ThomasPiellard
ThomasPiellard
[FRI](https://drops.dagstuhl.de/opus/volltexte/2018/9018/) is an interactive oracle proof of proximity for polynomials to assess probabilistically (in a logarithmic-in-the-degree number of rounds) if a function, provided as an oracle, is a low degree...
In the mimc implementations, this for loop ``` for i := 0; i < nbChunks; i++ { copy(buffer[:], d.data[i*BlockSize:(i+1)*BlockSize]) x.SetBytes(buffer[:]) r := d.encrypt(x) d.h.Add(&r, &d.h).Add(&d.h, &x) } ``` might create...
An extension of the goldilocks field is needed to have a cryptographically acceptable soundness for FRI.
In plonk, when one creates a new variable like this for instance `z := api.Add(api.Mul(x,y), 4)` 2 constraints are created, even if the intermediate result `api.Mul(x,y)` is not reused.
In the implementation of plonk the permutation polynomial should be simplified, in each factor the middle term uses groups in (Fr*,x) while it should be (Fr,+), so we could save...
# Description iop.Polynomial: - removed blinding -> easier to deal with blinding manually with KZG(blinded(p)) = Kzg(p) + KZG(blinding_factor) - code no longer panics when polynomials are evaluated LAGRANGE or...
Currently the Evaluate method on polynomial panics if the polynomial is not in canonical form. We should store the coset in the polynomial structure (and perhaps a root of unity...
The expected format of the polynomial is not needed for `BuildRatioShuffledVectors` and `BuildRatioCopyConstraint`, as it is implicit that the result is an interpolation of the accumulating ratios
In order to make [Vortex](https://eprint.iacr.org/2022/1633.pdf) efficient, one has to implement an efficient FFT on Goldilocks (instead of the usual ~256bits field like the field of bn254 for instance) due to...
# Description Updating plonk to the latest version https://eprint.iacr.org/archive/2019/953/1660839633.pdf [wait for linea to redeploy the contract before merging to avoid incompatibility between prover/verifier] * The folded quotient is appended to...