From 3ab26bd11330f999b694b2db2ec76d63c65a8156 Mon Sep 17 00:00:00 2001 From: caiyesd Date: Tue, 28 May 2019 11:49:06 +0800 Subject: [PATCH] Correct the at most degrees `L,R,O` are of degree at most `d-1` . `T` is of degree at most `d`. So `P = LR-O=HT` is of degree at most `2(d-1)` and `H` is of degree at most `d-2`. --- _posts/2017-05-10-snark-explain6.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/_posts/2017-05-10-snark-explain6.md b/_posts/2017-05-10-snark-explain6.md index 2b8d4ce..23a4eca 100644 --- a/_posts/2017-05-10-snark-explain6.md +++ b/_posts/2017-05-10-snark-explain6.md @@ -23,7 +23,7 @@ As we saw in Part V, Alice will typically want to prove she has a satisfying as If Alice has a satisfying assignment it means that, defining :math:`L,R,O,P` as above, there exists a polynomial :math:`H` such that :math:`P=H\cdot T`. In particular, for any :math:`s\in\mathbb{F}_p` we have :math:`P(s)=H(s)\cdot T(s)`. -Suppose now that Alice doesn't have a satisfying assignment, but she still constructs :math:`L,R,O,P` as above from some unsatisfying assignment :math:`(c_1,\ldots,c_m)`. Then we are guaranteed that :math:`T` does not divide :math:`P`. This means that for any polynomial :math:`H` of degree at most :math:`d`, :math:`P` and :math:`L,R,O,H` will be different polynomials. Note that :math:`P` and :math:`L,R,O,H` here are both of degree at most :math:`2d`. +Suppose now that Alice doesn't have a satisfying assignment, but she still constructs :math:`L,R,O,P` as above from some unsatisfying assignment :math:`(c_1,\ldots,c_m)`. Then we are guaranteed that :math:`T` does not divide :math:`P`. This means that for any polynomial :math:`H` of degree at most :math:`d-2`, :math:`P` and :math:`L,R,O,H` will be different polynomials. Note that :math:`P` here is of degree at most :math:`2(d-1)`, :math:`L,R,O` here are of degree at most :math:`d-1` and :math:`H` here is degree at most :math:`d-2`. Now we can use the famous Schwartz-Zippel Lemma that tells us that two different polynomials of degree at most :math:`2d` can agree on at most :math:`2d` points :math:`s\in\mathbb{F}_p`. Thus, if :math:`p` is much larger than :math:`2d` the probability that :math:`P(s)=H(s)\cdot T(s)` for a randomly chosen :math:`s\in\mathbb{F}_p` is very small. @@ -93,4 +93,4 @@ We presented a sketch of the Pinocchio Protocol in which Alice can convince Bob Both these issues can be resolved by the use of pairings of elliptic curves, which we will discuss in the next and final part. -

>> Part VII

\ No newline at end of file +

>> Part VII