Daily Digest 每日摘要 View All 查看全部

May 2026 2026 年五月

Fri

2026-05-29

Georg Fuchsbauer Multi-signatures

Fuchsbauer et al. proposed doubly aggregatable signatures in their paper, enabling efficient two-layer aggregation with SNARKs for bitmap predicates, applied to incentivizing vote dissemination in consensus. Fuchsbauer等人在论文中提出双重聚合签名原语，允许两层签名者高效聚合，并利用SNARKs实现位图谓词验证，应用于共识协议中的激励投票传播。

Key Points: 要点：

• Introduced doubly aggregatable signatures: layer-0 signatures aggregated into layer-1 attestations, then aggregated into a succinct certificate. 提出双重聚合签名：第一层签名聚合成第二层证明，最后合并为简洁证书
• Security model covers unforgeability and equivocation resistance. 安全模型涵盖不可伪造性和抗模棱两可攻击（即防止对未观察到的签名作证）
• Two constructions: one with linear-size public keys & efficient verification (2 pairings), another with constant-size keys but linear pairings. 方案一：线性大小公钥，验证仅需群加法和两次配对；方案二：常数大小公钥，但验证需线性配对
• Based on RMSS, enabling algebraic verification and SNARK-friendly predicates on bitmaps. 基于随机模子集和（RMSS），实现纯代数验证，便于SNARK证明位图上的简洁谓词
• Key application: incentivizing timely all-to-all vote dissemination in consensus protocols. 主要应用：激励共识协议中及时的全对全投票传播，确保验证者快速收到所有投票
• Prototype implementation demonstrates concrete efficiency. 通过原型实现验证了方案的具体效率

Tue

2026-05-26

Resettable Non-Interactive Zero-Knowledge: Attacks and Defenses Paper

Behzad Abdolmaleki Fiat-Shamir NIZK

Abdolmaleki et al. present the first systematic study of resettable security for NIZKs in their paper, formalizing strong resettable ZK, demonstrating attacks on Fiat-Shamir PIOP SNARKs, and proposing a PRF-based generic compiler defense. Abdolmaleki等人在论文中首次系统研究了NIZK的可重置安全性，形式化了强可重置零知识定义，展示了对Fiat-Shamir编译的PIOP SNARKs等攻击，并提出基于PRF的通用编译器防御方案。

Key Points: 要点：

• First systematic study of resettable security for NIZK 首次针对NIZK进行可重置安全性系统研究
• Formalized strong resettable ZK (srZK) covering partial randomness reset attacks 形式化强可重置零知识(srZK)，能捕捉部分随机数重置等实际攻击
• Demonstrated attacks on Fiat-Shamir compiled Σ-protocols, PIOP SNARKs like PlonK 展示对Fiat-Shamir编译的Σ协议、PIOP SNARKs（如PlonK）等的重置攻击
• Proposed generic compiler: derive all randomness via PRF from pp, statement, witness, and secret seed 提出通用编译器：使用PRF从公共参数、陈述、证据和种子派生所有随机数
• Defense has negligible overhead and proof size unchanged 防御开销极小，不增加证明大小
• Practical relevance: prevents randomness manipulation via side-channel/fault injection 实际应用：防止侧信道/故障注入导致证明者随机性被操纵

Mon

2026-05-25

zkExp: Zero-Knowledge Succinct Exponentiation Proofs Paper

Biniyam Deressa KZG Sumcheck FFT

Deressa et al. propose the first ZK proof system achieving asymptotically optimal batched exponentiation proofs with innovations including trace-based square-and-multiply encoding, lazy sumcheck, etc. Constant verification (3.5ms), proof size 160-256B, memory <1.1MB, suitable for zkRollups, anonymous credentials. Deressa等人在中提出首个实现渐进最优批量幂次证明的ZK系统，创新包括基于轨迹的平方乘编码、惰性sumcheck等。验证恒定时间3.5ms，证明大小160-256B，内存低于1.1MB，适用于zkRollup、匿名凭证等场景。

