cqlin: Efficient linear operations on KZG commitments with cached quotients

Liam Eagen; Ariel Gabizon

Paper 2023/393

cqlin: Efficient linear operations on KZG commitments with cached quotients

Liam Eagen, Zeta Function Technologies, Blockstream Research

Ariel Gabizon, Zeta Function Technologies

Abstract

Given two KZG-committed polynomials $f (X), g (X) \in F_{< n} [X]$ , a matrix $M \in F^{n \times n}$ , and subgroup $H \subset F^{*}$ of order $n$ , we present a protocol for checking that $f |_{H} \cdot M = g |_{H}$ . After preprocessing, the prover makes $O (n)$ field and group operations. This presents a significant improvement over the lincheck protocols in [CHMMVW, COS], where the prover's run-time (also after preprocessing) was quasilinear in the number of non-zeroes of , which could be .

Note: Small corrections, ack - Josh Beal

Metadata

Available format(s): PDF
Category: Cryptographic protocols
Publication info: Preprint.
Keywords: zk-snarks polynomial commitment schemes pairings
Contact author(s): ariel gabizon @ gmail com
History: 2023-10-16: last of 4 revisions; 2023-03-19: received; See all versions
Short URL: https://ia.cr/2023/393
License: CC0

BibTeX

@misc{cryptoeprint:2023/393,
      author = {Liam Eagen and Ariel Gabizon},
      title = {cqlin: Efficient linear operations on {KZG} commitments with cached quotients},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/393},
      year = {2023},
      url = {https://eprint.iacr.org/2023/393}
}