [gen, [alpha]gen ]
 }
 
-// NewScheme returns a new KZG scheme.
-// This should be used for testing purpose only.
-func NewScheme(size int, alpha fr.Element) *Scheme {
-
-	s := &Scheme{}
-
-	s.Domain = *fft.NewDomain(uint64(size), 0, false)
-	s.SRS.G1 = make([]bw6761.G1Affine, size)
+// NewSRS returns a new SRS using alpha as randomness source
+//
+// In production, a SRS generated through MPC should be used.
+func NewSRS(size int, alpha fr.Element) *SRS {
+	var srs SRS
+	srs.G1 = make([]bw6761.G1Affine, size)
 
 	var bAlpha big.Int
 	alpha.ToBigIntRegular(&bAlpha)
 
 	_, _, gen1Aff, gen2Aff := bw6761.Generators()
-	s.SRS.G1[0] = gen1Aff
-	s.SRS.G2[0] = gen2Aff
-	s.SRS.G2[1].ScalarMultiplication(&gen2Aff, &bAlpha)
+	srs.G1[0] = gen1Aff
+	srs.G2[0] = gen2Aff
+	srs.G2[1].ScalarMultiplication(&gen2Aff, &bAlpha)
 
 	alphas := make([]fr.Element, size-1)
 	alphas[0] = alpha
@@ -92,9 +80,22 @@ func NewScheme(size int, alpha fr.Element) *Scheme {
 		alphas[i].FromMont()
 	}
 	g1s := bw6761.BatchScalarMultiplicationG1(&gen1Aff, alphas)
-	copy(s.SRS.G1[1:], g1s)
+	copy(srs.G1[1:], g1s)
+
+	return &srs
+}
+
+// Proof KZG proof for opening at a single point.
+type Proof struct {
+
+	// Point at which the polynomial is evaluated
+	Point fr.Element
 
-	return s
+	// ClaimedValue purported value
+	ClaimedValue fr.Element
+
+	// H quotient polynomial (f - f(z))/(x-z)
+	H bw6761.G1Affine
 }
 
 // Marshal serializes a proof as H||point||claimed_value.
@@ -146,64 +147,44 @@ func (p *BatchProofsSinglePoint) Marshal() []byte {
 	return res
 }
 
-// WriteTo writes binary encoding of the scheme data.
-// It writes only the SRS, the fft fomain is reconstructed
-// from it.
-func (s *Scheme) WriteTo(w io.Writer) (int64, error) {
-
-	// encode the fft
-	n, err := s.Domain.WriteTo(w)
-	if err != nil {
-		return n, err
-	}
-
+// WriteTo writes binary encoding of the SRS
+func (srs *SRS) WriteTo(w io.Writer) (int64, error) {
 	// encode the SRS
 	enc := bw6761.NewEncoder(w)
 
 	toEncode := []interface{}{
-		&s.SRS.G2[0],
-		&s.SRS.G2[1],
-		s.SRS.G1,
+		&srs.G2[0],
+		&srs.G2[1],
+		srs.G1,
 	}
 
 	for _, v := range toEncode {
 		if err := enc.Encode(v); err != nil {
-			return n + enc.BytesWritten(), err
+			return enc.BytesWritten(), err
 		}
 	}
 
-	return n + enc.BytesWritten(), nil
+	return enc.BytesWritten(), nil
 }
 
-// ReadFrom decodes KZG data from reader.
-// The kzg data should have been encoded using WriteTo.
-// Only the points from the SRS are actually encoded in the
-// reader, the fft domain is reconstructed from it.
-func (s *Scheme) ReadFrom(r io.Reader) (int64, error) {
-
-	// decode the fft
-	n, err := s.Domain.ReadFrom(r)
-	if err != nil {
-		return n, err
-	}
-
+// ReadFrom decodes SRS data from reader.
+func (srs *SRS) ReadFrom(r io.Reader) (int64, error) {
 	// decode the SRS
 	dec := bw6761.NewDecoder(r)
 
 	toDecode := []interface{}{
-		&s.SRS.G2[0],
-		&s.SRS.G2[1],
-		&s.SRS.G1,
+		&srs.G2[0],
+		&srs.G2[1],
+		&srs.G1,
 	}
 
 	for _, v := range toDecode {
 		if err := dec.Decode(v); err != nil {
-			return n + dec.BytesRead(), err
+			return dec.BytesRead(), err
 		}
 	}
 
-	return n + dec.BytesRead(), nil
-
+	return dec.BytesRead(), nil
 }
 
 // Commit commits to a polynomial using a multi exponentiation with the SRS.
@@ -474,7 +455,7 @@ func (s *Scheme) BatchVerifySinglePoint(digests []Digest, batchOpeningProof *Bat
 }
 
 // dividePolyByXminusA computes (f-f(a))/(x-a), in canonical basis, in regular form
-func dividePolyByXminusA(d fft.Domain, f polynomial.Polynomial, fa, a fr.Element) polynomial.Polynomial {
+func dividePolyByXminusA(d *fft.Domain, f polynomial.Polynomial, fa, a fr.Element) polynomial.Polynomial {
 
 	// padd f so it has size d.Cardinality
 	_f := make([]fr.Element, d.Cardinality)
diff --git a/ecc/bw6-761/fr/kzg/kzg_test.go b/ecc/bw6-761/fr/kzg/kzg_test.go
index 011a3ead7..0040a432f 100644
--- a/ecc/bw6-761/fr/kzg/kzg_test.go
+++ b/ecc/bw6-761/fr/kzg/kzg_test.go
@@ -35,6 +35,16 @@ func init() {
 	_alphaSetup.SetString("1234")
 }
 
+// NewScheme returns a new KZG scheme.
+// This should be used for testing purpose only
+// it creates a new FFT domain and a new SRS without randomness
+func NewScheme(size int, alpha fr.Element) *Scheme {
+	return &Scheme{
+		SRS:    NewSRS(size, alpha),
+		Domain: fft.NewDomain(uint64(size), 0, false),
+	}
+}
+
 func randomPolynomial(size int) polynomial.Polynomial {
 	f := make(polynomial.Polynomial, size)
 	for i := 0; i < size; i++ {
@@ -61,7 +71,7 @@ func TestDividePolyByXminusA(t *testing.T) {
 	evaluation := pol.Eval(&point)
 
 	// compute f-f(a)/x-a
-	h := dividePolyByXminusA(*domain, pol, evaluation, point)
+	h := dividePolyByXminusA(domain, pol, evaluation, point)
 
 	if len(h) != 229 {
 		t.Fatal("inconsistant size of quotient")
@@ -88,24 +98,24 @@ func TestDividePolyByXminusA(t *testing.T) {
 func TestSerialization(t *testing.T) {
 
 	// create a KZG scheme
-	s := NewScheme(64, _alphaSetup)
+	srs := NewSRS(64, _alphaSetup)
 
 	// serialize it...
 	var buf bytes.Buffer
-	_, err := s.WriteTo(&buf)
+	_, err := srs.WriteTo(&buf)
 	if err != nil {
 		t.Fatal(err)
 	}
 
 	// reconstruct the scheme
-	var _s Scheme
-	_, err = _s.ReadFrom(&buf)
+	var _srs SRS
+	_, err = _srs.ReadFrom(&buf)
 	if err != nil {
 		t.Fatal(err)
 	}
 
 	// compare
-	if !reflect.DeepEqual(s, &_s) {
+	if !reflect.DeepEqual(srs, &_srs) {
 		t.Fatal("scheme serialization failed")
 	}
 
diff --git a/internal/generator/kzg/template/kzg.go.tmpl b/internal/generator/kzg/template/kzg.go.tmpl
index 2190df7b7..af59c8880 100644
--- a/internal/generator/kzg/template/kzg.go.tmpl
+++ b/internal/generator/kzg/template/kzg.go.tmpl
@@ -24,46 +24,34 @@ type Digest = {{ .CurvePackage }}.G1Affine
 
 // Scheme stores KZG data
 type Scheme struct {
-
 	// Domain to perform polynomial division. The size of the domain is the lowest power of 2 greater than Size.
-	Domain fft.Domain
+	Domain *fft.Domain
 
 	// SRS stores the result of the MPC
-	SRS struct {
-		G1 []{{ .CurvePackage }}.G1Affine  // [gen [alpha]gen , [alpha**2]gen, ... ]
-		G2 [2]{{ .CurvePackage }}.G2Affine // [gen, [alpha]gen ]
-	}
+	SRS *SRS
 }
 
-// Proof KZG proof for opening at a single point.
-type Proof struct {
-
-	// Point at which the polynomial is evaluated
-	Point fr.Element
-
-	// ClaimedValue purported value
-	ClaimedValue fr.Element
-
-	// H quotient polynomial (f - f(z))/(x-z)
-	H {{ .CurvePackage }}.G1Affine
+// SRS stores the result of the MPC
+// len(SRS.G1) can be larger than domain size
+type SRS struct {
+	G1 []{{ .CurvePackage }}.G1Affine  // [gen [alpha]gen , [alpha**2]gen, ... ]
+	G2 [2]{{ .CurvePackage }}.G2Affine // [gen, [alpha]gen ]
 }
 
-// NewScheme returns a new KZG scheme.
-// This should be used for testing purpose only.
-func NewScheme(size int, alpha fr.Element) *Scheme {
-
-	s := &Scheme{}
-
-	s.Domain = *fft.NewDomain(uint64(size), 0, false)
-	s.SRS.G1 = make([]{{ .CurvePackage }}.G1Affine, size)
+// NewSRS returns a new SRS using alpha as randomness source
+//
+// In production, a SRS generated through MPC should be used.
+func NewSRS(size int, alpha fr.Element) *SRS {
+	var srs SRS
+	srs.G1 = make([]{{ .CurvePackage }}.G1Affine, size)
 
 	var bAlpha big.Int
 	alpha.ToBigIntRegular(&bAlpha)
 
 	_, _, gen1Aff, gen2Aff := {{ .CurvePackage }}.Generators()
-	s.SRS.G1[0] = gen1Aff
-	s.SRS.G2[0] = gen2Aff
-	s.SRS.G2[1].ScalarMultiplication(&gen2Aff, &bAlpha)
+	srs.G1[0] = gen1Aff
+	srs.G2[0] = gen2Aff
+	srs.G2[1].ScalarMultiplication(&gen2Aff, &bAlpha)
 
 	alphas := make([]fr.Element, size-1)
 	alphas[0] = alpha
@@ -74,9 +62,22 @@ func NewScheme(size int, alpha fr.Element) *Scheme {
 		alphas[i].FromMont()
 	}
 	g1s := {{ .CurvePackage }}.BatchScalarMultiplicationG1(&gen1Aff, alphas)
-	copy(s.SRS.G1[1:], g1s)
+	copy(srs.G1[1:], g1s)
 
-	return s
+	return &srs
+}
+
+// Proof KZG proof for opening at a single point.
+type Proof struct {
+
+	// Point at which the polynomial is evaluated
+	Point fr.Element
+
+	// ClaimedValue purported value
+	ClaimedValue fr.Element
+
+	// H quotient polynomial (f - f(z))/(x-z)
+	H {{ .CurvePackage }}.G1Affine
 }
 
 
@@ -129,64 +130,44 @@ func (p *BatchProofsSinglePoint) Marshal() []byte {
 	return res
 }
 
-// WriteTo writes binary encoding of the scheme data.
-// It writes only the SRS, the fft fomain is reconstructed
-// from it.
-func (s *Scheme) WriteTo(w io.Writer) (int64, error) {
-
-	// encode the fft
-	n, err := s.Domain.WriteTo(w)
-	if err != nil {
-		return n, err
-	}
-
+// WriteTo writes binary encoding of the SRS
+func (srs *SRS) WriteTo(w io.Writer) (int64, error) {
 	// encode the SRS
 	enc := {{ .CurvePackage }}.NewEncoder(w)
 
 	toEncode := []interface{}{
-		&s.SRS.G2[0],
-		&s.SRS.G2[1],
-		s.SRS.G1,
+		&srs.G2[0],
+		&srs.G2[1],
+		srs.G1,
 	}
 
 	for _, v := range toEncode {
 		if err := enc.Encode(v); err != nil {
-			return n + enc.BytesWritten(), err
+			return enc.BytesWritten(), err
 		}
 	}
 
-	return n + enc.BytesWritten(), nil
+	return enc.BytesWritten(), nil
 }
 
-// ReadFrom decodes KZG data from reader.
-// The kzg data should have been encoded using WriteTo.
-// Only the points from the SRS are actually encoded in the
-// reader, the fft domain is reconstructed from it.
-func (s *Scheme) ReadFrom(r io.Reader) (int64, error) {
-
-	// decode the fft
-	n, err := s.Domain.ReadFrom(r)
-	if err != nil {
-		return n, err
-	}
-
+// ReadFrom decodes SRS data from reader.
+func (srs *SRS) ReadFrom(r io.Reader) (int64, error) {
 	// decode the SRS
 	dec := {{ .CurvePackage }}.NewDecoder(r)
 
 	toDecode := []interface{}{
-		&s.SRS.G2[0],
-		&s.SRS.G2[1],
-		&s.SRS.G1,
+		&srs.G2[0],
+		&srs.G2[1],
+		&srs.G1,
 	}
 
 	for _, v := range toDecode {
 		if err := dec.Decode(v); err != nil {
-			return n + dec.BytesRead(), err
+			return  dec.BytesRead(), err
 		}
 	}
 
