Attach auth_length to AuthPath and SRS
#10
Comments
|
I'm not sure if i understand. The prover performance for a circuit is always worst-case. So by supporting smaller depth we just save some negligible computations outside the snark. Also the circuit, i guess, would grow 2x, by adding a conditional at each tree level. |
|
In that case, we should publish a series of SRSs for different sizes I suppose. I think the SRS and |
burdges
changed the title
AuthPathauth_length to AuthPath and SRS
|
That really depends on how we promote the SRS. If we still avoid many-participant MPC for the circuit-specific part of the setup, I would start with an SRS that supports the ring we need. For general use I would propose using the circuit with some circuit-agnostic (updatable-universal) setup, like Marlin. I will test it, after Zexe implementation of the circuit is ready. |
|
We're only talking about groth16 here :) Anything like marlin waits for another day. At this point |
|
I think I am wrong that circuit size would duplicate. It depends on the implementation. Anyway I don't see how it could be useful. |
At present, our circuit needs its
auth_pathto be lengthauth_depth, which I suppose avoids adding logical constraints that permit stopping early. How bad would such constraints be? Should we just publish a series of SRSs for different sizes? How deep does zcash's SRS support?If otoh we keep the full length
AuthPath, then we should reevaluate everywhere we passParamsbecause theAuthPath's length determines this too. We should of course ensure our main JubJub generator does not overlap with any generators used by Pedersen hashes if we select our SRS based on theAuthPath's length. lolThe text was updated successfully, but these errors were encountered: