@@ 326,9 326,44 @@
\end{frame}
\begin{frame}{The Remedy}
- The definitive answer:
+ Where I got all of the following material: \pause
- \url{https://vitalik.ca/general/2017/11/09/starks\_part\_1.html}
+ \url{https://vitalik.ca/general/2017/11/09/starks\_part\_1.html} \pause
+
+ The following material was very rushed.
+\end{frame}
+
+\begin{frame}
+ \begin{itemize}
+ \item We want to prove that a given $P_i$ constant term is valid
+ \textit{without} revealing what it is. This is equivalent to checking
+ whether $P_i(0)$ is valid. This is the essence of a Zero-Knowledge Proof.
+ \pause
+ \item Now, let $C(x)$ be a \textit{constraint checking polynomial} that is
+ zero if $x$ is a valid constant and nonzero otherwise. For example, if we
+ assume a valid constant is one that is either a zero or one, we can
+ construct $C(x)$ very simply:
+ \begin{equation*}
+ C(x) = (x - 0) (x - 1) = x^2 - x
+ \end{equation*} \pause
+ \item Now, we can restate the problem as: we need to prove that $C(P(x)) = 0$
+ when $x = 0$.
+ \end{itemize}
+\end{frame}
+
+\begin{frame}
+ \begin{itemize}
+ \item Let $Z(x) = x$ \pause
+ \item It's a known mathematical fact that any polynomial that is zero at $x=0$
+ must be a multiple of $Z$. Therefore, there exists some $D(x)$ such that
+ \begin{equation*}
+ C(P(x)) = Z(x) \cdot D(x)
+ \end{equation*}
+ \item \pause Before anything, everyone ``commits''~\footnote{see commitment
+ schemes} to their polynomial by creating a merkle tree of the outputs of
+ $P(x)$ and $D(x)$ values and sending the root of the tree to
+ everyone. \pause
+ \end{itemize}
\end{frame}
\end{document}=
\ No newline at end of file