Wikipedia

Non-interactive zero-knowledge proof: Difference between revisions

Browse history interactively
← Previous edit
Content deleted Content added
VisualWikitext
No edit summary
Tags: Visual edit Mobile edit Mobile web edit Advanced mobile edit
Citation bot (talk | contribs)
Bots
5,869,871 edits
Altered chapter-url. URLs might have been anonymized. Add: bibcode, publisher, hdl. Removed or converted URL. Removed parameters. | Use this bot. Report bugs. | Suggested by Headbomb | Linked from Wikipedia:WikiProject_Academic_Journals/Journals_cited_by_Wikipedia/Sandbox | #UCB_webform_linked 912/990
 
(24 intermediate revisions by 15 users not shown)
Line 1:
{{Short description|Cryptographic primitive}}
'''Non-interactive [[zero-knowledge proof]]s''' are [[cryptographic primitives]], where information between a prover and a verifier can be authenticated by the prover, without revealing any of the specific information beyond the validity of the statement itself. This [[Function (computer programming)|function]] of [[encryption]] makes direct communication between the prover and verifier unnecessary, effectively removing any intermediaries. The core trustless cryptography "proofing" involves a [[hash function]] generation of a random number, constrained within mathematical parameters (primarily to modulate hashing difficulties) determined by the prover and verifier.<ref>{{cite journal |last1=Goldreich |first1=Oded |last2=Krawczyk |first2=Hugo |date=1996 |title=On the Composition of Zero-Knowledge Proof Systems |url=https://epubs.siam.org/doi/abs/10.1137/S0097539791220688 |journal=SAIM |volume=25 |issue=1 |pages=169–192 |doi=10.1137/S0097539791220688 |access-date=4 November 2022}}</ref>
'''Non-interactive [[zero-knowledge proof]]s''' are [[cryptographic primitives]], where information between a prover and a verifier can be authenticated by the prover, without revealing any of the specific information beyond the validity of the statement itself. This makes direct communication between the prover and verifier unnecessary, effectively removing any intermediaries.
 
The key advantage of non-interactive [[zero-knowledge proof]]s is that they can be used in situations where there is no possibility of interaction between the prover and verifier, such as in online transactions where the two parties are not able to communicate in real time. This makes non-interactive zero-knowledge proofs particularly useful in decentralized systems like [[Blockchain|blockchains]], where transactions are verified by a network of [[Node (networking)|nodes]] and there is no central authority to oversee the verification process.<ref name=":0">{{Cite book |last1=Gong |first1=Yinjie |last2=Jin |first2=Yifei |last3=Li |first3=Yuchan |last4=Liu |first4=Ziyi |last5=Zhu |first5=Zhiyi |title=2022 International Conference on Big Data, Information and Computer Network (BDICN) |chapter=Analysis and comparison of the main zero-knowledge proof scheme |date=January 2022 |chapter-url=https://ieeexplore.ieee.org/document/9758531 |pages=366–372 |doi=10.1109/BDICN55575.2022.00074|isbn=978-1-6654-8476-3 |s2cid=248267862 }}</ref>
 
Most non-interactive zero-knowledge proofs are based on mathematical constructs like [[elliptic curve cryptography]] or [[pairing-based cryptography]], which allow for the creation of short and easily verifiable proofs of the truth of a statement. Unlike interactive zero-knowledge proofs, which require multiple rounds of interaction between the prover and verifier, non-interactive zero-knowledge proofs are designed to be efficient and can be used to verify a large number of statements simultaneously.<ref name=":0" />
 
