more papers
[Imported from Trac: page SNARKs, version 3]
warner
parent
a3506d57dd
commit
1cf3801f67
40
SNARKs.md
40
SNARKs.md
|
|
@ -5,6 +5,8 @@ multi-party computation and zero-knowledge proofs.
|
||||||
|
|
||||||
## SNARKs
|
## SNARKs
|
||||||
|
|
||||||
|
### SNARKs for C
|
||||||
|
|
||||||
[SNARKs for C: Verifying Program Executions Succinctly and in Zero Knowledge](http://tau.ac.il/~tromer/papers/csnark-20131007.pdf):
|
[SNARKs for C: Verifying Program Executions Succinctly and in Zero Knowledge](http://tau.ac.il/~tromer/papers/csnark-20131007.pdf):
|
||||||
(Ben-Sasson, Chiesa, Genkin, Tromer, Virza). This defines the
|
(Ben-Sasson, Chiesa, Genkin, Tromer, Virza). This defines the
|
||||||
zk-SNARK (zero-knowledge Succinct Non-interactive ARgument of
|
zk-SNARK (zero-knowledge Succinct Non-interactive ARgument of
|
||||||
|
|
@ -51,3 +53,41 @@ bytes. It then took 155 minutes to create one instance of the
|
||||||
proof, and the proof itself was 322 bytes. Verifying the proof took
|
proof, and the proof itself was 322 bytes. Verifying the proof took
|
||||||
0.11 seconds.
|
0.11 seconds.
|
||||||
|
|
||||||
|
### Pinocchio
|
||||||
|
|
||||||
|
[Pinocchio: Nearly Practical Verifiable Computation](https://eprint.iacr.org/2013/279.pdf): (Parno, Gentry)
|
||||||
|
|
||||||
|
This precursor is the application paper for the main generic snark
|
||||||
|
implementation.
|
||||||
|
|
||||||
|
### Recursive Composition of SNARKs
|
||||||
|
|
||||||
|
[Recursive Composition and Bootstrapping for SNARKs and Proof-Carrying Data](http://www.cs.tau.ac.il/~tromer/papers/bootsnark-20120403.pdf): (Nitansky, Canetti, Chiesa, Tromer)
|
||||||
|
|
||||||
|
Andrew Miller tells me that the introductory text in this paper is
|
||||||
|
really good, but the rest is "more advanced technical stuff".
|
||||||
|
|
||||||
|
### GGPR
|
||||||
|
|
||||||
|
[Quadratic Span Programs and Succinct NIZKs without PCPs](https://usukitacs.com/sites/default/files/QSP.pdf): (Gennaro, Gentry, Parno, Raykova)
|
||||||
|
|
||||||
|
This is "the" big result in this field, known as "GGPR". Andrew
|
||||||
|
says this is analogous to the big Craig Gentry paper on
|
||||||
|
fully-homomorphic encryption, but for SNARKs. He says it's good to
|
||||||
|
use to gauge your understanding by flipping back to this one.
|
||||||
|
|
||||||
|
### History
|
||||||
|
|
||||||
|
<http://courses.cs.washington.edu/courses/cse533/05au/pcp-history.pdf>
|
||||||
|
|
||||||
|
Over the last 30 years, folks have been trying to identify what
|
||||||
|
kinds of problems can be proved in this zero-knowledge style (where
|
||||||
|
the "prover" knows a solution but doesn't want to reveal it, and a
|
||||||
|
"verifier" wants to be convinced that they really do know a valid
|
||||||
|
solution). Originally the categories of problems (defined as a
|
||||||
|
class of languages in which the solution is an valid statement in
|
||||||
|
the language) were quite narrow. Variations on what it means to
|
||||||
|
prove something were thrown about (interactive vs non-interactive,
|
||||||
|
publically-verifiable versus not, public coin-tosses vs private).
|
||||||
|
Eventually it was shown that a very large class of problems can be
|
||||||
|
efficiently proved this way.
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue