--- Log opened Thu Aug 15 00:00:53 2013
09:50 < realazthat> http://www.scipr-lab.org/
09:50 < realazthat> SCIP website is up
09:50 < realazthat> and I am still working on LLVM backend
13:41 < gmaxwell> realazthat: their site is broken on IPv6. :P
13:41 < petertodd> gmaxwell: ? worked for me
13:43 < realazthat> heh dunno
14:37 < gmaxwell> realazthat: oh, so the proofs are smaller in this final version of the paper than I'd thought from the draft.
14:37 < gmaxwell> They are saying the proofs are 2576 bits for 80 bit security.
14:38 < realazthat> mmm
14:38 < petertodd> that's pretty small!
14:38 < realazthat> that is good then
14:41 < gmaxwell> yea, it's 12 group elements, but they are G1 elements which are 184 bits. (I think I'd figured the size I'd concluded from them based on their G2 elements or something)
14:50 < gmaxwell> the keys are larger, of course.
14:52 < gmaxwell> I'm not actually sure how big they are,  they say n+2 G1 elements, plus 6 G2 elements  (184 bits for g1 elements, 550 bits for g2 elements)
14:52 < petertodd> so what's a group element mean?
14:53 < gmaxwell> EC points.
14:54 < petertodd> huh, how does that work?
14:56 < gmaxwell> but I'm not clear what N is there, they give an example with a computation which is 1105 instructions takes 11,001 steps and the verification key is 9 G1s + 6 G2s or around 5000 bits.
14:58 < gmaxwell> petertodd: I'd tell you to read the paper, which you should. But really you have to read all the papers it cites and all the papers they cite several levels back.  But basically it amounts to the proofs being proofs of arithemetic circut satisfyability over a special EC field constructed to make the computation tractable.
15:00 < gmaxwell> In any case, the paper on the site is intended to give you an engineering view of the system.
15:00 < gmaxwell> It's not perfect for that purpose, but you should actually read it.
15:04 < petertodd> will do then
15:04  * petertodd shouldn't have gone to art school
15:05 < petertodd> Sounds like it's one of those things where a "simple explanation" just doesn't cut it yet. :)
19:28 < gmaxwell> petertodd: they didn't teach abstract algebra in art school?
19:33 < petertodd> gmaxwell: yes, but it's called post-modernism there
19:33 < petertodd> also, there's only one thing to learn really: bottom == post-modern
20:09 < gmaxwell> Luke-Jr: you might want to look at their tinyram spec, http://www.scipr-lab.org/system/files/TinyRAM-spec-0.991.pdf  since you have some interest in emulators and such.
20:37 < gmaxwell> ah the n+2 is the number of words in the public input to the verification program.
--- Log closed Fri Aug 16 00:00:59 2013