Marlin SSP Added #13
Marlin SSP Added #13
Conversation
|
If we can look into this PR first, then I create another PR for divmod and sparse poly. Ideally don't want too much changes in this big PR |
|
This new additions addresses all the changes so that Verifier is asymptotically O(|x| + log(n)) and prover is O(n*log(n)) and also makes it non-interactive via Fiat Shamir I think all the asymptotics now match the claim in the marlin paper. |
| @@ -32,6 +35,10 @@ def __add__(self, other): | |||
| assert type(other) is SS_BLS12_381 | |||
| return SS_BLS12_381(add(self.m1, other.m1), add(self.m2, other.m2)) | |||
|
|
|||
| def __sub__(self, other): | |||
There was a problem hiding this comment.
I don't understand the maths behind the pairing curves. Intuitively, this felt correct.
Completed Marlin end of end implementation for Square Span program.
There is an end to end test case which
Remaining Things to do:(Will make another PR to do address these, but noting here for records)
None of these are hard to do but might require some additional reading.
The Verifier complexity is still O(n) + |x|, to make it O(log(n)), we need some method to support sparse polynomial representation. I can do this ad-hoc, but I think it's best added as a separate library.
The proved is still O(n^2) instead of O(nlogn) because we need a method to support division of polynomials in O(nlogn), note that coset-fft only works when the first polynomial is divisible by the second one. We can still have a O(nlogn) implementation which outputs both quotient and remainder in the special case when the second polynomial is a vanishing poly.
Use Fiat Shamir instead of sharing random numbers