CryptoDB
WHIR: Reed–Solomon Proximity Testing with Super-Fast Verification
| Authors: |
|
|---|---|
| Download: | |
| Presentation: | Slides |
| Conference: | EUROCRYPT 2025 |
| Abstract: | We introduce WHIR, a new IOP of proximity that offers small query complexity and exceptionally fast verification time. The WHIR verifier typically runs in a few hundred microseconds, whereas other verifiers in the literature require several milliseconds (if not much more). This significantly improves the state of the art in verifier time for hash-based SNARGs (and beyond). Crucially, WHIR is an IOP of proximity for constrained Reed–Solomon codes, which can express a rich class of queries to multilinear polynomials and to univariate polynomials. In particular, WHIR serves as a direct replacement for protocols like FRI, STIR, BaseFold, and others. Leveraging the rich queries supported by WHIR and a new compiler for multilinear polynomial IOPs, we obtain a highly efficient SNARG for generalized R1CS. As a comparison point, our techniques also yield state-of-the-art constructions of hash-based (non-interactive) polynomial commitment schemes for both univariate and multivariate polynomials (since sumcheck queries naturally express polynomial evaluations). For example, if we use WHIR to construct a polynomial commitment scheme for degree 2^22, with 100 bits of security, then the time to commit and open is 1.2 seconds, the total communication has size 63 KiB, and the verification time is 360 microseconds. |
BibTeX
@inproceedings{eurocrypt-2025-35004,
title={WHIR: Reed–Solomon Proximity Testing with Super-Fast Verification},
publisher={Springer-Verlag},
author={Gal Arnon and Alessandro Chiesa and Giacomo Fenzi and Eylon Yogev},
year=2025
}