Comments (6)
Thanks for the question!
The indices are deterministically, pseudo-randomly sampled using the Fiat-Shamir heuristic. The transcript at the point of index sampling contains the commitments to all the polynomials in all the rounds of FRI. Given the indices for round
Because the verifier computes the indices itself, no further authentication of the correctness is necessary; in a sense, computing them implies verification they were computed correctly.
from triton-vm.
Perhaps some of the confusion comes from the name of the method enqueue_auth_pairs
? The “pair” in that method's name does not refer to (indices, polynomial_evaluations_at_indices) but to (authentication_paths, polynomial_evaluations_at_indices).
from triton-vm.
The issue that Yuncong is alluding to is (I think) the following:
- In traditional FRI, the colinearity check in every round of FRI is the same: look up the points A, B, C in their respective codewords (or Merkle trees) and verify colinearity.
- In TritonVM's FRI, the colinearity check of intermediate rounds is different: the points A do not need to be looked up because they were computed as C from the previous round.
It is not obvious that this variant as as secure as traditional FRI. However, I don't see how to attack it either.
The case where the TritonVM FRI verifier accepts but the traditional FRI verifier rejects implies A = C but for some reason this value disagrees with some codeword (or Merkle leaf) in an intermediate round. This would imply that the claim is true (the first codeword does have a low degree interpolant) but the malicious prover produces a faulty proof in order to trigger this disparity.
from triton-vm.
Yuncong, apologies for reading your question incorrectly; for some reason, I thought you were talking about the indices, not the partially revealed codewords (or “values”).
Alan has summarized the difference beautifully. In addition to his justification, I can offer this picture of a proof sketch we did back we changed our FRI to what you describe above:
It's possibly not the cleanest way to write things up, but maybe it's convincing enough or can be used to construct something convincing; if the former, I'd be interested in creating the latter.
from triton-vm.
Note that with the merging of #226 (61073e2), the code for FRI looks quite different but behaves as before. Notably, it should be a lot more explicit that the partial codeword “a” (what used to be called “a_values
”) of the last round is computed, not received:
triton-vm/triton-vm/src/fri.rs
Lines 293 to 298 in 61073e2
Furthermore, the code now spells out more explicitly which partial codewords are received and authenticated:
triton-vm/triton-vm/src/fri.rs
Lines 307 to 317 in 61073e2
I'm aware none of this resolves the primary question (“Is it sound to compute the folded partial codeword instead of receiving, authenticating, and verifying it?”) but simply wanted to point out that even though the code has changed drastically, the behavior has not.
from triton-vm.
Related Issues (20)
- Compile constraint polynomials on the run HOT 3
- add `sponge_` instructions
- rigorously test Triton VM's initial constraints
- Logarithmic Derivative based Lookup Argument for Clock Jump Differences
- Drop redundant hashing step in FRI Merke tree building HOT 6
- Extend Documentation HOT 1
- improve on memory allocation HOT 1
- Compilation to Triton VM HOT 10
- Feature Request: Native Interface
- multiset equality checks in Triton-run code
- Completeness error in program `push 0 push 0 lt halt` HOT 1
- Completeness bug involving `lt` HOT 4
- rework the Sponge instructions HOT 1
- Feature Request: Automatic Documentation Generation for Constraints HOT 1
- Recufier HOT 2
- Concatenated labels in TASM
- More repeated instructions HOT 1
- Error in `pow` documentation?
- Method on `LabelledInstruction` showing if `OpStack` grows HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from triton-vm.