-	return n + dec.BytesRead(), nil
-
+	return dec.BytesRead(), nil
 }
 
 // Commit commits to a polynomial using a multi exponentiation with the SRS.
@@ -460,7 +441,7 @@ func (s *Scheme) BatchVerifySinglePoint(digests []Digest, batchOpeningProof *Bat
 
 
 // dividePolyByXminusA computes (f-f(a))/(x-a), in canonical basis, in regular form
-func dividePolyByXminusA(d fft.Domain, f polynomial.Polynomial, fa, a fr.Element) polynomial.Polynomial {
+func dividePolyByXminusA(d *fft.Domain, f polynomial.Polynomial, fa, a fr.Element) polynomial.Polynomial {
 
 	// padd f so it has size d.Cardinality
 	_f := make([]fr.Element, d.Cardinality)
diff --git a/internal/generator/kzg/template/kzg.test.go.tmpl b/internal/generator/kzg/template/kzg.test.go.tmpl
index d88d22398..cd62e64cc 100644
--- a/internal/generator/kzg/template/kzg.test.go.tmpl
+++ b/internal/generator/kzg/template/kzg.test.go.tmpl
@@ -17,6 +17,16 @@ func init() {
 	_alphaSetup.SetString("1234")
 }
 
+// NewScheme returns a new KZG scheme.
+// This should be used for testing purpose only
+// it creates a new FFT domain and a new SRS without randomness
+func NewScheme(size int, alpha fr.Element) *Scheme {
+	return &Scheme{
+		SRS: NewSRS(size, alpha),
+		Domain: fft.NewDomain(uint64(size), 0, false),
+	}
+}
+
 func randomPolynomial(size int) polynomial.Polynomial {
 	f := make(polynomial.Polynomial, size)
 	for i := 0; i < size; i++ {
@@ -43,7 +53,7 @@ func TestDividePolyByXminusA(t *testing.T) {
 	evaluation := pol.Eval(&point)
 
 	// compute f-f(a)/x-a
-	h := dividePolyByXminusA(*domain, pol, evaluation, point)
+	h := dividePolyByXminusA(domain, pol, evaluation, point)
 
 	if len(h) != 229 {
 		t.Fatal("inconsistant size of quotient")
@@ -70,24 +80,24 @@ func TestDividePolyByXminusA(t *testing.T) {
 func TestSerialization(t *testing.T) {
 
 	// create a KZG scheme
-	s := NewScheme(64, _alphaSetup)
+	srs := NewSRS(64, _alphaSetup)
 
 	// serialize it...
 	var buf bytes.Buffer
-	_, err := s.WriteTo(&buf)
+	_, err := srs.WriteTo(&buf)
 	if err != nil {
 		t.Fatal(err)
 	}
 
 	// reconstruct the scheme
-	var _s Scheme
-	_, err = _s.ReadFrom(&buf)
+	var _srs SRS
+	_, err = _srs.ReadFrom(&buf)
 	if err != nil {
 		t.Fatal(err)
 	}
 
 	// compare
-	if !reflect.DeepEqual(s, &_s) {
+	if !reflect.DeepEqual(srs, &_srs) {
 		t.Fatal("scheme serialization failed")
 	}
 

From 903a4bc1a32ddd5f9cbdac96ade3af8b23f491c8 Mon Sep 17 00:00:00 2001
From: Gautam Botrel <gautam.botrel@gmail.com>
Date: Wed, 16 Jun 2021 12:17:14 -0500
Subject: [PATCH 13/13] feat: kzg NewSRS takes alpha as big.Int

---
 ecc/bls12-377/fr/kzg/kzg.go                   |  8 ++---
 ecc/bls12-377/fr/kzg/kzg_test.go              | 31 +++++++------------
 ecc/bls12-381/fr/kzg/kzg.go                   |  8 ++---
 ecc/bls12-381/fr/kzg/kzg_test.go              | 31 +++++++------------
 ecc/bls24-315/fr/kzg/kzg.go                   |  8 ++---
 ecc/bls24-315/fr/kzg/kzg_test.go              | 31 +++++++------------
 ecc/bn254/fr/kzg/kzg.go                       |  8 ++---
 ecc/bn254/fr/kzg/kzg_test.go                  | 31 +++++++------------
 ecc/bw6-761/fr/kzg/kzg.go                     |  8 ++---
 ecc/bw6-761/fr/kzg/kzg_test.go                | 31 +++++++------------
 internal/generator/kzg/template/kzg.go.tmpl   |  8 ++---
 .../generator/kzg/template/kzg.test.go.tmpl   | 31 +++++++------------
 12 files changed, 96 insertions(+), 138 deletions(-)

diff --git a/ecc/bls12-377/fr/kzg/kzg.go b/ecc/bls12-377/fr/kzg/kzg.go
index 04601339a..4d1acdebd 100644
--- a/ecc/bls12-377/fr/kzg/kzg.go
+++ b/ecc/bls12-377/fr/kzg/kzg.go
@@ -59,17 +59,17 @@ type SRS struct {
 // NewSRS returns a new SRS using alpha as randomness source
 //
 // In production, a SRS generated through MPC should be used.
-func NewSRS(size int, alpha fr.Element) *SRS {
+func NewSRS(size int, bAlpha *big.Int) *SRS {
 	var srs SRS
 	srs.G1 = make([]bls12377.G1Affine, size)
 
-	var bAlpha big.Int
-	alpha.ToBigIntRegular(&bAlpha)
+	var alpha fr.Element
+	alpha.SetBigInt(bAlpha)
 
 	_, _, gen1Aff, gen2Aff := bls12377.Generators()
 	srs.G1[0] = gen1Aff
 	srs.G2[0] = gen2Aff
-	srs.G2[1].ScalarMultiplication(&gen2Aff, &bAlpha)
+	srs.G2[1].ScalarMultiplication(&gen2Aff, bAlpha)
 
 	alphas := make([]fr.Element, size-1)
 	alphas[0] = alpha
diff --git a/ecc/bls12-377/fr/kzg/kzg_test.go b/ecc/bls12-377/fr/kzg/kzg_test.go
index 0865f80fa..f3fd722ee 100644
--- a/ecc/bls12-377/fr/kzg/kzg_test.go
+++ b/ecc/bls12-377/fr/kzg/kzg_test.go
@@ -28,19 +28,12 @@ import (
 	"github.com/consensys/gnark-crypto/ecc/bls12-377/fr/polynomial"
 )
 
-var _alphaSetup fr.Element
-
-func init() {
-	//_alphaSetup.SetRandom()
-	_alphaSetup.SetString("1234")
-}
-
 // NewScheme returns a new KZG scheme.
 // This should be used for testing purpose only
 // it creates a new FFT domain and a new SRS without randomness
-func NewScheme(size int, alpha fr.Element) *Scheme {
+func NewScheme(size int) *Scheme {
 	return &Scheme{
-		SRS:    NewSRS(size, alpha),
+		SRS:    NewSRS(size, new(big.Int).SetInt64(42)),
 		Domain: fft.NewDomain(uint64(size), 0, false),
 	}
 }
@@ -98,7 +91,7 @@ func TestDividePolyByXminusA(t *testing.T) {
 func TestSerialization(t *testing.T) {
 
 	// create a KZG scheme
-	srs := NewSRS(64, _alphaSetup)
+	srs := NewSRS(64, new(big.Int).SetInt64(42))
 
 	// serialize it...
 	var buf bytes.Buffer
@@ -124,7 +117,7 @@ func TestSerialization(t *testing.T) {
 func TestCommit(t *testing.T) {
 
 	// create a KZG scheme
-	s := NewScheme(64, _alphaSetup)
+	s := NewScheme(64)
 
 	// create a polynomial
 	f := make(polynomial.Polynomial, 60)
@@ -142,7 +135,7 @@ func TestCommit(t *testing.T) {
 
 	// check commitment using manual commit
 	var x fr.Element
-	x.SetString("1234")
+	x.SetString("42")
 	fx := f.Eval(&x)
 	var fxbi big.Int
 	fx.ToBigIntRegular(&fxbi)
@@ -160,7 +153,7 @@ func TestCommit(t *testing.T) {
 func TestVerifySinglePoint(t *testing.T) {
 
 	// create a KZG scheme
-	s := NewScheme(64, _alphaSetup)
+	s := NewScheme(64)
 
 	// create a polynomial
 	f := randomPolynomial(60)
@@ -202,7 +195,7 @@ func TestVerifySinglePoint(t *testing.T) {
 func TestBatchVerifySinglePoint(t *testing.T) {
 
 	// create a KZG scheme
-	s := NewScheme(64, _alphaSetup)
+	s := NewScheme(64)
 
 	// create polynomials
 	f := make([]polynomial.Polynomial, 10)
@@ -252,7 +245,7 @@ const benchSize = 1 << 16
 
 func BenchmarkKZGCommit(b *testing.B) {
 	// kzg scheme
-	s := NewScheme(benchSize, _alphaSetup)
+	s := NewScheme(benchSize)
 
 	// random polynomial
 	p := randomPolynomial(benchSize / 2)
@@ -265,7 +258,7 @@ func BenchmarkKZGCommit(b *testing.B) {
 
 func BenchmarkKZGOpen(b *testing.B) {
 	// kzg scheme
-	s := NewScheme(benchSize, _alphaSetup)
+	s := NewScheme(benchSize)
 
 	// random polynomial
 	p := randomPolynomial(benchSize / 2)
@@ -280,7 +273,7 @@ func BenchmarkKZGOpen(b *testing.B) {
 
 func BenchmarkKZGVerify(b *testing.B) {
 	// kzg scheme
-	s := NewScheme(benchSize, _alphaSetup)
+	s := NewScheme(benchSize)
 
 	// random polynomial
 	p := randomPolynomial(benchSize / 2)
@@ -307,7 +300,7 @@ func BenchmarkKZGVerify(b *testing.B) {
 
 func BenchmarkKZGBatchOpen10(b *testing.B) {
 	// kzg scheme
-	s := NewScheme(benchSize, _alphaSetup)
+	s := NewScheme(benchSize)
 
 	// 10 random polynomials
 	var ps [10]polynomial.Polynomial
@@ -332,7 +325,7 @@ func BenchmarkKZGBatchOpen10(b *testing.B) {
 
 func BenchmarkKZGBatchVerify10(b *testing.B) {
 	// kzg scheme
-	s := NewScheme(benchSize, _alphaSetup)
+	s := NewScheme(benchSize)
 
 	// 10 random polynomials
 	var ps [10]polynomial.Polynomial
diff --git a/ecc/bls12-381/fr/kzg/kzg.go b/ecc/bls12-381/fr/kzg/kzg.go
index e96fd59f2..70f5e97e0 100644
--- a/ecc/bls12-381/fr/kzg/kzg.go
+++ b/ecc/bls12-381/fr/kzg/kzg.go
@@ -59,17 +59,17 @@ type SRS struct {
 // NewSRS returns a new SRS using alpha as randomness source
 //
 // In production, a SRS generated through MPC should be used.
-func NewSRS(size int, alpha fr.Element) *SRS {
+func NewSRS(size int, bAlpha *big.Int) *SRS {
 	var srs SRS
 	srs.G1 = make([]bls12381.G1Affine, size)
 
-	var bAlpha big.Int
-	alpha.ToBigIntRegular(&bAlpha)
+	var alpha fr.Element
+	alpha.SetBigInt(bAlpha)
 
 	_, _, gen1Aff, gen2Aff := bls12381.Generators()
 	srs.G1[0] = gen1Aff
 	srs.G2[0] = gen2Aff
-	srs.G2[1].ScalarMultiplication(&gen2Aff, &bAlpha)
+	srs.G2[1].ScalarMultiplication(&gen2Aff, bAlpha)
 
 	alphas := make([]fr.Element, size-1)
 	alphas[0] = alpha
diff --git a/ecc/bls12-381/fr/kzg/kzg_test.go b/ecc/bls12-381/fr/kzg/kzg_test.go
index eb1955442..780fc9a06 100644
--- a/ecc/bls12-381/fr/kzg/kzg_test.go
+++ b/ecc/bls12-381/fr/kzg/kzg_test.go
@@ -28,19 +28,12 @@ import (
 	"github.com/consensys/gnark-crypto/ecc/bls12-381/fr/polynomial"
 )
 
-var _alphaSetup fr.Element
-
-func init() {
-	//_alphaSetup.SetRandom()
-	_alphaSetup.SetString("1234")
-}
-
 // NewScheme returns a new KZG scheme.
 // This should be used for testing purpose only
 // it creates a new FFT domain and a new SRS without randomness
-func NewScheme(size int, alpha fr.Element) *Scheme {
+func NewScheme(size int) *Scheme {
 	return &Scheme{
-		SRS:    NewSRS(size, alpha),
+		SRS:    NewSRS(size, new(big.Int).SetInt64(42)),
 		Domain: fft.NewDomain(uint64(size), 0, false),
 	}
 }
@@ -98,7 +91,7 @@ func TestDividePolyByXminusA(t *testing.T) {
 func TestSerialization(t *testing.T) {
 
 	// create a KZG scheme
-	srs := NewSRS(64, _alphaSetup)
+	srs := NewSRS(64, new(big.Int).SetInt64(42))
 
 	// serialize it...
 	var buf bytes.Buffer
@@ -124,7 +117,7 @@ func TestSerialization(t *testing.T) {
 func TestCommit(t *testing.T) {
 
