A curated list of awesome things related to learning zero knowledge proofs
- General introduction
- Applications
- Comparison of the most popular zkp systems
- SNARKs
- Sonic
- STARKs
- Bulletproofs
- Social media
Zero-Knowledge Proofs Starter Pack: alternative introductory list for beginners (more videos).
- Zero Knowledge Proofs: An illustrated primer by Matthew Green
- Demystifying zero-knowledge proofs (math-heavy, awesome introduction into underlying cryptography)
- Introduction to SNARKs/STARKs by Eli Ben-Sasson (YouTube)
- On Interactive Proofs and Zero-Knowledge: A Primer
More complete curated list of implementations and scientific ressources: https://zkp.science
- Live Rollup (SNARK-based "Plasma") tesnet by Matter Labs
- SNARK-based permissioned database: rollup by BarryWhitehat
- Gnosis dFusion: DEX on SNARKs
- Zcash: Privacy-Protecting Digital Currency (SNARKs)
- Monero: Private Digital Currency (Bulletproofs)
- Coda: A Constant-Size Blockchain (recursive SNARKs)
- Grin: Simple, privacy-focused, scalable MimbleWimble chain implementation (Bulletproofs)
| SNARKs | STARKs | Bulletproofs | |
|---|---|---|---|
| Algorithmic complexity: prover | O(N * log(N)) | O(N * poly-log(N)) | O(N * log(N)) |
| Algorithmic complexity: verifier | ~O(1) | O(poly-log(N)) | O(N) |
| Communication complexity (proof size) | ~O(1) | O(poly-log(N)) | O(log(N)) |
| - size estimate for 1 TX | Tx: 200 bytes, Key: 50 MB | 45 kB | 1.5 kb |
| - size estimate for 10.000 TX | Tx: 200 bytes, Key: 500 GB | 135 kb | 2.5 kb |
| Ethereum/EVM verification gas cost | ~600k (Groth16) | ~2.5M (estimate, no impl.) | N/A |
| Trusted setup required? | YES 😒 | NO 😄 | NO 😄 |
| Post-quantum secure | NO 😒 | YES 😄 | NO 😒 |
| Crypto assumptions | Strong 😒 | Collision resistant hashes 😄 | Discrete log 😏 |
Get started:
Zcash blog series:
- Explaining SNARKs Part I: Homomorphic Hidings
- Explaining SNARKs Part II: Blind Evaluation of Polynomials
- Explaining SNARKs Part III: The Knowledge of Coefficient Test and Assumption
- Explaining SNARKs Part IV: How to make Blind Evaluation of Polynomials Verifiable
- Explaining SNARKs Part V: From Computations to Polynomials
- Explaining SNARKs Part VI: The Pinocchio Protocol
- Explaining SNARKs Part VII: Pairings of Elliptic Curves
Vitalik Buterin's blog series on SNARKs:
- Part 1: Quadratic Arithmetic Programs: from Zero to Hero
- Part 2: Exploring Elliptic Curve Pairings
- Part 3: Zk-SNARKs: Under the Hood
Protocol descriptions:
- zkSNARKs in a Nutshell
- Groth16 protocol (original paper)
- Zcash Sapling protocol spec (very useful as detailed cheat-sheet of all cryptography used)
- libsnark (C++)
- bellmnan (rust)
- jsnark (Java, bindings to libsnark)
- snarky (Ocaml, from authors of Coda)
- zokrates (toolbox for zkSNARKs on Ethereum)
- ethsnarks by HarryR (alternative toolkit for viable zk-SNARKS on Ethereum, Web, Mobile and Desktop)
- DIZK: Java library for distributed zero knowledge proof systems with Apache Spark (see the research paper)
- SnarkyGPU: distributed GPU based zkSNARKs prover (work in progress)
- “Powers of Tau” protocol for scalable generation of structured reference string
- Implementation of ZCash MPC Ceremony, Part I: "Powers of Tau"
- Implementation of ZCash MPC Ceremony, Part I: "Sapling Circuit"
- Sonic: Zero-Knowledge SNARKs from Linear-Size Universal and Updateable Structured Reference Strings
- Sonic MPC implementation by Matter Labs
Introduction:
- Transparent Succinct Arguments by Alessandro Chiesa (Oct 2018)
- State of the STARK by Eli Ben-Sasson (Devcon IV, Oct 2018) (video)
- Introduction to ZK-STARKs by [email protected]
Vitalik Buterin's blog series on STARKs:
A Hands-On Tutorial for Zero-Knowledge Proofs by Shir Peled (StarkWare):
Academic ressources:
More ressources available at starkware.co
- Introduction and collection of ressources
- From Zero (Knowledge) to Bulletproofs - a long and very nice gradual explanation
Proof system implementations:
Stay tuned!