-
Notifications
You must be signed in to change notification settings - Fork 167
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[crypto] Verkle tree commitments #38
Comments
I'd expect IPA-based Verkle trees to have worse proving times and larger proof size than KZG10-based ones. The only benefit is avoiding a trusted setup. To achieve faster proving while still compressing proof sizes, you could also consider a hybrid of Merkle and Verkle trees. |
I'm working on this, there will soon be updates re KZG10 PolyCommitment trees with a reusable minimal trusted setup CRS consisting of 1024-8192 powers of tau elements. That will allow browser and mobile participation to the trusted setup and then it could be used elsewhere too (not only as a Winterfell mode). |
Currently, the only commitment scheme supported by Winterfell is Merkle trees. We should investigate adding an additional commitment scheme: Verkle tree.
By using Verkle trees we could reduce proof sizes significantly (by like a factor of 6x - 8x) while giving up only post-quantum security. The big question is how would it affect proof generation time (e.g. how long it would take to construct a Verkle tree with 1M nodes?). Also, for performance and other reasons, we should probably use IPA-based Verkle trees (as opposed to KZG-based ones).
If the performance is acceptable, we should add Verkle tree commitments as one of dynamically configurable parameters - e.g.
commitment_scheme
with the type looking something like this:Some references on Verkle trees:
The text was updated successfully, but these errors were encountered: