Abstract
We present a generalized inner product argument and demonstrate its applications to pairing-based languages. We apply our generalized argument to proving that an inner pairing product is correctly evaluated with respect to committed vectors of source group elements. With a structured reference string (SRS), we achieve a logarithmic-time verifier whose work is dominated by target group exponentiations.
We first apply our inner product arguments to build a polynomial commitment scheme with succinct (logarithmic) verification, and prover costs and SRS of size square-root in the degree of the polynomial (not including the cost to evaluate the polynomial). Our polynomial commitment scheme is applicable to both univariate and bivariate polynomials. As a second application, we introduce an argument for aggregating Groth16 zkSNARKs into logarithmic sized proof. Our protocol is significantly more efficient than aggregating these SNARKs via recursive composition. Finally, we show how to apply our aggregation protocol to construct a low-memory SNARK for machine computations.