Henry de Valence

I think we should aim for the same thing that we did with aggregation: internally, verification should be implemented as `k`-batch verification of `m`-aggregated proofs of `n`-bits each, and we...

A general conceptual comment that we should think about: With single proofs, we have a conceptually nice story about how the proof transcripts work: the transcript implements the Fiat-Shamir transform...

It seems like the right design would be for the batch verify code to take an iterator of transcripts, so that batch verification is composable, and put a note that...

I don't think it's actually possible to make the index private, we'd need to have a custom type wrapper (since it's not possible to put `pub(crate)` on the enum variant...

Hi, this is caused by the Rust 1.41 MSRV requirement on `subtle`. Try updating your rust version to 1.41 or above.

Hmm, does that error occur on stable rust without using the `simd_backend`?

Hi all, the upstream for this crate is now https://github.com/zkcrypto/bulletproofs and this issue should be already fixed there.

Just to close the circle on that archaeology, if I recall correctly the scalar inversion implementation I added to filippo.io/edwards25519 uses a ladder found by @briansmith :)

> So it would be nice to know how does exactly all of this works in LLVM because i1 types are illegal in all other x86 "targets" (e.g. AVX2). Does...

Hi, has there been any new developments since this was last active? I would like to contribute AVX-512 intrinsics, but I'm not sure what (if anything) is blocking it, so...