├── README.md ├── package.json └── yarn.lock /README.md: -------------------------------------------------------------------------------- 1 | # awesome zero knowledge proofs 2 | 3 | - aka ZK-systems 4 | - aka spooky moon math 5 | - aka dont show your secrets on a public blockchain 6 | 7 | A collection of videos, reading materials and tools for learning all about the ZK side of crypto. 8 | 9 | --- 10 | 11 | ## SNARKs 12 | 13 | (Succinct non-interactive argument of knowledge) 14 | 15 | Fast facts: 16 | 17 | - used in Zcash 18 | - available in Ethereum as pre-compiled smart contracts 19 | - has a trusted setup phase, making a trusted party needed (OR having to deal with secure multi part computation (sMPC)) 20 | - very fast verification, very small proof 21 | 22 | ### Videos 23 | 24 | - [Coda Protocol: Using ZK-SNARKs for a Constant-size Blockchain :: Izaak Meckler at Zcon0 (June 2018)](https://www.youtube.com/watch?v=qCVACpgQSjo) 25 | 26 | ### Reading 27 | 28 | ### Tools 29 | 30 | - [ZoKrates](https://github.com/Zokrates/ZoKrates) 31 | - [DIZK](https://github.com/scipr-lab/dizk) 32 | 33 | --- 34 | 35 | ## STARKs 36 | 37 | (Succinct transparent argument of knowledge) 38 | 39 | Fast facts: 40 | 41 | - newer, ["hotter"](https://twitter.com/avsa/status/1057584874859753472?s=21) cousin of SNARKs 42 | - newer also means lots of research actively happening during the "warm up phase" for this technique 43 | - does not require a trusted setup phase 44 | - proof length is much longer than SNARK 45 | 46 | ### Videos 47 | 48 | - [Zero-Knowledge Proof Protocol :: Eli Ben-Sasson at Web3 Summit (October 2018)](https://www.youtube.com/watch?v=1KSwVIZ82hs) 49 | - [STARK Arithmetization :: Eli Ben Sasson at Technion Cyber and Computer Security Summer School (September 2017)](https://www.youtube.com/watch?v=9VuZvdxFZQo) 50 | - [STARK Low Degree Testing :: Eli Ben Sasson at Technion Cyber and Computer Security Summer School (September 2017)](https://www.youtube.com/watch?v=L7tZeO8ihcQ) 51 | 52 | ### Reading 53 | 54 | ### Tools 55 | 56 | --- 57 | 58 | ## Bulletproofs 59 | 60 | Fast facts: 61 | 62 | - used in Monero 63 | - great proof legth 64 | - verification time 65 | 66 | ### Videos 67 | 68 | - [Diving Into Bolt; A Privacy-Preserving Layer Two Approach :: J. Ayo Akinyele at Zcon0 (June 2018)](https://www.youtube.com/watch?v=z2l5NqJ6sOI) 69 | 70 | ### Reading 71 | 72 | - [Monero Compatible Bulletproofs (December 2017)](https://getmonero.org/2017/12/07/Monero-Compatible-Bulletproofs.html) 73 | 74 | ### Tools 75 | 76 | --- 77 | 78 | ## General 79 | 80 | There are other proof systems, and some general Mathematics / ideas / standards that make ZK proofs work in theory and in application. 81 | 82 | ### Videos 83 | 84 | - [Introduction zk SNARKs STARKs :: Eli Ben Sasson at Technion Cyber and Computer Security Summer School (September 2017)](https://www.youtube.com/watch?v=VUN35BC11Qw) 85 | 86 | ### Reading 87 | 88 | - [Initiative for the standardization of usage of proofs](https://zkproof.org/index.html) 89 | 90 | ## SNARK vs STARK vs Bulletproof comparisson 91 | 92 | (Note: summary from the talk "Zero-Knowledge Proof Protocol :: Eli Ben-Sasson at Web3 Summit (October 2018)") 93 | 94 | - there are many others proofs now, and more will come in the future, but these three are being used in blockchains already 95 | - STARK prover will be quasi linear to naive computation (naive as in no zero knowledge aspects) 96 | - SNARK is similar, but also has setup which is also scaling linear to the computation & prover time 97 | - needs trust, and larger keys as the computation becomes larger 98 | - Recursive SNARK (Coda) does not have this drawback of large keys, as the setup is scoped smaller due to epochs 99 | - break the computation into a sequence of epochs 100 | - only need to create a key for one epoch 101 | - still have trusted setup 102 | - proving time is larger 103 | - Bulletproofs have a great proof length 104 | - however the verification time is also super linear along with computation and proving time 105 | - not so good for scalability, as there is no savings for the verifiers to process 106 | - all are using pederson hashes 107 | - Starkware 108 | - Sapling release for Zcash 109 | - Bulletproofs in Monero 110 | 111 | --- 112 | 113 | ### STARK Scalability 114 | 115 | - 1 TX -> 500kb to 80kb (Consensys 2017) to 45kb now (October 2018) 116 | - yet to identify lower bound, more room for improvement! 117 | - 10k TX -> 190kb to 135kb 118 | - 3x greater size even though 10.000 factor increase in payload 119 | 120 | --- 121 | 122 | ### SNARK Scalability 123 | 124 | - 1 TX -> 200 byte (with a 50MB key to prove) 125 | - 10k TX -> 200 byte (with a 500GB key to prove) 126 | 127 | --- 128 | 129 | ### Bulletproof Scalability 130 | 131 | - 1 TX -> 1.5kb 132 | - 10k TX -> 2.5kb 133 | - but the verification time is scaling linear with proving time 134 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "awesome-zero-knowledge-proofs", 3 | "version": "1.0.0", 4 | "main": "index.js", 5 | "author": "mattgstevens ", 6 | "license": "MIT", 7 | "devDependencies": { 8 | "prettier": "^1.14.3" 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /yarn.lock: -------------------------------------------------------------------------------- 1 | # THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY. 2 | # yarn lockfile v1 3 | 4 | 5 | prettier@^1.14.3: 6 | version "1.14.3" 7 | resolved "https://registry.yarnpkg.com/prettier/-/prettier-1.14.3.tgz#90238dd4c0684b7edce5f83b0fb7328e48bd0895" 8 | integrity sha512-qZDVnCrnpsRJJq5nSsiHCE3BYMED2OtsI+cmzIzF1QIfqm5ALf8tEJcO27zV1gKNKRPdhjO0dNWnrzssDQ1tFg== 9 | --------------------------------------------------------------------------------