Comments (4)
Sorry I had completely forgotten about the issue. The reason why I asked this originally is because I realized that plonky2 was following the ethSTARK paper approach instead, which considers solely the extension field size for the field security. With the Goldilocks field, this allows to keep a quadratic extension while aiming at up to 128 bits of security, instead of a cubic one. Miden could benefit from this as RPO has 127 bits collision resistance, if the project was to target such security levels in the future. I'll try investigating this further when I have some free time.
from winterfell.
The formula came from item 3 of Measuring Security section in ethSTARK repo. There, the formula uses log2(trace_length)
rather than log2(lde_domain_size)
. For Winterfell, log2(lde_domain_size)
was used to be a bit more conservative (though, I don't have a strong reasoning for this).
It does appear as if the formal on Github contradicts the formula in the paper - but maybe I'm missing something?
from winterfell.
After wrapping my head around it for some time, I believe that (for the conjectured security case), we don't need any check on the field security portion, else than the extension field size.
The mention on ethstark codebase doesn't match the proof associated to the toy problem security evaluation in the paper (which serves as basis for the conjecture). The proof is straightforward to understand. In addition, they don't even apply it in the codebase (although it may be because their extended field size is 122 for a two-adicity of 32 and a targeted security level of 80 bits, so even applying with the worst case scenario would still stay within desired bounds).
Removing this additional requirement from winterfell would allow proofs to achieve for instance up to 127 bits of security with f64 and a quadratic extension. Note that it seems every project, including STARKWARE, considers the conjectured security estimate as opposed to the proven one.
I noticed there is a TODO associated to the proven security estimate. I can take care of it if wanted (the requirements are heavy though with this target).
from winterfell.
Another approach for the conjectured security case could be to leave it as is, if we lack confidence on the conjecture, to have a model closer to some extent to the proven security. Although I don't think this alone makes much sense as for regular set of parameters, the security loss would be much more consequent on the FRI side and the number of queries.
from winterfell.
Related Issues (20)
- `f64` field: `BaseElement` should not be convertible from `u64` or `u128` without error HOT 1
- Add serialization/deserialization for `usize` type HOT 1
- Accomodating more expressive transition constraints HOT 3
- `TraceTable::with_meta()` should be marked `unsafe`
- Suggestion: Remove outdated griffin hash implementation HOT 1
- Generalize auxiliary trace building logic HOT 2
- Simplify 2-d matrix types
- Generalize `TransitionConstraints` and `BoundaryConstraints` HOT 1
- Consider using the standard benchmark harness instead of criterion HOT 1
- DEEP polynomial with Lagrange kernel HOT 1
- `Deserializable` should have an associated type error
- `Proof::security_leve()` should take into account auxiliary proof
- `group_vector_elements` panics during account code compilation HOT 2
- Verify GKR proof in `Trace::validate()`
- FFT-based division to improve DEEP composition polynomial computation
- GKR-LogUp: additional required API changes HOT 3
- Add `Sync` as a required trait for `ElementHasher`.
- Make a `DomainLength` trait for `VectorCommitment::Proof` and `VectorCommitment::MultiProof`
- Add `Item` associated type to `VectorCommitment`
- Refactor LogUp-GKR
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from winterfell.