Key Points: 要点：

• First to achieve asymptotically optimal batched exponentiation proofs: prover time O(λN/log N), constant verification. 首次实现批量指数证明的渐近最优效率：证明者时间O(λN/log N)，验证恒定时间。
• Four innovations: trace-based square-and-multiply, lazy sumcheck, hybrid FFT, sliding-window batching. 四项创新：基于轨迹的平方乘编码、惰性sumcheck、混合FFT分解、滑动窗口批处理。
• Constant proof size 160-256B independent of parameter sizes. 证明大小恒定160-256B，与参数规模无关。
• Verification time 3.5ms, memory <1.1MB, 500K gas for 1000 exponentiations on Ethereum. 验证时间3.5ms，内存低于1.1MB，以太坊验证1000次指数需500K gas。
• Sound under GDHE assumption, computational ZK in random oracle model. 基于GDHE假设，在随机预言机模型下达到计算零知识。
• Applications: zkRollups, anonymous credentials, on-chain threshold cryptography. 应用场景：zkRollup、匿名凭证、链上门限密码学。

Sun

2026-05-24

Quantum and Post-Quantum Blockchain: A Systematic Survey Paper

Ruwanga Konara Quantum Blockchain

Konara et al. systematically reviewed quantum and post-quantum blockchains, analyzing the integration of post-quantum cryptography and the state of quantum blockchains in their paper. Konara等人在论文中系统综述了量子与后量子区块链，分析了后量子密码集成与量子区块链的研究现状。

Key Points: 要点：

• Quantum computing poses a fundamental threat to blockchain’s classical cryptography. 量子计算对区块链底层密码学构成根本威胁
• Extensive research integrates post-quantum cryptosystems into blockchain for quantum resistance. 学术研究广泛探索将后量子密码系统融入区块链以实现抗量子性
• Various post-quantum blockchain solutions exist, but standardization and practicality are evolving. 已有多种后量子区块链方案，但标准化和实用性仍在发展
• Quantum blockchains leverage quantum technologies for forward compatibility with the quantum internet. 量子区块链利用量子技术实现量子安全，为未来量子互联网做准备
• This survey comprehensively reviews both post-quantum and quantum blockchain research. 本综述全面梳理了后量子区块链与量子区块链两个方向的研究进展

Sat

2026-05-23

Super-intelligence Survival Guide: Verification via Proof-Carrying Output Paper

Hillel Avni Proof-Carrying Output

Avni et al. introduced the Proof-Carrying Output (PCO) framework in , combining formal proofs, timestamps, and append-only ledgers to provide verifiable and auditable AI outputs. Avni等人在论文中提出Proof-Carrying Output（PCO）框架，通过机器可验证证明、时间戳与追加式账本，为AI输出建立不可抵赖与可审计的合规验证机制。

Key Points: 要点：

• Introduces PCO for machine-verifiable AI outputs. 论文提出PCO框架，要求AI输出附带机器可验证证明
• Uses cryptographic commitments and append-only ledgers for accountability. 系统通过加密承诺与追加式账本实现AI行为不可抵赖
• Provides binding, hiding, temporal ordering, and audit correctness. 核心安全属性包括绑定性、隐藏性、时间顺序与审计正确性
• Builds on Rocq (Coq), LTL, and STL formal verification tools. 采用Rocq（Coq）与LTL/STL等形式化工具验证输出合规性
• Demonstrates tax, autonomous driving, and recommendation case studies. 展示了税务计算、自动驾驶与推荐透明度三个案例实现
• Input authenticity and specification correctness are out of scope. 论文强调输入真实性与规范正确性不在PCO安全范围内

