Paper 2021/930
Darlin: Recursive Proofs using Marlin
Ulrich Haböck, Alberto Garoffolo, and Daniele Di Benedetto
Abstract
This document describes Darlin, a succinct zero-knowledge argument of knowledge based on the Marlin SNARK (Chiesa et al., Eurocrypt 2020) and the `dlog' polynomial commitment scheme from Bootle et al. EUROCRYPT 2016. Darlin addresses recursive proofs by integrating the amortization technique from Halo (IACR eprint 2019/099) for the non-succinct parts of the dlog verifier, and we adapt their strategy for bivariate circuit encoding polynomials to aggregate Marlin's inner sumchecks across the nodes the recursive scheme. We estimate the performance impact of inner sumcheck aggregation by about 30% in a tree-like scheme of in-degree 2, and beyond when applied to linear recursion.
Note: Additional appendix on domain extension/segmentation of linear polynomial commitment schemes. A more complete explanation of our benchmarks.
Metadata
- Available format(s)
-
PDF
- Category
- Cryptographic protocols
- Publication info
- Preprint. MINOR revision.
- Keywords
- R1CSSNARKsrecursive proofsaggregation schemes
- Contact author(s)
-
ulrich @ horizenlabs io
alberto @ horizenlabs io
daniele @ horizenlabs io - History
- 2021-10-01: last of 3 revisions
- 2021-07-09: received
- See all versions
- Short URL
- https://ia.cr/2021/930
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2021/930,
author = {Ulrich Haböck and Alberto Garoffolo and Daniele Di Benedetto},
title = {Darlin: Recursive Proofs using Marlin},
howpublished = {Cryptology ePrint Archive, Paper 2021/930},
year = {2021},
note = {\url{https://eprint.iacr.org/2021/930}},
url = {https://eprint.iacr.org/2021/930}
}
