uncomputable
commented
1 year ago You could use the Schwartz-Zippel lemma to argue that a non-zero polynomial is exponentially likely to be zero at a random point, so it must be the zero polynomial, but the authors of the original Bulletproofs paper chose not to do that. At this point my argument that you absolutely need four transcripts falls apart, but there should at least be a discussion in the write-up. Paying one extra transcript to use the (100% certain) fundamental theorem of algebra instead of the probabilistic Schwartz-Zippel lemma might also be worth it.
To prove knowledge soundness of the Bulletproofs inner product argument, I think you need four transcripts per step: Three transcripts are used to compute the vectors
a,a_L, etc. Then, we arrange these vectors in a cubic polynomial over(x_i)^2and show that it is the zero polynomial (using four transcripts). This implies that half of thea_Landa_Rvectors is zero and the other half is equal toa.