Thu

2026-05-21

Miraidon: MinRank Identification Paper

Ryann Cartor Linkable Ring Signature

Cartor et al. proposed a MinRank-based post-quantum signature family in , introducing a new ZK proof system supporting digital signatures, ring signatures, and the first linkable ring signature based on MinRank. Cartor等人在论文中提出了一类基于MinRank问题的后量子签名方案，结合新型ZK证明系统，实现了更优健壮性的数字签名、环签名及首个基于MinRank的可链接环签名。

Key Points: 要点：

• Introduces a MinRank-based identification and signature framework. 论文提出新型基于MinRank问题的身份识别与签名框架
• Builds on a novel ZK proof system with improved soundness. 核心构造结合了新的ZK证明系统以提升健壮性参数
• Supports digital signatures, ring signatures, and linkable ring signatures. 支持数字签名、环签名与可链接环签名等高级原语
• First linkable ring signature construction based on MinRank. Miraidon-LRS是首个基于MinRank的可链接环签名方案
• Provides competitive key and signature sizes versus lattice/code-based schemes. 方案在公钥与签名尺寸上对比格基和码基方案具有竞争力
• Security relies on the hardness of the MinRank problem for PQ settings. 安全性依赖MinRank困难性，目标面向后量子密码场景

Tue

2026-05-19

Attribute-Based Threshold Issuance Anonymous Counting Tokens and Its Application to Sybil-Resistant Self-Sovereign Identity Paper

Behzad Abdolmaleki Unlinkability

Abdolmaleki et al. propose tACT, a publicly verifiable threshold anonymous counting token in a distributed-trust setting, and use it to build a Sybil-resistant SSI system with threshold issuance, unlinkable multi-show selective disclosure, improving over CanDID. Abdolmaleki等人提出tACT，一种在分布式信任环境下的可公开验证阈值匿名计数代币，并用于构建抗女巫攻击的自主主权身份系统，支持阈值发行、不可链接多显示选择性披露等特性，相比CanDID提升了效率并减少交互轮数。

Key Points: 要点：

• tACT is the first publicly verifiable threshold anonymous counting token in a distributed-trust setting. tACT首次在分布式信任环境中实现可公开验证的阈值匿名计数代币
• The proposed SSI system features non-interactive, non-transferable credentials with minimal user-issuer interaction. 提出的SSI系统支持非交互式、不可转移的凭证，减少用户与发行方交互
• Formalizes strong unlinkability security model, ensuring privacy even under issuer-verifier collusion. 形式化强不可链接性安全模型，证明即使发行者与验证者勾结也能保护隐私
• Benchmark results show improved efficiency over CanDID while supporting more issuers. 基准测试显示效率优于CanDID，且支持更多发行者
• Techniques involve bilinear maps, zero-knowledge proofs, and threshold cryptography. 技术结合了双线性映射、零知识证明和阈值密码学

Mon

2026-05-18

Device Binding for Anonymous Credentials on Legacy Phones Paper

Anja Lehmann Anonymous Credentials

Lehmann et al. propose three constructions for device binding of anonymous credentials on legacy phones, using standard ECDSA signatures for proof-of-possession, bridging pairing-friendly curves with P256. Lehmann等人在论文中提出了三种将匿名凭证绑定到传统手机硬件的方法，通过标准ECDSA签名实现证明，解决了配对友好曲线与P256兼容性问题。

Key Points: 要点：

• Anonymous credentials lack device binding, risking credential cloning. 匿名凭证虽保护隐私但缺乏设备绑定，易被克隆或分享
• Existing efficient binding uses pairing-friendly curves, incompatible with legacy phone P256 hardware. 现有高效设备绑定方案依赖配对友好曲线，与旧手机P256硬件不兼容
• Three constructions bridge P256 to pairing curves with different trade-offs. 本文提出三种方案桥接P256与配对曲线，性能各异
• Fastest: ~1.5KB proof, <500ms, using simple arithmetic circuit. 最快方案证明大小约1.5KB，耗时<500ms，依赖简单算术电路
• Circuit-free: ~500ms but ~175KB proof. 无电路方案同样约500ms但证明大小175KB
• Designed with reductions of knowledge framework for modular security analysis. 采用知识归约框架设计，便于模块化安全分析和实现

