Photo by Antoine Dautry on Unsplash

Learning Zero Knowledge Proof

These days, I gave a talk about Zero Knowledge Proof, my slides at: “Gentle” Introduction to Zero Knowledge Proof for Blockchain Developers. In this post, I want to share my main sources for that talk.

A “Gentle” Introduction

First, there is an excellent collection of resources at Awesome zero knowledge proof (zkp) by MatterLabs.

A similar resource, but as a site, is at Zero-Knowledge Proofs.

The initial paper to read (if you are interested in historical notes) at The Knowledge Complexity of Interactive Proof-Systems

A good introduction to that paper and zkp ideas at Zero Knowledge Proofs: An illustrated primer.

The initial paper was oriented to Interactive proof systems. Then, a paper that describes non-interactive ones: Non-interactive zero-knowledge and its application.

Trying to understand the process involved in current non-interactive ZKP Demostrate how Zero-Knowledge Proofs work without using maths.

A nice illustrated introduction (avoiding math details) at Zero-Knowledge Proof Explained and the report Zero-Knowledge Scaling Demystified. Most of my talk was based in this report.

Comparing two popular approaches: SNARKs and STARKs. A Small Difference with Big Implications.

Not so “gentle” introduction

Now, more hard-core math related information.

To understand the process to obtain a proof, read Vitalik Buterin posts about SNARKS:

Quadratic Arithmetic Programs: from Zero to Hero
Exploring Elliptic Curve Pairing
Zk-SNARKs: Under the Hood

and about STARKs:

STARKs, Part I: Proofs with Polynomials
STARKs, Part II: Thank Goodness It’s FRIday

STARKs, Part III: Into the Weeds

In my talk, I briefly commented about zkSNARKs steps from code to proof. My main sources:

What are zk-SNARKs? from Zcash
Explaining SNARKs Part I: Homomorphic Hidings where some E(x) functions are presented with the interesting property of: having E(x) and E(y) you can calculate E(x+y)
Explaining SNARKs Part II: Blind Evaluation of Polynomials where using homorphic hiding we can evaluate polynomials and check the result without revealing the original value s.
Explaining SNARKs Part III: The Knowledge of Coefficient Test and Assumption additional operations to confirm the evaluation of polynomial are related.
Explaining SNARKs Part IV: How to make Blind Evaluation of Polynomials Verifiable assuring that Alice calculation E(P(s)) is verified by Bob.
Explaining SNARKs Part V: From Computations to Polynomials from code to circuits to polynomials, a critical step in this implementation. Read paper about Algebraic methods for interactive proof systems.
Explaining SNARKs Part VI: The Pinocchio Protocol the interactive proof using the Pinocchio Protocol.
Explaining SNARKs Part VII: Pairings of Elliptic Curves presenting the Common Reference String and the non-interactive implementation.

It’s not an easy topic, but it is VERY interesting, spanning many math topics, beyond the use in blockchain and cryptography.

Angel “Java” Lopez