Wikipedia:Reference desk/Archives/Mathematics/2024 September 29
Mathematics desk | ||
---|---|---|
< September 28 | << Aug | September | Oct >> | September 30 > |
Welcome to the Wikipedia Mathematics Reference Desk Archives |
---|
The page you are currently viewing is a transcluded archive page. While you can leave answers for any questions shown below, please ask new questions on one of the current reference desk pages. |
September 29
[edit]Is this a possible Groth16/ZkSnark verifier‑side simplification ?
[edit]Hello,
The verification algorithm is already simple but I was thinking about some costly environments like blockchains having low block limits. This might be naïve thinking but I was wondering at possibility : normally the prover gives 3 elliptic curves points to the verifier A ; B ; C When public inputs are used C/the inputs vector is split.
But as a simplification part, why not completely ditch the C parts of the proof when public inputs are used ? That way, the verifier would have to compute 1 pairing in less for verifying the proof. I’m meaning e(C,verifying_key_part). It seems to me the requirement to pair with public inputs would still ensure the security of the system… Is it because skipping that pairing would allow to forge public inputs ? As far I understand, a malicious prover would still have to satisfy all constraints of the quadratic arithmetic program and thus would have to use public inputs satisfying constraints. Or is it because it would be impossible to rework the protocol to have the prover being able to produce proofs that verify ?
Or even maybe both of the assumptions above ? 2A01:E0A:401:A7C0:9CB:33F3:E8EB:8A5D (talk) 11:51, 29 September 2024 (UTC)