1/ In the first part of my deep dive into zero-knowledge rollups (zkr), I focused on the history of L2 scaling
In the second part (below), my focus shifts to the wild world of zero-knowledge proofs (zkp), the underlying technology for zkr
🧵👇
cryptoexplainere60.substack.com/p/zk-world-pt-…
In the second part (below), my focus shifts to the wild world of zero-knowledge proofs (zkp), the underlying technology for zkr
🧵👇
cryptoexplainere60.substack.com/p/zk-world-pt-…
2/ The concept of a zkp came from a 1985 academic paper out of @MIT
The idea is there is a prover and a verifier - the prover can prove the truth of information to the verifier w/o revealing the information itself
The idea is there is a prover and a verifier - the prover can prove the truth of information to the verifier w/o revealing the information itself
3/ Technically speaking, zkp is a protocol btwn prover and verifier in which a prover can convince the verifier of the validity of a claim w/o revealing anything other than the proof itself that the claim is true
Should be impossible... which is why its so cool!
Should be impossible... which is why its so cool!
4/ An example comes from the Where's Waldo? game
How can a prover prove knowing where Waldo is to the verifier w/ "zero-knowledge"?
How can a prover prove knowing where Waldo is to the verifier w/ "zero-knowledge"?
5/ In a "traditional" proof, a prover would point to Walod or say, "Waldo is next to the red stripped tent" but that would convey knowledge
There is a way around this...
There is a way around this...
6/ The prover takes a large piece of paper and cuts a small hole in the middle
The prover then places the small hole in the middle so that only Waldo is showing to the verifier
Once the verifier comes to check the answer, the verifier is able to see Waldo and nothing else
The prover then places the small hole in the middle so that only Waldo is showing to the verifier
Once the verifier comes to check the answer, the verifier is able to see Waldo and nothing else
7/ The verifier is convinced that the prover knows where Waldo is while all the info about Waldo’s exact whereabouts remains private
This is the big idea - the proof itself is used to verify the truth
This is the big idea - the proof itself is used to verify the truth
8/ If the prover instead showed the verifier a sailboat behind the paper, then the verifier would know that it was false
This is an oversimplification but conceptually what a zkp is
This is an oversimplification but conceptually what a zkp is
9/ Zkp have three properties:
- Completeness: if the provers claim is true then there is no artificial help needed to verify
- Soundness: if the provers claim is false, then under no scenario can the verifier be convinced that it is true
- Completeness: if the provers claim is true then there is no artificial help needed to verify
- Soundness: if the provers claim is false, then under no scenario can the verifier be convinced that it is true
10/ Properties pt. 2:
- Zero-knowledge: prover does not present any additional knowledge other than the proof itself
- Zero-knowledge: prover does not present any additional knowledge other than the proof itself
11/ Why is this important?
- Privacy: zkp allow for privacy of information
- Scalability: verification time is faster than execution time
- Privacy: zkp allow for privacy of information
- Scalability: verification time is faster than execution time
12/ There are two main types of zkp - zk-SNARKs & zk-STARKs
zk-SNARKs were first proposed by researchers in 2012
SNARKs first successful implementation was @zcash
zk-SNARKs were first proposed by researchers in 2012
SNARKs first successful implementation was @zcash
13/ SNARK stand for:
Succinct - verified quickly w/ small proof length
Non-Interactive - prover & verifier limit interactions
ARgument of
Knowledge
Succinct - verified quickly w/ small proof length
Non-Interactive - prover & verifier limit interactions
ARgument of
Knowledge
14/ The problem w/ SNARKs is that to efficiently implement the system to be able to publish to a blockchain, a trusted setup is needed (Zcash for example) - this is a security vulnerability
15/ zk-STARKs were first introduced by a team of researchers in 2018 including @EliBenSasson who went on to co-found @StarkWareLtd
STARKs build upon SNARKs while fixing the trusted setup issue
STARKs build upon SNARKs while fixing the trusted setup issue
16/ STARK is for:
Scalable - "fully scalable"
Transparent - no trusted setup
ARgument of
Knowledge
Scalable - "fully scalable"
Transparent - no trusted setup
ARgument of
Knowledge
17/ STARKs aim to be more scalable than SNARKs while solving for the trusted setup issue
STARKs are also secure against quantum computing
As a tradeoff, STARKs are more complex, have higher proof sizes, and higher @ethereum verification gas costs
STARKs are also secure against quantum computing
As a tradeoff, STARKs are more complex, have higher proof sizes, and higher @ethereum verification gas costs
• • •
Missing some Tweet in this thread? You can try to
force a refresh
