A Brief Introduction to ZK

# A Brief Introduction to ZK > There is a collection of introductory notes that I have written to help newcomers dive into the world of zero knowledge theory and applications. If you have any comments, suggestions, or feedback, please feel free to reach out fxj21@mails.tsinghua.edu.cn. ## Prerequisites Before we dive into ZK, it's important to have a basic understanding of [basic algebra](https://mit6875.github.io/HANDOUTS/numbertheory.pdf), [number theory](https://crypto.stanford.edu/pbc/notes/numbertheory/) and [cryptographic primitives](https://www.cs.cornell.edu/courses/cs4830/2010fa/lecnotes.pdf). (Click to see the useful resources!) Speaking from my own learning experience, striking a balance between theoretical depth (especially regarding **computational complexity**) and practical development is the biggest obstacle when learning ZKPs. To overcome this challenge, it's essential to focus on building intuition and understanding key concepts, rather than solely pursuing rigorous mathematical knowledge. ## Introduction to ZK Zero-knowledge proof systems were introduced in 1985 by Shafi Goldwasser, Silvio Micali, and Charles Rackoff. This groundbreaking innovation had a transformative effect on the field of cryptography and was recognized by the ACM **Turing Award**, which was awarded to Goldwasser and Micali in 2012. Intuitively, zero-knowledge (ZK) proofs are a fascinating area of research that allow you to prove that you know something, without revealing the actual information. The protocol has two roles: the **prover** $P$ and the **verifier** $V$. The prover aims to convince the verifier that they know a fact, without telling them the fact directly. ![](https://i.imgur.com/3rSGNRP.png) ZK proofs have three properties: (less math here!) - **zero knowledge**: The Prover’s responses don’t reveal the underlying information. - **completeness**: If the Prover knows the underlying information, they’re always able to answer satisfactorily. - **soundness**: If the Prover doesn’t know the underlying info, they’ll eventually get caught. ## ZK SNARK ZK SNARK(Zero-Knowledge Succinct Noninteractive Argument of Knowledge) is a new cryptographic tool that can be applied to arbitary function. It has four important properties: - **zk**: hides inputs. - **Succinct**: generates short proofs that can be verified quickly. - **Noninteractive**: doesn’t require a back-and-forth. - **ARgument of Knowledge:** proves you know the input. At a high level, the process of working with zkSNARKs involves several key steps. First, the problem at hand is transformed into a function that represents its core components. Next, this function is converted into an equivalent set of **Rank-1 Constraint System** (R1CS) equations, which serve as a simplified representation of the problem. These R1CS equations are then transformed into an arithmetic circuit, which is a computational model composed of addition($+$) and multiplication($\times$) operations. The arithmetic circuit allows for more efficient manipulation and evaluation of the problem. Finally, a Zero-Knowledge Proof (ZKP) is generated for the satisfiability of the R1CS equations. These properties makes SNARKs useful for blockchain applications, where users can create proofs locally, and then upload short proofs for constant-time verification inside a smart contract, where computation is expensive. In the future, we will delve deeper into the topic of zkSNARKs, exploring their intricacies and discussing various aspects such as their applications, limitations, and potential improvements. ## Full Stack of ZK Here we will list some of popular tool and library for zk developers: 1. **libsnark**: A C++ library for zk-SNARKs. You can use it with a variety of proving systems. ``` cppCopy code#include <libsnark/gadgetlib1/gadgets/hashes/sha256/sha256_gadget.hpp> #include <libsnark/relations/constraint_satisfaction_problems/r1cs/examples/r1cs_examples.hpp> ``` 2. **ZoKrates**: A toolbox for zk-SNARKs on Ethereum that enables developers to write zk-SNARK circuits in a domain-specific language (DSL) and compile them into Solidity smart contracts. ``` zokratesCopy codedef main(private field a, private field b) -> (field): field result = a * b return result ``` 3. **bellman**: A Rust library for building zk-SNARK proofs using the Groth16 proving system. It provides a user-friendly API for creating constraint systems and generating proofs. ``` rustCopy codeuse bellman::groth16::{generate_random_parameters, create_random_proof, prepare_verifying_key, verify_proof}; use bellman::{ConstraintSystem, SynthesisError, Variable}; ``` 4. **circom**: A circuit compiler for zk-SNARKs that allows developers to write circuits in a high-level, JavaScript-like language. The compiled circuits can then be used with various proving systems and integrated into applications. ``` circomCopy codetemplate Multiplier() { signal private input a; signal private input b; signal output c; c <== a * b; } ``` 5. **snarkjs**: A JavaScript library for creating and verifying zk-SNARK proofs using the Groth16 proving system. It can be used with circom-generated circuits and can be easily integrated into web applications. ``` javascriptCopy codeconst snarkjs = require("snarkjs"); const { proof, publicSignals } = await snarkjs.groth16.fullProve(input, circuit, proving_key); ``` Later, we mainly use `circom` and `snarkjs`. Also, you can compile your `circom` code in an online IDE: [zkREPL](https://zkrepl.dev/). ## Open Areas ZK is still a relatively new area of research, which means there are still many areas that require exploration: ( broadly divided into two main areas: **application-focused** and **academia-focused**.) - Building better circuits and protocols - Uncovering new use cases - Building infrastructures ## Conclusion In summary, we have introduced the concept of Zero-Knowledge Proofs, provided a intuitive overview of zkSNARKs, and discussed the toolchains associated with ZK programming. As we move forward, we will delve deeper into these topics, including: - `circom` coding - mathematical building blocks - commitment schemes - arithmetizations - PLONK - Proving system stack - ...... Thank you for reading and showing interest in this topic! Later we will move on to **mathematical building blocks**.