Sat

2026-05-16

Jagged Polynomial Commitments (or: How to Stack Multilinears) Paper

Tamir Hemo PCS zkVM

The Succinct team (Hemo et al.) introduced a Jagged PCS that commits the entire computation trace as a single polynomial while enabling per-column evaluation proofs, drastically reducing zkVM recursion overhead. It requires only 5 finite field multiplications per element with no additional oracles. Succinct团队（Hemo等人）在论文中提出了一种新型的Jagged PCS，允许将整个计算迹作为一个多项式承诺，同时支持对单个列进行求值证明，极大降低了zkVM递归验证开销。该方案仅需5个有限域乘法/元素，无需额外预言机。

Key Points: 要点：

• Jagged PCS is designed for polynomial commitments with columns of varying heights in zkVM. Jagged PCS 专为 zkVM 中不同高度列的多项式承诺设计
• No extra oracles required compared to general sparse PCS; prover cost is 5 field multiplications per element. 相比通用稀疏 PCS，无需额外预言机，证明者成本仅 5 次域乘法/元素
• Verifier circuit depends only on total trace area, avoiding combinatorial explosion in zkVM recursion. 验证者电路仅依赖总迹面积，避免 zkVM 递归中的“组合爆炸”
• Commits entire trace as a single polynomial while allowing per-column queries. 支持将整个计算迹作为单一多项式承诺，同时允许按列访问
• Highly performant, especially for hash-based SNARKs. 实际性能优异，特别适用于哈希基 SNARK 系统

Thu

2026-05-14

Privacy-Preserving Aggregate-Signatures: Generic Constructions and Practical Instantiations Paper

Xiaoyang Wei BLS unforgeability

Wei et al. propose aggregate signatures with verifiable key aggregation (ASvKA) and privacy, a generic transformation from multi-signatures, and two instantiations: PP-SpeedyASvKA and PP-BAS. Wei等人提出了带可验证密钥聚合的隐私保护聚合签名ASvKA，给出从多重签名到聚合签名的通用转化，并实例化出两种高效方案PP-SpeedyASvKA和PP-BAS，支持签名压缩与隐私保护。

Key Points: 要点：

• First formal definition of ASvKA with privacy and verifiable key aggregation 首次形式化定义了带可验证密钥聚合的隐私保护聚合签名ASvKA
• Generic transformation from multi-signatures to aggregate signatures with stronger unforgeability 提出从多重签名到聚合签名的通用转化，提升不可伪造性
• PP-SpeedyASvKA is pairing-free, two-round from SpeedyMuSig PP-SpeedyASvKA基于SpeedyMuSig，无需配对，两轮交互
• PP-BAS from BLS offers trade-offs between unforgeability and privacy PP-BAS基于BLS多重签名，提供不可伪造性与隐私的不同权衡
• Addresses lack of key aggregation and privacy in current aggregate signatures 解决了现有聚合签名不支持密钥聚合和隐私保护的缺陷
• Constant-size signatures and efficient verification 实例化方案保持常数大小签名，验证效率高

Wed

2026-05-13

Titan: Efficient Polynomial Commitments from IOPs over Groups Paper

Chethan Kamath IOPP Spartan

Kamath et al. propose Titan, an efficient transparent polynomial commitment scheme in their paper , combining IOP-based outer commitments with Pedersen inner commitments, achieving sublinear proof size and verification. They build TitanSnark, a SNARK with O(√n) proof size and verification, improving over Spartan's O(n). Kamath等人在论文中提出了Titan，一种高效的透明设置多项式承诺方案，结合基于群上IOPP的承诺与Pedersen内部承诺，平衡了证明大小和验证效率，并基于此构建了TitanSnark，相比Spartan协议，证明大小和验证复杂度从O(n)降至O(√n)。

Key Points: 要点：

• Titan achieves transparent setup without trusted initialization. Titan承诺方案具有透明设置，无需可信初始化。
• Proof sizes are an order of magnitude smaller than hash-based PCS. 证明大小比基于哈希的PCS小一个数量级。
• More efficient prover and verifier than Dory and Hyrax. 相比Dory和Hyrax，证明者和验证者效率显著提升。
• Supports general discrete-log hard curves like Pasta, no pairing needed. 可在普通离散对数曲线上实例化，无需配对友好曲线。
• TitanSnark reduces proof size and verification from O(n) to O(√n) compared to Spartan. TitanSnark将Spartan的证明大小和验证复杂度从O(n)降低到O(√n)。
• The IOPP+Pedersen combination is of independent interest. 结合IOPP与Pedersen承诺的方法具有独立研究价值。

Tue

2026-05-12

Zero-Knowledge Proofs for Gradient Boosted Decision Trees Paper

Jiacheng Gao GBDT KZG ML

Gao et al. proposed Terrae in their paper, a ZK proof system for quantized GBDT training and inference based on KZG commitments, leveraging domain-lifting and interleaving batching to reduce prover time. Gao等人在论文中提出了Terrae，一种基于KZG承诺的用于量化GBDT训练和推理的零知识证明系统，通过域提升批处理等新技术高效约束，显著减少证明生成时间。

Key Points: 要点：

• GBDT widely used in finance, healthcare, requiring auditability and privacy. GBDT广泛应用于金融、医疗等领域，需要可审计性及隐私保护
• Existing methods rely on generic ZK compilers or many independent constraints, leading to high prover cost. 现有方法依赖通用ZK编译器或大量独立约束，导致证明者开销高
• Terrae introduces domain-lifting and interleaving batching to reduce commitments. Terrae通过域提升批处理线性约束和交错批处理非线性约束，减少承诺数量
• Novel histogram proof for converting sample data to frequency representation. 提出直方图证明，将样本数据转换为频率表示的正确性可证明
• Significantly reduces proof generation time with small proof size overhead. 相比先前方法，Terrae显著降低证明生成时间，仅增加少量证明大小开销
• Based on KZG polynomial commitments, suitable for quantized models. 基于KZG多项式承诺，适用于量化模型

Mon

2026-05-11

Adaptive Distributed Key Generation for Discrete-Log Cryptosystems Paper

Ruben Baecker DKG Threshold

Baecker et al. propose two DKG protocols with identifiable abort, proactive key refresh, and adaptive security under UC framework, bridging the gap in adaptive security and key structure compatibility. Baecker等人在论文中提出两种适应不安全通信环境且支持可识别中止和主动密钥刷新的分布式密钥生成协议，弥补了现有方案在自适应安全性与密钥结构兼容性方面的空白。

Key Points: 要点：

• Existing DKG protocols are incompatible with specific key structures and lack adaptive security. 现有DKG协议与特定密钥结构不兼容，无法满足自适应安全性要求。
• First protocol achieves optimal round complexity (one broadcast round) with adversarial bias. 首个方案通过一轮广播实现最优轮数，但允许敌手偏置。
• Second protocol eliminates bias in two rounds. 第二个方案在两轮内消除偏置，提供完全无偏的密钥生成。
• Supports proactive key refresh for recovery from transient compromises. 协议支持主动密钥刷新，允许长期网络恢复节点临时沦陷。
• Evaluation shows practical efficiency for modern architectures. 评估表明，通信与计算开销在现代化架构中可接受。
• UC-based security without non-falsifiable assumptions. 该工作基于UC框架，避免了非标准假设。

