Paper 2024/1685

GAPP: Generic Aggregation of Polynomial Protocols

Chaya Ganesh, Indian Institute of Science
Sikhar Patranabis, IBM Research India
Shubh Prakash, Indian Institute of Science
Nitin Singh, IBM Research India
Abstract

We propose a generic framework called GAPP for aggregation of polynomial protocols. This allows proving $n$ instances of a polynomial protocol using a single aggregate proof that has $O(\log n)$ size, and can be verified using $O(\log^2 n)$ operations. The satisfiability of several univariate polynomial identities over a domain is reduced to the satisfiability of a single bivariate polynomial identity over a related domain, where the bivariate polynomials interpolate a batch of univariate polynomials over the domain. We construct an information-theoretic protocol for proving the satisfiability of the bivariate polynomial identity, which is then compiled using any bivariate polynomial commitment scheme (PCS) to yield an argument of knowledge for the aggregation relation. GAPP can be applied to several popular SNARKs over bilinear groups that are modeled as polynomial protocols in a black-box way. We present a new bivariate polynomial commitment scheme, bPCLB, with succinct verification that yields an efficient instantiation of GAPP. In addition, the prover only performs sublinear cryptographic operations in the evaluation proof. Towards constructing bPCLB, we show a new folding technique that we call Lagrangian folding. The bivariate PCS bPCLB and the Lagrangian folding scheme are of independent interest. We implement bPCLB and experimentally validate the practical efficiency of our GAPP instantiation. For the popular PLONK proof system, we achieve $25$-$30\%$ faster proof generation than the naive baseline of generating $n$ separate PLONK proofs. Compared to all existing aggregation schemes that incur additional prover overheads on top of the baseline, we achieve significantly more efficient proving, while retaining succinct verification. We demonstrate the versatility of our GAPP framework by outlining applications of practical interest: tuple lookups that significantly outperform existing lookup arguments in terms of prover overheads; and proofs for non-uniform computation with a la carte prover cost.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
SNARGsaggregationpolynomial commitment schemeslookups
Contact author(s)
chaya @ iisc ac in
sikhar patranabis @ ibm com
shubhprakash @ iisc ac in
nitisin1 @ in ibm com
History
2024-10-18: approved
2024-10-16: received
See all versions
Short URL
https://ia.cr/2024/1685
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2024/1685,
      author = {Chaya Ganesh and Sikhar Patranabis and Shubh Prakash and Nitin Singh},
      title = {{GAPP}: Generic Aggregation of Polynomial Protocols},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1685},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1685}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.