A beginner's intro to coding zero-knowledge proofs


1 Users


53 Highlights

3 Notes


Top Highlights

  • Another well-known example of what could be considered a ZKP is a digital signature: I can produce a proof that I hold a secret string (my private key) that corresponds to a public one (my public key) by signing a message, and that signature does not reveal any bits from my private key.

  • zkSNARKs are not the only kind of interesting ZKPs.

  • Bulletproofs (used in Monero).

  • Even within SNARKs, you'll find that there are multiple flavors. Groth16 is one of the most popular. The PLONK family, w

  • though there are some like Circom or Gnark that support more than a single proving system.

  • Succinct Non-interactive ARgument of Knowledge

  • important bits here are the first two words: succinct and non-interactive

  • regardless of the complexity of the fact that we are proving, we can keep proofs small and quick to verify

  • non-interactivity,

  • differ in the running time for generating and verifying a proof, as well as the resulting proof size, or in the need for trusted setups

  • Furthermore, there are different elliptic curves to pick from, or different polynomial commitment schemes

  • Some flavors of proving systems require what's called a trusted setup

  • Certain flavors, like Groth16, require a trusted setup for each circuit: this means that, for every program you code, you need to run a new ceremony

  • Others, like PLONK, need just one universal trusted setup that can be reused on any program built with that flavor

  • others, like STARKs, don't need any trusted setup at all.

  • certain operations are easier to represent in a ZKP than others: addition can be represented in a single constraint, whereas bit manipulation may require hundreds, as every bit may need to be represented as a separate variable.

  • rover engines do not deal with code like x := y * z, but with constraints of the form x - y * z = 0

  • one of the outputs of compiling a program in a ZKP language will be the set of constraints

  • specific cryptographic primitives are typically chosen

  • , Pedersen hashes are hash functions that can be represented in an arithmetic circuit much more efficiently than keccak

Ready to highlight and find good content?

Glasp is a social web highlighter that people can highlight and organize quotes and thoughts from the web, and access other like-minded people’s learning.