In this document we describe the Darlin proof carrying data scheme for the
distributed computation of block and epoch proofs in a Latus sidechain of
Zendoo (arxive:2002.01847). Recursion as well as base proofs rest on Marlin
(Chiesa et al. EUROCRYPT 2020) using the Pasta cycle of curves and the “dlog”
polynomial commitment scheme from Bootle et al. We apply the amortization
technique from Halo (Bowe et al., IACR eprint 2019/1021) to the non-succinct
parts of the verifier, and we adapt their strategy for bivariate circuit
encoding polynomials to aggregate Marlin’s inner sumchecks across the nodes of
the proof carrying data scheme. Regarding performance, the advantage of Darlin
over a scheme without inner sumcheck aggregation is about 30% in a tree-like
scenario as ours, and beyond when applied to linear recursion.

By admin