Incrementally Verifiable Computation (IVC) allows one to prove the correctness of a computation of potentially unbounded length in an incremental way, while a computationally weak client can efficiently check its correctness in time sublinear in the computation's length. IVC is particularly useful in several real-world applications such as scalable blockchains, distributed computation, and verifiable machine learning. Yet, most existing IVC schemes are only provably secure for constant-depth ...| IACR Cryptology ePrint Archive
Figure 1 A mess of links about the state and its capacity to do things, incorporating institutions, social licence and the like. Participatory budgeting, participatory resource management, lack thereof. Practically speaking, it seems that most citizens would kinda like the state to invest in maintaining a society that was not a crumbling pit of poverty awash in disease and toxic waste and ruled over by robber barons. However, given that they don’t trust the state to get anything right, the...| The Dan MacKinlay stable of variably-well-consider’d enterprises
In this work we improve upon the state of the art for practical zero-knowledge for set membership, a building block at the core of several privacy-aware applications, such as anonymous payments, credentials and whitelists. This primitive allows a user to show knowledge of an element in a large set without leaking the specific element. One of the obstacles to its deployment is efficiency. Concretely efficient solutions exist, e.g., those deployed in Zcash Sapling, but they often work at the pr...| IACR Cryptology ePrint Archive
This document describes Darlin, a succinct zero-knowledge argument of knowledge based on the Marlin SNARK (Chiesa et al., Eurocrypt 2020) and the `dlog' polynomial commitment scheme from Bootle et al. EUROCRYPT 2016. Darlin addresses recursive proofs by integrating the amortization technique from Halo (IACR eprint 2019/099) for the non-succinct parts of the dlog verifier, and we adapt their strategy for bivariate circuit encoding polynomials to aggregate Marlin's inner sumchecks across the no...| IACR Cryptology ePrint Archive