Comments (9)
Is there any update on the status and plan to implement this? Curious as it looks like all items are specified but it seems to have not been assigned for a while now?
from winterfell.
With #84 I think we have the first point more or less covered (i.e., we can inject random values at the end of the trace without affecting the design of AIR constraints too much).
The third point can probably be covered by generalizing Merkle trees to generic Vector commitments. Maybe that's something to include in the next release.
from winterfell.
If at some point this feature is integrated to winterfell, will you consider also having constant-time arithmetic? I guess in the end it depends on the applications relying on this crate (private executions within a chain where it is needed VS L2 rollup where you'd only need provers to have the ZK feature), but the burden incurred by CT arithmetic is not negligible, hence my question :D
from winterfell.
I think this would be interesting. I do wonder which parts need to be made constant-time. One obvious part is field arithmetic. This can be fairly easily done even now without effecting other parts of the system by providing a different implementation for a given field (e.g. f64ct
). Assuming field arithmetic is constant-time, are there any other parts which need to be updated?
from winterfell.
Else than constant-time arithmetic, I would think of constant-time branching / selectors. For the latter you have several crates doing this. The suble crate documentation explains how this is achieved (or at least tried to be achieved).
I believe blake / sha crates already implement these so that would need to be implemented for the Rescue instantiations, and probably many other places as well. Though there will always be a portion left to the end user, for instance when creating the execution trace, which may be even more critical, as dealing directly with the witness.
I'm not sure about the different implementation of fields, as the verifier doesn't need to use constant-time arithmetic, and hence would suffer unnecessary burden.
from winterfell.
Also, do you see it as a non-optional feature? Or something passed as argument? (similarly to the custom proof options like grinding factor, extension size, ...?)
from winterfell.
In the file
https://github.com/facebook/winterfell/blob/main/examples/src/rescue/mod.rs
on line 131
fn verify(&self, proof: StarkProof) -> Result<(), VerifierError> {
let pub_inputs = PublicInputs {
seed: self.seed,
result: self.result,
};
winterfell::verify::<RescueAir, H>(proof, pub_inputs)
}
I'm seeing the seed is required for the verify. Am I missing something? Where is the zero-knowledge aspect?
from winterfell.
First, ZK is not implemented yet in winterfell.
Second, ZK doesn't mean there is no information at all about the statement we are proving. It means a verifier will not be able to retrieve any information they could not get from the public information already attached to the proof or present in the statement. Here, we want to convince a verifier that given an initial seed, and a hash chain length, the claimed final hash output is correct. Hence, proving is only used here for succinctness (the verifier does not have to compute the whole chain themselves).
from winterfell.
Ok, I see. I was assuming because of the title of this thread that there was 'some' degree of zero-knowledge. I do understand the value of succinct verifications. Thanks for the response.
from winterfell.
Related Issues (20)
- `f64` field: `BaseElement` should not be convertible from `u64` or `u128` without error HOT 1
- Add serialization/deserialization for `usize` type HOT 1
- Accomodating more expressive transition constraints HOT 3
- `TraceTable::with_meta()` should be marked `unsafe`
- Suggestion: Remove outdated griffin hash implementation HOT 1
- Generalize auxiliary trace building logic HOT 2
- Simplify 2-d matrix types
- Generalize `TransitionConstraints` and `BoundaryConstraints` HOT 1
- Consider using the standard benchmark harness instead of criterion HOT 1
- DEEP polynomial with Lagrange kernel HOT 1
- `Deserializable` should have an associated type error
- `Proof::security_leve()` should take into account auxiliary proof
- `group_vector_elements` panics during account code compilation HOT 2
- Verify GKR proof in `Trace::validate()`
- FFT-based division to improve DEEP composition polynomial computation
- GKR-LogUp: additional required API changes HOT 3
- Add `Sync` as a required trait for `ElementHasher`.
- Make a `DomainLength` trait for `VectorCommitment::Proof` and `VectorCommitment::MultiProof`
- Add `Item` associated type to `VectorCommitment`
- Refactor LogUp-GKR
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from winterfell.