Closed cjpatton closed 7 months ago
I saw 2 proofs with Field64 based on our current analysis:
User parameters:
|l2_norm |frac_bits |dimension |chunk_len |field |proofs |r |r_succ |-log2(eta)|-log2(zk) |-log2(sound) |
|:---------|:---------|:---------|:---------|:---------|:---------|:---------|:---------|:---------|:---------|:-------------------|
|1 |15 |1000 |57 |Field64 |2 |100 |100 |107 |100 |99 |
|1 |15 |1000 |57 |Field128 |1 |100 |100 |107 |100 |99 |
|1 |15 |10000 |110 |Field64 |2 |100 |100 |107 |100 |99 |
|1 |15 |10000 |110 |Field128 |1 |100 |100 |107 |100 |99 |
|1 |15 |100000 |319 |Field64 |2 |100 |100 |107 |100 |99 |
|1 |15 |100000 |319 |Field128 |1 |100 |100 |107 |100 |99 |
Should we update number of proofs to 2 for now?
I saw 2 proofs with Field64 based on our current analysis:
User parameters: |l2_norm |frac_bits |dimension |chunk_len |field |proofs |r |r_succ |-log2(eta)|-log2(zk) |-log2(sound) | |:---------|:---------|:---------|:---------|:---------|:---------|:---------|:---------|:---------|:---------|:-------------------| |1 |15 |1000 |57 |Field64 |2 |100 |100 |107 |100 |99 | |1 |15 |1000 |57 |Field128 |1 |100 |100 |107 |100 |99 | |1 |15 |10000 |110 |Field64 |2 |100 |100 |107 |100 |99 | |1 |15 |10000 |110 |Field128 |1 |100 |100 |107 |100 |99 | |1 |15 |100000 |319 |Field64 |2 |100 |100 |107 |100 |99 | |1 |15 |100000 |319 |Field128 |1 |100 |100 |107 |100 |99 |
Should we update number of proofs to 2 for now?
Good catch! The analysis doesn't account for offline attacks against Fiat-Shamir. Personally, I'm more comfortable with three proofs than two, based on our analysis in https://github.com/cfrg/draft-irtf-cfrg-vdaf/issues/311.
LGTM. I'm good with merging this.
We will target ZK/soundness bounds of at most 2^-100. The following parameters are optimal for communication overhead:
ALPHA = 8.7 NUM_WR_CHECKS = 100 NUM_WR_SUCCESSES = 100