Snarkpack

Recall a Groth16 verification with verification key $\left(\mathbf{D},\mathbf{E},\mathbf{F},\mathbf{G},{\mathbf{L}}_i\right)$ and proof $\left(w_i,A,B,C\right)$. It's made to sum to zero and signs are absorbed into the constants.

$$0=e(A,B)+e(\mathbf{E},\mathbf{F})+e\left(\sum _{i∊[0,p)}{w}_i\cdot {\mathbf{L}}_i,\mathbf{G}\right)+e\left(C,\mathbf{D}\right)$$

Take $n$ proofs $\left(w_{ij},A_j,B_j,C_j\right)$ and linearly combine them using $r_j$:

$$\begin{array}{rl}0& =\sum _j{r}_j\cdot \left(e(A_j,B_j)+e(\mathbf{E},\mathbf{F})+e\left(\sum _{i∊[0,p)}{w}_{ij}\cdot {\mathbf{L}}_i,\mathbf{G}\right)+e\left(C_j,\mathbf{D}\right)\right)\\ & =\sum _{j}e\left(r_j\cdot A_j,B_j\right)+e\left(\sum _j{r}_j\cdot \mathbf{E},\mathbf{F}\right)+e\left(\sum _j\sum _{i∊[0,p)}{r}_j\cdot w_{ij}\cdot {\mathbf{L}}_i,\mathbf{G}\right)+e\left(\sum _{i∊[0,p)}{r}_j\cdot C,\mathbf{D}\right)\end{array}$$

Question. Can we proof soundness if the prover only provided ${\sum }_{i∊[0,p)}{r}_j\cdot A_j$ and/or the equivalent for $B$ or $C$? Extreme case

$$0=e(A,B)+e(\mathbf{E},\mathbf{F})+e\left(\sum _j\sum _{i∊[0,p)}{r}_j\cdot w_i\cdot {\mathbf{L}}_i,\mathbf{G}\right)+e\left(C,\mathbf{D}\right)$$

where $r_j$ is derived by pseudorandom function from $w_{ij}$.

https://eprint.iacr.org/2021/529