Sum To Zero Check Protocol#1040
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #1040 +/- ##
==========================================
+ Coverage 90.56% 91.16% +0.60%
==========================================
Files 173 175 +2
Lines 26082 26285 +203
==========================================
+ Hits 23622 23964 +342
+ Misses 2460 2321 -139 ☔ View full report in Codecov by Sentry. |
akoshelev
left a comment
akoshelev
left a comment
There was a problem hiding this comment.
It can also be used to check the consistency between shares, i.e. as a base protocol for #936
I can't see how it is compatible with the protocol described in that PR. This proposes having the entire input ready before validation starts, #936 can work with streams and it makes it more attractive to use because it can be just another stream combinator that is easy to plug in.
| /// propagates errors from send and receive | ||
| pub async fn validate_replicated_shares<C, S>( | ||
| ctx: C, | ||
| input_left: &[S], |
There was a problem hiding this comment.
is there a reason why you're not taking Replicated<S> instead?
There was a problem hiding this comment.
Yes. This check is for the verification of the proofs. I will have 3 provers and 6 verifiers. The two verifiers for each prover need to perform a zero check. You could considers this a 2 party computation where we have 2 out of 2 non-replicated shares and they want to check whether the shares sum up to zero.
We could interpret the shares as replicated secret shares. One issue might be that the shares won't be consistent so if we add an automated consistency check for replicated shares, it would fail here.
There was a problem hiding this comment.
You're right that #936 is quite different. I am not sure whether we should try to make it compatible. In my use-case, we really don't need a stream since I only need to zero check log N many elements, i.e. the dzkp proof size. But the protocol does a very similar thing, i.e. hash the shares and send them over the network for a consistency check.
benjaminsavage
left a comment
benjaminsavage
left a comment
There was a problem hiding this comment.
Unless I am much mistaken, this is not a protocol to check if something "sums to zero" and it should be renamed as such.
| /// | ||
| /// We use a hash based approach that is secure in the random oracle model | ||
| /// further, only one of left and right helper check that it is zero | ||
| /// this is might not be sufficient in some applications to prevent malicious behavior |
There was a problem hiding this comment.
I don't understand where the typo is
There was a problem hiding this comment.
extra "is"
/// this might not be sufficient in some applications to prevent malicious behavior
benjaminsavage
left a comment
benjaminsavage
left a comment
There was a problem hiding this comment.
Looks good to me!
3 participants
Include Sum To Zero Check Protocol since it is needed for DZKP verification.
It was originally a part of #930
It can also be used to check the consistency between shares, i.e. as a base protocol for #936
I moved Hashing to Prss, since it is similar (basic cryptographic operation). The only difference is that it is not keyed.