Paper 2025/385

MERCURY: A multilinear Polynomial Commitment Scheme with constant proof size and no prover FFTs

Liam Eagen, Alpen Labs
Ariel Gabizon, Aztec Labs
Abstract

We construct a pairing-based polynomial commitment scheme for multilinear polynomials of size $n$ where constructing an opening proof requires $O(n)$ field operations, and $2n+O(\sqrt n)$ scalar multiplications. Moreover, the opening proof consists of a constant number of field elements. This is a significant improvement over previous works which would require either 1. $O(n\log n)$ field operations; or 2. $O(\log n)$ size opening proof. The main technical component is a new method of verifiably folding a witness via univariate polynomial division. As opposed to previous methods, the proof size and prover time remain constant *regardless of the folding factor*.

Note: sumcheck refs

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
SNARKsPolynomial Commitment Schemes
Contact author(s)
liameagen @ protonmail com
ariel @ aztec-labs com
History
2025-03-08: last of 6 revisions
2025-02-28: received
See all versions
Short URL
https://ia.cr/2025/385
License
No rights reserved
CC0

BibTeX 

@misc{cryptoeprint:2025/385,
      author = {Liam Eagen and Ariel Gabizon},
      title = {{MERCURY}: A multilinear Polynomial Commitment Scheme with constant proof size and no prover {FFTs}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/385},
      year = {2025},
      url = {https://eprint.iacr.org/2025/385}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.