General Information ZKProof5 (2022), the 5th workshop of the zero-knowledge proof standardization effort, will take place, as an in-person event. Hybrid remote participation will be possible in most sessions, but we encourage physical presence to enable effective discussions and in-situ collaborations. Where: Tel Aviv Stock Exchange, Tel Aviv, Israel When: November 15--17, 2022 Submission due: Friday, October 14th Submission mail: zkproof5-submissions@zkproof.org Acceptance notification: Tuesday, October 25th Venue address: Ahuzat Bayit St 2, Tel Aviv-Yafo, 6525216, Israel

Date & Time: August, Tuesday 3rd @2:30pm UTC / 5:30pm Israel Time / 10:30am EST / 7:30am Pacific time Link to the Space: https://twitter.com/i/spaces/1BRJjBZQvNWJw Confirmed Participants: Technical part: Daira, Pratyush, Chelsea, Eran, Zac and Ian Economics part: Zooko, Jon, Michelle, Hudson, Jack and Moderators: Mary (as @ZKProof) and Daniel

Let $X$ be an integer, and $(x_n,...,x_0)$ binary decomposition Goal: define packing technique so that we can assume that the scheme works over messages that are vectors in $F^n_p$ despite the HE message space are polynomials in $R=F_p[X]/(X^n + 1)$. To this end we want define a bijection $(encode, decode)$ where $encode: F_p^n \to R=F_p[X]/(X^n + 1))$ s.t. $\forall v_1, v_2 \in F^n_p: v_1\cdot v_2 = decode(encode(v_1) * encode(v_2))$ Let $z$ be an integer, $n = 2^z$, $m = 2 · n$, and $p$ be a prime such that $p = 1 \mod m$. In this case, $(X^n + 1)$ splits over $F_p$, i.e., $(X^n +1) = \prod_i F_i(X)$, where each $F_i$ is a linear polynomial.

 Introduction As part of the SIEVE program, TA1 and TA2 performers are required to interoperate by generating or consuming the same intermediate representation (IR) of zero-knowledge statements. This document contains a brief description of the zkInterface interoperability tool, and focuses on outlining the relevant and important features. zkInterface is the first such proposal, allowing TA1 performers to use the most suitable and convenient TA2 proving system, and viceversa, without having to implement every possible connection. Furthermore, zkInterface can facilitate the process of testing and evaluation (T&E) for the deliverables of different performers. zkInterface was created as part of the ZKProof Standardization effort, where it quickly got traction becoming the standard tool for interoperability between frontends and backends. Resources

Intro to Lattice-based Cryptography By Daniel Benarroch, July 2020 Most pictures taken from Daniele Micciancio's & Chris Peikert's presentations Content Lattices Motivation What is a Lattice? Important properties Computational problems

 This is a short guide that can serve as a default process for the working groups. Here are all the working groups Here are all the notes from the workshop discussions Here are all the discussion recordings Goals & Outcomes Members of the working groups will collaborate to produce a draft standard based on the relevant proposal(s) discussed at the workshop. This draft standard will then be reviewed by the Steering Committee before final approval.

 Zero-knowledge proof systems are used to prove mathematical statements while maintaining a level of privacy. In some cases, these statements, or predicates are based on larger cryptographic constructions and require proving the some primitives have been computed correctly. Specifically, this working group was created as a way to coordinate and ensure the appropriate use of these primitives within other working groups and standardization efforts using zero-knowledge proofs. We will aim to reuse any existing standard for the primitives in this charter, adapting them to the setting of SNARKs. Goals We have built this working group in order to standardize the secure and interoperable description, implementation and applications of a variety of SNARK-friendly primitives to be used in different settings. These include among others: