Darlin: Recursive Proofs using Marlin
This work addresses incremental improvements in cryptographic proof systems for applications requiring recursive verification, such as blockchain scalability.
The paper tackles the problem of creating efficient recursive zero-knowledge proofs by introducing Darlin, which integrates amortization techniques from Halo into the Marlin SNARK and dlog polynomial commitment scheme, resulting in an estimated 30% performance improvement in tree-like schemes.
This document describes Darlin, a succinct zero-knowledge argument of knowledge based on the Marlin SNARK (Chiesa et al., Eurocrypt 2020) and the `dlog' polynomial commitment scheme from Bootle et al. EUROCRYPT 2016. Darlin addresses recursive proofs by integrating the amortization technique from Halo (IACR eprint 2019/099) for the non-succinct parts of the dlog verifier, and we adapt their strategy for bivariate circuit encoding polynomials to aggregate Marlin's inner sumchecks across the nodes the recursive scheme. We estimate the performance impact of inner sumcheck aggregation by about 30% in a tree-like scheme of in-degree 2, and beyond when applied to linear recursion.