Add reference to [SVPBABW2012] for the idea of using multiplicative inverses for nonzero constraints.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2019-04-25 17:23:36 +01:00 · 2019-04-25 17:23:36 +01:00 · 1258385ab5
parent feae1e7e12
commit 1258385ab5
2 changed files with 12 additions and 0 deletions
--- a/protocol/protocol.tex
+++ b/protocol/protocol.tex
@ -11277,6 +11277,8 @@ $\Inv{a} = a^{-1} \pmod{\ParamS{r}}$:
  \item $\constraint{\Inv{a}}{a}{1}$
 \end{formulae}

+This technique comes from \cite[Appendix D.1]{SVPBABW2012}.
+
 \nnote{A global optimization allows to use a single inverse computation outside
 the circuit for any number of nonzero constraints. Suppose that we have
 $n$ variables (or \linearCombinations) that are supposed to be nonzero:
--- a/protocol/zcash.bib
+++ b/protocol/zcash.bib
@ -176,6 +176,16 @@ Proceedings of the 21st Annual International Cryptology Conference
   urldate={2018-05-28}
 }

+@misc{SVPBABW2012,
+   presort={SVPBABW2012},
+   author={Srinath Setty and Victor Vu and Nikhil Panpalia and Benjamin Braun and Muqeet Ali and Andrew J. Blumberg and Michael Walfish},
+   title={Taking proof-based verified computation a few steps closer to practicality (extended version)},
+   url={https://eprint.iacr.org/2012/598.pdf},
+   urldate={2018-04-25},
+   howpublished={Cryptology ePrint Archive: Report 2012/598.
+Last revised February~28, 2013.}
+}
+
@misc{Bowe2017,
   presort={Bowe2017},
   author={Sean Bowe},