We present a protocol for checking the values of a committed polynomial $ f\in\mathbb {F} _
{< n}[X] $ over a multiplicative subgroup $ H\subset\mathbb {F} $ of size $ n $, are contained …

We present a protocol called $\mathsf {cq} $ for checking the values of a committed
polynomial $ f (X)\in\mathbb {F} _ {< n}(X) $ over a multiplicative subgroup …

This paper introduces Lasso, a new family of lookup arguments, which allow an untrusted
prover to commit to a vector a∈ F m and prove that all entries of a reside in some …

We present position-hiding linkability for vector commitment schemes: one can prove in zero
knowledge that one or m values that comprise commitment\cm all belong to the vector of …

We present Baloo, the first protocol for lookup tables where the prover work is linear on the
amount of lookups and independent of the size of the table. Baloo is built over the lookup …

Abstract Succinct Non-interactive Arguments of Knowledge (SNARKs) allow an untrusted
prover to establish that it correctly ran some “witness-checking procedure” on a witness. A …

This paper introduces HyperNova, a recursive argument for proving incremental
computations whose steps are expressed with CCS (Setty et al. ePrint 2023/552), a …

This paper studies discrete-log algorithms that use preprocessing. In our model, an
adversary may use a very large amount of precomputation to produce an “advice” string …

While there has been a lot of progress in designing efficient custom protocols for computing
Private Set Intersection (PSI), there has been less research on using generic Multi-Party …

We study the problem of delegating computations via interactive proofs that can be
probabilistically checked. Known as interactive oracle proofs (IOPs), these proofs extend …