From 553953d16a07f5e0a4de2ab8675340acc0d6e75c Mon Sep 17 00:00:00 2001
From: guorong009 <dgr009@pse.dev>
Date: Fri, 27 Sep 2024 15:42:01 +0800
Subject: [PATCH] feat: refactor the verify api (#359)

* feat: refactor the verification api

* feat: rename the "verify_*" apis

* feat: remove "Output" type from "VerificationStrategy" trait

* feat: rename "ProverSingle" -> "Prover", "Prover" -> "ProverMulti"
---
 halo2_backend/src/plonk/prover.rs            | 26 +++++-----
 halo2_backend/src/plonk/verifier.rs          | 38 ++++++++++++---
 halo2_backend/src/plonk/verifier/batch.rs    | 20 ++++----
 halo2_backend/src/poly/ipa/strategy.rs       | 21 +++-----
 halo2_backend/src/poly/kzg/strategy.rs       | 23 ++++-----
 halo2_backend/src/poly/multiopen_test.rs     |  2 +-
 halo2_backend/src/poly/strategy.rs           | 10 ++--
 halo2_proofs/benches/plonk.rs                | 19 ++++----
 halo2_proofs/src/plonk.rs                    |  4 +-
 halo2_proofs/src/plonk/prover.rs             |  4 +-
 halo2_proofs/tests/compress_selectors.rs     | 22 ++++++---
 halo2_proofs/tests/frontend_backend_split.rs | 51 +++++++++++---------
 halo2_proofs/tests/plonk_api.rs              | 17 ++++---
 halo2_proofs/tests/serialization.rs          | 32 ++++++------
 halo2_proofs/tests/shuffle.rs                |  7 +--
 halo2_proofs/tests/shuffle_api.rs            | 21 +++-----
 halo2_proofs/tests/vector-ops-unblinded.rs   |  8 +--
 p3_frontend/tests/common/mod.rs              | 24 ++++-----
 18 files changed, 180 insertions(+), 169 deletions(-)

diff --git a/halo2_backend/src/plonk/prover.rs b/halo2_backend/src/plonk/prover.rs
index 81bf3cd010..c5a735b5ed 100644
--- a/halo2_backend/src/plonk/prover.rs
+++ b/halo2_backend/src/plonk/prover.rs
@@ -39,9 +39,9 @@ struct AdviceSingle<C: CurveAffine, B: Basis> {
 }
 
 /// The prover object used to create proofs interactively by passing the witnesses to commit at
-/// each phase.  This works for a single proof.  This is a wrapper over Prover.
+/// each phase.  This works for a single proof.  This is a wrapper over ProverMulti.
 #[derive(Debug)]
-pub struct ProverSingle<
+pub struct Prover<
     'a,
     'params,
     Scheme: CommitmentScheme,
@@ -50,7 +50,7 @@ pub struct ProverSingle<
     R: RngCore,
     T: TranscriptWrite<Scheme::Curve, E>,
     M: MsmAccel<Scheme::Curve>,
->(Prover<'a, 'params, Scheme, P, E, R, T, M>);
+>(ProverMulti<'a, 'params, Scheme, P, E, R, T, M>);
 
 impl<
         'a,
@@ -61,9 +61,9 @@ impl<
         R: RngCore,
         T: TranscriptWrite<Scheme::Curve, E>,
         M: MsmAccel<Scheme::Curve>,
-    > ProverSingle<'a, 'params, Scheme, P, E, R, T, M>
+    > Prover<'a, 'params, Scheme, P, E, R, T, M>
 {
-    /// Create a new prover object
+    /// Create a new ProverMulti object
     pub fn new_with_engine(
         engine: PlonkEngine<Scheme::Curve, M>,
         params: &'params Scheme::ParamsProver,
@@ -75,7 +75,7 @@ impl<
     where
         Scheme::Scalar: WithSmallOrderMulGroup<3> + FromUniformBytes<64>,
     {
-        Ok(Self(Prover::new_with_engine(
+        Ok(Self(ProverMulti::new_with_engine(
             engine,
             params,
             pk,
@@ -91,12 +91,12 @@ impl<
         instance: Vec<Vec<Scheme::Scalar>>,
         rng: R,
         transcript: &'a mut T,
-    ) -> Result<ProverSingle<'a, 'params, Scheme, P, E, R, T, H2cEngine>, Error>
+    ) -> Result<Prover<'a, 'params, Scheme, P, E, R, T, H2cEngine>, Error>
     where
         Scheme::Scalar: WithSmallOrderMulGroup<3> + FromUniformBytes<64>,
     {
         let engine = PlonkEngineConfig::build_default();
-        ProverSingle::new_with_engine(engine, params, pk, instance, rng, transcript)
+        Prover::new_with_engine(engine, params, pk, instance, rng, transcript)
     }
 
     /// Commit the `witness` at `phase` and return the challenges after `phase`.
@@ -123,7 +123,7 @@ impl<
 /// The prover object used to create proofs interactively by passing the witnesses to commit at
 /// each phase.  This supports batch proving.
 #[derive(Debug)]
-pub struct Prover<
+pub struct ProverMulti<
     'a,
     'params,
     Scheme: CommitmentScheme,
@@ -164,7 +164,7 @@ impl<
         R: RngCore,
         T: TranscriptWrite<Scheme::Curve, E>,
         M: MsmAccel<Scheme::Curve>,
-    > Prover<'a, 'params, Scheme, P, E, R, T, M>
+    > ProverMulti<'a, 'params, Scheme, P, E, R, T, M>
 {
     /// Create a new prover object
     pub fn new_with_engine(
@@ -283,7 +283,7 @@ impl<
 
         let challenges = HashMap::<usize, Scheme::Scalar>::with_capacity(meta.num_challenges);
 
-        Ok(Prover {
+        Ok(ProverMulti {
             engine,
             params,
             pk,
@@ -903,11 +903,11 @@ impl<
         circuits_instances: &[Vec<Vec<Scheme::Scalar>>],
         rng: R,
         transcript: &'a mut T,
-    ) -> Result<Prover<'a, 'params, Scheme, P, E, R, T, H2cEngine>, Error>
+    ) -> Result<ProverMulti<'a, 'params, Scheme, P, E, R, T, H2cEngine>, Error>
     where
         Scheme::Scalar: WithSmallOrderMulGroup<3> + FromUniformBytes<64>,
     {
         let engine = PlonkEngineConfig::build_default();
-        Prover::new_with_engine(engine, params, pk, circuits_instances, rng, transcript)
+        ProverMulti::new_with_engine(engine, params, pk, circuits_instances, rng, transcript)
     }
 }
diff --git a/halo2_backend/src/plonk/verifier.rs b/halo2_backend/src/plonk/verifier.rs
index 53d9da4181..6e4f63bfc8 100644
--- a/halo2_backend/src/plonk/verifier.rs
+++ b/halo2_backend/src/plonk/verifier.rs
@@ -30,13 +30,12 @@ pub use batch::BatchVerifier;
 
 /// Returns a boolean indicating whether or not the proof is valid.  Verifies a single proof (not
 /// batched).
-pub fn verify_proof_single<'params, Scheme, V, E, T, Strategy>(
+pub fn verify_proof<'params, Scheme, V, E, T, Strategy>(
     params: &'params Scheme::ParamsVerifier,
     vk: &VerifyingKey<Scheme::Curve>,
-    strategy: Strategy,
     instance: Vec<Vec<Scheme::Scalar>>,
     transcript: &mut T,
-) -> Result<Strategy::Output, Error>
+) -> bool
 where
     Scheme::Scalar: WithSmallOrderMulGroup<3> + FromUniformBytes<64>,
     Scheme: CommitmentScheme,
@@ -45,11 +44,11 @@ where
     T: TranscriptRead<Scheme::Curve, E>,
     Strategy: VerificationStrategy<'params, Scheme, V>,
 {
-    verify_proof(params, vk, strategy, &[instance], transcript)
+    verify_proof_multi::<Scheme, V, E, T, Strategy>(params, vk, &[instance], transcript)
 }
 
-/// Returns a boolean indicating whether or not the proof is valid
-pub fn verify_proof<
+/// Process the proof, checks that the proof is valid and returns the `Strategy` output.
+pub fn verify_proof_with_strategy<
     'params,
     Scheme: CommitmentScheme,
     V: Verifier<'params, Scheme>,
@@ -62,7 +61,7 @@ pub fn verify_proof<
     strategy: Strategy,
     instances: &[Vec<Vec<Scheme::Scalar>>],
     transcript: &mut T,
-) -> Result<Strategy::Output, Error>
+) -> Result<Strategy, Error>
 where
     Scheme::Scalar: WithSmallOrderMulGroup<3> + FromUniformBytes<64>,
 {
@@ -519,3 +518,28 @@ where
             .map_err(|_| Error::Opening)
     })
 }
+
+/// Returns a boolean indicating whether or not the proof is valid
+pub fn verify_proof_multi<
+    'params,
+    Scheme: CommitmentScheme,
+    V: Verifier<'params, Scheme>,
+    E: EncodedChallenge<Scheme::Curve>,
+    T: TranscriptRead<Scheme::Curve, E>,
+    Strategy: VerificationStrategy<'params, Scheme, V>,
+>(
+    params: &'params Scheme::ParamsVerifier,
+    vk: &VerifyingKey<Scheme::Curve>,
+    instances: &[Vec<Vec<Scheme::Scalar>>],
+    transcript: &mut T,
+) -> bool
+where
+    Scheme::Scalar: WithSmallOrderMulGroup<3> + FromUniformBytes<64>,
+{
+    let strategy = Strategy::new(params);
+    let strategy = match verify_proof_with_strategy(params, vk, strategy, instances, transcript) {
+        Ok(strategy) => strategy,
+        Err(_) => return false,
+    };
+    strategy.finalize()
+}
diff --git a/halo2_backend/src/plonk/verifier/batch.rs b/halo2_backend/src/plonk/verifier/batch.rs
index 54b06450d9..c849f2f23a 100644
--- a/halo2_backend/src/plonk/verifier/batch.rs
+++ b/halo2_backend/src/plonk/verifier/batch.rs
@@ -5,7 +5,7 @@ use halo2_middleware::zal::impls::H2cEngine;
 use halo2curves::CurveAffine;
 use rand_core::OsRng;
 
-use super::{verify_proof, VerificationStrategy};
+use super::{verify_proof_with_strategy, VerificationStrategy};
 use crate::{
     multicore::{
         IndexedParallelIterator, IntoParallelIterator, ParallelIterator, TryFoldAndReduce,
@@ -34,8 +34,6 @@ struct BatchStrategy<'params, C: CurveAffine> {
 impl<'params, C: CurveAffine> VerificationStrategy<'params, IPACommitmentScheme<C>, VerifierIPA<C>>
     for BatchStrategy<'params, C>
 {
-    type Output = MSMIPA<'params, C>;
-
     fn new(params: &'params ParamsVerifierIPA<C>) -> Self {
         BatchStrategy {
             msm: MSMIPA::new(params),
@@ -45,9 +43,11 @@ impl<'params, C: CurveAffine> VerificationStrategy<'params, IPACommitmentScheme<
     fn process(
         self,
         f: impl FnOnce(MSMIPA<'params, C>) -> Result<GuardIPA<'params, C>, Error>,
-    ) -> Result<Self::Output, Error> {
+    ) -> Result<Self, Error> {
         let guard = f(self.msm)?;
-        Ok(guard.use_challenges())
+        Ok(Self {
+            msm: guard.use_challenges(),
+        })
     }
 
     fn finalize(self) -> bool {
@@ -110,10 +110,12 @@ where
             .map(|(i, item)| {
                 let strategy = BatchStrategy::new(params);
                 let mut transcript = Blake2bRead::init(&item.proof[..]);
-                verify_proof(params, vk, strategy, &item.instances, &mut transcript).map_err(|e| {
-                    tracing::debug!("Batch item {} failed verification: {}", i, e);
-                    e
-                })
+                verify_proof_with_strategy(params, vk, strategy, &item.instances, &mut transcript)
+                    .map_err(|e| {
+                        tracing::debug!("Batch item {} failed verification: {}", i, e);
+                        e
+                    })
+                    .map(|st| st.msm)
             })
             .try_fold_and_reduce(
                 || ParamsVerifier::<'_, C>::empty_msm(params),
diff --git a/halo2_backend/src/poly/ipa/strategy.rs b/halo2_backend/src/poly/ipa/strategy.rs
index 4fdc47523c..fd9031d3f4 100644
--- a/halo2_backend/src/poly/ipa/strategy.rs
+++ b/halo2_backend/src/poly/ipa/strategy.rs
@@ -79,8 +79,6 @@ pub struct AccumulatorStrategy<'params, C: CurveAffine> {
 impl<'params, C: CurveAffine> VerificationStrategy<'params, IPACommitmentScheme<C>, VerifierIPA<C>>
     for AccumulatorStrategy<'params, C>
 {
-    type Output = Self;
-
     fn new(params: &'params ParamsIPA<C>) -> Self {
         AccumulatorStrategy {
             msm: MSMIPA::new(params),
@@ -90,7 +88,7 @@ impl<'params, C: CurveAffine> VerificationStrategy<'params, IPACommitmentScheme<
     fn process(
         mut self,
         f: impl FnOnce(MSMIPA<'params, C>) -> Result<GuardIPA<'params, C>, Error>,
-    ) -> Result<Self::Output, Error> {
+    ) -> Result<Self, Error> {
         self.msm.scale(C::Scalar::random(OsRng));
         let guard = f(self.msm)?;
 
@@ -119,8 +117,6 @@ pub struct SingleStrategy<'params, C: CurveAffine> {
 impl<'params, C: CurveAffine> VerificationStrategy<'params, IPACommitmentScheme<C>, VerifierIPA<C>>
     for SingleStrategy<'params, C>
 {
-    type Output = ();
-
     fn new(params: &'params ParamsIPA<C>) -> Self {
         SingleStrategy {
             msm: MSMIPA::new(params),
@@ -130,15 +126,11 @@ impl<'params, C: CurveAffine> VerificationStrategy<'params, IPACommitmentScheme<
     fn process(
         self,
         f: impl FnOnce(MSMIPA<'params, C>) -> Result<GuardIPA<'params, C>, Error>,
-    ) -> Result<Self::Output, Error> {
+    ) -> Result<Self, Error> {
         let guard = f(self.msm)?;
-        let msm = guard.use_challenges();
-        // ZAL: Verification is (supposedly) cheap, hence we don't use an accelerator engine
-        if msm.check(&H2cEngine::new()) {
-            Ok(())
-        } else {
-            Err(Error::ConstraintSystemFailure)
-        }
+        Ok(Self {
+            msm: guard.use_challenges(),
+        })
     }
 
