You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, protocols based on subfield VOLE, such as QuickSilver, are designated-verifier without an "s". Therefore, to prove to N verifiers, the prover's work is essentially N times. Note that this may improve in the future, but now subfield VOLE seems to be still subject to this limitation.
Virgo, however, is publicly verifiable and non-interactive. In some applications, it may be useful to consider an interactive version of Virgo, where it is designated-verifiers (by having the verifiers agree on some public randomness, such as sampling fresh randomness via commit-and-open of PRG seed shares).
There is a possibility that an interactive version of Virgo would be faster if getting rid of the extension field is beneficial.
Note that in Virgo, the extension field serves two purposes:
enabling the low-degree testing, which requires some two-arity, but Mersenne primes do not offer that
providing sufficient soundness for non-interactive use cases
An interactive Virgo does not need 2 but still needs 1. That is, Virgo would not need an extension field, but would also need to replace the Mersenne prime with something else. It, therefore, is uncertain whether the performance can be improved twice or more dramatically, or not significantly.
The text was updated successfully, but these errors were encountered:
Currently, protocols based on subfield VOLE, such as QuickSilver, are designated-verifier without an "s". Therefore, to prove to N verifiers, the prover's work is essentially N times. Note that this may improve in the future, but now subfield VOLE seems to be still subject to this limitation.
Virgo, however, is publicly verifiable and non-interactive. In some applications, it may be useful to consider an interactive version of Virgo, where it is designated-verifiers (by having the verifiers agree on some public randomness, such as sampling fresh randomness via commit-and-open of PRG seed shares).
There is a possibility that an interactive version of Virgo would be faster if getting rid of the extension field is beneficial.
Note that in Virgo, the extension field serves two purposes:
An interactive Virgo does not need 2 but still needs 1. That is, Virgo would not need an extension field, but would also need to replace the Mersenne prime with something else. It, therefore, is uncertain whether the performance can be improved twice or more dramatically, or not significantly.
The text was updated successfully, but these errors were encountered: