related but less general:we defined polynomial protocols in a UCish way in plonk: prover sends polynomials to ideal party, which rejects if they have too high degree, and verifier can ask ideal party if some identity holds between the polys
-
-
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
That is an interesting question. I guess if you’re proving your protocol secure against algebraic adversaries, then you’ll want the environment to direct the (dummy) adversary to be algebraic, too. But the environment itself need not be an algebraic algorithm...?
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
You have to assume that the environment uses a common group representation, no? Naively speaking, if you don’t include groups of unknown order, as long as the environment holds presentation p : G -> GL(|G|), you don’t need to keep computing a representation.
-
Obviously, you can write the proofs using elements in G with the understanding that there is a common “serialization” via the group representation p. Logicians might hate you after that, though



- Još 1 odgovor
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.