Uncategorized - Shuang's Crypto Notes

Powdr Autopre-compile

From lib.rs, there is test, checking prove simple:

check what this prove simple means

there are some prove and compile, prove recursion basic function in this file.

Compile:

In the compile function, there are two functions til now I think it is important: instruction_to_airs and customize

Instructions_to_airs:

in this instruction …

IOP: prove evaluation of a multi-linear extension polynomial

a cyclic group in base Field $\mathbb{H}$ (STARK trace domain)

base Field $\mathcal{F}$

4th degree extension of base Field, Secure Field $\mathcal{SF}$

$a(w)$ is a univariate polynomial of degree $2^d$ (STARK trace), $w\in \mathbb{H}$

$f(b_0,b_1,…,b_d)$ is a multi-variate function (STARK …

Witness encoding:

trace columns are interpreted as functions, the inputs of the function are bits, enough number of bits that can present $n$ number of witness in this column.

for trace $i$ , with $n$ number of rows (trace degree, trace length)

$f_i(b_0,b_1,b_2,…,b_n)=a_{b_n,…,b_2,b_1,b_0}$

the multi-linear polynomial for …

The bus_id in Bus

I am using a simplified circuit for case demonstration purpose:

The bus statement to be proved is:

$[x_0,x_1]$ in [0] with $bus_{id}$ =a,

this case has only one valid witness [0,0], with multiplicity to be 2

Original protocol:

The above statement essentially proves:

$\frac{1}{\alpha -x_0}+\frac{1}{\alpha -x_1}=\frac{2}{\alpha}$

where $\alpha$ is a random …

Spartan 2 some basic terminologies

Follow my first post for Spartan

Closed-form expression for evaluating a polynomial

The closed-form expression for evaluating a polynomial $\mathcal{G}(\cdot)$ at $(r_1,…,r_m)\in \mathbb{F}^m$ is

$$\mathcal{G}(r_1,…,r_m)=\sum\limits_{x\in\{0,1\}^m}\mathcal{G}(x)\prod\limits^{m}_{i=1}\underbrace{(r_i\cdot …

Review, remove_trait_impls

Related type:

TraitsResolver

TraitsResolver helps to find the implementation for a given trait function and concrete type arguments.

TraitsResolver has a function resolve_trait_function_reference (see below) for a given polynomial reference, it resolves its trait

one of the input to this polynomialReference,

using fibo_no_public example, PolynomialReference looks like:

Understanding the `remove_trait_impls`

…

Coset

Using multiplicative group of size 16 to demonstrate the concept of coset.

Start with STARK context:

suppose we have a trace $[1,2,3,4]$ , and we want to prove $f(x)+1=f(gx)$

$g$ is the group generator for cyclic group of size 4, the same size of the trace.

generate group of size

…

crate and trait

Crate

Definition

…

After understanding of the folding scheme of relaxed R1CS, of which the key idea is you can “fold” two proofs to be one, with this ability of relaxed R1CS in mind, how can one build a recursive proof from scratch? in this note I will describe several attempts to build …

The Short NIZK Argument in Pribank

We give a commit-and-prove zero-knowledge argument Protocol for the satisfiability of a QAP for an arithmetic circuit $C$ . For wires in the circuit $\{a_i\}_{i=0}^n$ , we denote the input witnesses are $\{a_i\}_{i=0}^k$ , the inner circuit witnesses are $\{a_{i}\}_{i=k+1}^l$ and the statements wires are $\{a_{i}\}_{i=l+1}^n$ . The quadratic arithmetic program, Pedersen commitment and …

Category: Uncategorized

Powdr Autopre-compile