Natively Compatible Super-Efficient Lookup Arguments and How to Apply Them
Matteo Campanelli, Offchain Labs
Dario Fiore, IMDEA Software
Rosario Gennaro, The City College of New York
Abstract
Lookup arguments allow an untrusted prover to commit to a vector and show that its entries reside in a predetermined table . One of their key applications is to augment general-purpose SNARKs making them more efficient on subcomputations that are hard to arithmetize. In order for this "augmentation" to work out, a SNARK and a lookup argument should have some basic level of compatibility with respect to the commitment on . However, not all existing efficient lookup arguments are fully compatible with other efficient general-purpose SNARKs. This incompatibility can for example occur whenever SNARKs use multilinear extensions under the hood (e.g. Spartan) but the lookup argument is univariate in flavor (e.g. Caulk or ).
In this paper we discuss how to widen the spectrum of "super-efficient" lookup arguments (where the proving time is independent of the size of the lookup table): we present a new construction inspired by and based on multilinear polynomial encodings (MLE). Our construction is the first lookup argument for any table that is also natively compatible with MLE-based SNARKs at comparable costs with other state-of-the-art lookup arguments, particularly when the large table is unstructured. This case arises in various applications, such as using lookups to prove that the program in a virtual machine is fetching the right instruction and when proving the correct computation of floating point arithmetic (e.g., in verifiable machine learning).
We also introduce a second more general construction: a compiler that, given any super-efficient lookup argument compatible with univariate SNARKs, converts it into a lookup argument compatible with MLE-based SNARKs with a very small overhead.
Finally, we discuss SNARKs that we can compose with our constructions as well as approaches for this composition to work effectively.
@misc{cryptoeprint:2024/1058,
author = {Matteo Campanelli and Dario Fiore and Rosario Gennaro},
title = {Natively Compatible Super-Efficient Lookup Arguments and How to Apply Them},
howpublished = {Cryptology {ePrint} Archive, Paper 2024/1058},
year = {2024},
url = {https://eprint.iacr.org/2024/1058}
}
Note: In order to protect the privacy of readers, eprint.iacr.org
does not use cookies or embedded third party content.