Skip to main content
Research

Mercury MLPCS Achieves Constant Proof Size and Linear Prover Time

Mercury, a new pairing-based multilinear polynomial commitment scheme, fundamentally resolves the proof size versus prover time trade-off for scalable verifiable computation.
November 30, 20254 min

A futuristic device showcases a translucent blue liquid cooling mechanism encased within a sleek, silver metallic chassis, accented by glowing blue internal lights. The intricate design highlights advanced engineering for high-performance computing, with visible fluid pathways and structural components
A reflective, metallic tunnel frames a desolate, grey landscape under a clear sky. In the center, a large, textured boulder with a central circular aperture is visible, with a smaller, textured sphere floating in the upper right

Briefing

The core research problem in verifiable computation is the inherent trade-off between the succinctness of a proof and the computational cost for the prover. Existing multilinear polynomial commitment schemes (MLPCS), foundational to ZK-SNARKs, forced developers to choose between logarithmic proof size with linear prover time or constant proof size with O(n log n) prover time. This paper introduces the Mercury MLPCS, which achieves the optimal combination ∞ a constant-size opening proof coupled with a near-linear O(n) prover complexity. This breakthrough, enabled by a novel verifiable witness folding method using univariate polynomial division, fundamentally lowers the computational barrier for generating zero-knowledge proofs, thereby making large-scale ZK-rollup execution dramatically more cost-effective and practical for ubiquitous deployment.

The image prominently displays multiple blue-toned, metallic hardware modules, possibly server racks or specialized computing units, arranged in a linear sequence. A striking blue, translucent, gel-like substance flows dynamically between these components, while white, fibrous material adheres to their surfaces

Context

Before Mercury, the design of efficient, pairing-based multilinear polynomial commitment schemes was constrained by a critical asymptotic trade-off. Schemes based on the KZG construction either required complex, time-consuming Fast Fourier Transforms (FFTs) resulting in O(n log n) prover time to achieve the desirable constant proof size, or they sacrificed succinctness, resulting in a logarithmic O(log n) proof size to maintain a faster linear O(n) prover time. This established limitation forced a compromise in the foundational efficiency of all subsequent SNARK protocols that rely on multilinear extensions and the Sum-Check protocol.

A futuristic metallic device, possibly a satellite or specialized node, is partially submerged in a calm body of water. From its lower section, a vigorous stream of bright blue liquid, intermingled with white foam, forcefully ejects, creating dynamic ripples and splashes on the water's surface

Analysis

Mercury’s core mechanism integrates the succinctness of KZG with an efficient prover by introducing a new, verifiable folding technique. A polynomial commitment allows a prover to commit to a large polynomial with a single, short cryptographic string. The breakthrough lies in how the prover demonstrates the polynomial’s correct evaluation at a challenge point.

Instead of performing a costly, full-scale computation, Mercury uses univariate polynomial division to recursively fold the commitment and the witness into smaller, constant-sized components. This folding process is itself verifiable and ensures that the proof size remains constant regardless of the original polynomial’s size, while the prover’s work scales linearly with the input, bypassing the previous O(n log n) complexity bottleneck.

A futuristic device with a transparent blue shell and metallic silver accents is displayed on a smooth, gray surface. Its design features two circular cutouts on the top, revealing complex mechanical components, alongside various ports and indicators on its sides

Parameters

  • Prover Complexity ∞ O(n) field operations. (Achieves linear-time complexity for proof generation, a major improvement over O(n log n).)
  • Proof Size ∞ Constant number of field elements. (The ideal size for succinctness, independent of the input size n.)
  • Scalar Multiplications ∞ 2n + O(sqrtn). (A concrete measure of the prover’s elliptic curve work.)
  • Core Technique ∞ Univariate polynomial division. (The new method for verifiably folding the witness.)

The image displays an array of faceted blue crystalline forms and soft white vaporous elements situated on a highly reflective, metallic-like surface. These structures are arranged in a linear, architectural fashion, with some appearing to emit fine, sparkling particles, suggesting dynamic digital activity

Outlook

This foundational cryptographic efficiency improvement immediately opens new avenues for ZK-rollup architecture. In the next 3-5 years, this MLPCS will be integrated into next-generation SNARKs, enabling rollups to process significantly larger batches of transactions with lower gas costs for proof verification. The research trajectory will now shift toward optimizing the constant factors in the O(n) prover complexity and exploring how this constant-size, linear-time primitive can be applied to other resource-intensive cryptographic protocols, such as verifiable data storage and private machine learning.

A sophisticated, open-casing mechanical apparatus, predominantly deep blue and brushed silver, reveals its intricate internal workings. At its core, a prominent circular module bears the distinct Ethereum logo, surrounded by precision-machined components and an array of interconnected wiring

Verdict

The Mercury MLPCS establishes a new asymptotic efficiency standard for zero-knowledge proofs, directly accelerating the practical deployment of scalable, verifiable computation.

Multilinear polynomial commitment, constant proof size, linear prover time, verifiable folding technique, zero-knowledge SNARKs, scalable verifiable computation, KZG based scheme, succinct cryptographic argument, polynomial division, elliptic curve pairing, proof generation cost, ZK rollup efficiency, asymptotic complexity, foundational cryptography, witness commitment, sum check protocol, algebraic properties, prover work optimization, constant size proof, cryptographic primitive Signal Acquired from ∞ eprint.iacr.org

Micro Crypto News Feeds

multilinear polynomial commitment

Definition ∞ A multilinear polynomial commitment is a cryptographic scheme that allows a prover to commit to a multilinear polynomial and later reveal its evaluations at specific points.

polynomial commitment schemes

Definition ∞ Polynomial commitment schemes are cryptographic primitives that allow a prover to commit to a polynomial and later reveal specific evaluations of that polynomial without disclosing the entire polynomial itself.

polynomial commitment

Definition ∞ Polynomial commitment is a cryptographic primitive that allows a prover to commit to a polynomial in a concise manner.

computation

Definition ∞ Computation refers to the process of performing calculations and executing algorithms, often utilizing specialized hardware or software.

prover complexity

Definition ∞ Prover complexity is a measure of the computational resources, specifically time and memory, required by a "prover" to generate a cryptographic proof in zero-knowledge or other proof systems.

succinctness

Definition ∞ Succinctness refers to the quality of being brief but comprehensive in expression.

elliptic curve

Definition ∞ An elliptic curve is a specific type of smooth, non-singular algebraic curve defined by a cubic equation.

efficiency

Definition ∞ Efficiency denotes the capacity to achieve maximal output with minimal expenditure of effort or resources.

verifiable computation

Definition ∞ Verifiable computation is a cryptographic technique that allows a party to execute a computation and produce a proof that the computation was performed correctly.

Tags:

Tags: