homehttps://the.dev/Recent content on homeHugo -- gohugo.ioenSat, 07 Aug 2021 00:00:00 +0000Note : Difference Between a Trapdoor and a Backdoorhttps://the.dev/posts/notes/trapdoor-vs-backdoor/Sat, 07 Aug 2021 00:00:00 +0000https://the.dev/posts/notes/trapdoor-vs-backdoor/Analogy Trapdoor Imagine that you walk up to a house, and you knock on the door. The door opens up, but then the floor under your feet opens up and you are dropped into a deep pit. This is what we call a trapdoor. It was very easy for you to fall all the way down into darkness, but climbing back up is a difficult task. The only way to enter the house is to climb up!(Take 2) - Using the Inner Product Argument as a Polynomial Commitment Schemehttps://the.dev/posts/ethereum/ipa_multi_point/Sat, 03 Jul 2021 00:00:00 +0000https://the.dev/posts/ethereum/ipa_multi_point/Introduction This document explains how to open multiple polynomials at multiple different points. Ultimately, we use one IPA proof, 1 commitment and 1 scalar. This is the batched setting.
The scheme is based off of the KZG version here
Statement Given $m$ IPA commitments $C_0 = [f_0(X)] … C_{m-1} = [f_{m-1}(X)]$, prove evaluations:
$$f_0(z_0) = y_0$$ $$ \vdots $$ $$f_{m-1}(z_{m-1}) = y_{m-1} $$
where $z_i \in {0,…,d-1}$
Proof Let $r \leftarrow H(C_0,…C_{m-1}, z_0, …, z_{m-1}, y_0, …, y_{m-1})$ $$ g(X) = r^0 \frac{f_0(X) - y_0}{X-z_0} + r^1 \frac{f_1(X) - y_1}{X-z_1} + \ldots +r^{m-1} \frac{f_{m-1}(X) - y_{m-1}}{X-z_{m-1}} $$(Take 1) - Using the Inner Product Argument as a Polynomial Commitment Schemehttps://the.dev/posts/ethereum/ipa_inefficient/Fri, 02 Jul 2021 00:00:00 +0000https://the.dev/posts/ethereum/ipa_inefficient/Preamble This was the first scheme that I derived, unfortunately it scales linearly. Skip to the next post to see the actual scheme used.
Problem Given $m$ IPA commitments $C_0 = [f_0(X)] … C_{m-1} = [f_{m-1}(X)]$, prove evaluations:
$$ f_0(z_0) = y_0 \\vdots \f_{m-1}(z_{m-1}) = y_{m-1} $$
where $z_i \in {0,…,d-1}$
Unless we change from Bls12-381 to Bls12-377 or use the pasta curves, the embedded curve does not have a high 2-adicity ($2^7$), so we must use indices 0 to d-1 instead of the roots of unity.Dividing In Lagrange basis when one of the points is zero - Generalisedhttps://the.dev/posts/ethereum/barycentric_eval/Thu, 01 Jul 2021 00:00:00 +0000https://the.dev/posts/ethereum/barycentric_eval/Problem We have $\frac{f(X)}{g(X)} = \frac{f(X)}{X - x_m} = \sum_{i=0}^{d-1} {f_i\frac{\mathcal{L_i(X)}}{X - x_m}}$
Since $x_m$ is in the domain, we cannot compute this in evaluation form straightforwardly. This document derives te first form of the barycentric interpolation formula and we use that to allow us to perform the above computation.
Lagrange polynomial We briefly restate the formula for a lagrange polynomial:
$$ \mathcal{L_i}(X) = \prod_{j \neq i, j = 0}\frac{X -x_j}{x_i - x_j} $$ENT - Algebraic Numbers And Minimal Polynomialhttps://the.dev/posts/number_theory/elementary/algebraic_number_ints/Tue, 16 Feb 2021 00:00:00 +0000https://the.dev/posts/number_theory/elementary/algebraic_number_ints/Introduction This document goes over the basic definitions that are needed to understand algebraic numbers and the minimal polynomial.
