From 3daebf827438f183e46c04943be5691a679aeb56 Mon Sep 17 00:00:00 2001 From: mirco Date: Mon, 20 Nov 2023 22:41:17 +0100 Subject: [PATCH] issue 72 --- chapters/arithmetics-moonmath.tex | 8 +++++--- chapters/zk-protocols-moonmath.tex | 4 ++-- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/chapters/arithmetics-moonmath.tex b/chapters/arithmetics-moonmath.tex index 40e59822..6f1b5238 100644 --- a/chapters/arithmetics-moonmath.tex +++ b/chapters/arithmetics-moonmath.tex @@ -1090,8 +1090,10 @@ \subsection{Prime Factors} Recall that the fundamental theorem of arithmetic \re \begin{equation} R_0(P):=\{x_0\in R\;|\; P(x_0)=0\} \end{equation} -The roots of a polynomial are of special interest with respect to its prime factorization, since it can be shown that, for any given root $x_0$ of $P$, the polynomial $F(x)=(x-x_0)$ is a prime factor of $P$. - +The roots of a polynomial are of special interest with respect to its prime factorization, since it can be shown that, for any given root $x_0$ of $P$, the polynomial $F(x)=(x-x_0)$ is a prime factor of $P$. A root $x_0$ of a polynomial $P$ is said to have a \term{multiplicity} of $k$ if the polynomial $(x-x_0)^k$ is a factor of $P$, that is if there is a polynomial $Q$ such that we can write $P$ as +\begin{equation} +P(x)= (x-x_0)^k \cdot Q(x) +\end{equation} Finding the roots of a polynomial is sometimes called \term{solving the polynomial}. It is a difficult problem that has been the subject of much research throughout history. It can be shown that if $m$ is the degree of a polynomial $P$, then $P$ cannot have more than $m$ roots. However, in general, polynomials can have less than $m$ roots. @@ -1114,7 +1116,7 @@ \subsection{Prime Factors} Recall that the fundamental theorem of arithmetic \re $$ \end{example} \begin{exercise} -Show that if a polynomial $P\in R[x]$ of degree $deg(P)=m$ has less than $m$ roots, it must have a prime factor $F$ of degree $deg(F)>1$. +Show that if the sum of the multiplicity of all roots of a polynomial $P\in R[x]$ of degree $deg(P)=m$ is less than $m$, the polynomial must have a prime factor $F$ of degree $deg(F)>1$. \end{exercise} \begin{exercise} Consider the polynomial $P=x^7 + 3 x^6 + 3 x^5 + x^4 - x^3 - 3 x^2 - 3 x - 1\in \Z_6[x]$. Compute the set of all roots of $R_0(P)$ and then compute the prime factorization of $P$. diff --git a/chapters/zk-protocols-moonmath.tex b/chapters/zk-protocols-moonmath.tex index aa0826da..9e5851d1 100644 --- a/chapters/zk-protocols-moonmath.tex +++ b/chapters/zk-protocols-moonmath.tex @@ -69,8 +69,8 @@ \section{The ``Groth16'' Protocol} \begin{itemize} \item (Setup-Phase): $(CRS,\Tau)\leftarrow \textsc{Setup}(R)$: Algorithm $\textsc{Setup}$ takes the R1CS $R$ as input and computes a \term{\concept{Common Reference String}} $CRS$ and a \term{simulation trapdoor} $\Tau$. \item (Prover-Phase): $\pi\leftarrow \textsc{Prove}(R,CRS,I,W)$: Given a constructive proof $(I;W)$ for $R$, algorithm $\textsc{Prove}$ takes the R1CS $R$, the \concept{Common Reference String} $CRS$ and the constructive proof $(I,W)$ as input and computes an zk-SNARK $\pi$. -\item Verify: $\{\mathtt{accept},\mathtt{reject}\}\leftarrow \textsc{Vfy}(R,CRS,I,\pi)$: Algorithm \textsc{Vfy} takes the R1CS $R$, the \concept{Common Reference String} $CRS$, the instance $I$ and the zk-SNARK $\pi$ as input and returns \texttt{reject} or \texttt{accept}. -\item $\pi\leftarrow \textsc{Sim}(R,\Tau,CRS, I)$: Algorithm \textsc{Sim} takes the R1CS $R$, the \concept{Common Reference String} $CRS$, the simulation trapdoor $\Tau$ and the instance $I$ as input and returns a zk-SNARK $\pi$. +\item (Verification Phase): $\{\mathtt{accept},\mathtt{reject}\}\leftarrow \textsc{Vfy}(R,CRS,I,\pi)$: Algorithm \textsc{Vfy} takes the R1CS $R$, the \concept{Common Reference String} $CRS$, the instance $I$ and the zk-SNARK $\pi$ as input and returns \texttt{reject} or \texttt{accept}. +\item (Simulation) $\pi\leftarrow \textsc{Sim}(R,\Tau,CRS, I)$: Algorithm \textsc{Sim} takes the R1CS $R$, the \concept{Common Reference String} $CRS$, the simulation trapdoor $\Tau$ and the instance $I$ as input and returns a zk-SNARK $\pi$. \end{itemize} We will explain these algorithms together with detailed examples in the remainder of this section.