Verify all proofs

Suppose you have a polynomial

P

, and the sample proofs

Q_{i} = ⌊ \frac{P}{X^{16} - ω^{i * 16}} ⌋

Goal: verify all proofs.

Note that for all

i

Q_{i} * (X^{16} - ω^{i * 16}) = P - I_{i}

, where

I_{i}

is the

d e g < 16

interpolant of the i'th subgroup.

We can combine all of these equations with a random linear combination:

\sum Q_{i} * (X^{16} - ω^{i * 16}) * r_{i} = \sum (P - I_{i}) * r_{i}

Now let us play with this equation:

\sum (Q_{i} * r_{i}) * X^{16} - \sum (Q_{i} * w^{i * 16} * r_{i}) = P * \sum r_{i} - \sum (I_{i} * r_{i})

We now convert this into a pairing equation:

e (\sum (Q_{i} * r_{i}), [X^{16}]) \div e (\sum (Q_{i} * w^{i * 16} * r_{i}), [1]) = e (P * \sum r_{i} - \sum (I_{i} * r_{i}), [1])

Let us go through this term-by-term.

$\sum (Q_{i} * r_{i})$ is a simple size
$\frac{N}{16}$ fast linear combination.
$\sum Q_{i} * w^{i * 16} * r_{i}$ is a simple size
$\frac{N}{16}$ fast linear combination.
$P * \sum r_{i}$ is a multiplication after N field operations
$\sum (I_{i} * r_{i})$ involves the calculation of
$\frac{N}{16}$ size-16 interpolants; with Lagrange interpolation this can be done in
$\approx 16 * N$ field operations; FFTs may speed this up but at these small scales only slightly. Adding up the interpolants and converting the result into a point is trivial.

LessieHoeger

2025/03/19 07:15:06

The solution to this problem is very easy to understand, I once had to go to https://amongusgame.io to look up the solution, there are also many good and detailed answers that help me understand better, but unexpectedly, this gives more detailed and easier to understand answers.

Verify all proofs

Read more

A quick barycentric evaluation tutorial

Pragmatic destruction of `SELFDESTRUCT`

Untitled

A few paths to statelessness and state expiry