mirror of https://github.com/zcash/halo2.git
commit
408b617376
|
@ -60,7 +60,7 @@ Reference: [Generic Lookups with PLONK (DRAFT)](/LTPc5f-3S0qNF6MtwD-Tdg?view)
|
|||
|
||||
### Vanishing argument
|
||||
We want to check that the expressions defined by the gate constraints, permutation
|
||||
constraints and loookup constraints evaluate to zero at all elements in the multiplicative
|
||||
constraints and lookup constraints evaluate to zero at all elements in the multiplicative
|
||||
subgroup. To do this, the prover collapses all the expressions into one polynomial
|
||||
$$H(X) = \sum_{i=0}^e y^i E_i(X),$$
|
||||
where $e$ is the number of expressions and $y$ is a random challenge used to keep the
|
||||
|
|
|
@ -54,7 +54,7 @@ Formally, we use the game $\dlgame$ defined above to capture this problem.
|
|||
|
||||
_Interactive proofs_ are a triple of algorithms $\ip = (\setup, \prover,
|
||||
\verifier)$. The algorithm $\setup(1^\sec)$ produces as its output some _public
|
||||
parameters_ commonly refered to by $\pp$. The prover $\prover$ and verifier
|
||||
parameters_ commonly referred to by $\pp$. The prover $\prover$ and verifier
|
||||
$\verifier$ are interactive machines (with access to $\pp$) and we denote by
|
||||
$\langle \prover(x), \verifier(y) \rangle$ an algorithm that executes a
|
||||
two-party protocol between them on inputs $x, y$. The output of this protocol, a
|
||||
|
|
|
@ -59,7 +59,7 @@ arguments are independent.)
|
|||
|
||||
Let $c$ be the number of columns that are enabled for equality constraints.
|
||||
|
||||
Let $m$ be the maximum number of columns that can accomodated by a
|
||||
Let $m$ be the maximum number of columns that can accommodated by a
|
||||
[column set](permutation.md#spanning-a-large-number-of-columns) without exceeding
|
||||
the PLONK configuration's polynomial degree bound.
|
||||
|
||||
|
|
|
@ -119,7 +119,7 @@ Since we can no longer rely on the wraparound to ensure that the product $Z$ bec
|
|||
again at $\omega^{2^k},$ we would instead need to constrain $Z(\omega^u)$ to $1.$ However,
|
||||
there is a potential difficulty: if any of the values $A_i + \beta$ or $S_i + \gamma$ are
|
||||
zero for $i \in [0, u),$ then it might not be possible to satisfy the permutation argument.
|
||||
This occurs with negligble probability over choices of $\beta$ and $\gamma,$ but is an
|
||||
This occurs with negligible probability over choices of $\beta$ and $\gamma,$ but is an
|
||||
obstacle to achieving *perfect* zero knowledge (because an adversary can rule out witnesses
|
||||
that would cause this situation), as well as perfect completeness.
|
||||
|
||||
|
|
|
@ -29,7 +29,7 @@ sudo apt install cmake libexpat1-dev libfreetype6-dev
|
|||
{{#include ../../../examples/circuit-layout.rs:dev-graph}}
|
||||
```
|
||||
|
||||
- Columns are layed out from left to right as instance, advice, and fixed. The order of
|
||||
- Columns are laid out from left to right as instance, advice and fixed. The order of
|
||||
columns is otherwise without meaning.
|
||||
- Instance columns have a white background.
|
||||
- Advice columns have a red background.
|
||||
|
@ -43,7 +43,7 @@ sudo apt install cmake libexpat1-dev libfreetype6-dev
|
|||
### Circuit structure
|
||||
|
||||
`halo2::dev::circuit_dot_graph` builds a [DOT graph string] representing the given
|
||||
circuit, which can then be rendered witha variety of [layout programs]. The graph is built
|
||||
circuit, which can then be rendered with a variety of [layout programs]. The graph is built
|
||||
from calls to `Layouter::namespace` both within the circuit, and inside the gadgets and
|
||||
chips that it uses.
|
||||
|
||||
|
|
Loading…
Reference in New Issue