Paper 2024/661
On amortization techniques for FRI-based SNARKs
Abstract
We present two techniques to improve the computational and/or communication costs of STARK proofs: packing and modular split-and-pack.
Packing allows to generate a single proof of the satisfiability of several constraints. We achieve this by packing the evaluations of all relevant polynomials in the same Merkle leaves, and combining all DEEP FRI functions into a single randomized validity function. Our benchmarks show that packing reduces the verification time and proof size compared to individually proving the satisfiability of each witness, while only increasing the prover time moderately.
Modular split-and-pack is a proof acceleration technique where the prover divides a witness into smaller sub-witnesses. It then uses packing to prove the simultaneous satisfiability of each sub-witness. Compared to producing a proof of the original witness, splitting improves the prover time and memory usage, while increasing the verifier time and proof size. Ideas similar to modular split-and-pack seem to be used throughout the industry, but 1) generally execution traces are split by choosing the first
Note: Minor change to the title
Metadata
- Available format(s)
-
PDF
- Category
- Cryptographic protocols
- Publication info
- Preprint.
- Keywords
- SNARKFRIAggregationOptimizationRecursion
- Contact author(s)
-
albert @ nethermind io
hayk 9816 @ gmail com
aram @ skycryptor com
ignacio @ nethermind io
isaac @ nethermind io
michal @ nethermind io - History
- 2024-05-02: revised
- 2024-04-29: received
- See all versions
- Short URL
- https://ia.cr/2024/661
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/661,
author = {Albert Garreta and Hayk Hovhanissyan and Aram Jivanyan and Ignacio Manzur and Isaac Villalobos and Michał Zając},
title = {On amortization techniques for {FRI}-based {SNARKs}},
howpublished = {Cryptology {ePrint} Archive, Paper 2024/661},
year = {2024},
url = {https://eprint.iacr.org/2024/661}
}
