Seminar Innovative Internet Technologies¶
Introduction¶
What are Zero Knowledge Proofs?¶
Framework¶
Properties of a ZKP¶
Non-Interactive ZKP¶
Proof of Knowledge¶
Example: Blackbox Workflow of a ZKP¶
Examples of Modern ZKPs¶
zk-SNARKs¶
zk-STARKs¶
Bulletproof more¶
Can prove that a committed secret value \(v \in Z_p\) is in a given range [0, 2n − 1]
- No trusted setup (using fiat_shamir).
- Can batch multiple proofs into “one” proof.
Ligero¶
Sonic¶
Comparison¶
| Name | Trusted Setup | Proof Size | Proving Time | Verification Time |
|---|---|---|---|---|
| Bulletproof | No | O(log M) | O(M) | O(M) |
| Ligero | No | O(\(\sqrt{\|C\|}\)) | \(\|C\| \log \|C\|\) | \(\|C\| \log \|C\|\) |
| STARK | No | O(\((\log \|C\|)^2\)) | O(\((\|C\| \log \|C\|)^2\)) | O(\(\|C\|\)) |
| Sonic | Yes | O(1) | O(\(\|C\| \log \|C\|\)) | \(N + \log \|C\|\) |
\(\|C\|\) is the number of gates of the computation expressed as an arithmetic circuit, \(M\) the number of And gates in it, \(N\) the length of the inputs and outputs of the computation.