Extend the ZKProofs module (#875)

* First draft of the zk-slides * Review and fix slides. Move images to img folder. * - implement factorization verification circuit in circom. - add guide to generate proof using snarkjs. * rename pot14 to pot10 because we only generated tau's power up to 2^10 * - Apply comments from @@AlistairStewart. - Add circuit images. * Typos and grammer improvement from review of ZK proof lecture. Co-authored-by: Andrew <andrewburger1991@gmail.com> Co-authored-by: Nate Armstrong <naterarmstrong@gmail.com> * - sage code clean up. - explaining non vs interactive in notes. - remove mention of DL for Schnorr Signature. * Remove ZK Proofs from Exotic_Primitives as it moved to its own module * Add a less-scary explanation for NP in zk-proofs * Restructure zk-proofs files to adhere to the structure of other modules * fix links in `syllabus/1-Cryptography/README.md` * Remove bad link from snarkjs README --------- Co-authored-by: Andrew <andrewburger1991@gmail.com> Co-authored-by: Nate Armstrong <naterarmstrong@gmail.com>
Polkadot-Blockchain-Academy · Dec 31, 2023 · 5145304 · 5145304
1 parent 744bb41
commit 5145304
Show file tree

Hide file tree

Showing 24 changed files with 1,542 additions and 168 deletions.
diff --git a/...raphy/9-Cryptography_In_Context-slides.md → ...aphy/10-Cryptography_In_Context-slides.md b/...raphy/9-Cryptography_In_Context-slides.md → ...aphy/10-Cryptography_In_Context-slides.md
diff --git a/syllabus/1-Cryptography/8-Exotic_Primitives-slides.md b/syllabus/1-Cryptography/8-Exotic_Primitives-slides.md
@@ -250,179 +250,12 @@ Notes:
 
 ---
 
-## ZK Proofs
-
-How do we do private operations on a public blockchain<br/>and have everyone know that they were done correctly?
-
-Notes:
-
-(we are working on substrate support for these and will use them for protocols)
-
----
-
-## What is a ZK Proof?
-
-- A prover wants to convince a verifier that something is true without revealing why it is true.
-
-- They can be interactive protocols, but mostly we'll be dealing with the non-interactive variety.
-
----
-
-## What can we show?
-
-- NP relation: `function(statement, witness) -> bool`
-
-- Prover knows a witness for a statement:
-
-  - They want to show that they know it (_a proof of knowledge_)
-
-  - ... Without revealing anything about the witness (_ZK_)
-
----
-
-## ZK Proof Interface
-
-- NP relation: `function(statement, witness) -> bool`
-
-- `prove(statement, witness) -> proof`
-
-- `verify(statement, proof) -> bool`
-
----
-
-## ZK Proof Example
-
-_Example:_ Schnorr signatures are ZK Proofs
-
-- They show that the prover knows the private key (the discrete log of the public key) without revealing anything about it.
-- The statement is the public key and the witness the private key.
-
----
-
-## zk-SNARK
-
-**Z**ero-**K**nowledge **S**uccinct **N**on-interactive **Ar**gument of **K**nowledge
-
-- **Zero knowledge** - the proof reveals nothing about the witness that was not revealed by the statement itself.
-- **Succinct** - the proof is small
-- **Proof of knowledge** - if you can compute correct proofs of a statement, you should be able to compute a witness for it.
-
----
-
-## What can we show?
-
-- NP relation: `function(statement, witness) -> bool`
-
-  - They want to show that they know it (_a proof of knowledge_)
-
-  - ... Without revealing anything about the witness (_ZK_)
-
-- With a small proof even if the witness is large (_succinctness_)
-
----
-
-## What can we show?
-
-- There are many schemes to produce succinct ZK proofs of knowledge (_ZK-SNARKs_) for every NP relation.
-
----
-
-## ZK Proof Scaling
-
-A small amount of data, a ZK proof, and execution time can be used to show properties of a much larger dataset which the verifier doesn't need to know.
-
----
-
-## Scaling via ZK Proofs in Blockchain
-
-- Large amount of data - a blockchain
-- Verifier is e.g. an app on a mobile phone
-
-Notes:
-
-e.g. Mina do a blockchain with a constant size proof (of correctness of execution and consensus) using recursive SNARKs.
-
----
-
-## Scaling via ZK Proofs in Blockchain
-
-- The verifier is a blockchain: very expensive data and computation costs.
-
-- Layer 2s using ZK rollups
-
-Notes:
-
-Of which Ethereum has many, ZKsync, ZKEVM etc.
-Polkadot already scales better!
-
----
-
-## Privacy
-
-<pba-flex center>
-
-A user has private data, but we can show<br/>publicly that this private data is correctly used.<br/>
-An example would a private cryptocurrency:
-
-- Keep who pays who secret
-- Keep amounts secret, <br/> _But show they are positive!_
-
-</pba-flex>
-
-Notes:
-
-You can do some of keeping amounts secret without ZK-SNARKs, but the positive part is difficult.
-To do everything well, ZK-SNARKs are needed in e.g. ZCash and its many derivatives e.g. Manta.
-
----
-
-## Practical Considerations
-
-- Very powerful primitive
-
-- Useful for both scaling and privacy
-
-- One can design many protocols with ZK Proofs that wouldn't otherwise be possible
-
----
-
-## Downside
-
-- Slow prover time for general computation
-- To be fast, need to hand optimize
-- Very weird computation model:<br/>
-  Non-deterministic arithmetic circuits
-
----
-
-## Downsides Conclusion?
-
-- So if you want to use this for a component,<br/>expect a team of skilled people to work for at least a year on it...
-- But if you are watching this 5 years later,<br/>people have built tools to make it less painful.
-
----
-
-## Succinct Proving<br/>with Cryptography?
-
-<pba-flex center>
-
-- ZK friendly hashes
-- Non-hashed based data structures
-  - RSA accumulators
-  - Polynomial commitment based<br/>
-    (Verkle trees)
-
-</pba-flex>
-
----
-
 ## Summary
 
 - VRF: Private randomness that is later publicly verifiable
 - Erasure Coding: Making data robust against losses with redundancy
 - Shamir Secret Sharing: Redundancy for your secrets.
 - Proxy Re-encryption: Allow access to your data _with cryptography_.
-- ZK Proofs: Just magic, but expensive magic
 
 ---