LatticeFold+ Batch Verification¶
LatticeFold+ is a recursive proof composition scheme that compresses multiple Dilithium signature verifications into a single constant-size proof. It enables Soqucoin to verify hundreds of signatures in under 1 millisecond. Patent pending (Soqucoin Labs Inc.).
The Problem¶
Even with PAT's 100-byte Merkle commitment, full verification still requires checking each individual Dilithium signature (O(n) work). For blocks with thousands of transactions, this becomes a bottleneck.
How LatticeFold+ Works¶
LatticeFold+ uses structured lattice folding to recursively combine verification equations:
flowchart TD
A["Sig 1 + Sig 2"] --> B["Fold → Proof₁"]
C["Sig 3 + Sig 4"] --> D["Fold → Proof₂"]
B --> E["Fold → Proof₃"]
D --> E
E --> F["Final Proof (1.38 KB)"]- Pair signatures and fold their verification equations
- Recursively fold intermediate proofs
- Produce a single constant-size proof (1.38 KB)
- Verifier checks one proof instead of N signatures
Performance¶
| Metric | Value |
|---|---|
| Batch size | Up to 512 signatures |
| Proof size | 1.38 KB (constant) |
| Verify time | 0.68 ms for 512 sigs (Apple M4) |
| Per-signature cost | ~1.3 µs |
| Hardness | Module-LWE (same as ML-DSA-44) |
Compare: verifying 512 individual Dilithium signatures takes ~21 ms. LatticeFold+ does it in 0.68 ms. That's a 30× speedup.
Consensus Integration¶
LatticeFold+ proofs are verified via:
The proof is carried in the SegWit witness field. The verifier is in-tree at src/crypto/latticefold/verifier.cpp. The prover runs off-chain (trusted block producers / mining pools).
Activation¶
| Network | Status |
|---|---|
| Regtest | ALWAYS_ACTIVE |
| Stagenet | ALWAYS_ACTIVE |
| Mainnet | ALWAYS_ACTIVE (from genesis) |
Relationship to PAT¶
PAT and LatticeFold+ are complementary:
| PAT | LatticeFold+ | |
|---|---|---|
| What it does | Commits to N signatures | Verifies N signatures |
| Proof size | 100 bytes | 1.38 KB |
| Verification | O(1) simple, O(n) full | O(1) always |
| Prover | Block producer | Off-chain (pool) |
| Opcode | OP_CHECKPATAGG (v2) |
OP_CHECKFOLDPROOF (v3) |
PAT proves the signatures exist. LatticeFold+ proves they're valid. Together they give O(1) verification for arbitrarily large batches.