Demystifying Fractal: Part I
Fractal is a new general-purpose zero-knowledge proof system (and no, it doesn’t have anything to do with the fractals you’re probably thinking of). While new advances in SNARKs are being made almost daily, a couple of things make Fractal stand out:
- Transparent setup. There is no trapdoor in the setup; it’s based entirely on public randomness.
- Recursive composability. Verification can be written as an R1CS instance, allowing Fractal to verify another Fractal proof.
- Security against quantum adversaries. Whereas some constructions are secure under classical intractability assumptions that don’t hold for quantum computers, Fractal is based on hash functions, for which we don’t have any truly feasible quantum attacks. This actually makes Fractal the first plausibly quantum-secure recursively composable proof system.
- It uses only lightweight cryptography. Another benefit to avoiding the intractability assumptions is that the algebraic operations involved, such as (cryptographic sized) elliptic curve point addition, are computationally expensive compared to evaluating classical hash functions.
We’ll assume that this isn’t your first exposure to interactive proofs, ZKPs, or maybe even SNARKs. At the same time, we’ll provide a high-level overview of the general structure of SNARKs before diving into the particulars of Fractal. The first post will give a higher-level overview, and in the second we’ll get into the gritty mathematical details.
Full Article
Written by Nat Bunner, zero-knowledge cryptography researcher & protocol developer at Metastate. For feedback or questions, please do not hesitate to contact us : team@metastate.dev