Sun

2026-05-10

Zinc+: SNARKs for Polynomial Rings Paper

Alexander Abdugafarov Polynomial Rings

Garreta et al. propose UCS and Zinc in , enabling SNARKs for multiple polynomial rings with algebraic constraints and ideal membership, using a PIOP compiler and new IPRS codes, achieving 40.6ms for SHA-256+MSM in ECDSA. Garreta等人在论文中提出Universal Constraint Systems (UCS)通用约束系统和Zinc框架，支持同时处理多个多项式环（如Z、Z₂₅₆）的代数约束与理想成员谓词，通过PIOP编译器与新型整数伪Reed-Solomon（IPRS）码实现高效SNARK，证明ECDSA中SHA-256压缩与MSM仅需40.6ms。

Key Points: 要点：

• UCS expresses constraints over finite fields, integer rings, and polynomial rings simultaneously, minimizing overhead for non-native operations. UCS可同时表达有限域、整数环、多项式环上的约束，消除多种非原生操作的开销。
• Zinc provides a PIOP compiler that lifts standard finite-field PIOPs to support multiple rings. Zinc框架通过PIOP编译器将标准有限域PIOP转化为多环PIOP，支持灵活的证明系统构建。
• New IPRS codes achieve optimal MDS distance over Z and Z₂₅₆ with FFT-friendly encoding and bounded norm growth. 新提出的IPRS码在Z和Z₂₅₆上具有最优MDS相对最小距离，支持FFT编码且范数增长有界。
• Benchmarks: 40.6ms prover, 7.0ms verifier, 198KB proof for ECDSA verification core. 基准测试显示，ECDSA验证中SHA-256压缩和MSM部分，证明时间仅40.6ms，验证时间7.0ms。
• Can be integrated as lightweight extension to existing hash-based SNARKs. Zinc可作为轻量扩展集成到现有哈希基SNARK中，使用开源实现。
• Reduces overhead for lattice operations, modular arithmetic, etc. 该工作显著降低了格运算、模算术等非原生操作的证明开销。

Fri

2026-05-08

Field-Agnostic SNARKs with Small Proofs via Encode-Repeat-Accumulate (ERA) Codes Paper

Anubhav Baweja field-agnostic IOPP

Baweja et al. proposed a new family of linear-time encodable field-agnostic codes, ERA, and an efficient IOPP for them, achieving small proof sizes in hash-based SNARKs. Baweja等人在论文中提出了一种新型线性时间可编码的场无关纠错码ERA，并基于此设计了高效的IOPP，实现了哈希基SNARK的小证明尺寸和良好的证明者效率。

Key Points: 要点：

• ERA codes achieve a strong trade-off between encoding time and relative distance. ERA码在编码时间与相对距离之间取得良好权衡
• ERA codes are efficiently codeswitchable, reducing proximity checking to another code. ERA码具有高效的码切换能力，可降低逼近检验任务
• The IOPP for ERA codes yields concretely small query complexity. 基于ERA的IOPP实现了具体小的查询复杂度
• Hash-based SNARKs are transparent and post-quantum secure. 哈希基SNARK是广泛部署的透明SNARK，具有抗量子安全性
• Field-agnosticism enables proofs over arbitrary fields. 场无关性使得SNARK能在任意足够大的域上证明

Wed

2026-05-06

Fault Injection Attacks Against zkSTARKs Paper

Alexander Dalton zkSTARKs Fault Injection

Dalton et al. present the first systematic exploration of fault injection attacks against zkSTARK provers, aiming to violate zero-knowledge properties, filling a gap in fault injection research for general-purpose ZK proving systems. Dalton等人在论文中首次系统探索了针对zkSTARK证明者的故障注入攻击，旨在破坏其零知识特性，填补了通用ZK证明系统故障注入研究的空白。

