本文主要是介绍ZKP6.2 Discrete-log-based Polynomial Commitments (KZG10),希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
ZKP学习笔记
ZK-Learning MOOC课程笔记
Lecture 6: Discrete-log-based Polynomial Commitments (Yupeng Zhang)
6.2 KZG polynomial commitment and its variants
- KZG: [Kate-Zaverucha-Goldberg '2010]
- Procedure
-
Soundness: q-Strong Bilinear Diffie-Hellman (q-SBDH) assumption
-
Formal Security Proof
- The key idea: decompose the fack value v ∗ v* v∗ into a correct value f ( u ) f(u) f(u) and a difference δ \delta δ
-
-
Knowledge soundness and KoE assumption
- KZG with knowledge soundness: the commitment size is doubled
- Solution: Generic group model (GGM) [Shoup’97, Maurer’05]
- GGM can replace the KoE assumption and reduce the commitment size in KZG.
-
Properties of the KZG poly-commit
-
Ceremony: A distributed generation of gp s.t. No one can reconstruct the trapdoor if at least one of the participants is honest and discards their secrets
-
Variants of KZG polynomial commitment
-
Multivariate poly-commit [Papamanthou-Shi-Tamassia’13]
-
Achieving zero-knowledge [ZGKPP’2018]
-
Batch opening
-
single polynomial
-
multiple polynomials
-
-
-
Application
- Plonk [Gabizon-Williamson-Ciobotaru’20]
- Univariate KZG + Plonk Polynomial IOP
- vSQL[ZGKPP’17], Libra[XZZPS’19]
- Multivariate KZG + Sumcheck protocol / GKR protocol
- Plonk [Gabizon-Williamson-Ciobotaru’20]
这篇关于ZKP6.2 Discrete-log-based Polynomial Commitments (KZG10)的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