== History ==<!-- really, as of Oct 2020, this is just the academic history of zero-knowledge proofs; needs expansion to include the history of use in real applications of software and apps -->
{{expand section|history of how zero-knowledge proofs are used in real applications and apps, and for what purposes|date=October 2020}}
[[Manuel Blum|Blum]], Feldman, and [[Silvio Micali|Micali]]<ref name="bfm">Manuel Blum, Paul Feldman, and Silvio Micali. Non-Interactive Zero-Knowledge and Its Applications. Proceedings of the twentieth annual ACM symposium on Theory of computing (STOC 1988). 103–112. 1988</ref> showed in 1988 that a common reference string shared between the prover and the verifier is sufficient to achieve computational zero-knowledge without requiring interaction. [[Oded Goldreich|Goldreich]] and Oren<ref name=goldreich1994>Oded Goldreich and Yair Oren. Definitions and Properties of Zero-Knowledge Proof Systems. Journal of Cryptology. Vol 7(1). 1–32. 1994 [http://www.wisdom.weizmann.ac.il/~oded/PS/oren.ps (PS)]</ref> gave impossibility results{{clarify|what are "impossibility results"|date=October 2020}} for one shot zero-knowledge protocols in the [[standard model (cryptography)|standard model]]. In 2003, [[Shafi Goldwasser]] and [[Yael Tauman Kalai]] published an instance of an identification scheme for which any hash function will yield an insecure digital signature scheme.<ref name=goldwasser2003>Shafi Goldwasser and Yael Kalai. On the (In)security of the Fiat–Shamir Paradigm. Proceedings of the 44th Annual IEEE Symposium on Foundations of Computer Science (FOCS'03). 2003</ref> These results are not contradictory, as the impossibility result{{clarify|date=October 2020}} of Goldreich and Oren does not hold in the [[common reference string model]] or the [[random oracle model]]. Non-interactive zero-knowledge proofs however show a separation between the cryptographic tasks that can be achieved in the standard model and those that can be achieved in 'more powerful' extended models.{{citation needed|date=October 2020}}
 
The model influences the properties that can be obtained from a zero-knowledge protocol. Pass<ref>Rafael Pass. On Deniability in the Common Reference String and Random Oracle Model. Advances in Cryptology – CRYPTO 2003. 316–337. 2003 [http://www.nada.kth.se/~rafael/papers/denzk.ps (PS)]</ref> showed that in the common reference string model non-interactive zero-knowledge protocols do not preserve all of the properties of interactive zero-knowledge protocols; e.g., they do not preserve deniability. Non-interactive zero-knowledge proofs can also be obtained in the [[random oracle model]] using the [[Fiat–Shamir heuristic]].{{cn|date=February 2024}}
 
=== Blockchain applications ===
[[File:STARK proofs diagram.jpg|400px|thumb|A comparison of the most widely used proof systems{{cn|date=March 2024}}<!-- at what time period? with what sort of computer hardware technology? were these numbers determined by a comparable test process? -->]]
In 2012, [[Alessandro Chiesa]] et al developed the zk-SNARK protocol, an acronym for ''[[Zero-knowledge proof|zero-knowledge]] succinct non-interactive [[Proof of knowledge|argument of knowledge]]''.<ref name=bitansky2012>{{cite book |last1=Bitansky|first1=Nir |last2=Canetti|first2=Ran |last3=Chiesa|first3=Alessandro |last4=Tromer|first4=Eran |title=Proceedings of the 3rd Innovations in Theoretical Computer Science Conference on - ITCS '12 |chapter=From extractable collision resistance to succinct non-interactive arguments of knowledge, and back again |chapter-url=http://dl.acm.org/citation.cfm?id=2090263 |publisher=[[Association for Computing Machinery|ACM]] |doi=10.1145/2090236.2090263 |date=January 2012 |pages=326–349 |isbn=978-1-4503-1115-1 |s2cid=2576177 }}</ref> The first widespread application of zk-SNARKs was in the [[Zcash|Zerocash]] [[blockchain]] protocol, where zero-knowledge cryptography provides the computational backbone, by facilitating mathematical proofs that one party has possession of certain information without revealing what that information is.<ref name=sasson2016>{{cite web|last1=Ben-Sasson|first1=Eli |last2=Chiesa|first2=Alessandro |last3=Garman|first3=Christina |last4=Green|first4=Matthew |last5=Miers|first5=Ian |last6=Tromer|first6=Eran |last7=Virza|first7=Madars |title=Zerocash: Decentralized Anonymous Payments from Bitcoin |url=http://zerocash-project.org/media/pdf/zerocash-extended-20140518.pdf |publisher=IEEE |access-date=26 January 2016 |date=18 May 2014 }}</ref> Zcash utilized zk-SNARKs to facilitate four distinct transaction types: private, shielding, deshielding, and public. This protocol allowed users to determine how much data was shared with the public ledger for each transaction.<ref>{{cite web |last1=Ben-Sasson|first1=Eli |last2=Chiesa|first2=Alessandro |title=What are zk-SNARKs? |url=https://z.cash/technology/zksnarks/ |publisher=z.cash |access-date=3 November 2022}}</ref> [[Ethereum]] zk-Rollups also utilize zk-SNARKs to increase scalability.<ref>{{Cite web |title=Zero-Knowledge rollups |url=https://ethereum.org/ |access-date=2023-02-25 |website=ethereum.org |language=en}}</ref>
 
