arnaucube
/
math
mirror of https://github.com/arnaucube/math.git
1
1
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

small update on notes_nova, fix typo on notes_halo

master
arnaucube 1 year ago
parent
69baaa0137
commit
ba6a51e768
4 changed files with 12 additions and 2 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. BIN
      notes_halo.pdf
  2. +1
    -1
      notes_halo.tex
  3. BIN
      notes_nova.pdf
  4. +11
    -1
      notes_nova.tex

BIN
notes_halo.pdf
View File


+ 1
- 1
notes_halo.tex
View File

@ -112,7 +112,7 @@ Now, for $k$ rounds ($d=2^k$, from $j=k$ to $j=1$):
\item Prover sets random blinding factors: $l_j, r_j \in \mathbb{F}_p$ \item Prover sets random blinding factors: $l_j, r_j \in \mathbb{F}_p$
\item Prover computes \item Prover computes
$$L_j = < \overrightarrow{a}_{lo}, \overrightarrow{G}_{hi}> + [l_j] H + [< \overrightarrow{a}_{lo}, \overrightarrow{b}_{hi}>] U$$ $$L_j = < \overrightarrow{a}_{lo}, \overrightarrow{G}_{hi}> + [l_j] H + [< \overrightarrow{a}_{lo}, \overrightarrow{b}_{hi}>] U$$
$$R_j = < \overrightarrow{a}_{lo}, \overrightarrow{G}_{hi}> + [l_j] H + [< \overrightarrow{a}_{lo}, \overrightarrow{b}_{hi}>] U$$
$$R_j = < \overrightarrow{a}_{hi}, \overrightarrow{G}_{lo}> + [r_j] H + [< \overrightarrow{a}_{hi}, \overrightarrow{b}_{lo}>] U$$
\item Verifier sends random challenge $u_j \in \mathbb{I}$ \item Verifier sends random challenge $u_j \in \mathbb{I}$
\item Prover computes the halved vectors for next round: \item Prover computes the halved vectors for next round:
$$\overrightarrow{a} \leftarrow \overrightarrow{a}_{hi} \cdot u_j^{-1} + \overrightarrow{a}_{lo} \cdot u_j$$ $$\overrightarrow{a} \leftarrow \overrightarrow{a}_{hi} \cdot u_j^{-1} + \overrightarrow{a}_{lo} \cdot u_j$$

BIN
notes_nova.pdf
View File


+ 11
- 1
notes_nova.tex
View File

@ -64,6 +64,8 @@
Usually while reading papers I take handwritten notes, this document contains some of them re-written to $LaTeX$. Usually while reading papers I take handwritten notes, this document contains some of them re-written to $LaTeX$.
The notes are not complete, don't include all the steps neither all the proofs. The notes are not complete, don't include all the steps neither all the proofs.
Thanks to \href{https://twitter.com/levs57}{Levs57}, \href{https://twitter.com/nibnalin}{Nalin Bhardwaj} and \href{https://twitter.com/cperezz19}{Carlos Pérez} for clarifications on the Nova paper.
\end{abstract} \end{abstract}
\tableofcontents \tableofcontents
@ -72,7 +74,15 @@
\subsection{R1CS modification} \subsection{R1CS modification}
Want: merge 2 instances of R1CS with the same matrices into a single one. Each instance has $z_i = (W_i,~ x_i)$ (public witness, private values resp.).
\paragraph{R1CS}
R1CS instance: $(A, B, C, io, m, n)$, where $io$ denotes the public input and output, $A, B, C \in \mathbb{F}^{m \times n}$, with $m \geq |io|+1$.
R1CS is satisfied by a witness $w \in \mathbb{F}^{m-|io|-1}$ such that
$$Az \circ Bz = Cz$$
where $z=(io, 1, w)$.
\vspace{0.5cm}
\textbf{Want}: merge 2 instances of R1CS with the same matrices into a single one. Each instance has $z_i = (W_i,~ x_i)$ (public witness, private values resp.).
\paragraph{traditional R1CS} \paragraph{traditional R1CS}
Merged instance with $z=z_1 + r z_2$, for rand $r$. But, since R1CS is not linear $\longrightarrow$ can not apply. Merged instance with $z=z_1 + r z_2$, for rand $r$. But, since R1CS is not linear $\longrightarrow$ can not apply.

Write Preview
Loading…
Cancel
Save