search

RisenCrypto / RisenCrypto.github.io

Write ups on Mathematical Cryptography
https://risencrypto.github.io/
MIT License
2 stars 4 forks source link

R1CSQAP/ #6

Open utterances-bot opened 1 year ago

utterances-bot commented 1 year ago

R1CS and QAP (zkSNARKs) : From Zero to Hero with Finite Fields & sagemath – Risen Crypto – Mathematical Cryptography

https://risencrypto.github.io/R1CSQAP/

ddbit commented 1 year ago

Hi, how can the interpolation of [1 2 3 4] for [0 0 0 5] be [36 16 36 35]? It should be [-5 5/6 -5 5/6] or am I missing something?

ddbit commented 1 year ago

Sorry, I mean [-5 55/6 -5 5/6]

upavloff commented 1 year ago

It is due to the fact that were in a field of order 41. In this case you have -5 = 36 mod 41 , 6^(-1) = 7 mod 41, 7*55 = 16 mod 41

RisenCrypto commented 1 year ago

Hi, how can the interpolation of [1 2 3 4] for [0 0 0 5] be [36 16 36 35]? It should be [-5 5/6 -5 5/6] or am I missing something?

We are operating in GF(41) & not in Q.

If you see the sagemath program in the writeup


F41 = GF(41)
R41.<x> = PolynomialRing(F41) # Polynomial Ring in GF(41)
points = [(1,0), (2,0), (3,0), (4,5)]
R41.lagrange_polynomial(points)

35*x^3 + 36*x^2 + 16*x + 36
abbypan commented 1 year ago

If T is divided by Z, then it will be perfectly divisible & will leave no remainder i.e. there must exist a Polynomial H such that Z(x)=H(x)⋅T(x)

It should be T(x)=H(x)⋅Z(x) ?

RisenCrypto commented 1 year ago

It should be T(x)=H(x)⋅Z(x) ?

Fixed. Thank you very much.

xushijie commented 1 year ago

How can we get this result: 

sage: # We define the solution vector also in the field
....: S = vector(F41,[1, 3, 35, 9, 27, 30])
....: # Create the L, Rx & Ox polynomial
....: Lx = R41(list(S*PolyM[0]))
....: Rx = R41(list(S*PolyM[1]))
....: Ox = R41(list(S*PolyM[2]))
....: print("Lx = " + str(Lx))
....: print("Rx = " + str(Rx))
....: print("Ox = " + str(Ox))
Lx = 29*x^3 + 18*x^2 + 36*x + 2
Rx = 28*x^3 + 36*x^2 + 24*x + 38
Ox = 37*x^3 + 37*x^2 + 17*x

The first coeff is something like: [136+ 38 + 35 0 + 935 + 274 + 30 40, ...]

xushijie commented 1 year ago

[136+ 38 + 35 0 + 935 + 274 + 30 40, ...]

RisenCrypto commented 1 year ago

How can we get this result: The first coeff is something like: [1_36+ 3_8 + 35 0 + 9_35 + 27_4 + 30 40, ...]

I am not sure I understand your question. What is this 1_36 + 3_8 ...?

xushijie commented 1 year ago

I think I have already got the answer. My original result is [1683, 2332, 2232, 1013], and I forgot to mod 41. After mod 41, I got the same result. Thanks