more papers
[Imported from Trac: page SNARKs, version 3]
parent
a3506d57dd
commit
1cf3801f67
40
SNARKs.md
40
SNARKs.md
|
@ -5,6 +5,8 @@ multi-party computation and zero-knowledge proofs.
|
|||
|
||||
## SNARKs
|
||||
|
||||
### SNARKs for C
|
||||
|
||||
[SNARKs for C: Verifying Program Executions Succinctly and in Zero Knowledge](http://tau.ac.il/~tromer/papers/csnark-20131007.pdf):
|
||||
(Ben-Sasson, Chiesa, Genkin, Tromer, Virza). This defines the
|
||||
zk-SNARK (zero-knowledge Succinct Non-interactive ARgument of
|
||||
|
@ -51,3 +53,41 @@ bytes. It then took 155 minutes to create one instance of the
|
|||
proof, and the proof itself was 322 bytes. Verifying the proof took
|
||||
0.11 seconds.
|
||||
|
||||
### Pinocchio
|
||||
|
||||
[Pinocchio: Nearly Practical Verifiable Computation](https://eprint.iacr.org/2013/279.pdf): (Parno, Gentry)
|
||||
|
||||
This precursor is the application paper for the main generic snark
|
||||
implementation.
|
||||
|
||||
### Recursive Composition of SNARKs
|
||||
|
||||
[Recursive Composition and Bootstrapping for SNARKs and Proof-Carrying Data](http://www.cs.tau.ac.il/~tromer/papers/bootsnark-20120403.pdf): (Nitansky, Canetti, Chiesa, Tromer)
|
||||
|
||||
Andrew Miller tells me that the introductory text in this paper is
|
||||
really good, but the rest is "more advanced technical stuff".
|
||||
|
||||
### GGPR
|
||||
|
||||
[Quadratic Span Programs and Succinct NIZKs without PCPs](https://usukitacs.com/sites/default/files/QSP.pdf): (Gennaro, Gentry, Parno, Raykova)
|
||||
|
||||
This is "the" big result in this field, known as "GGPR". Andrew
|
||||
says this is analogous to the big Craig Gentry paper on
|
||||
fully-homomorphic encryption, but for SNARKs. He says it's good to
|
||||
use to gauge your understanding by flipping back to this one.
|
||||
|
||||
### History
|
||||
|
||||
<http://courses.cs.washington.edu/courses/cse533/05au/pcp-history.pdf>
|
||||
|
||||
Over the last 30 years, folks have been trying to identify what
|
||||
kinds of problems can be proved in this zero-knowledge style (where
|
||||
the "prover" knows a solution but doesn't want to reveal it, and a
|
||||
"verifier" wants to be convinced that they really do know a valid
|
||||
solution). Originally the categories of problems (defined as a
|
||||
class of languages in which the solution is an valid statement in
|
||||
the language) were quite narrow. Variations on what it means to
|
||||
prove something were thrown about (interactive vs non-interactive,
|
||||
publically-verifiable versus not, public coin-tosses vs private).
|
||||
Eventually it was shown that a very large class of problems can be
|
||||
efficiently proved this way.
|
||||
|
|
Loading…
Reference in a new issue