zk-SNARKs

zkSNARKs in a nutshell

Zero-Knowledge Succinct Non-interactive ARguments of Knowledge.

Used to verify the correctness of computations without having to execute them and you will not even learn what was executed - just that it was done correctly.

Encoding as a polynomial problem

The program needs to be compiled into a quadratic equation of polynomials: t(x)h(x) = w(x)v(x). Equality holds only if program is computed correctly; prover wants to convince verifier of this equality.

Succintness by random sampling

The Verifier chooses a secret evaluation point s to reduce the problem from multiplying polynomials to multiplcation/equality check on numbers (i.e. t(s)h(s) = w(s)v(s)). This reduces proof size and verification time.

the sizes of the messages are tiny in comparison to the length of the actual computation

Homomorphic encoding/encryption: encryption function

E, has some homomorphic properties allowing the prover to compute E(t(s)), E(h(s)), E(w(s)), E(v(s)) without knowing s, just E(s).

Zero knowledge

Prover permutes the values E(t(s)), E(h(s)), E(w(s)), E(v(s)) by multiplying by some number so the verifier can check the structure without knowing the actual values.

during the interaction, the verifier learns nothing apart from the validity of the statement. The verifier especially does not learn the witness string - we will see later what that is exactly.

of Knowledge: it is not possible for the prover to construct a proof/argument without knowing a certain so-called witness (for example the address she wants to spend from, the preimage of a hash function or the path to a certain Merkle-tree node).

Quadratic Span Problems/Programs

A Quadratic Span Program consists of a set of polynomials and the task is to find a linear combination of those that is a multiple of another given polynomial

TO BE CONTINUED…

Relevant Articles