Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Pedersen vector commitment scheme multi VK verification #527

Merged
merged 11 commits into from
Aug 28, 2024
Merged

feat: Pedersen vector commitment scheme multi VK verification #527

merged 11 commits into from
Aug 28, 2024

Conversation

ivokub
Copy link
Collaborator

@ivokub ivokub commented Aug 26, 2024
edited
Loading

Description

This PR changes the Pedersen commitment verification and verification key to support batch verifying multiple commitment POKs with different keys using a folded POK.

This is a breaking change to allow the folding to work.

Previously, keys are defined as:

G <- sample random G2 element
KK_i <- sample random commitment basis vector in G1
sigma_i <- sample random scalar. must be discarded after setup (toxic waste)
pk_i, vk_i = (KK_i, sigma_i KK_i), (G, -1/sigma_i G)

and commitment and its POK for vector aa as

cmt, pok = <aa, KK_i>, <aa, sigma_i KK_i>

the verification of individual POK was

pairingcheck((cmt, pok), (G, -1/sigma G)) == 1

and batch verification

pairingcheck((pok_1, .., r^{n-1} pok_n, \sum_i r^i cmt_i), (-1/sigma_1 G, ..., -1/sigma_n G, G)

In this way however I didn't find a way to fold the POKs which may be useful to reduce the proof size in case of many commitments. However, if we change the definitions to

pk_i, vk_i = (KK_i, sigma_i KK_i), (G, -sigma_i G)
pairingcheck((pok, cmt), (G, -sigma G)) == 1
pairingcheck((cmt, .., r^{n-1} cmt, \sum_i r^i pok_i), (-sigma_1 G, ..., -sigma_n G, G)

then the prover can already send \sum_i r^i pok_i on its own.

Type of change

Please delete options that are not relevant.

  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)

How has this been tested?

  • TestFoldProofs
  • TestSemiFoldProofs
  • ExampleBatchVerifyMultiVk

Checklist:

  • I have performed a self-review of my code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my fix is effective or that my feature works
  • I did not modify files generated from templates
  • golangci-lint does not output errors locally
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules

@ivokub ivokub added the consolidate strengthen an existing feature label Aug 26, 2024
@ivokub ivokub self-assigned this Aug 26, 2024
@ivokub ivokub marked this pull request as ready for review August 26, 2024 21:40
@ivokub ivokub requested a review from Tabaie August 27, 2024 21:15
@ivokub
Copy link
Collaborator Author

ivokub commented Aug 27, 2024

@Tabaie - addressed comments.

@Tabaie Tabaie merged commit 82b19c1 into master Aug 28, 2024
7 checks passed
@Tabaie Tabaie deleted the feat/pedersen-batchmultivk branch August 28, 2024 14:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Tabaie Tabaie Tabaie approved these changes

@ThomasPiellard ThomasPiellard Awaiting requested review from ThomasPiellard

Assignees

@ivokub ivokub

Labels
consolidate strengthen an existing feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ivokub @Tabaie @gbotrel