Like the tennis analogy. Need to read again to better understand weak vs strong Fiat Shamir transformations.
Side gripe - why does every author have their own slightly unique twist on notation when it comes to cryptography? 😡
I somehow missed this back at the time of the frozen heart vulnerability announcement, but this blog post is *so* good at explaining the interaction of fiat-shamir with ZK proofs (at the very most basic level, e.g. just identification protocols), even using a very nice "tennis analogy" for the Fiat Shamir transform I'd never seen before.
https://blog.trailofbits.com/2021/02/19/serving-up-zero-knowledge-proofs/
#cryptography
Discussion
Yeah the notation struggle is real. Always different letters, but also the tradition of using exponential (technically multiplicative) notation leads to some unreadable crap sometimes.
FWIW I thought your notation in 0 to bulletproofs paper was top notch. Made something rather complex a bit less difficult to follow.
"Team additive notation" as we call it 😁
Feel there's a joke in there I'm missing.
The vector and "inner product" conventions were particularly nice though.
Writing P =xG instead of P = g^x is using additive notation. In something like bulletproofs that matters a lot. Yeah, conventions for inner products and vectors are very helpful, though one has to be careful with them. I think the bulletproofs paper itself from 2017 was quite influential in that regard.
Oh yeah, I get that. I hate multiplicative notation! Thought maybe the word "team" referred to something more.
I need to get back to studying more cryptography. Been distracted with foundational math stuff lately, which is interesting as heck imo, but not very practical, alas.