     /// Finalizes the batch and checks its validity.
@@ -147,7 +139,8 @@ impl<'params, C: CurveAffine> VerificationStrategy<'params, IPACommitmentScheme<
     /// specific failing proofs, it must re-process the proofs separately.
     #[must_use]
     fn finalize(self) -> bool {
-        unreachable!()
+        // TODO: Verification is cheap, ZkAccel on verifier is not a priority.
+        self.msm.check(&H2cEngine::new())
     }
 }
 
diff --git a/halo2_backend/src/poly/kzg/strategy.rs b/halo2_backend/src/poly/kzg/strategy.rs
index 93c6a96163..2428021f36 100644
--- a/halo2_backend/src/poly/kzg/strategy.rs
+++ b/halo2_backend/src/poly/kzg/strategy.rs
@@ -120,8 +120,6 @@ where
     E::G1: CurveExt<AffineExt = E::G1Affine>,
     E::G2Affine: SerdeCurveAffine,
 {
-    type Output = Self;
-
     fn new(params: &'params ParamsVerifierKZG<E>) -> Self {
         AccumulatorStrategy::new(params)
     }
@@ -129,7 +127,7 @@ where
     fn process(
         mut self,
         f: impl FnOnce(V::MSMAccumulator) -> Result<V::Guard, Error>,
-    ) -> Result<Self::Output, Error> {
+    ) -> Result<Self, Error> {
         self.msm_accumulator.scale(E::Fr::random(OsRng));
 
         // Guard is updated with new msm contributions
@@ -155,8 +153,6 @@ where
     E::G1: CurveExt<AffineExt = E::G1Affine>,
     E::G2Affine: SerdeCurveAffine,
 {
-    type Output = ();
-
     fn new(params: &'params ParamsVerifierKZG<E>) -> Self {
         Self::new(params)
     }
@@ -164,20 +160,19 @@ where
     fn process(
         self,
         f: impl FnOnce(V::MSMAccumulator) -> Result<V::Guard, Error>,
-    ) -> Result<Self::Output, Error> {
+    ) -> Result<Self, Error> {
         // Guard is updated with new msm contributions
         let guard = f(self.msm)?;
         let msm = guard.msm_accumulator;
-        // Verification is (supposedly) cheap, hence we don't use an accelerator engine
-        let default_engine = H2cEngine::new();
-        if msm.check(&default_engine, &self.params) {
-            Ok(())
-        } else {
-            Err(Error::ConstraintSystemFailure)
-        }
+        Ok(Self {
+            msm,
+            params: self.params,
+        })
     }
 
     fn finalize(self) -> bool {
-        unreachable!();
+        // Verification is (supposedly) cheap, hence we don't use an accelerator engine
+        let default_engine = H2cEngine::new();
+        self.msm.check(&default_engine, &self.params)
     }
 }
diff --git a/halo2_backend/src/poly/multiopen_test.rs b/halo2_backend/src/poly/multiopen_test.rs
index e907d0134c..e40d203a8a 100644
--- a/halo2_backend/src/poly/multiopen_test.rs
+++ b/halo2_backend/src/poly/multiopen_test.rs
@@ -173,7 +173,7 @@ mod test {
         V: Verifier<'params, Scheme>,
         E: EncodedChallenge<Scheme::Curve>,
         T: TranscriptReadBuffer<&'a [u8], Scheme::Curve, E>,
-        Strategy: VerificationStrategy<'params, Scheme, V, Output = Strategy>,
+        Strategy: VerificationStrategy<'params, Scheme, V>,
     >(
         params: &'params Scheme::ParamsVerifier,
         proof: &'a [u8],
diff --git a/halo2_backend/src/poly/strategy.rs b/halo2_backend/src/poly/strategy.rs
index 850f95e6c9..5c6f646818 100644
--- a/halo2_backend/src/poly/strategy.rs
+++ b/halo2_backend/src/poly/strategy.rs
@@ -10,18 +10,16 @@ pub trait Guard<Scheme: CommitmentScheme> {
 
 /// Trait representing a strategy for verifying Halo 2 proofs.
 pub trait VerificationStrategy<'params, Scheme: CommitmentScheme, V: Verifier<'params, Scheme>> {
-    /// The output type of this verification strategy after processing a proof.
-    type Output;
-
     /// Creates new verification strategy instance
     fn new(params: &'params Scheme::ParamsVerifier) -> Self;
 
-    /// Obtains an MSM from the verifier strategy and yields back the strategy's
-    /// output.
+    /// Obtains an MSM from the verifier strategy and yields back the strategy
     fn process(
         self,
         f: impl FnOnce(V::MSMAccumulator) -> Result<V::Guard, Error>,
-    ) -> Result<Self::Output, Error>;
+    ) -> Result<Self, Error>
+    where
+        Self: Sized;
 
     /// Finalizes the batch and checks its validity.
     ///
diff --git a/halo2_proofs/benches/plonk.rs b/halo2_proofs/benches/plonk.rs
index ce03d5171e..c0eb4ee7dd 100644
--- a/halo2_proofs/benches/plonk.rs
+++ b/halo2_proofs/benches/plonk.rs
@@ -10,13 +10,10 @@ use halo2curves::pasta::{EqAffine, Fp};
 use rand_core::OsRng;
 
 use halo2_proofs::{
-    poly::{
-        ipa::{
-            commitment::{IPACommitmentScheme, ParamsIPA},
-            multiopen::ProverIPA,
-            strategy::SingleStrategy,
-        },
-        VerificationStrategy,
+    poly::ipa::{
+        commitment::{IPACommitmentScheme, ParamsIPA},
+        multiopen::ProverIPA,
+        strategy::SingleStrategy,
     },
     transcript::{TranscriptReadBuffer, TranscriptWriterBuffer},
 };
@@ -300,9 +297,13 @@ fn criterion_benchmark(c: &mut Criterion) {
     }
 
