proofs

zero-knowledge proofs

tl; dr

• suppose that you have a (public) function f, a (private) input x, and a (public) output y.
• you want to prove that you know an x such that f(x) = y, without revealing what x is.
• for the proof to be succinct, you want it to be verifiable much more quickly than computing itself.
• a trusted setup ceremony is a procedure that is done to generate a piece of data that must be used every time some cryptographic protocol is run.
• for some proofs to work, such as zk-snarks, it's necessary to create a common reference string (CRS), which provides public parameters for proving and verifying validity proofs.
• the security of the proving system depends on the csr setup and some zk-rollups attempt to solve this problem by using a multi-party computation ceremony (mpc) with trusted individuals.
• modern protocols use the power-of-tau setup, which has 1-of-N trust model, with N around hundreds.

comparison of proof systems

common reference strings, structured reference strings, trusted setup, multi-party computation ceremony

---

chapters

• zk-snarks
• zk-starks
• plonk
• halo2
• nova
• bulletproofs
• kate
• circom

---

cool resources

• how do trusted setups work, by vub
• the original paper for sonic, by m. maller et al
• a python script for trusted setup