Paper 2024/1685

GAPP: Generic Aggregation of Polynomial Protocols

Chaya Ganesh, Indian Institute of Science
Sikhar Patranabis, IBM Research India
Shubh Prakash, Indian Institute of Science
Nitin Singh, IBM Research India
Abstract

We construct a new bivariate polynomial commitment scheme, bPCLB, with succinct verification, O(m+n) sized public parameters, and O(m + n) cryptographic operations to generate evaluation proofs for bivariate polynomials of degree (n, m). bPCLB commits to polynomials using their Lagrange coefficients. This is in contrast to existing bivariate schemes, which either incur O(mn)-sized public parameters and O(mn) cost for evaluation proofs, or do not natively support committing to polynomials in the Lagrange basis. We present the idea of a packing gadget that allows packing a non-constant number of univariate polynomials into one bivariate polynomial. We implement the packing gadget with bPCLB to achieve the following results. We propose a generic framework called GAPP for aggregation of polynomial protocols. This allows proving n instances of a polynomial protocol using a single aggregate proof that has O(log n) size, and can be verified using O(log n) operations. We construct an information-theoretic protocol for proving the satisfiability of the bivariate polynomial identity, which is then compiled using any bivariate polynomial commitment scheme (PCS) to yield an argument of knowledge for the aggregation relation. GAPP can be applied to several popular SNARKs over bilinear groups that are modeled as polynomial protocols in a black-box way. Using bPCLB yields an efficient instantiation of GAPP for aggregating PLONK proofs where the prover only performs sublinear cryptographic operations in the evaluation proof. We illustrate the packing property of bPCLB in two applications. We first construct a new lookup argument which supports tables of m-tuples. Second, we show a generalized grand-product protocol over a non-constant (say m) number of vectors. While existing approaches for both these applications incur O(m) proof size and verification complexity, our constructions achieve O(log m) dependence. We leverage these applications together with our GAPP framework to design an a la carte proof system proof system for non-uniform computations.

Note: We present an improved version of bpclb with shorter proof size. We also illustrate the packing property of bPCLB by showing a generalized grand-product protocol over a non-constant (say m) number of vectors. Finally, we present an expanded treatment of our \`A la carte proof system proof system for non-uniform computations.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
SNARGsaggregationpolynomial commitment schemeslookups
Contact author(s)
chaya @ iisc ac in
sikhar patranabis @ ibm com
shubhprakash @ iisc ac in
nitisin1 @ in ibm com
History
2025-05-21: revised
2024-10-16: received
See all versions
Short URL
https://ia.cr/2024/1685
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2024/1685,
      author = {Chaya Ganesh and Sikhar Patranabis and Shubh Prakash and Nitin Singh},
      title = {{GAPP}: Generic Aggregation of Polynomial Protocols},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1685},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1685}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.