CryptoDB
HyperPlonk: Plonk with Linear-Time Prover and High-Degree Custom Gates
| Authors: |
|
|---|---|
| Download: |
|
| Presentation: | Slides |
| Conference: | EUROCRYPT 2023 |
| Abstract: | Plonk is a widely used succinct non-interactive proof system that uses univariate polynomial commitments. Plonk is quite flexible: it supports circuits with low-degree ``custom'' gates as well as circuits with lookup gates (a lookup gates ensures that its input is contained in a predefined table). For large circuits, the bottleneck in generating a Plonk proof is the need for computing a large FFT. We present HyperPlonk, an adaptation of Plonk to the boolean hypercube, using multilinear polynomial commitments. HyperPlonk retains the flexibility of Plonk, but provides a number of additional benefits. First, it avoids the need for an FFT during proof generation. Second, and more importantly, it supports custom gates of much higher degree than Plonk, without harming the running time of the prover. Both of these can dramatically speed-up the prover's running time. Since HyperPlonk relies on multilinear polynomial commitments, we revisit two elegant constructions: one from Orion and one from Virgo. We show how to reduce the Orion opening proof size to less than 10kb (an almost factor 1000 improvement), and show how to make the Virgo FRI-based opening proof simpler and shorter. |
BibTeX
@inproceedings{eurocrypt-2023-32920,
title={HyperPlonk: Plonk with Linear-Time Prover and High-Degree Custom Gates},
publisher={Springer-Verlag},
doi={10.1007/978-3-031-30617-4_17},
author={Binyi Chen and Benedikt Bünz and Dan Boneh and Zhenfei Zhang},
year=2023
}