From 73e2e309e1dac4e2c97122cc5e8d27aa5ce4ac6f Mon Sep 17 00:00:00 2001 From: David Cook Date: Fri, 1 Nov 2024 17:37:16 -0500 Subject: [PATCH] Mention that decode_from_bit_vec() is linear --- draft-irtf-cfrg-vdaf.md | 9 +++++++++ poc/vdaf_poc/field.py | 3 +++ 2 files changed, 12 insertions(+) diff --git a/draft-irtf-cfrg-vdaf.md b/draft-irtf-cfrg-vdaf.md index eb0a8a9f..4e999344 100644 --- a/draft-irtf-cfrg-vdaf.md +++ b/draft-irtf-cfrg-vdaf.md @@ -2034,6 +2034,9 @@ def decode_from_bit_vec(cls, vec: list[Self]) -> Self: """ Decode the field element from the bit representation, expressed as a vector of field elements `vec`. + + This may also be used with secret shares of a bit representation, + since it is linear. """ bits = len(vec) if cls.MODULUS >> bits == 0: @@ -3903,6 +3906,12 @@ The circuit uses the polynomial-evaluation gadget `PolyEval` specified in if and only if `x` is in the range `[0, 2)`. The complete circuit is specified below: +Note that decoding a sequence of bits into an integer is a linear operation, +specifically, a linear combination with a sequence of powers of two, so it can +be done within a validity circuit using "free" affine gates. Furthermore, +decoding secret shares of a bit-encoded integer will produce secret shares of +the original integer. + ~~~ class Sum(Valid[int, int, F]): GADGETS: list[Gadget[F]] = [PolyEval([0, -1, 1])] diff --git a/poc/vdaf_poc/field.py b/poc/vdaf_poc/field.py index 3774ce4a..a33df0b3 100644 --- a/poc/vdaf_poc/field.py +++ b/poc/vdaf_poc/field.py @@ -103,6 +103,9 @@ def decode_from_bit_vec(cls, vec: list[Self]) -> Self: """ Decode the field element from the bit representation, expressed as a vector of field elements `vec`. + + This may also be used with secret shares of a bit representation, + since it is linear. """ bits = len(vec) if cls.MODULUS >> bits == 0: