See #960.
Currently they are constants for making the circuits a bit more efficient. Actually SizeInv being a constant doesn't improve the constraint count as we do not have short path for computing var-const multiplication in field emulation. But Size currently defines the number of iterations we need for exponentiating zeta, the challenge used inside the circuit.
If we would make Size variable and fix it size to be approx 30 bits, then the overhead for additional multiplications is relatively small compared to rest of the operations (MSMs, pairing computation, hashing etc.).
Secondly, right now we are using Lookup2 for switching between the verification keys which means we can only switch between four different keys. This is somewhat limiting. It would be better if we would use a proper lookup table for key switching, but this requires making the lookup table generic for the input type (or implement it for emulated elements and extend to G1).
Or maybe we can have even better approach where we store all verification keys inside a Merkle Tree, provide the root as an input to the aggregation circuit and then use inclusion proof to verify that all verification keys are inside Merkle Tree. I guess we can have several approaches.
See #960.
Currently they are constants for making the circuits a bit more efficient. Actually
SizeInvbeing a constant doesn't improve the constraint count as we do not have short path for computing var-const multiplication in field emulation. ButSizecurrently defines the number of iterations we need for exponentiatingzeta, the challenge used inside the circuit.If we would make
Sizevariable and fix it size to be approx 30 bits, then the overhead for additional multiplications is relatively small compared to rest of the operations (MSMs, pairing computation, hashing etc.).Secondly, right now we are using
Lookup2for switching between the verification keys which means we can only switch between four different keys. This is somewhat limiting. It would be better if we would use a proper lookup table for key switching, but this requires making the lookup table generic for the input type (or implement it for emulated elements and extend to G1).Or maybe we can have even better approach where we store all verification keys inside a Merkle Tree, provide the root as an input to the aggregation circuit and then use inclusion proof to verify that all verification keys are inside Merkle Tree. I guess we can have several approaches.