Algebraic numbers are a good stepping stone understanding units in $Z[\sqrt{d}]$ to which you can use Pelle’s equation!
Algebraic Number Example $x^2 + 4x + 4 = (x+2)(x+2)$ Observe; x = -2 is a root of the polynomial.
$x^2 + 1 = (x-i)(x+i)$ Observe; x = i or -i are roots of the polynomial.ENT - Brief Refresher to Field Extensionshttps://the.dev/posts/number_theory/elementary/field_ext_intro/Tue, 09 Feb 2021 00:00:00 +0000https://the.dev/posts/number_theory/elementary/field_ext_intro/Introduction This is a very brief refresher of Field extensions. We assume basic knowledge of fields.
Field Extensions Given the field of integers $\mathbb{Z} = \{…, -3, -2,-1, 0, 1 ,2,3,4,…\}$ , lets say I want to make this field larger by adding an extra element $\sqrt{2}$ to this field.
$K$ = $\{…, -3, -2,-1, 0, {\bf\sqrt{2}},1 ,2,3,4,…\}$
We would no longer have a field, because we no longer have closure under addition or multiplication; If I take 2 elements $\sqrt{2}$ and $5$ from $K$.ENT - Multiplicative Inverse, Fermat's Little Theorem, Bezout's algorithmhttps://the.dev/posts/number_theory/elementary/units_in_zq/multiplicative_inverse/Tue, 02 Feb 2021 00:00:00 +0000https://the.dev/posts/number_theory/elementary/units_in_zq/multiplicative_inverse/4 - Multiplicative Inverse We have just gone over Multiplicative inverse, we now check how Bezouts identity and Fermats Little Theorem can help us. This marks the end of our quest for the multiplicative inverse!
Fermat’s Little Theorem Motivation When finding the multiplicative inverse of a mod q , we need to first check if a is coprime to q.
For a prime number p, all positive numbers less than p is co-prime to p.ENT - Residue Classes and Modulushttps://the.dev/posts/number_theory/elementary/units_in_zq/residue_classes/Tue, 26 Jan 2021 00:00:00 +0000https://the.dev/posts/number_theory/elementary/units_in_zq/residue_classes/Introduction This document introduces the basics of residue classes and the modulus. Residue classes are sometimes referred to as congruence classes or equivalence classes. A residue class is a specific example of an equivalence class.
Division Algorithm The division algorithm states that $\forall a, b \in \mathbb{Z}$ where $b > 0$ $\exists$ unique $q,r \in \mathbb{Z}$ such that $a = bq + r$ and $0\leq r < b$
The important part we will focus on is $0\leq r < b$ .ENT - Euclidean Algorithmhttps://the.dev/posts/number_theory/elementary/units_in_zq/euclidean_algorithm/Tue, 19 Jan 2021 00:00:00 +0000https://the.dev/posts/number_theory/elementary/units_in_zq/euclidean_algorithm/Introduction We will go over the Euclidean Algorithm in this document. The Euclidean algorithm is an algorithm for finding the greatest common divisor.
Algorithm Goal: We want to find the Greatest Common Divisor(GCD) of $a$ and $b$.
First remember that due to the division algorithm, we can write $a$ and $b$ in the following form: $a = b \times q_0 + r_0$.
This is the first step of the division algorithm.ENT - Divisor, Division and Primeshttps://the.dev/posts/number_theory/elementary/units_in_zq/divisors_division_prime/Tue, 12 Jan 2021 00:00:00 +0000https://the.dev/posts/number_theory/elementary/units_in_zq/divisors_division_prime/Objectives This document will explore three topics: divisors, the division algorithm and prime numbers.
Divisors Lets start by factoring a few integers and making some simple examples.
