-
Our implementation of `PolyCom` allows any commitment to be chunked/split. This is to commit to polynomials that are larger than the SRS.
To avoid collisions in the transcript, it is important that…
-
Hello @mkskeller
I found that the code here assigns data to share
https://github.com/data61/MP-SPDZ/blob/2813c0ef0fa9ca48ced3f70b7081c071f0bd28fd/Protocols/Share.h#L86
Is there any efficient way t…
-
Currently, we only generate commitments for polynomials up to the maximum chunk where we have non-zero coefficients. This leaks information about the underlying polynomials.
Instead, we should pad …
-
https://notes.ethereum.org/@bbusa/dencun-devnet-6
Only listing things not in `devnet-5`, which Nimbus already more or less successfully participated in, modulo block proposing. Also not listing any…
-
The correct way to erasure-code chunks is based on FFT, but in a different way than in v2.2 (used coset FFT).
To save time binding c-kzg ourselves, we could initially reuse existing. bindings from [r…
-
- https://notes.ethereum.org/@dankrad/kzg_commitments_in_proofs
- https://notes.ethereum.org/@vbuterin/proto_danksharding_faq#Moderate-approach-works-with-any-ZK-SNARK
-
Currently, we don't have tests to cover these functions:
- `polynomial-commitments.md`
- [x] `verify_kzg_proof` wrapper
- [x] `compute_kzg_proof` wrapper
- [x] `verify_blob_kzg_proof`
-…
-
In order to achieve recursive composition of zk-SNARK proofs we need to somehow verify a proof within the circuit over Fq (the scalar field of the pairing friendly curve), which involves extensive ari…
-
I've noticed that we handle optional things in a proof not super safely. For example, in `verify` for lookups we do:
```rust
let joint_combiner = if let Some(l) = &index.lookup_index {
// ...
…
-
### Goal(s)
- be able to support recursive verification for Miden VM
### Details
Now that we have a FRI verifier (#548), we need to write a Miden assembly implementation of a full STARK verifie…