Learning new things!
$$f(X)=f_E(X^2)+X\cdot f_O(X^2)$$
if we take an intermediate variant \(Y\) to replace the \(X^2\)
With a fixed \(Y\), then \(f(x)\) can be considered as one degree polynomial for \(X\), as
$$f(X)=f_E(Y)+X\cdot f_O(Y)$$
and for a given \(y\), it determineds a unique line (one degree polynomial)
and the …
Vector Commitment on elliptic curve, useful for its additive homomorphic
$$\{(\textbf{g,h}\in \mathbb{G}^n, P \in \mathbb{G}, c \in \mathbb{Z}_p; \textbf{a,b}\in \mathbb{Z}_p^n): P=\textbf{g}^{\textbf{a}}\textbf{h}^{\textbf{b}} \wedge c=<\textbf{a},\textbf{b}>\}$$
the strategy is recursive proof. For every recursive step, keep the …
We give a commit-and-prove zero-knowledge argument Protocol for the satisfiability of a QAP for an arithmetic circuit \(C\). For wires in the circuit \(\{a_i\}_{i=0}^n\), we denote the input witnesses are \(\{a_i\}_{i=0}^k\), the inner circuit witnesses are \(\{a_{i}\}_{i=k+1}^l\) and the statements wires are \(\{a_{i}\}_{i=l+1}^n\). The quadratic arithmetic program, Pedersen commitment and …