ZK-SNARK — A small introduction
SNARK
Snark is a short way to proof a statement. Eg I want to show that I know the content of message without telling the exact content also known as zero knowledge snark
SNARK are short and fast too to verify.
ZK Snark is used for private Transaction on public blockchain
Use cases for SNARK
Private transaction on a public blockchain: Tornado cash, Zcash, IronFish
Compliance:
Private proofs of solvency and compliance
Scalability: Rollup system where you transaction is added in batch and to verify it you can use ZK SNARKS
How ZK Snarks are proved
Important Concepts
- Arithmetic Circuit: Logic gates to perform arithmetic operation
So we something called C(h,m) and output will be zero only when SHA256(m)=h otherwise it will not be zero
- Argument systems:
C(x,w) → F x= statements w= witness
We have Prover who will have x,w as input and we have verifier who has x only as input now its the job of prover to convince verifier that there is w for x such that C(x,w) will be zero.
Preprocessing Argument System
It is non interactive in nature.It creates a setup which in return which produces public parameters
S(C) → (Sp,Sv)
Prover will take x,w and Sp and verifier will take Sv with v and now will provide a proof called pie and this proof pie is the only interaction prover and verifier will have.
So this system will have three algorithm (S,P,V):
S(C)→ will output (Sp,Sv) for prover and verifier
P(Sp,x,w) → will output proof pi
V(Sv,x ,pi)→ will just return accept or reject
There are few informal requirements for the argument system:
- Complete: mean if Prover is able to provide proof ,verifier will accept the proof with probability of 1.
- Knowledge Sound : Prover must know its witness and if its doesn’t then the chances of verifier accepting the proof should negligible. Here know is w can be extracted from Prover.
- Zero knowledge: Prover should reveal nothing about witness
Mathematically it can be written as follows:
SNARK — Succinct ARgument of Knowledge
Same as concept as Argument system but with short proof easy to verify.
If we want to understand SNARK it basically prove witness without revealing it and the proof is short and can verify easily. Secret, Short and Fast and this achieved using logarithmic function of preprocessor C
Types of preprocessing Setup
- Trusted setup per circuit:Public parameters are created separately for every circuit using some secret random bits and after each creation this random bits needs to be destroyed because prover can use it to prove false statement.
- Trusted but universal (updatable) setup: Random secret bit r is independent of circuit and is generated only once and can be used by different circuits to create their public parameters.
3. Transparent setup: uses only the circuit and does not require any secret random bit.
How Zero knowledge works
Wordle is quite popular game these days and so how do you prove that you have solved the challenge without telling the exact challenge or answer to it. By sharing this pic
So suppose Prover share this image with verifier stating the transaction is valid and verifier already knows that this image means the valid transaction so without even disclosing anything to verifier prover can verify the transaction.
This is my understanding of the fabulous explanation given at zkhack Whiteboard. Do check out!!