 	// create a KZG scheme
-	s := NewScheme(64, _alphaSetup)
+	s := NewScheme(64)
 
 	// create a polynomial
 	f := make(polynomial.Polynomial, 60)
@@ -142,7 +135,7 @@ func TestCommit(t *testing.T) {
 
 	// check commitment using manual commit
 	var x fr.Element
-	x.SetString("1234")
+	x.SetString("42")
 	fx := f.Eval(&x)
 	var fxbi big.Int
 	fx.ToBigIntRegular(&fxbi)
@@ -160,7 +153,7 @@ func TestCommit(t *testing.T) {
 func TestVerifySinglePoint(t *testing.T) {
 
 	// create a KZG scheme
-	s := NewScheme(64, _alphaSetup)
+	s := NewScheme(64)
 
 	// create a polynomial
 	f := randomPolynomial(60)
@@ -202,7 +195,7 @@ func TestVerifySinglePoint(t *testing.T) {
 func TestBatchVerifySinglePoint(t *testing.T) {
 
 	// create a KZG scheme
-	s := NewScheme(64, _alphaSetup)
+	s := NewScheme(64)
 
 	// create polynomials
 	f := make([]polynomial.Polynomial, 10)
@@ -252,7 +245,7 @@ const benchSize = 1 << 16
 
 func BenchmarkKZGCommit(b *testing.B) {
 	// kzg scheme
-	s := NewScheme(benchSize, _alphaSetup)
+	s := NewScheme(benchSize)
 
 	// random polynomial
 	p := randomPolynomial(benchSize / 2)
@@ -265,7 +258,7 @@ func BenchmarkKZGCommit(b *testing.B) {
 
 func BenchmarkKZGOpen(b *testing.B) {
 	// kzg scheme
-	s := NewScheme(benchSize, _alphaSetup)
+	s := NewScheme(benchSize)
 
 	// random polynomial
 	p := randomPolynomial(benchSize / 2)
@@ -280,7 +273,7 @@ func BenchmarkKZGOpen(b *testing.B) {
 
 func BenchmarkKZGVerify(b *testing.B) {
 	// kzg scheme
-	s := NewScheme(benchSize, _alphaSetup)
+	s := NewScheme(benchSize)
 
 	// random polynomial
 	p := randomPolynomial(benchSize / 2)
@@ -307,7 +300,7 @@ func BenchmarkKZGVerify(b *testing.B) {
 
 func BenchmarkKZGBatchOpen10(b *testing.B) {
 	// kzg scheme
-	s := NewScheme(benchSize, _alphaSetup)
+	s := NewScheme(benchSize)
 
 	// 10 random polynomials
 	var ps [10]polynomial.Polynomial
@@ -332,7 +325,7 @@ func BenchmarkKZGBatchOpen10(b *testing.B) {
 
 func BenchmarkKZGBatchVerify10(b *testing.B) {
 	// kzg scheme
-	s := NewScheme(benchSize, _alphaSetup)
+	s := NewScheme(benchSize)
 
 	// 10 random polynomials
 	var ps [10]polynomial.Polynomial
diff --git a/ecc/bls24-315/fr/kzg/kzg.go b/ecc/bls24-315/fr/kzg/kzg.go
index 9b236c9d0..c86718831 100644
--- a/ecc/bls24-315/fr/kzg/kzg.go
+++ b/ecc/bls24-315/fr/kzg/kzg.go
@@ -59,17 +59,17 @@ type SRS struct {
 // NewSRS returns a new SRS using alpha as randomness source
 //
 // In production, a SRS generated through MPC should be used.
-func NewSRS(size int, alpha fr.Element) *SRS {
+func NewSRS(size int, bAlpha *big.Int) *SRS {
 	var srs SRS
 	srs.G1 = make([]bls24315.G1Affine, size)
 
-	var bAlpha big.Int
-	alpha.ToBigIntRegular(&bAlpha)
+	var alpha fr.Element
+	alpha.SetBigInt(bAlpha)
 
 	_, _, gen1Aff, gen2Aff := bls24315.Generators()
 	srs.G1[0] = gen1Aff
 	srs.G2[0] = gen2Aff
-	srs.G2[1].ScalarMultiplication(&gen2Aff, &bAlpha)
+	srs.G2[1].ScalarMultiplication(&gen2Aff, bAlpha)
 
 	alphas := make([]fr.Element, size-1)
 	alphas[0] = alpha
diff --git a/ecc/bls24-315/fr/kzg/kzg_test.go b/ecc/bls24-315/fr/kzg/kzg_test.go
index 68df3d9f6..f9932f89a 100644
--- a/ecc/bls24-315/fr/kzg/kzg_test.go
+++ b/ecc/bls24-315/fr/kzg/kzg_test.go
@@ -28,19 +28,12 @@ import (
 	"github.com/consensys/gnark-crypto/ecc/bls24-315/fr/polynomial"
 )
 
-var _alphaSetup fr.Element
-
-func init() {
-	//_alphaSetup.SetRandom()
-	_alphaSetup.SetString("1234")
-}
-
 // NewScheme returns a new KZG scheme.
 // This should be used for testing purpose only
 // it creates a new FFT domain and a new SRS without randomness
-func NewScheme(size int, alpha fr.Element) *Scheme {
+func NewScheme(size int) *Scheme {
 	return &Scheme{
-		SRS:    NewSRS(size, alpha),
+		SRS:    NewSRS(size, new(big.Int).SetInt64(42)),
 		Domain: fft.NewDomain(uint64(size), 0, false),
 	}
 }
@@ -98,7 +91,7 @@ func TestDividePolyByXminusA(t *testing.T) {
 func TestSerialization(t *testing.T) {
 
 	// create a KZG scheme
-	srs := NewSRS(64, _alphaSetup)
+	srs := NewSRS(64, new(big.Int).SetInt64(42))
 
 	// serialize it...
 	var buf bytes.Buffer
@@ -124,7 +117,7 @@ func TestSerialization(t *testing.T) {
 func TestCommit(t *testing.T) {
 
 	// create a KZG scheme
-	s := NewScheme(64, _alphaSetup)
+	s := NewScheme(64)
 
 	// create a polynomial
 	f := make(polynomial.Polynomial, 60)
@@ -142,7 +135,7 @@ func TestCommit(t *testing.T) {
 
 	// check commitment using manual commit
 	var x fr.Element
-	x.SetString("1234")
+	x.SetString("42")
 	fx := f.Eval(&x)
 	var fxbi big.Int
 	fx.ToBigIntRegular(&fxbi)
@@ -160,7 +153,7 @@ func TestCommit(t *testing.T) {
 func TestVerifySinglePoint(t *testing.T) {
 
 	// create a KZG scheme
-	s := NewScheme(64, _alphaSetup)
+	s := NewScheme(64)
 
 	// create a polynomial
 	f := randomPolynomial(60)
@@ -202,7 +195,7 @@ func TestVerifySinglePoint(t *testing.T) {
 func TestBatchVerifySinglePoint(t *testing.T) {
 
 	// create a KZG scheme
-	s := NewScheme(64, _alphaSetup)
+	s := NewScheme(64)
 
 	// create polynomials
 	f := make([]polynomial.Polynomial, 10)
@@ -252,7 +245,7 @@ const benchSize = 1 << 16
 
 func BenchmarkKZGCommit(b *testing.B) {
 	// kzg scheme
-	s := NewScheme(benchSize, _alphaSetup)
+	s := NewScheme(benchSize)
 
 	// random polynomial
 	p := randomPolynomial(benchSize / 2)
@@ -265,7 +258,7 @@ func BenchmarkKZGCommit(b *testing.B) {
 
 func BenchmarkKZGOpen(b *testing.B) {
 	// kzg scheme
-	s := NewScheme(benchSize, _alphaSetup)
+	s := NewScheme(benchSize)
 
 	// random polynomial
 	p := randomPolynomial(benchSize / 2)
@@ -280,7 +273,7 @@ func BenchmarkKZGOpen(b *testing.B) {
 
 func BenchmarkKZGVerify(b *testing.B) {
 	// kzg scheme
-	s := NewScheme(benchSize, _alphaSetup)
+	s := NewScheme(benchSize)
 
 	// random polynomial
 	p := randomPolynomial(benchSize / 2)
@@ -307,7 +300,7 @@ func BenchmarkKZGVerify(b *testing.B) {
 
 func BenchmarkKZGBatchOpen10(b *testing.B) {
 	// kzg scheme
-	s := NewScheme(benchSize, _alphaSetup)
+	s := NewScheme(benchSize)
 
 	// 10 random polynomials
 	var ps [10]polynomial.Polynomial
@@ -332,7 +325,7 @@ func BenchmarkKZGBatchOpen10(b *testing.B) {
 
 func BenchmarkKZGBatchVerify10(b *testing.B) {
 	// kzg scheme
-	s := NewScheme(benchSize, _alphaSetup)
+	s := NewScheme(benchSize)
 
 	// 10 random polynomials
 	var ps [10]polynomial.Polynomial
diff --git a/ecc/bn254/fr/kzg/kzg.go b/ecc/bn254/fr/kzg/kzg.go
index 8876ed250..249491a1b 100644
--- a/ecc/bn254/fr/kzg/kzg.go
+++ b/ecc/bn254/fr/kzg/kzg.go
@@ -59,17 +59,17 @@ type SRS struct {
 // NewSRS returns a new SRS using alpha as randomness source
 //
 // In production, a SRS generated through MPC should be used.
-func NewSRS(size int, alpha fr.Element) *SRS {
+func NewSRS(size int, bAlpha *big.Int) *SRS {
 	var srs SRS
 	srs.G1 = make([]bn254.G1Affine, size)
 
-	var bAlpha big.Int
-	alpha.ToBigIntRegular(&bAlpha)
+	var alpha fr.Element
+	alpha.SetBigInt(bAlpha)
 
 	_, _, gen1Aff, gen2Aff := bn254.Generators()
 	srs.G1[0] = gen1Aff
 	srs.G2[0] = gen2Aff
-	srs.G2[1].ScalarMultiplication(&gen2Aff, &bAlpha)
+	srs.G2[1].ScalarMultiplication(&gen2Aff, bAlpha)
 
 	alphas := make([]fr.Element, size-1)
 	alphas[0] = alpha
diff --git a/ecc/bn254/fr/kzg/kzg_test.go b/ecc/bn254/fr/kzg/kzg_test.go
index c61171b4b..65667e115 100644
--- a/ecc/bn254/fr/kzg/kzg_test.go
+++ b/ecc/bn254/fr/kzg/kzg_test.go
@@ -28,19 +28,12 @@ import (
 	"github.com/consensys/gnark-crypto/ecc/bn254/fr/polynomial"
 )
 
-var _alphaSetup fr.Element
-
-func init() {
-	//_alphaSetup.SetRandom()
-	_alphaSetup.SetString("1234")
-}
-
 // NewScheme returns a new KZG scheme.
 // This should be used for testing purpose only
 // it creates a new FFT domain and a new SRS without randomness
-func NewScheme(size int, alpha fr.Element) *Scheme {
+func NewScheme(size int) *Scheme {
 	return &Scheme{
-		SRS:    NewSRS(size, alpha),
+		SRS:    NewSRS(size, new(big.Int).SetInt64(42)),
 		Domain: fft.NewDomain(uint64(size), 0, false),
 	}
 }
@@ -98,7 +91,7 @@ func TestDividePolyByXminusA(t *testing.T) {
 func TestSerialization(t *testing.T) {
 
 	// create a KZG scheme
-	srs := NewSRS(64, _alphaSetup)
+	srs := NewSRS(64, new(big.Int).SetInt64(42))
 
 	// serialize it...
 	var buf bytes.Buffer
@@ -124,7 +117,7 @@ func TestSerialization(t *testing.T) {
 func TestCommit(t *testing.T) {
 
 	// create a KZG scheme
-	s := NewScheme(64, _alphaSetup)
+	s := NewScheme(64)
 
 	// create a polynomial
 	f := make(polynomial.Polynomial, 60)
@@ -142,7 +135,7 @@ func TestCommit(t *testing.T) {
 
 	// check commitment using manual commit
 	var x fr.Element
-	x.SetString("1234")
+	x.SetString("42")
 	fx := f.Eval(&x)
 	var fxbi big.Int
 	fx.ToBigIntRegular(&fxbi)
@@ -160,7 +153,7 @@ func TestCommit(t *testing.T) {
 func TestVerifySinglePoint(t *testing.T) {
 
 	// create a KZG scheme
-	s := NewScheme(64, _alphaSetup)
+	s := NewScheme(64)
 
 	// create a polynomial
 	f := randomPolynomial(60)
@@ -202,7 +195,7 @@ func TestVerifySinglePoint(t *testing.T) {
 func TestBatchVerifySinglePoint(t *testing.T) {
 
 	// create a KZG scheme
-	s := NewScheme(64, _alphaSetup)
+	s := NewScheme(64)
 
 	// create polynomials
 	f := make([]polynomial.Polynomial, 10)
@@ -252,7 +245,7 @@ const benchSize = 1 << 16
 
 func BenchmarkKZGCommit(b *testing.B) {
 	// kzg scheme
-	s := NewScheme(benchSize, _alphaSetup)
+	s := NewScheme(benchSize)
 
 	// random polynomial
 	p := randomPolynomial(benchSize / 2)
@@ -265,7 +258,7 @@ func BenchmarkKZGCommit(b *testing.B) {
 
 func BenchmarkKZGOpen(b *testing.B) {
 	// kzg scheme
-	s := NewScheme(benchSize, _alphaSetup)
+	s := NewScheme(benchSize)
 
 	// random polynomial
 	p := randomPolynomial(benchSize / 2)
@@ -280,7 +273,7 @@ func BenchmarkKZGOpen(b *testing.B) {
 
 func BenchmarkKZGVerify(b *testing.B) {
 	// kzg scheme
-	s := NewScheme(benchSize, _alphaSetup)
+	s := NewScheme(benchSize)
 
 	// random polynomial
 	p := randomPolynomial(benchSize / 2)
@@ -307,7 +300,7 @@ func BenchmarkKZGVerify(b *testing.B) {
 
 func BenchmarkKZGBatchOpen10(b *testing.B) {
 	// kzg scheme
-	s := NewScheme(benchSize, _alphaSetup)
+	s := NewScheme(benchSize)
 
 	// 10 random polynomials
 	var ps [10]polynomial.Polynomial
@@ -332,7 +325,7 @@ func BenchmarkKZGBatchOpen10(b *testing.B) {
 
 func BenchmarkKZGBatchVerify10(b *testing.B) {
 	// kzg scheme
-	s := NewScheme(benchSize, _alphaSetup)
+	s := NewScheme(benchSize)
 
 	// 10 random polynomials
 	var ps [10]polynomial.Polynomial
diff --git a/ecc/bw6-761/fr/kzg/kzg.go b/ecc/bw6-761/fr/kzg/kzg.go
index dadeb7ac3..717cb453d 100644
--- a/ecc/bw6-761/fr/kzg/kzg.go
+++ b/ecc/bw6-761/fr/kzg/kzg.go
@@ -59,17 +59,17 @@ type SRS struct {
 // NewSRS returns a new SRS using alpha as randomness source
 //
 // In production, a SRS generated through MPC should be used.
-func NewSRS(size int, alpha fr.Element) *SRS {
+func NewSRS(size int, bAlpha *big.Int) *SRS {
 	var srs SRS
 	srs.G1 = make([]bw6761.G1Affine, size)
 
-	var bAlpha big.Int
-	alpha.ToBigIntRegular(&bAlpha)
+	var alpha fr.Element
+	alpha.SetBigInt(bAlpha)
 
 	_, _, gen1Aff, gen2Aff := bw6761.Generators()
 	srs.G1[0] = gen1Aff
 	srs.G2[0] = gen2Aff
-	srs.G2[1].ScalarMultiplication(&gen2Aff, &bAlpha)
+	srs.G2[1].ScalarMultiplication(&gen2Aff, bAlpha)
 
 	alphas := make([]fr.Element, size-1)
 	alphas[0] = alpha
diff --git a/ecc/bw6-761/fr/kzg/kzg_test.go b/ecc/bw6-761/fr/kzg/kzg_test.go
index 0040a432f..6929787d9 100644
--- a/ecc/bw6-761/fr/kzg/kzg_test.go
+++ b/ecc/bw6-761/fr/kzg/kzg_test.go
@@ -28,19 +28,12 @@ import (
 	"github.com/consensys/gnark-crypto/ecc/bw6-761/fr/polynomial"
 )
 
-var _alphaSetup fr.Element
-
-func init() {
-	//_alphaSetup.SetRandom()
-	_alphaSetup.SetString("1234")
-}
-
 // NewScheme returns a new KZG scheme.
 // This should be used for testing purpose only
 // it creates a new FFT domain and a new SRS without randomness
-func NewScheme(size int, alpha fr.Element) *Scheme {
+func NewScheme(size int) *Scheme {
 	return &Scheme{
-		SRS:    NewSRS(size, alpha),
+		SRS:    NewSRS(size, new(big.Int).SetInt64(42)),
 		Domain: fft.NewDomain(uint64(size), 0, false),
 	}
 }
@@ -98,7 +91,7 @@ func TestDividePolyByXminusA(t *testing.T) {
 func TestSerialization(t *testing.T) {
 
 	// create a KZG scheme
-	srs := NewSRS(64, _alphaSetup)
+	srs := NewSRS(64, new(big.Int).SetInt64(42))
 
 	// serialize it...
 	var buf bytes.Buffer
@@ -124,7 +117,7 @@ func TestSerialization(t *testing.T) {
 func TestCommit(t *testing.T) {
 
 	// create a KZG scheme
-	s := NewScheme(64, _alphaSetup)
+	s := NewScheme(64)
 
 	// create a polynomial
 	f := make(polynomial.Polynomial, 60)
@@ -142,7 +135,7 @@ func TestCommit(t *testing.T) {
 
 	// check commitment using manual commit
 	var x fr.Element
-	x.SetString("1234")
+	x.SetString("42")
 	fx := f.Eval(&x)
 	var fxbi big.Int
 	fx.ToBigIntRegular(&fxbi)
@@ -160,7 +153,7 @@ func TestCommit(t *testing.T) {
 func TestVerifySinglePoint(t *testing.T) {
 
 	// create a KZG scheme
-	s := NewScheme(64, _alphaSetup)
+	s := NewScheme(64)
 
 	// create a polynomial
 	f := randomPolynomial(60)
@@ -202,7 +195,7 @@ func TestVerifySinglePoint(t *testing.T) {
 func TestBatchVerifySinglePoint(t *testing.T) {
 
 	// create a KZG scheme
-	s := NewScheme(64, _alphaSetup)
+	s := NewScheme(64)
 
 	// create polynomials
 	f := make([]polynomial.Polynomial, 10)
@@ -252,7 +245,7 @@ const benchSize = 1 << 16
 
 func BenchmarkKZGCommit(b *testing.B) {
 	// kzg scheme
-	s := NewScheme(benchSize, _alphaSetup)
+	s := NewScheme(benchSize)
 
 	// random polynomial
 	p := randomPolynomial(benchSize / 2)
@@ -265,7 +258,7 @@ func BenchmarkKZGCommit(b *testing.B) {
 
 func BenchmarkKZGOpen(b *testing.B) {
 	// kzg scheme
-	s := NewScheme(benchSize, _alphaSetup)
+	s := NewScheme(benchSize)
 
 	// random polynomial
 	p := randomPolynomial(benchSize / 2)
@@ -280,7 +273,7 @@ func BenchmarkKZGOpen(b *testing.B) {
 
 func BenchmarkKZGVerify(b *testing.B) {
 	// kzg scheme
-	s := NewScheme(benchSize, _alphaSetup)
+	s := NewScheme(benchSize)
 