Examples $20 = 10 \times 2$ Observe: We say that 10 and 2 are factors of 20
$30 = 6 \times 5$ Observe: We say that 6 and 5 are factors of 30
$40 = 8 \times 5$ Observe: We say that 8 and 5 are factors of 40Elementary Number Theory(ENT) - Unitshttps://the.dev/posts/number_theory/elementary/units/Tue, 05 Jan 2021 00:00:00 +0000https://the.dev/posts/number_theory/elementary/units/Observation Lets look at the following examples with rational numbers
$5 * (\frac{1}{5}) = 1$ We say element 5 $\in \mathbb{Q}$ has a multiplicative inverse. Note that $(\frac{1}{5})\in \mathbb{Q}$. Additionally, note that the multiplicative inverse of five is one fifth, and the multiplicative inverse of one fifth is five.
$4 * (\frac{1}{4}) = 1$ We say element $(\frac{1}{4}) \in \mathbb{Q}$ has a multiplicative inverse. Note that $4 \in \mathbb{Q}$Yao's Garbled Circuits - AND Gatehttps://the.dev/posts/cryptography/mpc/yao_and_gate/Sun, 03 Jan 2021 00:00:00 +0000https://the.dev/posts/cryptography/mpc/yao_and_gate/Introduction This is the most in-efficient version of Yao, it does not use point and permute. The oblivious transfer protocol explained is also in-efficient by Nigel Smart.
Problem - Tinder Alice and Bob are deciding whether they should go on a date. However, they do not want to be publicly rejected.
If Alice says no, she should not find out if Bob said no and vice versa. If Alice says yes, however she will find out if Bob says no.Arithmetic Circuit - Comparing Integershttps://the.dev/posts/cryptography/circuit_design/integers_in_circ/Sun, 27 Dec 2020 00:00:00 +0000https://the.dev/posts/cryptography/circuit_design/integers_in_circ/Introduction This document will go over why comparing integers in an arithmetic circuit is not simply $a < b$ .
TLDR In order to compare two elements $a$ and $b$, there needs to be a notion of ordering. Finite fields/fields with prime characteristic are un-ordered. So we interpret elements as bit-width integers before comparing, which explicitly specifies a range that the bit representation of the field element must fall into.Rust : Nested For Loops In Rusthttps://the.dev/posts/rust/nested-loop/Sun, 20 Dec 2020 00:00:00 +0000https://the.dev/posts/rust/nested-loop/Trying to use a nested for loop, works perfectly in most other languages, however in Rust, it is not as straightforward due to the borrow checker.
Problem let vec_a = vec![1,2,3,4]; let vec_b = vec![5,6,7,8]; for a in vec_a { for b in vec_b { } } Discussion The following code will not compile. The problem is that Vectors are not Copyable, so if we can only move it once.Adding Randomisation To Complexity Classeshttps://the.dev/posts/complexity/intro-to-randomisation/Sat, 05 Dec 2020 00:00:00 +0000https://the.dev/posts/complexity/intro-to-randomisation/This is an introduction and is used a forest view.
Effect of Randomisation Let’s discuss the superficial effects of adding randomisation to an algorithm.
If I am tasked with verifying a problem, and randomness is used, there is a chance that the problem is verified to be true only due to the randomness.
An example. Suppose we want to find out whether a number is prime, and instead of deterministically checking, we use randomness to help.Complexity Class - RPhttps://the.dev/posts/complexity/complexity-rp/Sat, 05 Dec 2020 00:00:00 +0000https://the.dev/posts/complexity/complexity-rp/## What Is an Error?
In the previous post, we discussed the fact that when we add randomisation, there is a chance that the algorithm outputs true, when it should have outputted false and vice versa.
This is an error. It may be the case that the Turing Machine only gives an error in the acceptance case and in the rejection case, it is always certain.
One Sided Error Example An example of a one sided error is determining whether a number is prime.Knowledge in Complexity Theory - High Levelhttps://the.dev/posts/complexity/complexity-knowledge/Tue, 01 Dec 2020 00:00:00 +0000https://the.dev/posts/complexity/complexity-knowledge/What Is Knowledge? Complexity Theory manages to answer this question without going into the philosophical entanglement, that one usually gets into when they try to answer this question.
