Questions

Wednesday, 24th Jan 2024

  1. For a given circuit C in Halo2, which columns vary over every proof & which of the columns stay the same for a set of inputs - (x,w) where x is the public input & w is the private witness
  2. What changes would you do to the Halo2 table to remove the zero knowledge property from the advice polynomials ?
  3. It is the year 2030, provers and sequencers have gone decentralized. You plot the Halo2 circuit matrix of a protocol & generate the witness polynomials, you notice that one of the values assigned to a cell hasn't made it to the polynomials. Is this protocol underconstrained ? If so, how can one generate malleable proofs ?
  4. List out the differences between PSE & ZCash's Halo2
  5. True or False : The Verifier & the Prover have access to the Fixed Columns

Answers

Deadline : 9 am UTC 25th Jan 2024

  1. In Halo2, there are three types of columns in total , i.e. Fixed columns , advice columns and instance columns . The advice columns and Instance columns would vary per proof , while Fixed columns would stay the same for a set of inputs.
  2. Remove Blinding factors from the last t rows leading to the loss of zero knowledge.
  3. Yes, it is under-constrained. When an assigned cell does not appear in the polynomial, it is called an unconstrained cell. This happens usually because the value in the cell was calculated as part of witness generation during synthesize but corresponding gate was not activated to enforce a constraint.

An attacker can generate a valid proof for any values in the unconstrained cell, and convinces the verifier to incorrectly believe that the prover knows the true witness value 4. Here are a few differences - Curves - Zcash: Pasta curves - PSE: BN254 - Proving Scheme - Zcash: IPA - PSE: KZG with optimization - Zero Knowledge - Zcash: Enabled and required by default for privacy - PSE: Optional. Prioritizes scalability more than privacy. Removing rows for blinding factors - PSE Fork also works on GPU, Memory optimizations, support for Poseidon hash, Verifier in Solidity etc 5. True