Learning new things!
To understand the attack on Nova, I figure out I need to understand the role of the hash function and the validation check of hash function in Nova, from the first paper where the “cycle of curves” is not introduced, the circuit is illustrated as
to …
After understanding of the folding scheme of relaxed R1CS, of which the key idea is you can “fold” two proofs to be one, with this ability of relaxed R1CS in mind, how can one build a recursive proof from scratch? in this note I will describe several attempts to build …
explain the multipoints opening of Halo 2, I don’t think Halo2 book explain this part clearly, and perhaps, neither my note.
the key, is the homomorphism of the commitment scheme. and combine the evaluation at different points, and combine the different polynomial evaluated at the same points. Later if I …
A user want to send a message from one chain to another chain
resource
https://starkware.co/stark-101
interpolate the trace points into a polynomial in …
how to build zkVM:
Stark can be described in 5 steps in a high level:
$$f(X)=f_E(X^2)+X\cdot f_O(X^2)$$
if we take an intermediate variant \(Y\) to replace the \(X^2\)
With a fixed \(Y\), then \(f(x)\) can be considered as one degree polynomial for \(X\), as
$$f(X)=f_E(Y)+X\cdot f_O(Y)$$
and for a given \(y\), it determineds a unique line (one degree polynomial)
and the …
Vector Commitment on elliptic curve, useful for its additive homomorphic
$$\{(\textbf{g,h}\in \mathbb{G}^n, P \in \mathbb{G}, c \in \mathbb{Z}_p; \textbf{a,b}\in \mathbb{Z}_p^n): P=\textbf{g}^{\textbf{a}}\textbf{h}^{\textbf{b}} \wedge c=<\textbf{a},\textbf{b}>\}$$
the strategy is recursive proof. For every recursive step, keep the public statement in the same format, but the vector length, together with …
Plonk argument of knowledge can be described in 5 steps in a high level:
The constraint system in Plonk is
$$(\textbf{q}_{\textbf{L}_i} )\cdot …