Unmasking all the chunks takes a long time (> 1 sec) when proving a winning chunk. But we need it to recover the source record to compute the KZG witness. Can we leverage a ZK/hiding/homomorphic scheme to avoid unmasking?
- When plotting, we have source record polynomial r(x) of degree d with commitment C_r
- We query the PoS table for quality strings to mask the chunks. They can be uniquely mapped to field elements and represented as polynomial q(x) of degree d with commitment C_q
- If we mask with field addition instead of XOR, the masked chunks can then be represented as a polynomial p(x) = (r+q)(x) with commitment C = C_r+C_q
Can we prove a masked chunk as an evaluation (i, p(i)) without unmasking all the chunks and convince the verifier who knows the source commitment C_r and q(i)? What else would the verifier need to know to be convinced?