Following is the polynomial commitment scheme between Prover and Verfier. I was looking at the KATE scheme and I noticed it could be done differently and easier. Note that it doesn’t require trusted setup, nor attaching additional proof to the result F(t) for a challange t.

Let me know what you think. Is it useful? Can you break it?

## Pairing

The pairing is a map e: G_1 \times G_2 \rightarrow G_T where G_1 and G_2 are additive groups and G_T is multiplicative group.

Both groups have generators. P for G_1 and Q for G_2. These are publically known.

Pairing e satisfies:

## Commitment

Prover has a secret polynomial F.

Firstly Prover generates two random secret numbers a and b. They are used to hide coefficients of F and compose new polynomial K.

Second step is projecting K on G2. It means multiplying all coefficients by Q. This creates new polynomial Z over G_2.

Final part of the commitment is hiding a on G_1 and b on G_2.

The commitment C to polynomial F can be send to Verifier.

## Challange

Knowing C, Verifier can ask Prover to calculate F(t) for a given t.

Prover computes F(t) and sends the result back to the verifier.

## Verification

Verifier knows: t, F(t) and C = (Z, M, N). To make sure F(t) is correct, the following check needs to be satisfied.

### Reasoning

Following transforms right-hand side of the verification check to the left-hand side.