Key Points: 要点：

• Fault injection attacks on zkSTARK provers can compromise zero-knowledge properties. 针对zkSTARK证明者的故障注入攻击可破坏其零知识特性
• First exploration of fault injection in general-purpose ZK proving systems. 这是首次对通用ZK证明系统进行故障注入攻击的探索
• Implementation diversity of zkSTARKs broadens the attack surface. zkSTARK的实现多样性导致攻击面广泛
• Proposed multiple attack methods targeting different algorithmic primitives. 研究提出了针对不同算法原语的多种故障注入方法
• Vulnerabilities could undermine privacy guarantees of ZK proofs. 漏洞可能影响零知识证明的隐私保护能力
• Developers should incorporate fault injection countermeasures in prover implementations. 建议开发者加强证明者实现中的抗故障注入防护

Sat

2026-05-02

ZEE200: Zero Knowledge for Everything and Everyone @ 200 KHz Paper

Sunghyeon Jo zkVM Constant-Round

Jo et al. proposed ZEE200, a constant-round ZK system achieving 200 KHz CPU speed on a commodity laptop, supporting a richer ISA and improving over ZEE by ~4000%, demonstrated by proving CVE vulnerabilities in Linux programs. Jo等人在论文中提出了ZEE200，一个恒定轮次ZK系统，在普通笔记本上实现200 KHz的CPU速度，支持更丰富的指令集，比ZEE快约4000%，并成功证明Linux程序CVE漏洞。

Key Points: 要点：

• ZEE200's performance boosted by about 4000%, increasing from ZEE's 50 KHz to 200 KHz. ZEE200是ZEE的改进版，性能提升约4000%，从ZEE的50 KHz提高到200 KHz。
• ZEE200 runs on a standard laptop (2021 ThinkPad X1 Carbon Gen 9) and in a simulated LAN environment. ZEE200在普通笔记本（2021 ThinkPad X1 Carbon Gen 9）和模拟LAN环境下运行。
• Supports a richer instruction set, with arithmetic encoding optimizations and extensive low-level improvements. 支持更丰富的指令集，包括算术编码优化和大量低级优化。
• Integrates the latest advances such as Tight ZK CPU (CCS'24) and fast ZK RAM (USENIX Security'24). 集成Tight ZK CPU（CCS'24）和快速ZK RAM（USENIX Security'24）等最新成果。
• Benchmark: proving Linux tool CVE vulnerabilities drops from several seconds (ZEE) to sub-second (ZEE200). 基准测试：证明Linux工具CVE漏洞时间从ZEE的几秒缩短到亚秒级。
• ZEE200 provides an efficient and practical zero-knowledge proving toolchain for general-purpose programs. ZEE200为通用程序提供了高效、实用的零知识证明工具链。

Fri

2026-05-01

LigeSIS: Distribution-friendly Polynomial Commitment Based on Error-correcting Code Paper

Yanpei Guo PCS Error-correcting Code

Guo et al. proposed LigeSIS, the first distribution-friendly code-based multilinear PCS, achieving sublinear cross-node communication with proof size independent of machine count. Guo等人在论文中提出了首个分布友好的基于纠错码的多线性多项式承诺方案LigeSIS，通过同态子集和哈希实现亚线性跨节点通信，证明大小与机器数量无关。

Key Points: 要点：

• LigeSIS is the first distribution-friendly code-based multilinear PCS LigeSIS是首个分布友好的基于纠错码的多线性多项式承诺方案
• Replaces Merkle-tree hashing with homomorphic subset-sum hash over Goldilocks64 用Goldilocks64上的同态子集和哈希替代Merkle树哈希，实现代数聚合
• Introduces preprocessing-accelerated subset-sum hash to reduce overhead 引入预处理加速的子集和哈希，降低哈希开销
• Single-node performance comparable to state-of-the-art RS-based PCS WHIR 单节点性能媲美最先进的RS-based PCS WHIR
• Near-linear scalability in prover time in distributed settings 分布式环境下证明时间呈现近线性扩展性
• Improves prover time over distributed MKZG and reduces cross-node communication vs PIP 相比分布式MKZG，证明时间提升显著；相比PIP，跨节点通信减少