From 1cf3801f6747998dee0dd2668370f0b131afcd0a Mon Sep 17 00:00:00 2001
From: warner <>
Date: Tue, 11 Mar 2014 18:46:28 +0000
Subject: [PATCH] more papers

[Imported from Trac: page SNARKs, version 3]
---
 SNARKs.md | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/SNARKs.md b/SNARKs.md
index f308ac2..c9b8ce5 100644
--- a/SNARKs.md
+++ b/SNARKs.md
@@ -5,6 +5,8 @@ multi-party computation and zero-knowledge proofs.
 
 ## SNARKs
 
+### SNARKs for C
+
 [SNARKs for C: Verifying Program Executions Succinctly and in Zero Knowledge](http://tau.ac.il/~tromer/papers/csnark-20131007.pdf):
 (Ben-Sasson, Chiesa, Genkin, Tromer, Virza). This defines the
 zk-SNARK (zero-knowledge Succinct Non-interactive ARgument of
@@ -51,3 +53,41 @@ bytes. It then took 155 minutes to create one instance of the
 proof, and the proof itself was 322 bytes. Verifying the proof took
 0.11 seconds.
 
+### Pinocchio
+
+[Pinocchio: Nearly Practical Verifiable Computation](https://eprint.iacr.org/2013/279.pdf): (Parno, Gentry)
+
+This precursor is the application paper for the main generic snark
+implementation.
+
+### Recursive Composition of SNARKs
+
+[Recursive Composition and Bootstrapping for SNARKs and Proof-Carrying Data](http://www.cs.tau.ac.il/~tromer/papers/bootsnark-20120403.pdf): (Nitansky, Canetti, Chiesa, Tromer)
+
+Andrew Miller tells me that the introductory text in this paper is
+really good, but the rest is "more advanced technical stuff".
+
+### GGPR
+
+[Quadratic Span Programs and Succinct NIZKs without PCPs](https://usukitacs.com/sites/default/files/QSP.pdf): (Gennaro, Gentry, Parno, Raykova)
+
+This is "the" big result in this field, known as "GGPR". Andrew
+says this is analogous to the big Craig Gentry paper on
+fully-homomorphic encryption, but for SNARKs. He says it's good to
+use to gauge your understanding by flipping back to this one.
+
+### History
+
+<http://courses.cs.washington.edu/courses/cse533/05au/pcp-history.pdf>
+
+Over the last 30 years, folks have been trying to identify what
+kinds of problems can be proved in this zero-knowledge style (where
+the "prover" knows a solution but doesn't want to reveal it, and a
+"verifier" wants to be convinced that they really do know a valid
+solution). Originally the categories of problems (defined as a
+class of languages in which the solution is an valid statement in
+the language) were quite narrow. Variations on what it means to
+prove something were thrown about (interactive vs non-interactive,
+publically-verifiable versus not, public coin-tosses vs private).
+Eventually it was shown that a very large class of problems can be
+efficiently proved this way.