Today I (almost fully) read: "Linear-map Vector Commitments and their Practical Applications" by Matteo Campanelli, @13portocale, @CarlaRafols, Alexandros Zacharakis and @arantxazapico (eprint.iacr.org/2022/705)
...which makes several cool contributions: 1. Two new pairing-based VCs with constant-sized proofs from univariate KZG, either with monomial or Lagrange basis (see screenshots)
These are neat because (1) they support "unbounded" aggregation: i.e., one can aggregate aggregated proofs indefinitely and (2) they support functional openings: i.e., one can prove that f(v) = y, for any committed vector v, and any linear map f, where y is a vector too.
A drawback of these two constructions is that the verification key needed to verify proofs for any position i is linearly-sized.
In this sense: not sure I follow the point about keyless updates in the monomial-based LVC (see screenshot). I suppose the verification key "subsumes" the update key? But I would frame this not as upk=\emptyset, but as upk=vrk (and thus not as "keyless", but as "keyed" updates)
2. A new tree-based VC from multivariate polynomials, which generalizes Hyperproofs (twitter.com/s_shravan/status/1511757473899761675) with (1) arbitrary arity and (2) time/memory trade-offs for computing proofs. Arbitrary arity is very cool because it reduces proof size and thus proof aggregation time.
3. A new tree-based VC from univariate polynomials. Here, may I humbly request the authors to eventually relate this construction to our AMT-based construction also, which is also tree-based and from univariate polynomials (alinush.github.io/2020/03/12/towards-scalable-vss-and-dkg.html)?
alin.apt
@alinush407
I put the "crypto" in "cryptocurrency" | Founding Team & Head of Cryptography at @AptosLabs