Shulou(Shulou.com)06/01 Report--

This article mainly explains "what is the knowledge of zk-SNARKs". The content of the explanation is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "what is the knowledge of zk-SNARKs"?

1. Trust settings

Traditional zk-SNARK, such as Groth26, has a major disadvantage: it relies on a common reference string, which is created with an one-time trust setting. This setting creates a reference string for both the certifier and the verifier to use. There are three main problems:

The "toxic waste" generated by the trusted setting, if leaked, can be used to generate forged certificates that cannot be detected. Multi-party computation usually ignores this problem, but the coordination of rituals is extremely complex.

A reference string created by a trusted setting is usually bound to a circuit (basically a program). It is not possible to create a separate trusted setting for any computing, which makes many applications, such as smart contracts, not feasible.

The trust setting is one-time, and the generated reference string cannot be upgraded, which means that if Zcash needs to fix even a small bug in its zk-SNARK circuit, it needs a new ceremony to deploy the repair.

2. General zk-SNARK

The new zk-SNARK build addresses the need for trust settings, which means that arbitrary code such as smart contracts can run as zk-SNARK. There are currently two different approaches:

Transparency settin

The setting creates a common reference string that is exposed and does not create toxic waste. This is similar to the mechanism of zk-STARK. Fractal, Halo, and SuperSonic-CG use transparency settings. The disadvantage of this method is to prove that the amount of data will be very large. Fractal and zk-STARK prove that 250KB can be achieved, which is not realistic for blockchain applications. The Fractal team told me that they were working on the problem of proving too much data. The proof of Halo and SuperSonic is smaller, less than 10KB.

General Settin

This setting creates a structured reference string and also produces toxic waste, but the setting is no longer limited to a single circuit, a reference string can be used in an unlimited number of circuits. For example, Marlin, SuperSonic-RSA, and Plonk. The reference strings generated by these three builds can be upgraded to improve security. If the current toxic waste is leaked, you only need to upgrade the settings to ensure the security of the system again.

3. Zk-SNARK classification

How to compare the emerging zk-SNARK? On the proving person side, it takes O (n log n) time to generate a certificate for each zk-SNARK build. The main difference lies in the amount of data proved, the verification time, and the size of the reference string.

The compilers used by all these zk-SNARKS can be divided into three categories: preprocessing, DARK, and traditional SNARK (non-generic):

4. Existing zk-SNARK construction

As a reference, I will introduce three existing builds. Groth26 is non-generic, it depends on one-time settings that cannot be upgraded, and Sonic is a general-purpose zk-SNARK.

Groth26:Groth26 is the fastest and smallest zk-SNARK at present, and it is used in Zcash and so on. Groth26 is not universal and its settings need to be bound to a specific circuit. Because of its speed and proven small amount of data, it is often used by new zk-SNARK to compare performance.

Sonic:Sonic is an early general zk-SNARK protocol. The paper was published in January 2019. Sonic supports generic, upgradeable reference strings. The size of the proof of Sonic is fixed, but the cost of verification is high. In theory, multiple proofs can be verified in batches to achieve better performance.

5. New zk-SNARK construction

Fractal:Fractal is a zk-SNARK that allows recursion. The transparent setting is realized through the preprocessing of the circuit. To prove the maximum 250KB, the other build-generated proofs are much larger.

Halo:Halo supports recursive evidence organization without the need for trust settings. Unlike other new zk-SNARK builds, the validation time for Halo is linear.

SuperSonic:SuperSonic is an improved version of Sonic and is the first transparent zk-SNARK to be practical in terms of validation time and the amount of proven data.

Marlin:Marlin is an improved version of Sonic, which shortens the proof time by 10 times and the verification time by 4 times.

A big question is: how do you compare the performance of these different zk-SNARK builds? Unfortunately, I'm not aware of any benchmarks for zk-SNARK, but even if there are, not all new builds have a reference implementation. So please don't take the figures in the table below too seriously, they are based on the benchmark indicators in the paper, or on the estimates provided by the inventors.

By looking at the size of the certificate, the run time of the certificate, and verifying the run time, there are some aspects that are worth noting:

Builds that use transparent settings usually have a large amount of proof data

The validation time of Halo is not constant, which is different from other new zk-SNARK builds

Groth26 is still invincible in proving the size and speed of data.

Thank you for your reading, the above is the content of "what is the knowledge of zk-SNARKs?" after the study of this article, I believe you have a deeper understanding of what is the knowledge of zk-SNARKs, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.