 	// random polynomial
 	p := randomPolynomial(benchSize / 2)
@@ -307,7 +300,7 @@ func BenchmarkKZGVerify(b *testing.B) {
 
 func BenchmarkKZGBatchOpen10(b *testing.B) {
 	// kzg scheme
-	s := NewScheme(benchSize, _alphaSetup)
+	s := NewScheme(benchSize)
 
 	// 10 random polynomials
 	var ps [10]polynomial.Polynomial
@@ -332,7 +325,7 @@ func BenchmarkKZGBatchOpen10(b *testing.B) {
 
 func BenchmarkKZGBatchVerify10(b *testing.B) {
 	// kzg scheme
-	s := NewScheme(benchSize, _alphaSetup)
+	s := NewScheme(benchSize)
 
 	// 10 random polynomials
 	var ps [10]polynomial.Polynomial
diff --git a/internal/generator/kzg/template/kzg.go.tmpl b/internal/generator/kzg/template/kzg.go.tmpl
index af59c8880..f7f1da4a7 100644
--- a/internal/generator/kzg/template/kzg.go.tmpl
+++ b/internal/generator/kzg/template/kzg.go.tmpl
@@ -41,17 +41,17 @@ type SRS struct {
 // NewSRS returns a new SRS using alpha as randomness source
 //
 // In production, a SRS generated through MPC should be used.
-func NewSRS(size int, alpha fr.Element) *SRS {
+func NewSRS(size int, bAlpha *big.Int) *SRS {
 	var srs SRS
 	srs.G1 = make([]{{ .CurvePackage }}.G1Affine, size)
 
-	var bAlpha big.Int
-	alpha.ToBigIntRegular(&bAlpha)
+	var alpha fr.Element
+	alpha.SetBigInt(bAlpha)
 
 	_, _, gen1Aff, gen2Aff := {{ .CurvePackage }}.Generators()
 	srs.G1[0] = gen1Aff
 	srs.G2[0] = gen2Aff
-	srs.G2[1].ScalarMultiplication(&gen2Aff, &bAlpha)
+	srs.G2[1].ScalarMultiplication(&gen2Aff, bAlpha)
 
 	alphas := make([]fr.Element, size-1)
 	alphas[0] = alpha
diff --git a/internal/generator/kzg/template/kzg.test.go.tmpl b/internal/generator/kzg/template/kzg.test.go.tmpl
index cd62e64cc..a86155d57 100644
--- a/internal/generator/kzg/template/kzg.test.go.tmpl
+++ b/internal/generator/kzg/template/kzg.test.go.tmpl
@@ -10,19 +10,12 @@ import (
 	"github.com/consensys/gnark-crypto/ecc/{{ .Name }}/fr/polynomial"
 )
 
-var _alphaSetup fr.Element
-
-func init() {
-	//_alphaSetup.SetRandom()
-	_alphaSetup.SetString("1234")
-}
-
 // NewScheme returns a new KZG scheme.
 // This should be used for testing purpose only
 // it creates a new FFT domain and a new SRS without randomness
-func NewScheme(size int, alpha fr.Element) *Scheme {
+func NewScheme(size int) *Scheme {
 	return &Scheme{
-		SRS: NewSRS(size, alpha),
+		SRS: NewSRS(size, new(big.Int).SetInt64(42)),
 		Domain: fft.NewDomain(uint64(size), 0, false),
 	}
 }
@@ -80,7 +73,7 @@ func TestDividePolyByXminusA(t *testing.T) {
 func TestSerialization(t *testing.T) {
 
 	// create a KZG scheme
-	srs := NewSRS(64, _alphaSetup)
+	srs := NewSRS(64, new(big.Int).SetInt64(42))
 
 	// serialize it...
 	var buf bytes.Buffer
@@ -106,7 +99,7 @@ func TestSerialization(t *testing.T) {
 func TestCommit(t *testing.T) {
 
 	// create a KZG scheme
-	s := NewScheme(64, _alphaSetup)
+	s := NewScheme(64)
 
 	// create a polynomial
 	f := make(polynomial.Polynomial, 60)
@@ -124,7 +117,7 @@ func TestCommit(t *testing.T) {
 
 	// check commitment using manual commit
 	var x fr.Element
-	x.SetString("1234")
+	x.SetString("42")
 	fx := f.Eval(&x)
 	var fxbi big.Int
 	fx.ToBigIntRegular(&fxbi)
@@ -142,7 +135,7 @@ func TestCommit(t *testing.T) {
 func TestVerifySinglePoint(t *testing.T) {
 
 	// create a KZG scheme
-	s := NewScheme(64, _alphaSetup)
+	s := NewScheme(64)
 
 	// create a polynomial
 	f := randomPolynomial(60)
@@ -184,7 +177,7 @@ func TestVerifySinglePoint(t *testing.T) {
 func TestBatchVerifySinglePoint(t *testing.T) {
 
 	// create a KZG scheme
-	s := NewScheme(64, _alphaSetup)
+	s := NewScheme(64)
 
 	// create polynomials
 	f := make([]polynomial.Polynomial, 10)
@@ -234,7 +227,7 @@ const benchSize = 1 << 16
 
 func BenchmarkKZGCommit(b *testing.B) {
 	// kzg scheme
-	s := NewScheme(benchSize, _alphaSetup)
+	s := NewScheme(benchSize)
 
 	// random polynomial
 	p := randomPolynomial(benchSize / 2)
@@ -247,7 +240,7 @@ func BenchmarkKZGCommit(b *testing.B) {
 
 func BenchmarkKZGOpen(b *testing.B) {
 	// kzg scheme
-	s := NewScheme(benchSize, _alphaSetup)
+	s := NewScheme(benchSize)
 
 	// random polynomial
 	p := randomPolynomial(benchSize / 2)
@@ -262,7 +255,7 @@ func BenchmarkKZGOpen(b *testing.B) {
 
 func BenchmarkKZGVerify(b *testing.B) {
 	// kzg scheme
-	s := NewScheme(benchSize, _alphaSetup)
+	s := NewScheme(benchSize)
 
 	// random polynomial
 	p := randomPolynomial(benchSize / 2)
@@ -289,7 +282,7 @@ func BenchmarkKZGVerify(b *testing.B) {
 
 func BenchmarkKZGBatchOpen10(b *testing.B) {
 	// kzg scheme
-	s := NewScheme(benchSize, _alphaSetup)
+	s := NewScheme(benchSize)
 
 	// 10 random polynomials
 	var ps [10]polynomial.Polynomial
@@ -314,7 +307,7 @@ func BenchmarkKZGBatchOpen10(b *testing.B) {
 
 func BenchmarkKZGBatchVerify10(b *testing.B) {
 	// kzg scheme
-	s := NewScheme(benchSize, _alphaSetup)
+	s := NewScheme(benchSize)
 
 	// 10 random polynomials
 	var ps [10]polynomial.Polynomial