A curated list of awesome things related to learning zero knowledge proofs
- General introduction
- Courses
- Applications
- Comparison of the most popular zkp systems
- Bulletproofs
- SNARKs
- SNORKs
- STARKs
- Social media
Zero-Knowledge Proofs Starter Pack: alternative introductory list for beginners (more videos).
- Zero Knowledge Proofs: An illustrated primer by Matthew Green
- Demystifying zero-knowledge proofs (math-heavy, awesome introduction into underlying cryptography)
- Introduction to SNARKs/STARKs by Eli Ben-Sasson (YouTube)
- On Interactive Proofs and Zero-Knowledge: A Primer
A Hands-On Tutorial for Zero-Knowledge Proofs by Shir Peled (StarkWare):
More complete curated list of implementations and scientific resources: https://zkp.science
- Rollup by Matter Labs
- SNARK-based permissioned database: rollup by BarryWhitehat
- Gnosis dFusion: DEX on SNARKs
- Loopring DEX Protocol (v3)
- zkPoD: A Practical Decentralized System for Data Exchange
- Zcash: Privacy-Protecting Digital Currency (SNARKs)
- Monero: Private Digital Currency (Bulletproofs)
- Coda: A Constant-Size Blockchain (recursive SNARKs)
- Grin: Simple, privacy-focused, scalable MimbleWimble chain implementation (Bulletproofs)
- Beam: Private and Scalable Coin based on MimbleWimble
| SNARKs | STARKs | Bulletproofs | |
|---|---|---|---|
| Algorithmic complexity: prover | O(N * log(N)) | O(N * poly-log(N)) | O(N * log(N)) |
| Algorithmic complexity: verifier | ~O(1) | O(poly-log(N)) | O(N) |
| Communication complexity (proof size) | ~O(1) | O(poly-log(N)) | O(log(N)) |
| - size estimate for 1 TX | Tx: 200 bytes, Key: 50 MB | 45 kB | 1.5 kb |
| - size estimate for 10.000 TX | Tx: 200 bytes, Key: 500 GB | 135 kb | 2.5 kb |
| Ethereum/EVM verification gas cost | ~600k (Groth16) | ~2.5M (estimate, no impl.) | N/A |
| Trusted setup required? | YES 😒 | NO 😄 | NO 😄 |
| Post-quantum secure | NO 😒 | YES 😄 | NO 😒 |
| Crypto assumptions | Strong 😒 | Collision resistant hashes 😄 | Discrete log 😏 |
- Introduction and collection of resources
- From Zero (Knowledge) to Bulletproofs - a long and very nice gradual explanation
- Bulletproofs - succinct and complete description of the protocol.
SNARK = Succinct Non-interactive ARguments of Knowledge
Get started:
Why and How zk-SNARK Works:
- Why and How zk-SNARK Works 1: Introduction & the Medium of a Proof
- Why and How zk-SNARK Works 2: Proving Knowledge of a Polynomial
- Why and How zk-SNARK Works 3: Non-interactivity & Distributed Setup
- Why and How zk-SNARK Works 4: General-Purpose Computation
- Why and How zk-SNARK Works 5: Variable Polynomials
- Why and How zk-SNARK Works 6: Verifiable Computation Protocol
- Why and How zk-SNARK Works 7: Constraints and Public Inputs
- Why and How zk-SNARK Works 8: Zero-Knowledge Computation
Zcash blog series:
- Explaining SNARKs Part I: Homomorphic Hidings
- Explaining SNARKs Part II: Blind Evaluation of Polynomials
- Explaining SNARKs Part III: The Knowledge of Coefficient Test and Assumption
- Explaining SNARKs Part IV: How to make Blind Evaluation of Polynomials Verifiable
- Explaining SNARKs Part V: From Computations to Polynomials
- Explaining SNARKs Part VI: The Pinocchio Protocol
- Explaining SNARKs Part VII: Pairings of Elliptic Curves
Vitalik Buterin's blog series on SNARKs:
- Part 1: Quadratic Arithmetic Programs: from Zero to Hero
- Part 2: Exploring Elliptic Curve Pairings
- Part 3: Zk-SNARKs: Under the Hood
Protocol descriptions:
- zkSNARKs in a Nutshell
- Groth16 protocol (original paper)
- Zcash Sapling protocol spec (very useful as detailed cheat-sheet of all cryptography used)
- libsnark (C++)
- bellmnan (rust)
- jsnark (Java, bindings to libsnark)
- snarky (Ocaml, from authors of Coda)
- zokrates (toolbox for zkSNARKs on Ethereum)
- ethsnarks by HarryR (alternative toolkit for viable zk-SNARKS on Ethereum, Web, Mobile and Desktop)
- DIZK: Java library for distributed zero knowledge proof systems with Apache Spark (see the research paper)
- SnarkyGPU: distributed GPU based zkSNARKs prover (work in progress)
- “Powers of Tau” protocol for scalable generation of structured reference string
- Implementation of ZCash MPC Ceremony, Part I: "Powers of Tau"
- Implementation of ZCash MPC Ceremony, Part I: "Sapling Circuit"
SNORK = Succinct Oecumenical (Universal) ARguments of Knowledge
SNORKs are SNARKs with universal and updateable trusted setup.
- Introducing Sonic: A Practical zk-SNARK with a Nearly Trustless Setup
- Sonic: Zero-Knowledge SNARKs from Linear-Size Universal and Updateable Structured Reference Strings
- Sonic MPC implementation by Matter Labs
(This is a recent development. Contributions are welcome!)
- Understanding PLONK by Vitalik Buterin
- Ignition: Trusted Setup MPC Ceremony for PLONK (planned October 2019)
(This is a recent development. Contributions are welcome!)
STARK = Sucinct (Scalable) Transparent ARguments of Knowledge
STARKs are SNARKs without Trusted Setup.
Introduction:
- Transparent Succinct Arguments by Alessandro Chiesa (Oct 2018)
- State of the STARK by Eli Ben-Sasson (Devcon IV, Oct 2018) (video)
- Introduction to ZK-STARKs by remco@0x.org
Vitalik Buterin's blog series on STARKs:
Academic resources:
More resources available at starkware.co
(This is a recent development. Contributions are welcome!)
(This is a recent development. Contributions are welcome!)
Stay tuned!