feat: add HyperKZG zero-knowledge openings

Cargo.toml

@@ -388,6 +388,7 @@ jolt-blindfold = { path = "./crates/jolt-blindfold" }
 jolt-claims = { path = "./crates/jolt-claims" }
 jolt-crypto = { path = "./crates/jolt-crypto" }
 jolt-field = { path = "./crates/jolt-field" }
+jolt-hyperkzg = { path = "./crates/jolt-hyperkzg" }
 jolt-openings = { path = "./crates/jolt-openings" }
 jolt-hyrax = { path = "./crates/jolt-hyrax" }
 jolt-verifier = { path = "./crates/jolt-verifier" }

crates/jolt-hyperkzg/Cargo.toml

@@ -3,7 +3,7 @@ name = "jolt-hyperkzg"
 version = "0.1.0"
 edition = "2021"
 license = "MIT"
-description = "HyperKZG multilinear polynomial commitment scheme for the Jolt zkVM"
+description = "HyperKZG Gemini-style multilinear polynomial commitment scheme for the Jolt zkVM"
 
 [lints]
 workspace = true
@@ -15,21 +15,31 @@ jolt-poly = { path = "../jolt-poly" }
 jolt-transcript = { path = "../jolt-transcript" }
 jolt-openings = { path = "../jolt-openings" }
 serde = { workspace = true, features = ["derive"] }
+bincode = { workspace = true }
 tracing.workspace = true
 num-traits = { workspace = true }
 rayon = { workspace = true }
 thiserror = { workspace = true }
 rand_core = { workspace = true, features = ["getrandom"] }
 rand_chacha = { workspace = true }
 
+[features]
+default = []
+zk = []
+
 [dev-dependencies]
 jolt-field = { path = "../jolt-field", features = ["bn254"] }
 criterion = { workspace = true }
 rand = { workspace = true }
+memory-stats = { workspace = true }
 
 [[bench]]
 name = "hyperkzg"
 harness = false
 
+[[bench]]
+name = "hyperkzg_zk_profile"
+harness = false
+
 [package.metadata.cargo-machete]
 ignored = ["rand_core", "rand_chacha", "rand"]

crates/jolt-hyperkzg/README.md

@@ -16,6 +16,34 @@ This crate is generic over `PairingGroup` from `jolt-crypto` and implements `Com
 2. **Open** (Gemini reduction) — fold the multilinear polynomial `ℓ-1` times producing intermediate commitments, derive challenge `r`, batch KZG open at `[r, -r, r²]`.
 3. **Verify** — evaluation consistency check, then batch KZG pairing check.
 
+With the `zk` feature, HyperKZG uses commitment blinding plus KZG proof
+randomization: ZK hints carry one scalar blind, hidden evaluations are group
+commitments, and the verifier checks Gemini over group elements without seeing
+raw evaluations.
+
+## SRS Generation and Import
+
+HyperKZG uses a **structured** reference string with a KZG trapdoor `beta`.
+Production provers/verifiers should import an SRS generated by a separate trusted
+setup ceremony, rather than generating `beta` in the live proving process.
+
+The canonical prover SRS filename is:
+
+```text
+hyperkzg_{k}.srs
+```
+
+Here `k` is the exponent for the supported polynomial size: `hyperkzg_20.srs`
+supports multilinear polynomials with up to `2^20` evaluations. The serialized
+prover setup stores one additional G1 power internally, following the KZG SRS
+convention used by this crate.
+
+SRS files use a versioned envelope with a `Plain`/`Zk` discriminant so loaders do
+not silently accept the wrong ceremony output. `HyperKZGScheme::setup` and
+`HyperKZGScheme::setup_from_secret` are intended for tests or trusted setup
+tooling only. The runtime import path is `HyperKZGScheme::read_srs_file(path)`
+or `HyperKZGScheme::read_srs_from_dir(dir, k)`.
+
 ## Public API
 
 - **`HyperKZGScheme<P>`** — Main entry point. Implements `CommitmentScheme` and `AdditivelyHomomorphic`.
@@ -42,7 +70,8 @@ Used by `jolt-zkvm`.
 
 ## Feature Flags
 
-This crate has no feature flags.
+- **`zk`** — Enables ZK HyperKZG surface area. Transparent HyperKZG remains the
+  default path.
 
 ## License
 

crates/jolt-hyperkzg/benches/hyperkzg.rs

@@ -94,7 +94,7 @@ fn bench_verify(c: &mut Criterion) {
                         let poly = Polynomial::<Fr>::random(nv, &mut rng);
                         let point: Vec<Fr> = (0..nv).map(|_| Fr::random(&mut rng)).collect();
                         let eval = poly.evaluate(&point);
-                        let (commitment, ()) = TestScheme::commit(poly.evaluations(), &pk);
+                        let (commitment, _) = TestScheme::commit(poly.evaluations(), &pk);
                         let mut transcript =
                             jolt_transcript::Blake2bTranscript::new(b"bench-verify");
                         let proof = <TestScheme as CommitmentScheme>::open(
@@ -138,7 +138,7 @@ fn bench_combine(c: &mut Criterion) {
         let commitments: Vec<_> = (0..count)
             .map(|_| {
                 let poly = Polynomial::<Fr>::random(num_vars, &mut rng);
-                let (c, ()) = TestScheme::commit(poly.evaluations(), &pk);
+                let (c, _) = TestScheme::commit(poly.evaluations(), &pk);
                 c
             })
             .collect();