-
Here:
https://github.com/zcash/halo2/blob/18746f109c72451cac4b72b6afb0eea4ea41797c/src/plonk/verifier.rs#L180-L190
we return an error from verification if the multiopening is not satisfied. If I'm n…
daira updated
3 years ago
-
KZG commitments typically use a monomial basis for its structured reference string (SRS). By switching to a Lagrange basis for the SRS we can avoid computing an iFFT for each commitment.
## Monomia…
-
Especially as projects move towards mainnet adoption of `ZK-Garage`, it's important that we set some specifications on the expected format of the various circuit-specific components in PLONK, down to …
-
# The KZG/Kate Polynomial Commitment Scheme – Risen Crypto – Mathematical Cryptography, zkSNARKs
[https://risencrypto.github.io/Kate/](https://risencrypto.github.io/Kate/)
-
Reading LegoSNARK:
**Additional properties to add to the LC paper** intro/related work for a more in-depth description regarding CP-SNARKs (commit-and-prove SNARKs) and cc-SNARKs (commit-carrying SN…
-
Implement SONIC as experimental work.
paper: https://eprint.iacr.org/2019/099.pdf
code: https://github.com/zknuckles/sonic, https://github.com/matter-labs/bellman/tree/sonic/src/sonic
-
We will start doing this soon so that the protocol is trivially zero-knowledge, but it's expensive inside the recursive circuit. One alternative is to switch back to what we were doing before (sending…
-
As discussed in #162, if we use "augmented sharing" where the share `[x]` is represented as both the share itself `phi(i)` but also the polynomial commit `C_x` and witness `w_i`, then we should be abl…
-
- [x] [Inner product optimizations](https://github.com/zcash/halo2/pull/559) or with sum of products optimization like in https://github.com/zkcrypto/bls12_381/pull/84
- [x] [FFT optimizations?](http…
-
...even in this particular case. I forgot to seed the transcript with public data. In private aggregation (halo-inf/shplonk#2) scheme.