New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remainder verification in FRI for large codewords #568
Comments
Here is a more concrete attempt at a solution to the above: Suppose that the remainder codeword has been processed using More concretely, denote by The Miden verifier will then execute the following:
A few words regarding immediate optimizations and costs are in place:
A companion Rust code illustrating the ideas discussed above can be found here. |
@Al-Kindi-0 - thank you! this is really cool (and Rust code is super helpful)! A couple of comments:
|
Thank you @bobbinth !
|
Nice stuff! I think it's correct and sound. Towards computing concrete soundness: suppose To reach 100 bits security it is better to repeat this protocol twice than to do it over an extension field of degree two. The Schwarz-Zippel lemma does not need either polynomial to be random; it just needs the sample point |
Thanks! |
I don't think that this case requires special attention. By treating the evaluations of |
So, for |
Yes. |
Closed by #644 |
As discussed in #564 , early stopping in FRI verification can lead to substantial savings in the number of cycles used by the FRI Miden assembly verifier.
The way Winterfell implements remainder verification requires that the verifier performs a NTT in order to assert a degree bound on a polynomial. An optimization could be for the prover to send the final polynomial in the clear so that the degree check becomes trivial. This issue aims to discuss other solutions in order to achieve a better cycle count for Fri verification in Miden. More specifically:
The following preliminary plan of action might be useful:
The text was updated successfully, but these errors were encountered: