Add low degree exponent interpolation proof #119
Conversation
| /// let polynomial = Polynomial::<GE>::sample_fixed_coef0(3, coef0); | ||
| /// assert_eq!(polynomial.evaluate(&FE::zero()), coef0); | ||
| /// ``` | ||
| pub fn sample_fixed_coef0(n: u16, coef0: P::Scalar) -> Self { |
There was a problem hiding this comment.
perhaps coef0 could be renamed to "constant_term"?
There was a problem hiding this comment.
Thanks, updated! I let myself shorten your suggestion - renamed to const_term
| { | ||
| let poly = Polynomial::<P>::sample(5); | ||
|
|
||
| let alpha: Vec<P::Scalar> = (1..=10).map(|i| ECScalar::from(&BigInt::from(i))).collect(); |
There was a problem hiding this comment.
are you sure the generators are not supposed to be picked at random such that there is no way to compute x such that g_i = x g_j ?
for example see how we generate the generator vector in bulletproofs
There was a problem hiding this comment.
The line you commented doesn't choose generators — it chooses list of α (a list of pairwise distinct scalar from Setup phase of the proof). Line below chooses generators completely at random. I agree that correlation like g_i = x g_j could potentially lead to vulnerabilities
There was a problem hiding this comment.
no idea why I picked that line :)
so will you change it ?
There was a problem hiding this comment.
Ah I found what code you're referring to — generate_random_point. Are you ok with me moving this function to curv::elliptic::curves:: generate_random_point ?
| @@ -0,0 +1,371 @@ | |||
| use std::convert::TryFrom; | |||
There was a problem hiding this comment.
I don't think polynomial count as a cryptographic primitive, but I am not sure where else to put it
There was a problem hiding this comment.
I think it can be located in crate::elliptic module as well (as it heavily uses elliptic things). Currently elliptic module consist only of curves submodule. What do you think about moving it to elliptic module?
There was a problem hiding this comment.
my opinion is to move polynomial into cryptographic_primitives/secret_sharing
There was a problem hiding this comment.
Fair enough. Moved it into secret_sharing.
| /// assert_eq!(polynomial.degree(), 3); | ||
| /// ``` | ||
| /// | ||
| pub fn sample(degree: u16) -> Self { |
There was a problem hiding this comment.
Perhaps we have to make sure we didn't sample zero as the most significant indeterminate? This can result in the polynomial having a wrong degree.
There was a problem hiding this comment.
Thanks for catch - I added sample_exact and sample_exact_with_fixed_const_term functions that produce polynomial of given degree, whereas sample and sample_with_fixed_const_term functions are allowed now to produce polynomial of degree less or equal to given degree
| } | ||
|
|
||
| #[derive(Debug, Error)] | ||
| pub enum LdeiProveError { |
| .take(10) | ||
| .collect(); | ||
|
|
||
| let (statement, proof) = |
There was a problem hiding this comment.
the prover should accept a statement and a witness.
There was a problem hiding this comment.
Done. Can you confirm that it now looks like you expected?
| where | ||
| H: Hash, | ||
| { | ||
| if alpha.len() != g.len() { |
There was a problem hiding this comment.
the prover should check correctness of the statement (same for the verifier):
I see that a check that g.len()>=w.degree
|
Merged along with #120 |
PR adds low degree exponent interpolation proof. Here's construction:
I needed polynomial-related machinery (to sample polynomials, evaluate them, etc.), and it was already implemented as part of feldman_vss. I moved polynomial-related logic into dedicated struct
Polynomial(and well-documented it). Functions in feldman_vss are still available, but got deprecated and now they usePolynomialunder hood.