A summary on the FRI low degree test

This document is an informal summary on the FRI low degree test [BSBHR18a], [BSCI+20], and DEEP algebraic linking from [BSGKS20]. Based on its most recent soundness analysis [BSCI+20], we discuss parameter settings for practical security levels, how FRI is turned into a polynomial commitment scheme, and the soundness of DEEP sampling in the list decoding regime. In particular, we illustrate the DEEP method applied to proving satisfiability of algebraic intermediate representations and prove a soundness error bound which slightly improves the one in [Sta21]

Multivariate lookups based on logarithmic derivatives

Logarithmic derivatives translate products of linear factors into sums of their reciprocals, turning zeroes into simple poles of same multiplicity. Based on this simple fact, we construct an interactive oracle proof for multi-column lookups over the boolean hypercube, which makes use of a single multiplicity function instead of working with a rearranged union of table and witnesses. For single-column lookups the performance is comparable to the well-known Plookup strategy used by Hyperplonk+. However, the real power of our argument unfolds in the case of batch lookups when multiple columns are subject to a single-table lookup: While the number of field operations is comparable to the Hyperplonk+ lookup (extended to multiple columns), the oracles provided by our prover are much less expensive. For example, for columns of length 2^12, paper-pencil operation counts indicate that the logarithmic derivative lookup is between 1.5 and 4 times faster, depending on the number of columns

Improving logarithmic derivative lookups using GKR

In this informal note, we instantiate the Goldwasser-Kalai-Rothblum (GKR) protocol to prove fractional sumchecks as present in lookup arguments based on logarithmic derivatives, with the following impact on the prover cost of logUp (IACR eprint 2022/1530): When looking up $M\geq 1$ columns in a (for the sake of simplicity) single column table, the prover has to commit only to a single extra column, i.e. the multiplicities of the table entries. In order to carry over the GKR fractional sumcheck to the univariate setting, we furthermore introduce a simple, yet (as far as we know) novel transformation for turning a univariate polynomial commitment scheme into a multilinear one. The transformation complements existing approaches and might be of independent interest for its elegant way to prove arbitrary powers of the lexicographic shift over the Boolean hypercube

Reed-Solomon Codes over the Circle Group

In this note we discuss Reed-Solomon codes with domain of definition within the unit circle of the complex extension $\mathbb C(F)$ of a Mersenne prime field $F$. Within this unit circle the interpolants of “real”, i.e. $F$-valued, functions are again almost real, meaning that their values can be rectified to a real representation at almost no extra cost. Second, using standard techniques for the FFT of real-valued functions, encoding can be sped up significantly. Due to the particularly efficient arithmetic of Mersenne fields, we expect these “almost native” Reed-Solomon codes to perform as native ones based on prime fields with high two-adicity, but less processor-friendly arithmetic

Circle STARKs

Traditional STARKs require a cyclic group of a smooth order in the field. This allows efficient interpolation of points using the FFT algorithm, and writing constraints that involve neighboring rows. The Elliptic Curve FFT (ECFFT, Part I and II) introduced a way to make efficient STARKs for any finite field, by using a cyclic group of an elliptic curve. We show a simpler construction in the lines of ECFFT over the circle curve $x^2 + y^2 = 1$. When $p + 1$ is divisible by a large power of $2$, this construction is as efficient as traditional STARKs and ECFFT. Applied to the Mersenne prime $p = 2^{31} − 1$, which has been recently advertised in the IACR eprint 2023:824, our preliminary benchmarks indicate a speed-up by a factor of $1.4$ compared to a traditional STARK using the Babybear prime $p = 2^{31} − 2^{27} + 1$

Darlin: Recursive Proofs using Marlin

This document describes Darlin, a succinct zero-knowledge argument of knowledge based on the Marlin SNARK (Chiesa et al., Eurocrypt 2020) and the `dlog\u27 polynomial commitment scheme from Bootle et al. EUROCRYPT 2016. Darlin addresses recursive proofs by integrating the amortization technique from Halo (IACR eprint 2019/099) for the non-succinct parts of the dlog verifier, and we adapt their strategy for bivariate circuit encoding polynomials to aggregate Marlin\u27s inner sumchecks across the nodes the recursive scheme. We estimate the performance impact of inner sumcheck aggregation by about 30% in a tree-like scheme of in-degree 2, and beyond when applied to linear recursion

Squalene production under oxygen limitation by Schizochytrium sp. S31 in different cultivation systems

Abstract: The triterpene squalene is widely used in the food, cosmetics and pharmaceutical industries due to its antioxidant, antistatic and anti-carcinogenic properties. It is usually obtained from the liver of deep sea sharks, which are facing extinction. Alternative production organisms are marine protists from the family Thraustochytriaceae, which produce and store large quantities of various lipids. Squalene accumulation in thraustochytrids is complex, as it is an intermediate in sterol biosynthesis. Its conversion to squalene 2,3-epoxide is the first step in sterol synthesis and is heavily oxygen dependent. Hence, the oxygen supply during cultivation was investigated in our study. In shake flask cultivations, a reduced oxygen supply led to increased squalene and decreased sterol contents and yields. Oxygen-limited conditions were applied to bioreactor scale, where squalene accumulation and growth of Schizochytrium sp. S31 was determined in batch, fed-batch and continuous cultivation. The highest dry matter (32.03 g/L) was obtained during fed-batch cultivation, whereas batch cultivation yielded the highest biomass productivity (0.2 g/L*h−1). Squalene accumulation benefited from keeping the microorganisms in the growth phase. Therefore, the highest squalene content of 39.67 ± 1.34 mg/g was achieved by continuous cultivation (D = 0.025 h−1) and the highest squalene yield of 1131 mg/L during fed-batch cultivation. Volumetric and specific squalene productivity both reached maxima in the continuous cultivation at D = 0.025 h−1 (6.94 ± 0.27 mg/L*h−1 and 1.00 ± 0.03 mg/g*h−1, respectively). Thus, the choice of a suitable cultivation method under oxygen-limiting conditions depends heavily on the process requirements. Key points: • Measurements of respiratory activity and backscatter light of thraustochytrids • Oxygen limitation increased squalene accumulation in Schizochytrium sp. S31 • Comparison of different cultivation methods under oxygen-limiting conditions