You are looking at a specific version 20211001:134654 of this paper. See the latest version.

Paper 2021/930

Darlin: Recursive Proofs using Marlin

Ulrich Haböck and Alberto Garoffolo and Daniele Di Benedetto

Abstract

This document describes Darlin, a succinct zero-knowledge argument of knowledge based on the Marlin SNARK (Chiesa et al., Eurocrypt 2020) and the `dlog' polynomial commitment scheme from Bootle et al. EUROCRYPT 2016. Darlin addresses recursive proofs by integrating the amortization technique from Halo (IACR eprint 2019/099) for the non-succinct parts of the dlog verifier, and we adapt their strategy for bivariate circuit encoding polynomials to aggregate Marlin's inner sumchecks across the nodes the recursive scheme. We estimate the performance impact of inner sumcheck aggregation by about 30% in a tree-like scheme of in-degree 2, and beyond when applied to linear recursion.

Note: Additional appendix on domain extension/segmentation of linear polynomial commitment schemes. A more complete explanation of our benchmarks.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Keywords
R1CSSNARKsrecursive proofsaggregation schemes
Contact author(s)
ulrich @ horizenlabs io,alberto @ horizenlabs io,daniele @ horizenlabs io
History
2021-10-01: last of 3 revisions
2021-07-09: received
See all versions
Short URL
https://ia.cr/2021/930
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.