-
Notifications
You must be signed in to change notification settings - Fork 21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
Question: Composite Proofs #8
Comments
Hi 馃憢 Thanks for reaching out.
Correct.
If you mean proofs, then no, don't have it for the exact combination (BBS+ & LegoGroth16) but the idea is that the snark proof contains a Pedersen commitment to the witness(s) . This witness (which is a BBS+ message) is also used in proof of knowledge of BBS+ signature, notice commitment
Yes, its possible. I did that in my own fork while I was contributing to ursa. See these 2 tests. The idea is the same with Bulletproofs as here also you have a commitment to the witness and you can prove equality of the witness with the message in
No blocker as evident from above. |
Thank you for the quick reply!
Yes, I was thinking about this - thanks for the hints! I will have a look at the math...
Cool! Was there a specific reason you went with LegoGroth16 instead of Bulletproofs then? I am not yet sure what the implications of the trusted setup are if the verifier is dishonest... (e.g. trying to figure out the witness ) I will have to double check that. |
Faster verification.
A verifier who did the trusted setup cannot learn the witness but can only forge proofs, i.e. create a proof for a witness that does not satisfy the relation. In our case, the verifier has no incentive to do that. |
Thanks alot! |
Hi! 馃憢
Thank you for your great work! (Especially all the comments in the code!)
I was looking at how the composite proof system works, especially focusing on BBS+ with LegoGroth16.
From [1] I gather that everything is kinda glued together via Schnorr. Is there a formal description on how this works? I am really curious about this...
I recently looked into combining BBS+ and Bulletproofs (with Hyperledger Ursa) but got stuck at exactly that point...
Could not think of how to prove the usage of the witness from the BBS+ in the range proof (...still learning...).
As a side question: Would there be anything blocking the combination of the two from the get-go or could one "plug in" Bulletproofs (to avoid the trusted setup) using the same approach to composite proofs (i.e. adding to this repo)?
Cheers
Christoph
[1] https://github.com/docknetwork/crypto/blob/main/proof_system/src/sub_protocols/bound_check_legogroth16.rs
The text was updated successfully, but these errors were encountered: