Zksnarks: a simple proof of zero knowledge


Author: Xiang Cheng @ HUST

1. Zero knowledge proof

Zero knowledge proof is one of the most eye-catching technologies in cryptography in recent years. In the field of blockchain, it is more high-frequency words. However, due to its more mathematical knowledge, it is difficult for ordinary developers to understand, and the data is mostly in English. So I’ll write a blog and talk about excerpts and add my own understanding. But because I’m not a cryptography major, please correct me if there’s something wrong with the description.

This paper is partial to mathematical derivation, not popular science nor application. If you are interested in it, you can prepare paper and pen for derivation.

Before writing this article, I referred to zcash blog, anbi lab blog, vitalik and many other blogs as well as many related papers, but this article is only for science popularization, so I will not list and quote them one by one.

First, let’s talk about zero knowledge proof. In fact, it has been a long time since the concept appeared. There are many kinds of zero knowledge proof protocols. Zksnarks are the most widely used one (including various improvement schemes), others are ZK Starks, bulletproofs and so on.

Its basic concept is that prover, a prover, proves to verifier that a statement is true or false, but does not disclose any other information in the process of proving. For example, identity certification, an organization allows its members to provide identity certification, but does not want to disclose any information, it can use zero knowledge certification to complete. However, it should be noted that the proof here is not the proof in the sense of propositional proof in mathematical sense, but that prover goes to let verifier believe that a statement is true, which is different from the proof in mathematical derivation.

At present, zcash, Ethereum, filecoin and many other projects use zero knowledge proof to complete some tasks, such as privacy transaction, offline transaction verification, storage proof and so on.

Because the segment fault does not support the formula display, the full text of this paper turns to the ZK snarks of zero knowledge proof