Research

Mercury MLPCS Achieves Constant Proof Size and Linear Prover Time

Mercury, a new pairing-based multilinear polynomial commitment scheme, fundamentally resolves the proof size versus prover time trade-off for scalable verifiable computation.
November 30, 20254 min

The image displays a detailed view of a sophisticated, futuristic mechanism, predominantly featuring metallic silver components and translucent blue elements with intricate, bubbly textures. A prominent central lens and a smaller secondary lens are visible, alongside other circular structures and a slotted white panel on the left, suggesting advanced data capture and processing capabilities
A polished metallic rod, angled across the frame, acts as a foundational element, conceptually representing a high-throughput blockchain network conduit. Adorned centrally is a complex, star-shaped component, featuring alternating reflective blue and textured white segments

Briefing

The core research problem in verifiable computation is the inherent trade-off between the succinctness of a proof and the computational cost for the prover. Existing multilinear polynomial commitment schemes (MLPCS), foundational to ZK-SNARKs, forced developers to choose between logarithmic proof size with linear prover time or constant proof size with $O(n log n)$ prover time. This paper introduces the Mercury MLPCS, which achieves the optimal combination → a constant-size opening proof coupled with a near-linear $O(n)$ prover complexity. This breakthrough, enabled by a novel verifiable witness folding method using univariate polynomial division, fundamentally lowers the computational barrier for generating zero-knowledge proofs, thereby making large-scale ZK-rollup execution dramatically more cost-effective and practical for ubiquitous deployment.

A striking abstract composition features highly reflective, undulating silver forms intricately intertwined with translucent, deep blue, fluid-like structures against a soft grey backdrop. The interplay of light and shadow highlights the smooth, polished surfaces and the depth of the blue elements, creating a sense of dynamic motion and complex integration

Context

Before Mercury, the design of efficient, pairing-based multilinear polynomial commitment schemes was constrained by a critical asymptotic trade-off. Schemes based on the KZG construction either required complex, time-consuming Fast Fourier Transforms (FFTs) resulting in $O(n log n)$ prover time to achieve the desirable constant proof size, or they sacrificed succinctness, resulting in a logarithmic $O(log n)$ proof size to maintain a faster linear $O(n)$ prover time. This established limitation forced a compromise in the foundational efficiency of all subsequent SNARK protocols that rely on multilinear extensions and the Sum-Check protocol.

The image showcases a high-precision hardware component, featuring a prominent brushed metal cylinder partially enveloped by a translucent blue casing. Below this, a dark, wavy-edged interface is meticulously framed by polished metallic accents, set against a muted grey background

Analysis

Mercury’s core mechanism integrates the succinctness of KZG with an efficient prover by introducing a new, verifiable folding technique. A polynomial commitment allows a prover to commit to a large polynomial with a single, short cryptographic string. The breakthrough lies in how the prover demonstrates the polynomial’s correct evaluation at a challenge point.

Instead of performing a costly, full-scale computation, Mercury uses univariate polynomial division to recursively fold the commitment and the witness into smaller, constant-sized components. This folding process is itself verifiable and ensures that the proof size remains constant regardless of the original polynomial’s size, while the prover’s work scales linearly with the input, bypassing the previous $O(n log n)$ complexity bottleneck.

A sleek, white and metallic satellite-like structure, adorned with blue solar panels, emits voluminous white cloud-like plumes from its central axis and body against a dark background. This detailed rendering captures a high-tech apparatus engaged in significant activity, with its intricate components and energy collectors clearly visible

Parameters

  • Prover Complexity → $O(n)$ field operations. (Achieves linear-time complexity for proof generation, a major improvement over $O(n log n)$.)
  • Proof Size → Constant number of field elements. (The ideal size for succinctness, independent of the input size $n$.)
  • Scalar Multiplications → $2n + O(sqrt{n})$. (A concrete measure of the prover’s elliptic curve work.)
  • Core Technique → Univariate polynomial division. (The new method for verifiably folding the witness.)

A gleaming, angular metallic structure is partially immersed in a vibrant blue, bubbly, foamy substance. The background features a soft, blurred expanse of blue, enhancing the focus on the central, intricate interaction

Outlook

This foundational cryptographic efficiency improvement immediately opens new avenues for ZK-rollup architecture. In the next 3-5 years, this MLPCS will be integrated into next-generation SNARKs, enabling rollups to process significantly larger batches of transactions with lower gas costs for proof verification. The research trajectory will now shift toward optimizing the constant factors in the $O(n)$ prover complexity and exploring how this constant-size, linear-time primitive can be applied to other resource-intensive cryptographic protocols, such as verifiable data storage and private machine learning.

The close-up displays interconnected white and blue modular electronic components, featuring metallic accents at their precise connection points. These units are arranged in a linear sequence, suggesting a structured system of linked modules operating in unison

Verdict

The Mercury MLPCS establishes a new asymptotic efficiency standard for zero-knowledge proofs, directly accelerating the practical deployment of scalable, verifiable computation.

Multilinear polynomial commitment, constant proof size, linear prover time, verifiable folding technique, zero-knowledge SNARKs, scalable verifiable computation, KZG based scheme, succinct cryptographic argument, polynomial division, elliptic curve pairing, proof generation cost, ZK rollup efficiency, asymptotic complexity, foundational cryptography, witness commitment, sum check protocol, algebraic properties, prover work optimization, constant size proof, cryptographic primitive Signal Acquired from → eprint.iacr.org

Micro Crypto News Feeds

multilinear polynomial commitment

Definition ∞ A multilinear polynomial commitment is a cryptographic scheme that allows a prover to commit to a multilinear polynomial and later reveal its evaluations at specific points.

polynomial commitment schemes

Definition ∞ Polynomial commitment schemes are cryptographic primitives that allow a prover to commit to a polynomial and later reveal specific evaluations of that polynomial without disclosing the entire polynomial itself.

polynomial commitment

Definition ∞ Polynomial commitment is a cryptographic primitive that allows a prover to commit to a polynomial in a concise manner.

computation

Definition ∞ Computation refers to the process of performing calculations and executing algorithms, often utilizing specialized hardware or software.

prover complexity

Definition ∞ Prover complexity is a measure of the computational resources, specifically time and memory, required by a "prover" to generate a cryptographic proof in zero-knowledge or other proof systems.

succinctness

Definition ∞ Succinctness refers to the quality of being brief but comprehensive in expression.

elliptic curve

Definition ∞ An elliptic curve is a specific type of smooth, non-singular algebraic curve defined by a cubic equation.

efficiency

Definition ∞ Efficiency denotes the capacity to achieve maximal output with minimal expenditure of effort or resources.

verifiable computation

Definition ∞ Verifiable computation is a cryptographic technique that allows a party to execute a computation and produce a proof that the computation was performed correctly.

Tags:

Tags: