Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Flp: Add post-processing step that uses verifier randomness #266

Closed
cjpatton opened this issue Jul 13, 2023 · 1 comment
Closed

Flp: Add post-processing step that uses verifier randomness #266

cjpatton opened this issue Jul 13, 2023 · 1 comment
Labels
feature

Comments

@cjpatton
Copy link
Collaborator

A common trick in designing the arithmetic circuit is to set the output to a random linear combination of intermediate values. The only option for computing this is to use the joint randomness, which incurs the cost of using a larger field (for Fiat-Shamir). Another option is to use randomness generated by the verifier themself.

One way we could do this is to define a postprocessing step for Flp that is run the verifier, but not the prover. In applications like Prio3, the randomness used could be derived from the verify key just as as the query randomness is done today.

The joint randomness would still be needed wherever it is used as input to a gadget, as would be the case for (the current design of) the SumVec type (see #124).

This could be seen as an alternative to #262.
@junyechen1996 junyechen1996 mentioned this issue Jul 14, 2023
Closed
@cjpatton
Copy link
Collaborator Author

Closing in favor of #262.

@cjpatton cjpatton closed this as not planned Won't fix, can't repro, duplicate, stale Jul 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cjpatton