Skip to content

Releases: a16z/dory

v0.3.0

02 Mar 21:44
@markosg04 markosg04
v0.3.0
78ddee8

Choose a tag to compare

View all tags
v0.3.0 Latest
Latest

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog,
and this project adheres to Semantic Versioning.

0.3.0 - 2026-02-27

Added

  • Zero-knowledge mode (zk feature): optional hiding proofs where both commitment and proof are blinded
    • Single GT-level commitment blind (r_d1 * HT)
    • VMV messages (C, D2, E1, E2, y_com) blinded with OS randomness
    • Reduce-and-fold messages blinded with OS per-round randomness
    • Final message (E1, E2) blinded to hide folded witness vectors
    • Sigma1 proof: proves E2 and y_com commit to the same evaluation
    • Sigma2 proof: proves consistency of E1 and D2 blinds
    • Scalar product proof: proves (C, D1, D2) are consistent with blinded v1, v2
    • 1 ML + 1 FE verification in ZK mode (vs 4 ML + 1 FE in transparent mode)
  • New zk_e2e example demonstrating the full ZK workflow
  • New zk_statistical example with chi-squared uniformity and witness-independence tests (1000 trials)
  • ZK test suite: end-to-end proofs, tampering resistance, sigma proof verification, soundness

Changed

  • Polynomial::commit() return type changed from (GT, Vec<G1>, Option<Vec<F>>) to (GT, Vec<G1>, F) — the third element is now a single GT-level blind scalar (zero in Transparent mode)
  • prove() and create_evaluation_proof() now take a commit_blind: F parameter
  • DoryProverState::set_initial_blinds() now takes r_d1 as its first parameter

0.2.0 - 2026-01-29

Changed

  • Optimized verifier pairing check from 5 individual pairings to a size-3 multi-pairing
  • Eliminated the separate VMV pairing check by batching it with the final verification
  • Cache now intelligently resizes itself when setup size changes

Fixed

  • Append E final terms to the transcript in the reduce-and-fold protocol
  • Use d² instead of d for batching the VMV term
  • Removed dirs crate dependency; cache directory is now determined at runtime

Added

  • New homomorphic_mixed_sizes example demonstrating combination of polynomials with different matrix dimensions

0.1.0 - 2025-11-15

Added

  • Initial release
  • Arkworks BN254 backend
  • Prepared point caching for ~20-30% pairing speedup
  • Support for square and non-square matrix layouts (nu ≤ sigma)
  • Homomorphic commitment properties
  • Comprehensive test suite including soundness tests
Assets 2
Loading

v0.2.0

29 Jan 19:17
@markosg04 markosg04
v0.2.0
ec51787
This commit was signed with the committer’s verified signature.
markosg04 Markos
GPG key ID: 4440E18FC54AFB40
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.2.0

[0.2.0] - 2026-01-29

Changed

  • Optimized verifier pairing check from 5 individual pairings to a size-3 multi-pairing
  • Eliminated the separate VMV pairing check by batching it with the final verification
  • Cache now intelligently resizes itself when setup size changes

Fixed

  • Append E final terms to the transcript in the reduce-and-fold protocol
  • Use d² instead of d for batching the VMV term
  • Removed dirs crate dependency; cache directory is now determined at runtime

Added

  • New homomorphic_mixed_sizes example demonstrating combination of polynomials with different matrix dimensions
Loading

v0.1.0

12 Nov 17:57
@markosg04 markosg04
v0.1.0
0a1c198
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.1.0

Initial release of Dory PCS

Features

  • Transparent polynomial commitment scheme with logarithmic proof size
  • BN254 backend via arkworks
  • Non-square matrix support (nu ≤ sigma)
  • Disk persistence with automatic caching
  • Homomorphic commitment properties
  • Optimized multi-pairing and MSM operations

Usage

See README.md and examples/ for usage instructions.

Loading