zk-SNARKs Technically Explained: Basic Principles

The full technical article is available here.

Introduction

Payment confidentiality is a property for cryptocurrencies which allows the user to hide the sender and receiver, as well as the amount of a transaction in the blockchain. Monero Research Lab invented Ring Confidential Transactions, while Zcash uses a different approach based on recent scientific progress in the field of ‘Non-Interactive Proof systems’: zk-SNARK protocol for circuits.

Circuits are basically ‘programs’ which take values as inputs and result in an output value. The corresponding decisional problem is to determine whether a given assignment for the inputs and output of a specific circuit is valid. Such a problem can be reduced to an algebraic problem about polynomials which allows a ‘shorter’ verification and, at the same time, can hide the correct assignment from the verifier. This might sound unlikely, but we will see how it is possible.   

Our aim is to illustrate the reduction of the decisional problem for circuits to an algebraic property of polynomials, which C. Reitwießner’s excellent survey zkSNARKs in a Nutshell leaves out,  and to show how this reduction can be used for zk-SNARK. Please see M. Green’s blog post Zero-Knowledge-Proofs: An illustrated Primer  for a good survey  of Zero-Knowledge-Proof.

We will discuss the security assumptions behind zk-SNARKs in a future article.

If you liked this article, you might also like:

  • Rebekah Mercer

    Monero doesn’t use ring confidential transactions yet! Just rings 🙂

    • Hartwig Mayer

      Thank you for your comment!

    • Hartwig Mayer

      Thank you for your comment! Adjusted the text.