plonk
tl; dr
- introduced in 2019, plonk stands for "permutations over lagrange-bases for ecumenical noninteractive arguments of knowledge", brining enhancements to the usability of zkps by giving a universal fully-succinct zk-SNARK with significantly improved prover run time compared to fully-succinct sonic.
- while plonk still requires a trusted setup procedure similar to snarks, but it's universal and updateable trusted setup, meaning:
- instead of there being one separate trusted setup for every program to be proved, there is one single trusted setup for the whole scheme.
- there is a way for multiple parties to participate in the trsuted setup such that it's secure as long as any one of them is honest, and this multi-party procedure is fully sequential (polynomial commitment, in this case, kate).
- there are two types of constraints:
- gate constraints (equations between wires attached to the same gate, e.g.,
a1 * b1 = c1). - copy constraints (claims about equality of different wires anywhere in the circuit, e.g.,
ao = a1)
- gate constraints (equations between wires attached to the same gate, e.g.,
- polynomial commitments is a short object that represents a polynomial, allowing evaluations verification without needing all the data in the polynomial.
- if someone gives you a commitment representing
cthey can give you a proof that can convince you, for some specificz, what the value ofP(z). - a commitment to a degree-d polynomial is made by multiplying each of the first d+1 points in the proving key by the corresponding coefficient in the polynomial, and adding the results together, providing an evaluation of that polynomial at
swithout knowings.
- if someone gives you a commitment representing