     fn verifier(params: &ParamsIPA<EqAffine>, vk: &VerifyingKey<EqAffine>, proof: &[u8]) {
-        let strategy = SingleStrategy::new(params);
         let mut transcript = Blake2bRead::<_, _, Challenge255<_>>::init(proof);
-        assert!(verify_proof(params, vk, strategy, &[vec![]], &mut transcript).is_ok());
+        assert!(verify_proof_multi::<_, _, _, _, SingleStrategy<_>>(
+            params,
+            vk,
+            &[vec![]],
+            &mut transcript
+        ));
     }
 
     let k_range = 8..=16;
diff --git a/halo2_proofs/src/plonk.rs b/halo2_proofs/src/plonk.rs
index 41a2feb2d9..dee402f34f 100644
--- a/halo2_proofs/src/plonk.rs
+++ b/halo2_proofs/src/plonk.rs
@@ -9,14 +9,14 @@ mod error;
 mod keygen;
 mod prover;
 mod verifier {
-    pub use halo2_backend::plonk::verifier::verify_proof;
+    pub use halo2_backend::plonk::verifier::verify_proof_multi;
 }
 
 use halo2_frontend::circuit::compile_circuit;
 pub use keygen::{keygen_pk, keygen_pk_custom, keygen_vk, keygen_vk_custom};
 
 pub use prover::{create_proof, create_proof_with_engine};
-pub use verifier::verify_proof;
+pub use verifier::verify_proof_multi;
 
 pub use error::Error;
 pub use halo2_backend::plonk::{Error as ErrorBack, ProvingKey, VerifyingKey};
diff --git a/halo2_proofs/src/plonk/prover.rs b/halo2_proofs/src/plonk/prover.rs
index 1c6a3a7e0b..fe31bf5f01 100644
--- a/halo2_proofs/src/plonk/prover.rs
+++ b/halo2_proofs/src/plonk/prover.rs
@@ -1,7 +1,7 @@
 use crate::plonk::{Error, ErrorBack};
 use crate::poly::commitment::{self, CommitmentScheme, Params};
 use crate::transcript::{EncodedChallenge, TranscriptWrite};
-use halo2_backend::plonk::{prover::Prover, ProvingKey};
+use halo2_backend::plonk::{prover::ProverMulti, ProvingKey};
 use halo2_frontend::circuit::WitnessCalculator;
 use halo2_frontend::plonk::{Circuit, ConstraintSystem};
 use halo2_middleware::ff::{FromUniformBytes, WithSmallOrderMulGroup};
@@ -55,7 +55,7 @@ where
             WitnessCalculator::new(params.k(), circuit, &config, &cs, instances[i].as_slice())
         })
         .collect();
-    let mut prover = Prover::<Scheme, P, _, _, _, _>::new_with_engine(
+    let mut prover = ProverMulti::<Scheme, P, _, _, _, _>::new_with_engine(
         engine, params, pk, instances, rng, transcript,
     )?;
     let mut challenges = HashMap::new();
diff --git a/halo2_proofs/tests/compress_selectors.rs b/halo2_proofs/tests/compress_selectors.rs
index b335634f78..1808c7969d 100644
--- a/halo2_proofs/tests/compress_selectors.rs
+++ b/halo2_proofs/tests/compress_selectors.rs
@@ -17,8 +17,8 @@ use halo2_middleware::circuit::{Any, ColumnMid};
 use halo2_middleware::zal::impls::{H2cEngine, PlonkEngineConfig};
 use halo2_proofs::arithmetic::Field;
 use halo2_proofs::plonk::{
-    create_proof_with_engine, keygen_pk_custom, keygen_vk_custom, verify_proof, Advice, Assigned,
-    Circuit, Column, ConstraintSystem, Instance, Selector,
+    create_proof_with_engine, keygen_pk_custom, keygen_vk_custom, verify_proof_multi, Advice,
+    Assigned, Circuit, Column, ConstraintSystem, Instance, Selector,
 };
 use halo2_proofs::poly::kzg::commitment::{KZGCommitmentScheme, ParamsKZG};
 use halo2_proofs::poly::kzg::multiopen::{ProverSHPLONK, VerifierSHPLONK};
@@ -375,16 +375,22 @@ fn test_mycircuit(
     // Verify
     let mut verifier_transcript =
         Blake2bRead::<_, G1Affine, Challenge255<_>>::init(proof.as_slice());
-    let strategy = SingleStrategy::new(&verifier_params);
-
-    verify_proof::<KZGCommitmentScheme<Bn256>, VerifierSHPLONK<Bn256>, _, _, _>(
+    if !verify_proof_multi::<
+        KZGCommitmentScheme<Bn256>,
+        VerifierSHPLONK<Bn256>,
+        _,
+        _,
+        SingleStrategy<_>,
+    >(
         &verifier_params,
         &vk,
-        strategy,
         instances.as_slice(),
         &mut verifier_transcript,
-    )
-    .map_err(halo2_proofs::plonk::Error::Backend)?;
+    ) {
+        return Err(halo2_proofs::plonk::Error::Backend(
+            halo2_backend::plonk::Error::Opening,
+        ));
+    };
 
     Ok(proof)
 }
diff --git a/halo2_proofs/tests/frontend_backend_split.rs b/halo2_proofs/tests/frontend_backend_split.rs
index 4988139910..cd8004e0b3 100644
--- a/halo2_proofs/tests/frontend_backend_split.rs
+++ b/halo2_proofs/tests/frontend_backend_split.rs
@@ -4,8 +4,8 @@
 use halo2_backend::{
     plonk::{
         keygen::{keygen_pk, keygen_vk},
-        prover::ProverSingle,
-        verifier::{verify_proof, verify_proof_single},
+        prover::Prover,
+        verifier::{verify_proof, verify_proof_multi},
     },
     transcript::{
         Blake2bRead, Blake2bWrite, Challenge255, TranscriptReadBuffer, TranscriptWriterBuffer,
@@ -525,16 +525,22 @@ fn test_mycircuit_full_legacy() {
             let mut verifier_transcript =
                 Blake2bRead::<_, G1Affine, Challenge255<_>>::init(proof.as_slice());
             let verifier_params = params.verifier_params();
-            let strategy = SingleStrategy::new(&verifier_params);
 
-            verify_proof::<KZGCommitmentScheme<Bn256>, VerifierSHPLONK<Bn256>, _, _, _>(
-                &verifier_params,
-                &vk,
-                strategy,
-                instances.as_slice(),
-                &mut verifier_transcript,
-            )
-            .expect("verify succeeds");
+            assert!(
+                verify_proof_multi::<
+                    KZGCommitmentScheme<Bn256>,
+                    VerifierSHPLONK<Bn256>,
+                    _,
+                    _,
+                    SingleStrategy<_>,
+                >(
+                    &verifier_params,
+                    &vk,
+                    instances.as_slice(),
+                    &mut verifier_transcript,
+                ),
+                "failed to verify proof"
+            );
             println!("Verify: {:?}", start.elapsed());
 
             proof
@@ -573,7 +579,7 @@ fn test_mycircuit_full_split() {
             let start = Instant::now();
             let mut witness_calc = WitnessCalculator::new(k, &circuit, &config, &cs, &instances);
             let mut transcript = Blake2bWrite::<_, G1Affine, Challenge255<_>>::init(vec![]);
-            let mut prover = ProverSingle::<
+            let mut prover = Prover::<
                 KZGCommitmentScheme<Bn256>,
                 ProverSHPLONK<'_, Bn256>,
                 _,
@@ -605,16 +611,17 @@ fn test_mycircuit_full_split() {
             let mut verifier_transcript =
                 Blake2bRead::<_, G1Affine, Challenge255<_>>::init(proof.as_slice());
             let verifier_params = params.verifier_params();
-            let strategy = SingleStrategy::new(&verifier_params);
-
-            verify_proof_single::<KZGCommitmentScheme<Bn256>, VerifierSHPLONK<Bn256>, _, _, _>(
-                &verifier_params,
-                &vk,
-                strategy,
-                instances,
-                &mut verifier_transcript,
-            )
-            .expect("verify succeeds");
+
+            assert!(
+                verify_proof::<
+                    KZGCommitmentScheme<Bn256>,
+                    VerifierSHPLONK<Bn256>,
+                    _,
+                    _,
+                    SingleStrategy<_>,
+                >(&verifier_params, &vk, instances, &mut verifier_transcript,),
+                "failed to verify proof"
+            );
             println!("Verify: {:?}", start.elapsed());
 
             proof
diff --git a/halo2_proofs/tests/plonk_api.rs b/halo2_proofs/tests/plonk_api.rs
index aa7fc08094..8f380094a8 100644
--- a/halo2_proofs/tests/plonk_api.rs
+++ b/halo2_proofs/tests/plonk_api.rs
@@ -13,8 +13,8 @@ use halo2_proofs::circuit::{Cell, Layouter, SimpleFloorPlanner, Value};
 use halo2_proofs::dev::MockProver;
 use halo2_proofs::plonk::{
     create_proof_with_engine as create_plonk_proof_with_engine, keygen_pk, keygen_vk,
-    verify_proof as verify_plonk_proof, Advice, Assigned, Circuit, Column, ConstraintSystem, Error,
-    ErrorFront, Fixed, ProvingKey, TableColumn, VerifyingKey,
+    verify_proof_multi as verify_multi_plonk_proof, Advice, Assigned, Circuit, Column,
+    ConstraintSystem, Error, ErrorFront, Fixed, ProvingKey, TableColumn, VerifyingKey,
 };
 use halo2_proofs::poly::commitment::{CommitmentScheme, ParamsProver, Prover, Verifier};
 use halo2_proofs::poly::Rotation;
@@ -547,7 +547,7 @@ fn plonk_api() {
         V: Verifier<'params, Scheme>,
         E: EncodedChallenge<Scheme::Curve>,
         T: TranscriptReadBuffer<&'a [u8], Scheme::Curve, E>,
-        Strategy: VerificationStrategy<'params, Scheme, V, Output = Strategy>,
+        Strategy: VerificationStrategy<'params, Scheme, V>,
     >(
         params_verifier: &'params Scheme::ParamsVerifier,
         vk: &VerifyingKey<Scheme::Curve>,
@@ -560,11 +560,12 @@ fn plonk_api() {
         let mut transcript = T::init(proof);
         let instance = [vec![vec![instance_val]], vec![vec![instance_val]]];
 
-        let strategy = Strategy::new(params_verifier);
-        let strategy =
-            verify_plonk_proof(params_verifier, vk, strategy, &instance, &mut transcript).unwrap();
-
-        assert!(strategy.finalize());
+        assert!(verify_multi_plonk_proof::<_, _, _, _, Strategy>(
+            params_verifier,
+            vk,
+            &instance,
+            &mut transcript
+        ));
     }
 
     fn test_plonk_api_gwc() {
diff --git a/halo2_proofs/tests/serialization.rs b/halo2_proofs/tests/serialization.rs
index b0e8ef4c46..6e3efbc594 100644
--- a/halo2_proofs/tests/serialization.rs
+++ b/halo2_proofs/tests/serialization.rs
@@ -8,7 +8,7 @@ use halo2_debug::test_rng;
 use halo2_proofs::{
     circuit::{Layouter, SimpleFloorPlanner, Value},
     plonk::{
-        create_proof, keygen_pk, keygen_vk_custom, pk_read, verify_proof, vk_read, Advice, Circuit,
+        create_proof, keygen_pk, keygen_vk_custom, pk_read, verify_proof_multi, vk_read, Advice, Circuit,
         Column, ConstraintSystem, ErrorFront, Fixed, Instance,
     },
     poly::{
@@ -205,22 +205,22 @@ fn test_serialization() {
             let proof = transcript.finalize();
 
             let verifier_params = params.verifier_params();
-            let strategy = SingleStrategy::new(&verifier_params);
             let mut transcript = Blake2bRead::<_, _, Challenge255<_>>::init(&proof[..]);
-            assert!(verify_proof::<
-                KZGCommitmentScheme<Bn256>,
-                VerifierGWC<Bn256>,
-                Challenge255<G1Affine>,
-                Blake2bRead<&[u8], G1Affine, Challenge255<G1Affine>>,
-                SingleStrategy<Bn256>,
-            >(
-                &verifier_params,
-                &vk,
-                strategy,
-                instances.as_slice(),
-                &mut transcript
-            )
-            .is_ok());
+            assert!(
+                verify_proof_multi::<
+                    KZGCommitmentScheme<Bn256>,
+                    VerifierGWC<Bn256>,
+                    Challenge255<G1Affine>,
+                    Blake2bRead<&[u8], G1Affine, Challenge255<G1Affine>>,
+                    SingleStrategy<Bn256>,
+                >(
+                    &verifier_params,
+                    &vk,
+                    instances.as_slice(),
+                    &mut transcript
+                ),
+                "failed to verify proof"
+            );
 
             proof
         },
diff --git a/halo2_proofs/tests/shuffle.rs b/halo2_proofs/tests/shuffle.rs
index f74958bee8..cbdb01c2e3 100644
--- a/halo2_proofs/tests/shuffle.rs
+++ b/halo2_proofs/tests/shuffle.rs
@@ -13,7 +13,6 @@ use halo2_proofs::{
             multiopen::{ProverIPA, VerifierIPA},
             strategy::AccumulatorStrategy,
         },
-        VerificationStrategy,
     },
     transcript::{
         Blake2bRead, Blake2bWrite, Challenge255, TranscriptReadBuffer, TranscriptWriterBuffer,
@@ -301,18 +300,14 @@ where
     };
 
     let accepted = {
-        let strategy = AccumulatorStrategy::new(&params);
         let mut transcript = Blake2bRead::<_, _, Challenge255<_>>::init(&proof[..]);
 
-        verify_proof::<IPACommitmentScheme<C>, VerifierIPA<C>, _, _, _>(
+        verify_proof_multi::<IPACommitmentScheme<C>, VerifierIPA<C>, _, _, AccumulatorStrategy<C>>(
             &params,
             pk.get_vk(),
-            strategy,
             &[vec![]],
             &mut transcript,
         )
-        .map(|strategy| strategy.finalize())
-        .unwrap_or_default()
     };
 
