awesome universal snarks.md

ZkStudyClub: Polynomial Commitments with Justin Drake pt. 2

• cryptographic ingredient for universal SNARKs

Sonic

• Introducing Sonic: A Practical zk-SNARK with a Nearly Trustless Setup
• Sonic: Zero-Knowledge SNARKs from Linear-Size Universal and Updatable Structured Reference Strings
• Sonic MPC implementation by Matter Labs

SuperSonic

• Polynomial Commitments and Evaluation Proofs from Groups of Unknown Order
  Given a polynomial commitment schemes from groups of unknown order,instantitate this with class groups, then will get transparent setup and a few other nice properties . Apply it with Sonic, then will result in something called SuperSonic. It's a trustless setup SNARK with log(n) proof size and log(n) verification, quasi-linear prover time + preprocessing, as well as 24 kb proof size for 1 million gate circuits.

Marlin

• Marlin: Preprocessing zkSNARKs with Universal and Updatable SRS
• Marlin: One of the fastest snarks in the ocean

PLONK

• Ignition: Trusted Setup MPC Ceremony for PLONK (planned October 2019)
• PLONK: Permutations over Lagrange-bases for Oecumenical Noninteractive arguments of Knowledge
• Understanding PLONK

DARK

• Transparent SNARKs from DARK Compilers

MIRAGE

• MIRAGE: Succinct Arguments for Randomized Algorithms with Applcations to Universal zk-SNARKs

Thoughts

Three flavours of general-purpose snarks:

• Powers of tau
  generating and safely disposing of toxic waste used by Sonic and PLONK
• FRI-based STARKs by STARKWARE
• RSA or class group Supersonic

Trade-offs between different options:

• With updatable universal setups:
  Sonic

• With non-updatable universal setups:
  AuroraLight Hyrax Libra

• With transparent setups:
  Fractal, Halo, Supersonic, Spartan,
  Adcantages : Relies on common reference string, public ,no toxic waste.
  Disadvantages : big proof size .

• Performance:
  prover time and verifier time

Universality for a polynomial commitment scheme :

• language-specific: a polynomial commitment only proves one language

Discussion of universal succintness:

• universal arguments,page 27
  - needs future improments.

Definition of soundness:

• standard definition of special soundness：Interact arbitrarily with an update oracle to set the SRS
• interactive definition by Sonic,page 5 - given an initial one and update in one-shot fashion.
  Discussion of security models and hardness assumptions :
• updatable knowledge soundness,page 22
• KEA assumptions,page 18

Discussion of security and efficiency:

• Proof of security,page 23
  - construct circuits of extraction,then prove it with satisfied properties.
  enhance efficiency by applying "universal succintness".

Diving into setup phase

• Transparent Setup(no trapdoor , no toxic waste ,entirely based on public randomness,create CRS)

• universal Setup(toxic waste, create SRS , run once and generated keys can be re-used for all future circuits)