--- tags: study-club --- # ZKP Study Club ## Interested Topic - Theoretical - [ ] Proof System - [x] Random Oracle Model - [ ] Pairing - Vector Commitment - [x] Kate Commitment (KZG10) - [ ] RSA Accumulator - ZKP Scheme - SNARK - [x] Pinocchio (PHGR13) - [x] Groth16 - [x] Plonk - [ ] Sonic - [ ] Marlin - [ ] Dark - STARK - [ ] FRI - Circuit Friendly Hash (less constraints but not CPU friendly β†’ cost more in EVM) - [ ] MiMC - [ ] Pedersen - [ ] Poseidon - [ ] GMiMC - Elliptic Curve - Pairing Friendly - [ ] BLS12-381 - [ ] BN254 - Embedded (in circuit) - [ ] Jubjub (same group order as BLS12-381) - [ ] Baby Jubjub (same group order as BN254) - Language for ZKP Circuit - DSL - [ ] [cairo](https://www.cairo-lang.org) STARK based (by StarkWare) - [ ] [circom](https://github.com/iden3/circom) - [ ] [leo](https://github.com/AleoHQ/leo) - [ ] [noir](https://developers.aztec.network/#/A%20Private%20Layer%202/Custom%20Circuits) specific for Aztec Network (by Aztec) - [ ] [zinc](https://zinc.zksync.io) specific for zkSync (by Matter Labs) - [ ] [zokrate](https://zokrates.github.io) - High-Level API - [ ] [bellman](https://github.com/zkcrypto/bellman) in Rust - [ ] [gnark](https://github.com/ConsenSys/gnark) in Go - Application - [x] [Tornado Cash](https://tornado.cash) - [x] [Dark Forest](https://zkga.me) - Ethereum Layer2 - Privacy - [ ] [zkopru](https://zkopru.network) zk + optimism rollup - Scalability - [ ] [Hermez Network](https://hermez.io) (by Iden3) - [ ] [zkSync](https://zksync.io) (by Matter Labs) - [ ] [Aztec Network](https://aztec.network) zk$^2$ rollup (by Aztec) - Applied ZKP ([2020 update](https://blog.ethereum.org/2020/12/09/ef-supported-teams-research-and-development-update-2020-pt-2/#applied-zkp)) - [ ] [Semaphore](https://github.com/appliedzkp/semaphore) - [ ] [MACI (Minimal Anti-Collusion Infrastructure)](https://github.com/appliedzkp/maci) - [ ] [UniRep](https://github.com/NIC619/UniRep) ## Interested Paper | Name | Alias | PDF | |:-------------------------------------------------------------------------------------------------- | ------ |:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------:| | The Knowledge Complexity of Interactive Proof-Systems | GMR85 | [πŸ”—](http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.419.8132&rep=rep1&type=pdf) | | How to Prove All NP Statements in Zero-Knowledge and a Methodology of Cryptographic Protocol Design | GMR86 | [πŸ”—](https://link.springer.com/chapter/10.1007/3-540-47721-7_11) | | Minimum disclosure proofs of knowledge | BCC88 | [πŸ”—](https://www.sciencedirect.com/science/article/pii/0022000088900050) | | Non-interactive zero-knowledge and its applications | BFM88 | [πŸ”—](https://people.csail.mit.edu/silvio/Selected%20Scientific%20Papers/Zero%20Knowledge/Noninteractive_Zero-Knowkedge.pdf) | | How To Prove Yourself: Practical Solutions to Identification and Signature Problems | FS88 | [πŸ”—](https://link.springer.com/chapter/10.1007/3-540-47721-7_12) | | The Knowledge Complexity of Interactive Proof-Systems | GMR89 | [πŸ”—](http://crypto.cs.mcgill.ca/~crepeau/COMP647/2007/TOPIC02/GMR89.pdf) | | Proofs that Yield Nothing But Their Validity All Languages in NP Have Zero-Knowledge Proof Systems | GMW91 | [πŸ”—](https://people.csail.mit.edu/silvio/Selected%20Scientific%20Papers/Zero%20Knowledge/Proofs_That_Yield_Nothing_But_Their_Validity_or_All_Languages_in_NP_Have_Zero-Knowledge_Proof_Systems.pdf) | | A note on efficient zero-knowledge proofs and arguments | Kil92 | [πŸ”—](https://people.csail.mit.edu/vinodv/6892-Fall2013/efficientargs.pdf) | | Short Pairing-based Non-interactive Zero-Knowledge Arguments | Gro10 | [πŸ”—](http://www0.cs.ucl.ac.uk/staff/J.Groth/ShortNIZK.pdf) | | Quadratic Span Programs and Succinct NIZKs without PCPs | GGPR13 | [πŸ”—](https://eprint.iacr.org/2012/215.pdf) | | Pinocchio: Nearly Practical Verifiable Computation | PHGR13 | [πŸ”—](https://eprint.iacr.org/2013/279.pdf) | | On the Size of Pairing-based Non-interactive Arguments | Gro16 | [πŸ”—](https://eprint.iacr.org/2016/260.pdf) | | Scalable Multi-party Computation for zk-SNARK Parameters in the Random Beacon Model | BGM17 | [πŸ”—](https://eprint.iacr.org/2017/1050.pdf) | | PlonK: Permutations over Lagrange-bases for Oecumenical Noninteractive arguments of Knowledge | GWC19<br>PLONK | [πŸ”—](https://eprint.iacr.org/2019/953.pdf) | | REDSHIFT: Transparent SNARKs from List Polynomial Commitment IOPs | KPV19<br>REDSHIFT | [πŸ”—](https://eprint.iacr.org/2019/1400.pdf) | | Recursive Proof Composition without a Trusted Setup | BGH19<br>Halo | [πŸ”—](https://eprint.iacr.org/2019/1021.pdf) | | Halo Infinite: Recursive zk-SNARKs from any Additive Polynomial Commitment Scheme | BDFG20 | [πŸ”—](https://eprint.iacr.org/2020/1536.pdf) | | plookup: A simplified polynomial protocol for lookup tables | GW20 | [πŸ”—](https://eprint.iacr.org/2020/315.pdf) | | - | - | [πŸ”—]() | ## Cycles 1. **2021/03/01** - [ZKP Study Club Planning / ZKP Introduction / Case Study - Dark Forest Game](https://hackmd.io/7OnqIe52TpWbp2_HHx-NMQ) 2. **2021/03/15** - [Pinocchio (PHGR13) / Groth16](https://hackmd.io/MLJCDlEjTfSQWR3xLLHgZg) 3. **2021/03/29** - [KZG10 / Plonk (GWC19) / Random Oracle Model](https://hackmd.io/veWiBce8TvacLXL2oQ4DAA) 4. **2021/04/26** - ==[TBD](https://hackmd.io/sOw7AsdTQJGI8v6NJgEKyg)== 5. **[WIP] backup#1** - [TurboPlonk / Plookup / Case Study - TBD](https://hackmd.io/egJS4ybgTSudyyufrGzrCA) ## Learning Resource - Book - [ZKProof Reference](https://docs.zkproof.org/pages/reference/reference.pdf) - [On the Foundations of Cryptography](http://www.wisdom.weizmann.ac.il/~oded/VO/foc.pdf) by Oded Goldreich - Report - [Report on the Security of STARK-friendly Hash Functions (Version 2.0)](https://starkware.co/wp-content/uploads/2020/03/reportv2.pdf) - Video Channel - [Zero Knowledge](https://www.youtube.com/channel/UCYWsYz5cKw4wZ9Mpe4kuM_g) - zkSummit / zkStudyClub / zkSession - [ZKProof Standard](https://www.youtube.com/channel/UC79GUI9SBNnfmJOQyHDrrPQ) - Course - [Stanford CS255](https://cs255.stanford.edu) - Introduction to Cryptography - [Stanford CS251](https://cs251.stanford.edu) - Cryptocurrencies and Blockchain Technologies - [Algebra and Computation](http://people.seas.harvard.edu/~madhusudan/MIT/ST15) - [NTU CSIE5037](https://hackmd.io/7vqmbvMBRuyWey_nEDh8EQ) - Theoretical Aspects of Modern Cryptography - Feed - [zkMesh](https://zkmesh.substack.com) - Study Group - [zkStudyClub](https://www.youtube.com/playlist?list=PLj80z0cJm8QHm_9BdZ1BqcGbgE-BEn-3Y) of [Zero Knowledge](https://www.youtube.com/channel/UCYWsYz5cKw4wZ9Mpe4kuM_g) - [Studt Group](https://docs.google.com/document/d/1fYhe0DE8BB79sFaHMgoAsx29wq3swXSNw5IXPpYwW0E/edit#heading=h.210x697mn3wq) from [Decentralized Systems Lab](https://decentralize.ece.illinois.edu) in UIUC - Github - [github.com/matter-labs/awesome-zero-knowledge-proofs](https://github.com/matter-labs/awesome-zero-knowledge-proofs) - [github.com/Mikerah/awesome-privacy-on-blockchains](https://github.com/Mikerah/awesome-privacy-on-blockchains) - Forum - [ethresear.ch](https://ethresear.ch/) - [BLS Signatures in Solidity](https://ethresear.ch/t/bls-signatures-in-solidity/7919) - [Open problem: ideal vector commitment](https://ethresear.ch/t/open-problem-ideal-vector-commitment/7421) - [Using GKR inside a SNARK to reduce the cost of hash verification down to 3 constraints](https://ethresear.ch/t/using-gkr-inside-a-snark-to-reduce-the-cost-of-hash-verification-down-to-3-constraints/7550) - [Prover time comparison of GKR+Groth16 vs. Groth16 for proving MiMC hashes](https://ethresear.ch/t/prover-time-comparison-of-gkr-groth16-vs-groth16-for-proving-mimc-hashes/8373) - [SLONKβ€”a simple universal SNARK](https://ethresear.ch/t/slonk-a-simple-universal-snark/6420) - [Using polynomial commitments to replace state roots](https://ethresear.ch/t/using-polynomial-commitments-to-replace-state-roots/7095) - [plonk.cafe](https://www.plonk.cafe)