     assert_eq!(accepted, expected);
diff --git a/halo2_proofs/tests/shuffle_api.rs b/halo2_proofs/tests/shuffle_api.rs
index 7dc8d73bc5..e22fb68e21 100644
--- a/halo2_proofs/tests/shuffle_api.rs
+++ b/halo2_proofs/tests/shuffle_api.rs
@@ -7,18 +7,15 @@ use halo2_proofs::{
     arithmetic::Field,
     circuit::{Layouter, SimpleFloorPlanner, Value},
     plonk::{
-        create_proof, keygen_pk, keygen_vk, verify_proof, Advice, Circuit, Column,
+        create_proof, keygen_pk, keygen_vk, verify_proof_multi, Advice, Circuit, Column,
         ConstraintSystem, ErrorFront, Fixed, Selector,
     },
-    poly::Rotation,
-    poly::{
-        ipa::{
-            commitment::{IPACommitmentScheme, ParamsIPA},
-            multiopen::{ProverIPA, VerifierIPA},
-            strategy::AccumulatorStrategy,
-        },
-        VerificationStrategy,
+    poly::ipa::{
+        commitment::{IPACommitmentScheme, ParamsIPA},
+        multiopen::{ProverIPA, VerifierIPA},
+        strategy::AccumulatorStrategy,
     },
+    poly::Rotation,
     transcript::{
         Blake2bRead, Blake2bWrite, Challenge255, TranscriptReadBuffer, TranscriptWriterBuffer,
     },
@@ -175,18 +172,14 @@ where
     };
 
     let accepted = {
-        let strategy = AccumulatorStrategy::new(&params);
         let mut transcript = Blake2bRead::<_, _, Challenge255<_>>::init(&proof[..]);
 
-        verify_proof::<IPACommitmentScheme<C>, VerifierIPA<C>, _, _, _>(
+        verify_proof_multi::<IPACommitmentScheme<C>, VerifierIPA<C>, _, _, AccumulatorStrategy<_>>(
             &params,
             pk.get_vk(),
-            strategy,
             &[vec![]],
             &mut transcript,
         )
-        .map(|strategy| strategy.finalize())
-        .unwrap_or_default()
     };
 
     assert_eq!(accepted, expected);
diff --git a/halo2_proofs/tests/vector-ops-unblinded.rs b/halo2_proofs/tests/vector-ops-unblinded.rs
index 6a3f54a4a9..19e90fd4e5 100644
--- a/halo2_proofs/tests/vector-ops-unblinded.rs
+++ b/halo2_proofs/tests/vector-ops-unblinded.rs
@@ -16,7 +16,7 @@ use halo2_proofs::{
             multiopen::{ProverIPA, VerifierIPA},
             strategy::AccumulatorStrategy,
         },
-        Rotation, VerificationStrategy,
+        Rotation,
     },
     transcript::{
         Blake2bRead, Blake2bWrite, Challenge255, TranscriptReadBuffer, TranscriptWriterBuffer,
@@ -499,18 +499,14 @@ where
     };
 
     let accepted = {
-        let strategy = AccumulatorStrategy::new(&params);
         let mut transcript = Blake2bRead::<_, _, Challenge255<_>>::init(&proof[..]);
 
-        verify_proof::<IPACommitmentScheme<C>, VerifierIPA<C>, _, _, _>(
+        verify_proof_multi::<IPACommitmentScheme<C>, VerifierIPA<C>, _, _, AccumulatorStrategy<_>>(
             &params,
             pk.get_vk(),
-            strategy,
             &instances,
             &mut transcript,
         )
-        .map(|strategy| strategy.finalize())
-        .unwrap_or_default()
     };
 
     assert_eq!(accepted, expected);
diff --git a/p3_frontend/tests/common/mod.rs b/p3_frontend/tests/common/mod.rs
index 5ea7e8682e..26204a0fd6 100644
--- a/p3_frontend/tests/common/mod.rs
+++ b/p3_frontend/tests/common/mod.rs
@@ -4,8 +4,8 @@ use halo2_backend::poly::kzg::strategy::SingleStrategy;
 use halo2_backend::{
     plonk::{
         keygen::{keygen_pk, keygen_vk},
-        prover::ProverSingle,
-        verifier::verify_proof_single,
+        prover::Prover,
+        verifier::verify_proof,
     },
     transcript::{
         Blake2bRead, Blake2bWrite, Challenge255, TranscriptReadBuffer, TranscriptWriterBuffer,
@@ -78,7 +78,7 @@ pub(crate) fn setup_prove_verify(
     println!("Proving...");
     let start = Instant::now();
     let mut transcript = Blake2bWrite::<_, G1Affine, Challenge255<_>>::init(vec![]);
-    let mut prover = ProverSingle::<
+    let mut prover = Prover::<
         KZGCommitmentScheme<Bn256>,
         ProverSHPLONK<'_, Bn256>,
         _,
@@ -98,15 +98,15 @@ pub(crate) fn setup_prove_verify(
     println!("Verifying...");
     let mut verifier_transcript =
         Blake2bRead::<_, G1Affine, Challenge255<_>>::init(proof.as_slice());
-    let strategy = SingleStrategy::new(&verifier_params);
 
-    verify_proof_single::<KZGCommitmentScheme<Bn256>, VerifierSHPLONK<Bn256>, _, _, _>(
-        &verifier_params,
-        &vk,
-        strategy,
-        pis.to_vec(),
-        &mut verifier_transcript,
-    )
-    .expect("verify succeeds");
+    assert!(
+        verify_proof::<KZGCommitmentScheme<Bn256>, VerifierSHPLONK<Bn256>, _, _, SingleStrategy<_>>(
+            &verifier_params,
+            &vk,
+            pis.to_vec(),
+            &mut verifier_transcript,
+        ),
+        "failed to verify proof"
+    );
     println!("Verify: {:?}", start.elapsed());
 }