shuangcrypto.com - Shuang's Crypto Notes

The Short NIZK Argument in Pribank

We give a commit-and-prove zero-knowledge argument Protocol for the satisfiability of a QAP for an arithmetic circuit \(C\). For wires in the circuit \(\{a_i\}_{i=0}^n\), we denote the input witnesses are \(\{a_i\}_{i=0}^k\), the inner circuit witnesses are \(\{a_{i}\}_{i=k+1}^l\) and the statements wires are \(\{a_{i}\}_{i=l+1}^n\). The quadratic arithmetic program, Pedersen commitment and …

KZG Commitment

Properties of KZG:

Trusted setup 🙁
Pairings
constant sized Polynomial 🙂

Trusted Setup

To commit to degree \(\leq l\) polynomials, we need to construct Structured Reference Strings: \( (g, g^\tau, g^{\tau^2} , …, g^{\tau^l})=(g^{\tau^i})_{i\in [0,l]}\)

Note 1: The trapdoor \(\tau\) is generated by distributed protocols, for instance, ….

Note 2: …

From Arithmetic Circuit to Quadratic Arithmetic Programs

Definition of Arithmetic Circuit

Let \(C: \ \mathbb{F}^n \ \rightarrow \ \mathbb{F}^k\) be a map which takes \(n\) arguments from a finite field \(\mathbb{F}\) as inputs and compute \(k\) outputs in \(\mathbb{F}\). \(C\) is an arithmetic circuit if the outputs are determined by the operations \(+\) and \(\times\) to the

…