Early draft / Tom Walton-Pocock / Ben Levy 2023-09-12 Materials HTML Standard Reference Goal of this Document We seek to advance a full integration of the verified internet ("Web3") into the standard internet protocols. Over a decade into the story of the 'verified internet', there remains an unnatural division between so-called Web2 and Web3 applications. Most Web3 applications are mostly formed of Web2 software, interfacing with a narrow protocol via messaging. The protocol typically handles the logical transmission of value across the consensus protocol, via small programmes known as smart contracts.

Polynomial commitments underpin a lot of ZK Proof systems these days - but to the newcomer the question arises 'what have polynomials got to do with this?'. Because our mental image of polynomials is long wavy lines that cross the x axis a few times and then trot off to ± infinity Why do we need PCSs? Polynomial Commitment Schemes are a sort of "mathematical scaffolding" that allow cryptographers to load a large amount of information (the 'execution trace of a circuit') into a single elliptic curve point -- a single 'number'. SNARKs (the 'S' standing for 'succinct') need to prove to a verifier that large computations have taken place without the verifier having to re run the whole computation (which would defeat the point). Usually, in the world of Web3, the verifier is a blockchain. The succinctness of these proofs (i.e. keeping the amount of data that needs to be sent to the verifier as small as possible) is very important on blockchains, because typically storing on-chain data is very expensive. Please be concrete -- what's the 'trace of a circuit'?

Revised 12-03-2021 Ariel Gabizon | Zac Williamson | Tom Walton-Pocock This document provides details on the protocol specification for Aztec 2.0, deployed to Ethereum mainnet, verifier address 0x737901bea3eeb88459df9ef1BE8fF3Ae1B42A2ba, on 15 March 2021. The protocol is principally designed by Zac Williamson, and built on work by Zac and Ariel Gabizon, the creators of Aztec 2.0's cryptosystems PLONK and Plookup. Background Aztec 2.0 is a multi-asset private rollup service on Ethereum.

Thanks to Zac Williamson, Ariel Gabizon, Georgios Konstantopoulos, Ben Edgington and Tom Waite for various comments and suggestions. 1. Background Those of you who have read the PLONK paper will be aware that it involves a batched polynomial commitment scheme that extends the "Kate" KZG10 scheme. I'm writing this article for those of you who want to get to grips with SHPLONK without sifting through long research papers. Authors The SHPLONK scheme was created by the following researchers: