## zero-knowledge proofs
### tl; dr
* suppose that you have a (public) function `f`, a (private) input `x`, and a (public) output `y`. * you want to prove that you know an `x` such that `f(x) = y`, without revealing what `x` is. * for the proof to be succinct, you want it to be verifiable much more quickly than computing itself. * a **trusted setup ceremony** is a procedure that is done to generate a piece of data that must be used every time some cryptographic protocol is run. * for some proofs to work, such as zk-snarks, it's necessary to create a **common reference string (CRS)**, which provides public parameters for proving and verifying validity proofs. * the security of the proving system depends on the csr setup and some zk-rollups attempt to solve this problem by using a **multi-party computation ceremony (mpc)** with trusted individuals. * modern protocols use the **power-of-tau** setup, which has 1-of-N trust model, with N around hundreds.

#### comparison of proof systems

#### common reference strings, structured reference strings, trusted setup, multi-party computation ceremony

---- ### chapters
* **[zk-snarks](zk-snarks)** * **[zk-starks](zk-starks)** * **[plonk](plonk)** * **[halo2](halo2)** * **[nova](nova)** * **[bulletproofs](bulletproofs)** * **[kate](kate)** * **[circom](circom)**
--- ### cool resources
* **[how do trusted setups work, by vub](https://vitalik.ca/general/2022/03/14/trustedsetup.html)** * **[the original paper for sonic, by m. maller et al](https://eprint.iacr.org/2019/099)** * **[a python script for trusted setup](https://github.com/ethereum/research/blob/master/trusted_setup/trusted_setup.py)**