I guess I'm the only one who follows other people's posts. I'm so ronery.
http://m.youtube.com/watch?v=UEaKX9YYHiQ
Topic: gmaxwell makes my brain hurt........ (Read 808 times)
I have found myself reading a lot of gmaxwell posts lately. His posts remind me of two hippies I saw arguing for hours about the difference between minimalizm and simple-izm years ago when I was stationed in Virginia while enlisted in the US Navy.
The problem is gmaxwell is a very smart guy and I'm nowhere near his knowledge level. I've found myself having to stay up several extra hours at night redeploying in education and trying to learn math and theory so I can somewhat understand some of his technical discussions.
Don't get me wrong, I'm not some crazy fanboy or something. I just can't stop researching some of the topics he goes deep into. Does anyone else have mods or other members that they like reading?
Here is a typical example of his posting:
"Yes, check out the recent paper on "Scalable Zero Knowledge via Cycles of Elliptic Curves": http://eprint.iacr.org/2014/595
Which is a pretty wild technique. Basically they managed (through an enormous amount of computation) to find a pair of pairing-compatible elliptic curves such that the number of points on one is the size of the finite field the other is defined over, and vice versa.
What this means is that in a ZKP written using curve A it's cheap to run the verifier for ZKP written in curve B. And for ZKP in curve B its cheap to verify proofs for curve A.
They take this structure and write proofs of the form "Verify a ZKP in the other curve of the machine state; Execute one more instruction on top of that state.". Then they alternate these constructions, allowing for completely linear scaling.
The downside is that this magical stunt requires they use curves where the ultimate verifier (not insider a proof but on a computer) is a far bit slower. It also only allows for 80 bit security (The size ratios make achieving 128 bit security much harder). It also only helps for problems that work by repeated application of a universal circuit, like running tinyram, rather than running a hard wired application specific circuit— which many applications will have preferred for performance." ~gmaxwell
The problem is gmaxwell is a very smart guy and I'm nowhere near his knowledge level. I've found myself having to stay up several extra hours at night redeploying in education and trying to learn math and theory so I can somewhat understand some of his technical discussions.
Don't get me wrong, I'm not some crazy fanboy or something. I just can't stop researching some of the topics he goes deep into. Does anyone else have mods or other members that they like reading?
Here is a typical example of his posting:
"Yes, check out the recent paper on "Scalable Zero Knowledge via Cycles of Elliptic Curves": http://eprint.iacr.org/2014/595
Which is a pretty wild technique. Basically they managed (through an enormous amount of computation) to find a pair of pairing-compatible elliptic curves such that the number of points on one is the size of the finite field the other is defined over, and vice versa.
What this means is that in a ZKP written using curve A it's cheap to run the verifier for ZKP written in curve B. And for ZKP in curve B its cheap to verify proofs for curve A.
They take this structure and write proofs of the form "Verify a ZKP in the other curve of the machine state; Execute one more instruction on top of that state.". Then they alternate these constructions, allowing for completely linear scaling.
The downside is that this magical stunt requires they use curves where the ultimate verifier (not insider a proof but on a computer) is a far bit slower. It also only allows for 80 bit security (The size ratios make achieving 128 bit security much harder). It also only helps for problems that work by repeated application of a universal circuit, like running tinyram, rather than running a hard wired application specific circuit— which many applications will have preferred for performance." ~gmaxwell
Jump to: