Learning new things!
a cyclic group in base Field \( \mathbb{H} \) (STARK trace domain)
base Field \(\mathcal{F}\)
4th degree extension of base Field, Secure Field \(\mathcal{SF}\)
\(a(w)\) is a univariate polynomial of degree \(2^d\) (STARK trace), \(w\in \mathbb{H}\)
\(f(b_0,b_1,…,b_d)\) is a multi-variate function (STARK …
following this post
trace columns are interpreted as functions, the inputs of the function are bits, enough number of bits that can present \(n\) number of witness in this column.
for trace \(i\), with \(n\) number of rows (trace degree, trace length)
\(f_i(b_0,b_1,b_2,…,b_n)=a_{b_n,…,b_2,b_1,b_0} \)
the multi-linear polynomial for …
I am using a simplified circuit for case demonstration purpose:
The bus statement to be proved is:
\([x_0,x_1]\) in [0] with \(bus_{id}\)=a,
this case has only one valid witness [0,0], with multiplicity to be 2
The above statement essentially proves:
\(\frac{1}{\alpha -x_0}+\frac{1}{\alpha -x_1}=\frac{2}{\alpha}\)
where \(\alpha\) is a random …
Follow my first post for Spartan
The closed-form expression for evaluating a polynomial \(\mathcal{G}(\cdot)\) at \((r_1,…,r_m)\in \mathbb{F}^m\) is
$$\mathcal{G}(r_1,…,r_m)=\sum\limits_{x\in\{0,1\}^m}\mathcal{G}(x)\prod\limits^{m}_{i=1}\underbrace{(r_i\cdot …
Related type:
TraitsResolver helps to find the implementation for a given trait function and concrete type arguments.
TraitsResolver has a function resolve_trait_function_reference (see below) for a given polynomial reference, it resolves its trait
one of the input to this polynomialReference,
using fibo_no_public example, PolynomialReference looks like:
remove_trait_implsUsing multiplicative group of size 16 to demonstrate the concept of coset.
suppose we have a trace \([1,2,3,4]\) , and we want to prove \(f(x)+1=f(gx)\)
\(g\) is the group generator for cyclic group of size 4, the same size of the trace.
After understanding of the folding scheme of relaxed R1CS, of which the key idea is you can “fold” two proofs to be one, with this ability of relaxed R1CS in mind, how can one build a recursive proof from scratch? in this note I will describe several attempts to build …
We give a commit-and-prove zero-knowledge argument Protocol for the satisfiability of a QAP for an arithmetic circuit \(C\). For wires in the circuit \(\{a_i\}_{i=0}^n\), we denote the input witnesses are \(\{a_i\}_{i=0}^k\), the inner circuit witnesses are \(\{a_{i}\}_{i=k+1}^l\) and the statements wires are \(\{a_{i}\}_{i=l+1}^n\). The quadratic arithmetic program, Pedersen commitment and …
To commit to degree \(\leq l\) polynomials, we need to construct Structured Reference Strings: \( (g, g^\tau, g^{\tau^2} , …, g^{\tau^l})=(g^{\tau^i})_{i\in [0,l]}\)
Note 1: The trapdoor \(\tau\) is generated by distributed protocols, for instance, ….
Note 2: …