New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement remainder verification procedure using probabilistic argument #592
Comments
I wonder if we should simplify this a little. Specifically, instead of making length So, for remainder of size 64, size of Another thing I wonder is whether Assuming the above works, the only parameter for
Assuming the above is correct, we'll need to add a new decorator the advice injector decorators. This decorator would take domain length
The name of decorator could be Then, the first couple instructions of
|
Yes, I agree but then, if the initial domain size is not fixed, we would have to implement both versions. This is because of what we discussed some time ago which is that for folding factors higher than
That's is exactly right.
I am assuming that the calling procedure would read the
That is correct. |
Yep, I remember that. So, for folding factor = 4, once we figure out optimal remainder length, we'll only have to implement 2 procedures. E.g., it could be for size 64 and 32, or for 128 and 64 etc.
I actually think this will be non-negligible because if we know the size, we don't need any conditional logic. But if we don't know the size we need to run a while loop and for each iteration we need to increment the counter and perform inequality comparison. This could add up.
Yep, makes sense. I assumed that |
That's correct.
I agree, a while loop is unavoidable. Then I am onboard.
Here is how I am thinking about it and let's forget about the hashing for this part. The calling procedure (of |
As discussed offline, it may actually make sense to skip the initial reading from the advice tape and just put outputs of the last |
Sounds great, I have mentioned this in facebook/winterfell#126 |
I add advice provider for iNTT over qudratic extension field in #598 |
Signed-off-by: Anjan Roy <hello@itzmeanjan.in>
I implement |
Closed by #644 |
In what follows we make the assumption that the blow-up factor is a fixed constant equal to$8$ .
The procedure that we want to implement, call it
verify_remainder
, takes as input:ptr
of the word containing the first two coefficients of the remainderptr + i
forptr + i
forUsing the above, the procedure computes two quantities:
Finally, the procedure asserts that$\alpha = \beta$ .$\beta$ efficiently, non-deterministic inversion in the extension field has to be implemented i.e. #591 .
To compute
The text was updated successfully, but these errors were encountered: