Learning new things!
Vector Commitment on elliptic curve, useful for its additive homomorphic
$$\{(\textbf{g,h}\in \mathbb{G}^n, P \in \mathbb{G}, c \in \mathbb{Z}_p; \textbf{a,b}\in \mathbb{Z}_p^n): P=\textbf{g}^{\textbf{a}}\textbf{h}^{\textbf{b}} \wedge c=<\textbf{a},\textbf{b}>\}$$
the strategy is recursive proof. For every recursive step, keep the public statement in the same format, but the vector length, together with …
Plonk argument of knowledge can be described in 5 steps in a high level:
The constraint system in Plonk is
$$(\textbf{q}_{\textbf{L}_i} )\cdot …
There are two list \((a_1, a_2, a_3,…a_n)\) and \((b_1,b_2,b_3,…,b_n)\)
how can we prove they contain the same element? (now we only consider to have the same elements, permutation comes in next question) This question would help you to understand why the permutation construction in Plonk is constructed in …
The elliptic curve is defined by an equation, but when it comes to practices, it is discrete and finite, i.e, we cannot work on elliptic curves that are defined on \(\mathbb{R}\), instead, we defined it on a field \(\mathbb{F}_p\) .
The points on the curve …
In abstract algebra, a field is a set equipped with two operations, usually called addition and multiplication. These operations satisfy several properties, which we outline below.
We give a commit-and-prove zero-knowledge argument Protocol for the satisfiability of a QAP for an arithmetic circuit \(C\). For wires in the circuit \(\{a_i\}_{i=0}^n\), we denote the input witnesses are \(\{a_i\}_{i=0}^k\), the inner circuit witnesses are \(\{a_{i}\}_{i=k+1}^l\) and the statements wires are \(\{a_{i}\}_{i=l+1}^n\). The quadratic arithmetic program, Pedersen commitment and …
To commit to degree \(\leq l\) polynomials, we need to construct Structured Reference Strings: \( (g, g^\tau, g^{\tau^2} , …, g^{\tau^l})=(g^{\tau^i})_{i\in [0,l]}\)
Note 1: The trapdoor \(\tau\) is generated by distributed protocols, for instance, ….
Note 2: …
Let \(C: \ \mathbb{F}^n \ \rightarrow \ \mathbb{F}^k\) be a map which takes \(n\) arguments from a finite field \(\mathbb{F}\) as inputs and compute \(k\) outputs in \(\mathbb{F}\). \(C\) is an arithmetic circuit if the outputs are determined by the operations \(+\) and \(\times\) to the