MODULE TWO

Building a SNARK (Part I):

In the second module of our introductory series, we learn how to build an efficient zk-SNARK for general circuits. We will review one particular paradigm to build a SNARK by reviewing the two components that combine to make it up: a functional commitment scheme and a compatible interactive oracle proof (IOP). This is the second of three modules by Dan Boneh – Professor of Computer Science and Electrical Engineering, Stanford University.

What you’ll learn:

General paradigm to build a SNARK
Syntax and examples of a functional commitment scheme
Polynomial Commitment Scheme (PCS)
KZG Poly-commit Scheme
The Dory Polynomial Commitment
Properties of Polynomial IOPs

Find slides here.

The reading list from Module One plus these additional papers:

Polynomial commitments:

The original KZG paper on polynomial commitments from Asiacrypt 2010. See also this modern write up.
Dory: a pairing-based polynomial commitment, but without a trusted setup.
DARK: another polynomial commitment without a trusted setup, this one using groups of unknown order. There is also a variant with shorter evaluation proofs.
Here is how to commit to a general function, not just polynomials.

ZK Whiteboard Sessions is an educational series on all things zero knowledge. Produced by ZK Hack and powered by Polygon – we’ll be releasing a new module every week!

Get notified on latest module upload by signing up below.