Simply put; Knowledge is anything you could not have computed yourself.
This is actually not that simple and has a hidden gotcha.
Knowledge Vs Information This is the gotcha. Lets use an analogy to figure this out.
In university/college, the first few lessons are usually a warm-up session.Randomness in Complexity Theory - High Levelhttps://the.dev/posts/complexity/complexity-randomness/Tue, 01 Dec 2020 00:00:00 +0000https://the.dev/posts/complexity/complexity-randomness/Deterministic Randomness ? True randomness is very hard to find and verify. In complexity theory, we can have a notion of randomness even if the universe is deterministic. I’ll explain with an analogy.
Bob the Alien Bob is an Alien who has decided to spend two years on earth. He wants to learn about how the earthlings live and how their lives differ from his. In Bob’s world, it is always freezing cold.Basic Architecture of an ECC libraryhttps://the.dev/posts/cryptography/ecc/Sat, 28 Nov 2020 00:00:00 +0000https://the.dev/posts/cryptography/ecc/This post will be short, as I do not go into any fruitful detail. I use this to take a view of the forest, so that we do not get lost in the trees.
Layer 1 The first layer of an elliptic curve library is the Finite Field. This layer is solely designed to perform arithmetic modulo some prime p. $F_p$
Layer 2 This second layer is the Elliptic Curve Layer.Motivation - Primer on Complexityhttps://the.dev/posts/complexity/complexity/Sat, 28 Nov 2020 00:00:00 +0000https://the.dev/posts/complexity/complexity/Motivation We start our exploration with the following question: Is a race car more efficient than a truck?
Answer: It depends.
There is no straight-forward answer to this question and it depends on what resource we are using to compare the two with.
For example: If we are comparing the time it takes to go from a point A to a point B. One would definitely argue that a race car is more efficient.Basics of Computability - Cleaning Up Terminology - C4https://the.dev/posts/computability/intro-to-computability-4/Sun, 15 Nov 2020 00:00:00 +0000https://the.dev/posts/computability/intro-to-computability-4/So far it has been quite easy to get lost in the forest looking for the trees. So this short chapter will bring full circle a few topics already discovered and their relation to Turing Machines.
Turing machines and Algorithms A Turing machine implements an algorithm. Using the Church-Turing thesis, we can define an algorithm in terms of Turing machines.
Moreover, we can define an algorithm in terms of a Turing Machine.Basics of Computability - Describing A Turing Machine - C2https://the.dev/posts/computability/intro-to-computability-2/Sun, 15 Nov 2020 00:00:00 +0000https://the.dev/posts/computability/intro-to-computability-2/Now that we have gone over the purpose of a Turing Machine, it’s time to describe what it is.
Human Computers To understand the historical context behind the way Turing machines are designed, we first note that historically:
A computer was once defined as a person who does calculations.
Now imagine you are asked to add two numbers together: 10+20. This is a computational task, lets use this example to discover what we may need in order to define a Turing Machine.Basics of Computability - Formal Definition of a Turing Machine - C3https://the.dev/posts/computability/intro-to-computability-3/Sun, 15 Nov 2020 00:00:00 +0000https://the.dev/posts/computability/intro-to-computability-3/Turing Machines - Formal definition A Turing machine $M$ is a sextuple ($\mathcal{Q},{q_0},F,\Sigma,\Gamma,\delta)$
$\mathcal{Q}$ is the finite set of all states.
${q_0}$ is the initial state. ${q_0} \in \mathcal{Q} $
$F$ are the final states. This is the collection of halt/accept states and halt/reject states ${F} \in \mathcal{Q}$
$\Gamma$ is the input alphabet. We denote the blank symbol as $\wedge$ and require that $\wedge \notin \Gamma$Basics of Computability - Purpose of A Turing Machine - C1https://the.dev/posts/computability/intro-to-computability-1/Sun, 15 Nov 2020 00:00:00 +0000https://the.dev/posts/computability/intro-to-computability-1/Introduction In order to build up to topics, such as zero knowledge we must first cover the foundations. We will cover enough of it to understand how modern cryptography works.
Motivation We want to capture the notion of what it means for a problem to be computable or solvable.
We first note that any problem that is solvable, must have an algorithm to solve it.
But what exactly is an algorithm?Primer On Computabilityhttps://the.dev/posts/computability/primer-on-computability/Sun, 08 Nov 2020 00:00:00 +0000https://the.dev/posts/computability/primer-on-computability/We do assume basic knowledge of set theory
Given two sets A and B. What does AxB mean? read : A cross B
What does A* mean? read : A Kleene Star
Foundations In this post, we discuss the notion of an alphabet and a language.
What is an Alphabet? English Alphabet First lets go over the natural notion of an alphabet. So what do we know about the English alphabet?Designing a programming language - Philosophicallyhttps://the.dev/posts/compiler/designing-a-programming-language/Sun, 01 Nov 2020 00:00:00 +0000https://the.dev/posts/compiler/designing-a-programming-language/While designing a programming language, I came to the realisation that it should be addressed from not only a technical perspective, but also a philosophical perspective. At a high level, you are specifying how and what ideas can be expressed, moreover you are specifying what ideas cannot be expressed.
What happens when we give the user too many words to express their ideas? Yes, it will make the language feature rich, but will the user use them.Note : How RangeProofs Work In Barretenberg(Aztec)https://the.dev/posts/notes/plonk-aztec-range-proof/Sat, 01 Feb 2020 00:00:00 +0000https://the.dev/posts/notes/plonk-aztec-range-proof/This has been copied from a hackmd post I made before this site was active.
Document structure This document is split into five sections:
Preliminaries: This is background knowledge that will be helpful in understanding the rangeproof protocol.
PLONK Programs: This is the abstraction over PLONK that allows us to think of PLONK circuits as Programs where each row is a gate, and the row that the program is currently at is the state.About Mehttps://the.dev/about/Mon, 01 Jan 0001 00:00:00 +0000https://the.dev/about/Hi, my name is Kev. I am an independent software developer.
The blog is a continuous stream of thought at the moment. It is currently being used as a glorified scratchpad.
Interest Computational Complexity Computability Applied Cryptography Algebraic number theory Linear algebra Compilers (Applied) Dormant Skills Swift mobile development Amazon web services Blockchain full node and wallet developmentContacthttps://the.dev/contact/Mon, 01 Jan 0001 00:00:00 +0000https://the.dev/contact/Check out the homepage on how to contact me. Email or telegram would be the best forms of contact.
Email : kev at the dot devFirst snippethttps://the.dev/snippets/first/Mon, 01 Jan 0001 00:00:00 +0000https://the.dev/snippets/first/This content is in snippets/first/index.md
pwdProjectshttps://the.dev/projects/Mon, 01 Jan 0001 00:00:00 +0000https://the.dev/projects/Implementations These are implementations which I have authored. This list is not exhaustive.
Plookup Short description : A protocol for table lookups.
Paper : https://eprint.iacr.org/2020/315.pdf
Implementation : https://github.com/kevaundray/plookup
Discussion : Comments, corrections and suggestions were sent to the authors regarding the security proof.
Qesa Short description : A zero knowledge protocol using the DLOG which allows for efficient quadratic constraints.
Paper : https://eprint.iacr.org/2019/944.pdf
Implementation : https://github.com/crate-crypto/qesa
Discussion : Comments, corrections and suggestions were sent to the authors regarding the prover runtime.Second snippethttps://the.dev/snippets/second/Mon, 01 Jan 0001 00:00:00 +0000https://the.dev/snippets/second/This content is in snippets/second/index.md
ls -la