codex-research/evaluations/zeroknowledge.md
2021-06-21 12:57:38 -06:00

2.6 KiB

Zero Knowledge Proofs

Zero knowledge proofs allow for a verifier to check that a prover knows a value, without revealing that value.

Types

Several types of non-interactive zero knowledge schemes exist. The most well-known are zkSNARK and zkSTARK, which come in several flavours. Interestingly, the most performant is the somewhat older Groth16 scheme, with very small proof size and verification time. Its downside is the requirement for a trusted setup, and its malleability. Performing a trusted setup has become easier through the Perpetual Powers of Tau Ceremony.

A lesser-known type of zero knowledge scheme is MPC-in-the-head. This lets a prover simulate a secure multiparty computation on a single computer, and uses the communication between the simulated parties as proof. The ZKBoo scheme for instance allows for fast generation and verification of proofs, but does not lead to smaller proofs than zkSNARKs can provide.

Tooling

Zokrates is a complete toolbox for specifiying and generating and verifying zkSNARK proofs. It's written in Rust, has Javascript bindings, and can generate Solidity code for verification. C bindings appear to be absent.

libSNARK and libSTARK are C++ libraries for zkSNARK and zkSTARK proofs. libSNARK can be used as a backend for Zokrates.

bellman is a Rust libray for zkSNARK proofs. It can also be used as a backend for Zokrates.

Iden3 created a suite of tools (circom, snarkjs, rapidsnark) for zkSNARKs (Groth16 and PLONK). It is mostly Javascript, except for rapidsnark which is writting in C++.

Nim tooling seems to be mostly absent.

Ethereum

Ethereum has pre-compiled contracts BN_ADD, BN_MUL and SNARKV that reduce the gas costs of zkSNARK verification. These are used by the Solidity code that Zokrates produces.