🪄
Zk Notes
  • Groth16 explained
    • Background
    • 1. Arithmetization
    • 2. R1CS representation
    • 3. QAP (QAP: The S in Succinct)
    • 4. Encrypting QAP
    • 5. Salting / Shifting
    • Muh Privacy: Separating public and private inputs
      • Final - Proving key, Verifier Key
  • Circom
    • #1 Circom: Introduction
    • #2 Circom: Template parameters, Variables, Loops
    • #2.1 Circom: Quadratic Constraints
    • #3 Circom: Parametrizing circuits
    • #3.1 Symbolic Variables
    • #4 Circom: Intermediate signals
    • #5 Circom: Witness, Proof generation and Verification
    • #6 Circom: signal output
    • #7 Circom: Comparator Circuits
    • 🚧#8 Circom: Other Reference Circuits
    • 🚧#9 Circom: Public and Private Inputs
    • Division: integer and modulo
  • 0xPARC ZK Learning Group
    • [ZK Learning Group 2] Circom workshop #1
    • [ZK Learning Group 2] Circom workshop #2
    • [ZK Learning Group 2] Trusted setup workshop
  • ZK Puzzles (Rareskills)
    • Add.circom
    • Equality.circom
    • FourBitBinary
    • AllBinary
    • MultiAND
    • MultiOR
    • IsSorted
    • HasAtLeastOne
    • IntDiv
    • IntDivOut
    • IntSqrt
  • Misc
    • Background
      • Three Reasons to Use Modular Arithmetic in ZKPs
      • Proving systems
    • Inputs
    • Components of a proof system
  • Abstract Math
    • Linear Algebra
      • Unit Vectors / Basis Vectors
      • Linear Combination
      • Linear transformations and matrices
      • Determinant
    • Set theory
      • Binary Operator
      • Magma, Semigroups, and Monoids, and Groups
    • Modular Arithmetic
      • Equivalence relations
      • The quotient remainder theorem
      • Modular addition and subtraction
      • Modular Multiplication
      • Modular exponentiation
      • Modular inverses
Powered by GitBook
On this page
  • Example
  • The Basic Elements of Zero-Knowledge Proofs
  • Overview of ZK Dapp

Was this helpful?

  1. Misc

Background

https://www.zkcamp.xyz/blog/lifecycle-of-zkp

Example

Peggy knows some secret value “w” which, when hashed, results in “x.” Peggy needs to prove to Victor that she knows “w” without actually revealing “w.” Peggy can use a zero-knowledge proof for this.

We can convert the above scenario into a simple program:

function C(x, w) {
  return sha256(w) == x;
}

The program takes in “x” (the hash of the secret value) and the secret value “w.” It returns true if the SHA-256 hash of “w” equals “x.”

So, Peggy needs to prove that she knows a value “w” that will result in the program above returning true.

Completeness

  • The program “C” returns “true” when Peggy’s secret input value (“w”) is the right value.

  • So, Peggy’s proof will be accepted by Victor.

Soundness

  • If the program “C” returns “false,” then the Verifier algorithm will return false and Victor will not accept the invalid proof.

Zero Knowledge

  • Victor is able to verify that Peggy knows “w” without gaining any knowledge of the value “w.”

Of course, the devil is in the details. Understanding how these black boxes work is not trivial, but not impossible either. We will be breaking down different components and aspects of zero knowledge technology in future posts.

The Basic Elements of Zero-Knowledge Proofs

In order to explain the solution to this problem, we need to understand the basic elements of zero-knowledge proofs — specifically “zk-SNARK” proofs.

zk-SNARK is an acronym that stands for “Zero-Knowledge Succinct Non-Interactive Argument of Knowledge.” Let’s break that down:

  • ZK = Zero knowledge: We can prove a fact without revealing that fact.

  • S = Succinct: The proofs for even very large programs are small (eg. a few hundred bytes) and can be verified within a few milliseconds.

  • N = Non-interactive: There is no need for back-and-forth communication between a prover and verifier (eg. such as in the “Color Blindness” example above). Instead, a prover simply hands over a proof to the verifier and the verifier can compute whether the proof is valid or invalid.

  • AR = Argument: For technical reasons, the proofs are called “arguments” because they are not technically “proofs” in the traditional sense — but they functionally serve the same purpose. The difference between “proof” and “argument” is very technical and out of scope for this post.

  • K = Knowledge: This refers to the information that the prover knows.

Roughly speaking, a zk-SNARK consists of three algorithms: Setup, Verify, and Prove. We’ll take a look at each of them now.

Setup

The Setup algorithm generates two keys: the proving key (“pk”) and verification key (“vk”). In order to generate these keys, it takes as inputs a secret parameter (“lambda”) and a program C (such as the one we defined above, which returns true if the hash of “w” matches “x”).

The proving and verification keys created by the generator are public and used by the prover and verifier, respectively, to generate the proof and verify the proof.

If the lambda is leaked, anyone who has access to it can generate fake proofs. This is why zk-SNARKs require what is called a “trusted setup” phase where the keys are generated, but we have to trust that the lambda value was discarded properly and not leaked.

Prove

The prove algorithm is responsible for generating the zero-knowledge proof. It takes as inputs the proving key (“pk”), the private witness “w,” and a public value “x” to generate the proof.

  • The witness (“w”) is the secret information that the prover claims she has knowledge of,

  • The value “x” is a value that is generated based on “w” but is obfuscated such that anyone can access “x” without figuring out “w.”

to generate a zk proof, you will need to provide the hidden info and the proxy public info

Verify

The verify algorithm is responsible for taking the proof created by the proving algorithm and asserting true or false, depending on whether the proof is correct or incorrect. It takes as inputs the verification key (“vk”), the public value “x,” and the “proof”.

Overview of ZK Dapp

  • circom builds the proving circuit to generate proofs on specific inputs (?)

PreviousIntSqrtNextThree Reasons to Use Modular Arithmetic in ZKPs

Last updated 10 months ago

Was this helpful?

(pk,vk)=Setup(lambda,C)(pk,vk)= Setup(lambda, C)(pk,vk)=Setup(lambda,C)
proof=Prove(pk,x,w)proof =Prove(pk,x,w)proof=Prove(pk,x,w)
Verify(vk,x,proof)=boolVerify(vk,x,proof)=boolVerify(vk,x,proof)=bool