Structured Reference String (SRS)

Let’s say we have a polynomial $3x^3 + 5x^2$. Notice that we can evaluate it without knowing $x$ if we are given specifically $x^3$ and $x^2$. Obviously this is only interesting in a group.

We can take advantage of this to allow the evaluation of arbitrary polynomials at point $\tau$ without exposing $\tau$. We do this by generating a list of powers of $\tau$ e.g. $[\tau^3, \tau^2, \tau]$. In order to actually hide $\tau$ we must represent these elements as elements in some finite field. So we multiply each element by some generator $G$ for an elliptic curve $\mathbb{G}$. S.t. we have $[\tau^3G, \tau^2G, \tau G]$. If we then publish this list, anyone with it can evaluate a polynomial of degree up to 3 at the point $\tau$, without knowing $\tau$.

We refer to this list as a Structured Reference String, or a Common Reference String.

This SRS is the basis of many Zero-Knowledge Proofs. The entity which generates the SRS will know $\tau$ and has the ability to forge proofs. As such, we refer to this process as Trusted Setup. One way to remove this vulnerability is to generate the SRS with a form of Multiparty Computation called a powers of tau ceremony.