Skip to content

Commit 2eb1dae

Browse files
authored
[docs] Port the example that @ax0 told me months ago about a theorem-ish perspective on predicates, and updates the signature section adding a note (& references) on the current signature scheme. (#443)
* Port the example that @ax0 told me months ago about a theorem-ish perspective on predicates, and updates the signature section adding a note (& references) on the current signature scheme. * apply review corrections from @ed255 * update example with @artwyman IsComposite suggestion & transitive_eq example
1 parent 813a86c commit 2eb1dae

File tree

3 files changed

+63
-4
lines changed

3 files changed

+63
-4
lines changed

book/src/SUMMARY.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@
1414
- [Deductions](./deductions.md)
1515
- [Statements](./statements.md)
1616
- [Operations](./operations.md)
17-
- [Simple example](./simpleexample.md)
17+
- [Simple example](./simpleexample.md)
1818
- [Custom statements and custom operations](./custom.md)
1919
- [Defining custom predicates](./custompred.md)
2020
- [Custom statement example](./customexample.md)

book/src/signature.md

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,16 @@
11
# Signature
22

33

4-
Current signature scheme used is proof-based signatures using Plonky2 proofs, following [https://eprint.iacr.org/2024/1553](https://eprint.iacr.org/2024/1553) and [https://jdodinh.io/assets/files/m-thesis.pdf](https://jdodinh.io/assets/files/m-thesis.pdf). This comes from [Polygon Miden's RPO STARK-based](https://github.com/0xPolygonMiden/crypto/blob/d2a67396053fded90ec72690404c8c7728b98e4e/src/dsa/rpo_stark/signature/mod.rs#L129) signatures.
4+
For POD2 signatures, we use [Schnorr](https://en.wikipedia.org/wiki/Schnorr_signature) signature over the [EcGFp5 curve](https://eprint.iacr.org/2022/274).
55

6-
In future iterations we may replace it by other signature schemes (either elliptic curve based scheme on a Golilocks-prime friendly curve, or a lattice based scheme).
76

7+
## Older version
88

9+
The previously used signature scheme was proof-based signatures using Plonky2 proofs, following [https://eprint.iacr.org/2024/1553](https://eprint.iacr.org/2024/1553) and [https://jdodinh.io/assets/files/m-thesis.pdf](https://jdodinh.io/assets/files/m-thesis.pdf). This came from [Polygon Miden's RPO STARK-based](https://github.com/0xPolygonMiden/crypto/blob/d2a67396053fded90ec72690404c8c7728b98e4e/src/dsa/rpo_stark/signature/mod.rs#L129) signatures.
10+
11+
This was replaced by the elliptic curve Schnorr signature presented above, keeping the description here in case it were useful in the future.
12+
13+
The scheme was as follows:
914

1015
### generate_params()
1116
$pp$: plonky2 circuit prover params<br>
@@ -36,6 +41,6 @@ $pk \stackrel{!}{=} H(sk)$<br>
3641
$s \stackrel{!}{=} H(pk, m)$
3742

3843

39-
<br><br>
44+
<br>
4045

4146
[^1]: The [2024/1553 paper](https://eprint.iacr.org/2024/1553) uses $pk:=H(sk||0^4)$ to have as input (to the hash) 8 field elements, to be able to reuse the same instance of the RPO hash as the one they use later in the signature (where it hashes 8 field elements).

book/src/simpleexample.md

Lines changed: 54 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -145,3 +145,57 @@ eth_friend(?1, ?2, ?3, ?4) = and<
145145
Equal(?5["attestation"], ?3[?4])
146146
>
147147
```
148+
149+
## Another perspective
150+
When working with statements and operations, it might be useful to see them from another perspective:
151+
152+
- A *predicate* is a relation formula, which when filled with values becomes a
153+
*statement*.
154+
- A *statement* can be seen as the *constraints* of a traditional zk-circuit,
155+
which can be true or false.
156+
- An *operation* comprises the deduction rules, which are rules used to deduce
157+
new statements from previous statements or used to construct new statements
158+
from values.
159+
160+
$$
161+
predicate \cong circuit/relation~to~be~fulfilled\\
162+
statement \cong constraints~filled~with~the~witness\\
163+
operations \cong deduction~rules
164+
$$
165+
166+
167+
For example,
168+
- `Equal` for integers is a *predicate*
169+
- `st_1 = Equal(A, B)` is a *statement*
170+
- `st_2 = Equal(B, C)` is a *statement*
171+
- `st_3 = TransitiveEqualFromStatements(st_1, st_2)` is an *operation*, which yields the statement `st_3 = Equal(A, C)`
172+
173+
174+
175+
176+
<div style="display:flex;">
177+
<div style="padding:10px;max-width:50%; border-right:1px solid #ccc;">
178+
179+
So, for example, for the given predicate:
180+
181+
```
182+
IsComposite(n, private: a, b) = AND(
183+
ProductOf(n, a, b)
184+
GtFromEntries(a, 1)
185+
GtFromEntries(b, 1)
186+
)
187+
```
188+
189+
</div>
190+
<div style="padding:10px;max-width:45%;">
191+
192+
We can view it as:
193+
194+
The *statement* `IsComposite(n)` is `true` if and only if $\exists$ `n`, `a`, `b`
195+
such that the following statements hold:
196+
- $n = a \cdot b$
197+
- $a > 1$
198+
- $b > 1$
199+
200+
</div>
201+
</div>

0 commit comments

Comments
 (0)