arnaucube/blog
1
0
Fork 0
mirror of https://github.com/arnaucube/blog.git synced 2026-02-10 12:46:41 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update to latest version

Browse Source
This commit is contained in:
arnaucube
2023-01-03 11:31:36 +01:00
parent e766aa9016
commit 547859017b
45 changed files with 2142 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
blogo-input/posts/kzg-commitments.md
View File

@@ -3,7 +3,7 @@
> **Warning**: I want to state clearly that I'm not a mathematician, I'm just an amateur on math studying in my free time, and this article is just an attempt to try to sort the notes that I took while reading about the KZG Commitments.
Few weeks ago I started reading about [KZG Commitments](https://www.iacr.org/archive/asiacrypt2010/6477178/6477178.pdf) from the articles written by [Dankrad Feist](https://dankradfeist.de/ethereum/2020/06/16/kate-polynomial-commitments.html), by [Tom Walton-Pocock](https://hackmd.io/@tompocock/Hk2A7BD6U) and by [Alin Tomescu](https://alinush.github.io/2020/05/06/kzg-polynomial-commitments.html). I want to thank them, because their articles helped me to understand a bit the concepts. I recommend spending the time reading their articles instead of this current notes.
Few weeks ago I started reading about [KZG Commitments](https://www.iacr.org/archive/asiacrypt2010/6477178/6477178.pdf) from the articles written by [Dankrad Feist](https://dankradfeist.de/ethereum/2020/06/16/kate-polynomial-commitments.html), by [Tom Walton-Pocock](https://hackmd.io/@tompocock/Hk2A7BD6U) and by [Alin Tomescu](https://alinush.github.io/2020/05/06/kzg-polynomial-commitments.html). I want to thank them, because their articles helped me to understand a bit the concepts. I recommend spending the time reading their articles ([1](https://dankradfeist.de/ethereum/2020/06/16/kate-polynomial-commitments.html), [2](https://hackmd.io/@tompocock/Hk2A7BD6U), [3](https://alinush.github.io/2020/05/06/kzg-polynomial-commitments.html)) instead of this current notes.
<div class="row">
<div class="col-md-7">
@@ -79,7 +79,7 @@ $$
We can see that is the equation $q(x)(x-z)=p(x)-y$, which can be expressed as $q(x) = \frac{p(x) - y}{x-z}$, evaluated at $\tau$ from the *trusted setup*, which is not known: $q(\tau) = \frac{p(\tau) - y}{\tau-z}$.
### Conclusions
The content covered in this notes is just a quick overview, but allows us to see the potential of the scheme. One next iteration from what we've seen is the approach to do batch proofs, which allows us to evaluate at multiple points with a single evaluation proof. This scheme can be used as a *vector commitment*, using a polynomial where the $p(i) = x_i$ for all values of $x_i$ of the vector, which can be obtained from the $x_i$ values and computing the [Lagrange interpolation](https://en.wikipedia.org/wiki/Lagrange_polynomial). This is quite useful combined with the mentioned batch proofs. The *batch proofs* logic can be found at the [blog/kzg-batch-proof](https://arnaucube.com/blog/kzg-batch-proof.html) notes (kind of the continuation of the current notes).
The content covered in this notes is just a quick overview, but allows us to see the potential of the scheme. One next iteration from what we've seen is the approach to do batch proofs, which allows us to evaluate at multiple points with a single evaluation proof. This scheme can be used as a *vector commitment*, using a polynomial where the $p(i) = x_i$ for all values of $x_i$ of the vector, which can be obtained from the $x_i$ values and computing the [Lagrange interpolation](shamir-secret-sharing.html#lagrange-polynomial%20interpolation). This is quite useful combined with the mentioned batch proofs. The *batch proofs* logic can be found at the [blog/kzg-batch-proof](https://arnaucube.com/blog/kzg-batch-proof.html) notes (kind of the continuation of the current notes).
As a final note, in order to try to digest the notes, I've did a *toy implementation* of this scheme at https://github.com/arnaucube/kzg-commitments-study. It's quite simple, but contains the logic overviewed in this notes.