You are looking at a specific version 20210710:072540 of this paper. See the latest version.

Paper 2021/930

Darlin: A proof carrying data scheme based on Marlin

Ulrich Haböck and Alberto Garoffolo and Daniele Di Benedetto

Abstract

In this document we describe the Darlin proof carrying data scheme for the distributed computation of block and epoch proofs in a Latus sidechain of Zendoo (IACR eprint 2020/123). Recursion as well as base proofs rest on Marlin using the Pasta cycle of curves and the ‘dlog’ polynomial commitment scheme introduced by Bootle et al. EUROCRYPT 2016. We apply the amortization technique from Halo (IACR eprint 2019/099) to the non-succinct parts of the verifier, and we adapt their strategy for bivariate circuit encoding polynomials to aggregate Marlin’s inner sumchecks across the nodes of the proof carrying data scheme. Regarding performance, the advantage of Darlin over a scheme without inner sumcheck aggregation is about 30% in a tree-like scenario as ours, and beyond when applied to linear recursion.

Note: Corrected the references for Halo 2 and the Pasta Curves

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Keywords
R1CSSNARKsAggregation schemes
Contact author(s)
ulrich @ horizenlabs io,alberto @ horizenlabs io,daniele @ horizenlabs io
History
2021-10-01: last of 3 revisions
2021-07-09: received
See all versions
Short URL
https://ia.cr/2021/930
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.