Skip to content

feat: Pedersen vector commitment scheme multi VK verification #527

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 11 commits into from
Aug 28, 2024
Merged

feat: Pedersen vector commitment scheme multi VK verification #527

merged 11 commits into from
Aug 28, 2024

Conversation

@ivokub
Copy link
Collaborator

@ivokub ivokub commented Aug 26, 2024
edited
Loading

Description

This PR changes the Pedersen commitment verification and verification key to support batch verifying multiple commitment POKs with different keys using a folded POK.

This is a breaking change to allow the folding to work.

Previously, keys are defined as:

G <- sample random G2 element
KK_i <- sample random commitment basis vector in G1
sigma_i <- sample random scalar. must be discarded after setup (toxic waste)
pk_i, vk_i = (KK_i, sigma_i KK_i), (G, -1/sigma_i G)

and commitment and its POK for vector aa as

cmt, pok = <aa, KK_i>, <aa, sigma_i KK_i>

the verification of individual POK was

pairingcheck((cmt, pok), (G, -1/sigma G)) == 1

and batch verification

pairingcheck((pok_1, .., r^{n-1} pok_n, \sum_i r^i cmt_i), (-1/sigma_1 G, ..., -1/sigma_n G, G)

In this way however I didn't find a way to fold the POKs which may be useful to reduce the proof size in case of many commitments. However, if we change the definitions to

pk_i, vk_i = (KK_i, sigma_i KK_i), (G, -sigma_i G)
pairingcheck((pok, cmt), (G, -sigma G)) == 1
pairingcheck((cmt, .., r^{n-1} cmt, \sum_i r^i pok_i), (-sigma_1 G, ..., -sigma_n G, G)

then the prover can already send \sum_i r^i pok_i on its own.

Type of change

Please delete options that are not relevant.

  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)

How has this been tested?

  • TestFoldProofs
  • TestSemiFoldProofs
  • ExampleBatchVerifyMultiVk

Checklist:

  • I have performed a self-review of my code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my fix is effective or that my feature works
  • I did not modify files generated from templates
  • golangci-lint does not output errors locally
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules

@ivokub ivokub added the type: consolidate strengthen an existing feature label Aug 26, 2024
@ivokub ivokub self-assigned this Aug 26, 2024
@ivokub ivokub marked this pull request as ready for review August 26, 2024 21:40
Tabaie
Tabaie requested changes Aug 27, 2024
View reviewed changes
@ivokub ivokub requested a review from Tabaie August 27, 2024 21:15
@ivokub
Copy link
Collaborator Author

ivokub commented Aug 27, 2024

@Tabaie - addressed comments.

@Tabaie Tabaie merged commit 82b19c1 into master Aug 28, 2024
@Tabaie Tabaie deleted the feat/pedersen-batchmultivk branch August 28, 2024 14:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Tabaie Tabaie Tabaie approved these changes

@ThomasPiellard ThomasPiellard Awaiting requested review from ThomasPiellard

Assignees

@ivokub ivokub

Labels

type: consolidate strengthen an existing feature

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ivokub @Tabaie @gbotrel