In 2017, ''Bulletproofs''<ref>{{Cite book |last1=Bünz |first1=Benedikt |last2=Bootle |first2=Jonathan |last3=Boneh |first3=Dan |last4=Poelstra |first4=Andrew |last5=Wuille |first5=Pieter |last6=Maxwell |first6=Greg |title=2018 IEEE Symposium on Security and Privacy (SP) |chapter=Bulletproofs: Short Proofs for Confidential Transactions and More |date=May 2018 |chapter-url=https://ieeexplore.ieee.org/document/8418611 |pages=315–334 |doi=10.1109/SP.2018.00020|isbn=978-1-5386-4353-2 |s2cid=3337741 }}</ref> was released, which enable proving that a committed value is in a range using a logarithmic (in the bit length of the range) number of field and group elements.<ref>{{cite book |last1=Bünz |first1=Benedikt |last2=Bootle |first2=Jonathan |last3=Boneh |first3=Dan |last4=Poelstra |first4=Andrew |last5=Wuille |first5=Pieter |last6=Maxwell |first6=Greg |title=2018 IEEE Symposium on Security and Privacy (SP) |chapter=Bulletproofs: Short Proofs for Confidential Transactions and More |date=May 2018 |pages=315–334 |doi=10.1109/SP.2018.00020 |isbn=978-1-5386-4353-2 |s2cid=3337741 |chapter-url=https://web.stanford.edu/~buenz/pubs/bulletproofs.pdf |access-date=2 December 2022}}</ref> Bulletproofs was later implemented into [[Mimblewimble]] protocol (the basis for Grin and Beam, and [[Litecoin]] via extension blocks) and [[Monero (cryptocurrency)|Monero cryptocurrency]].<ref>{{cite web |last1=Odendaal |first1=Hansie |last2=Sharrock |first2=Cayle |last3=Heerden |first3=SW |title=Bulletproofs and Mimblewimble |url=https://tlu.tarilabs.com/cryptography/bulletproofs-and-mimblewimble/MainReport.html#current-and-past-efforts |publisher=Tari Labs University |access-date=3 December 2020 |archive-url=https://web.archive.org/web/20200929160834/https://tlu.tarilabs.com/cryptography/bulletproofs-and-mimblewimble/MainReport.html |archive-date=29 September 2020}}</ref>
 
In 2018, the ''zk-STARK'' ([[Zero-knowledge proof|zero-knowledge]] Scalable Transparent [[Proof of knowledge|Argument of Knowledge]])<ref>[http://www.cs.technion.ac.il/RESEARCH_DAY_17/POSTERS/michael_riabzev.pdf http://www.cs.technion.ac.il/RESEARCH_DAY_17/POSTERS/michael_riabzev.pdf]</ref> protocol was introduced by Eli Ben-Sasson, Iddo Bentov, Yinon Horesh, and Michael Riabzev,<ref name="iacr2018">{{cite web |author=Eli Ben-Sasson |author2=Iddo Bentov |author3=Yinon Horesh |author4=Michael Riabzev |date=March 6, 2018 |title=Scalable, transparent, and post-quantum secure computational integrity |url=https://eprint.iacr.org/2018/046.pdf |access-date=October 24, 2021 |publisher=[[International Association for Cryptologic Research]]}}</ref> offering transparency (no trusted setup), quasi-linear proving time, and poly-logarithmic verification time.
''Zero-Knowledge Succinct Transparent Arguments of Knowledge'' are a type of cryptographic proof system that enables one party (the prover) to prove to another party (the verifier) that a certain statement is true, without revealing any additional information beyond the truth of the statement itself. zk-STARKs are succinct, meaning that they allow for the creation of short proofs that are easy to verify, and they are transparent, meaning that anyone can verify the proof without needing any secret information.<ref name="iacr2018" />
 
