Paper 2024/278

Circle STARKs

Ulrich Haböck, Polygon Labs
David Levit, StarkWare
Shahar Papini, StarkWare
Abstract

Traditional STARKs require a cyclic group of a smooth order in the field. This allows efficient interpolation of points using the FFT algorithm, and writing constraints that involve neighboring rows. The Elliptic Curve FFT (ECFFT, Part I and II) introduced a way to make efficient STARKs for any finite field, by using a cyclic group of an elliptic curve. We show a simpler construction in the lines of ECFFT over the circle curve $x^2 + y^2 = 1$. When $p + 1$ is divisible by a large power of $2$, this construction is as efficient as traditional STARKs and ECFFT. Applied to the Mersenne prime $p = 2^{31} − 1$, which has been recently advertised in the IACR eprint 2023:824, our preliminary benchmarks indicate a speed-up by a factor of $1.4$ compared to a traditional STARK using the Babybear prime $p = 2^{31} − 2^{27} + 1$.

Note: This version corrects minor typos in Section 5.3, and adds an optimized treatment of constraints with punctuated activation domains.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
STARKFFTReed-Solomon CodesAlgebraic Geometry Codes
Contact author(s)
uhaboeck @ polygon technology
david @ starkware co
spapini @ starkware co
History
2024-12-17: last of 2 revisions
2024-02-19: received
See all versions
Short URL
https://ia.cr/2024/278
License
Creative Commons Attribution-ShareAlike
CC BY-SA

BibTeX 

@misc{cryptoeprint:2024/278,
      author = {Ulrich Haböck and David Levit and Shahar Papini},
      title = {Circle {STARKs}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/278},
      year = {2024},
      url = {https://eprint.iacr.org/2024/278}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.