Unlike the first generation of zk-SNARKs, zk-STARKs, by default, do not require a trusted setup, which makes them particularly useful for decentralized applications like blockchains. Additionally, zk-STARKs can be used to verify many statements at once, making them scalable and efficient.<ref name=":0" />
 
In 2019, HALO recursive zk-SNARKs without a trusted setup were presented.<ref name=":1" /> Pickles<ref>{{Cite web |title=Meet Pickles SNARK: Enabling Smart Contracts on Coda Protocol |url=https://minaprotocol.com/blog/meet-pickles-snark-enabling-smart-contracts-on-coda-protocol |access-date=2023-02-25 |website=Mina Protocol}}</ref> zk-SNARKs, based on the former construction, power MINAMina, the lightestfirst succinctly verifiable blockchain.<ref>{{Cite web |last1=Bonneau |first1=Joseph |last2=Meckler |first2=Izaak |last3=Rao |first3=V. |last4=Evan |last5=Shapiro |date=2021|url=https://docs.minaprotocol.com/assets/technicalWhitepaper.pdf |title=Mina: Decentralized Cryptocurrency at Scale |s2cid=226280610 |language=en}}</ref>
 
A list of zero-knowledge proof protocols and libraries is provided below along with comparisons based on transparency, universality, and plausible post-quantum security. A transparent protocol is one that does not require any trusted setup and uses public randomness. A universal protocol is one that does not require a separate trusted setup for each circuit. Finally, a plausibly post-quantum protocol is one that is not susceptible to known attacks involving quantum algorithms.
Line 34 ⟶ 35:
! Plausibly post-quantum secure
|-
|Pinocchio<ref>{{Cite book |last1=Parno |first1=Bryan |last2=Howell |first2=Jon |last3=Gentry |first3=Craig |last4=Raykova |first4=Mariana |title=2013 IEEE Symposium on Security and Privacy |chapter=Pinocchio: Nearly Practical Verifiable Computation |date=May 2013 |chapter-url=https://ieeexplore.ieee.org/document/6547113 |pages=238–252 |doi=10.1109/SP.2013.47|isbn=978-0-7695-4977-4 |s2cid=1155080 }}</ref>
|2013
|zk-SNARK
|{{No}}
|{{No}}
|{{No}}
|-
|Geppetto<ref>{{Cite book |last1=Costello |first1=Craig |last2=Fournet |first2=Cédric |last3=Howell |first3=Jon |last4=Kohlweiss |first4=Markulf |last5=Kreuter |first5=Benjamin |last6=Naehrig |first6=Michael |last7=Parno |first7=Bryan |last8=Zahur |first8=Samee |title=2015 IEEE Symposium on Security and Privacy |chapter=Geppetto: Versatile Verifiable Computation |date=May 2015 |chapter-url=https://ieeexplore.ieee.org/document/7163030 |pages=253–270 |doi=10.1109/SP.2015.23|isbn=978-1-4673-6949-7 |s2cid=3343426 }}</ref>
|2015
|zk-SNARK
|{{No}}
|{{No}}
|{{No}}
|-
|TinyRAM<ref>{{Cite book |last1=Ben-Sasson |first1=Eli |last2=Chiesa |first2=Alessandro |last3=Genkin |first3=Daniel |last4=Tromer |first4=Eran |last5=Virza |first5=Madars |title=Advances in Cryptology – CRYPTO 2013 |chapter=SNARKs for C: Verifying Program Executions Succinctly and in Zero Knowledge |series=Lecture Notes in Computer Science |date=2013 |volume=8043 |editor-last=Canetti |editor-first=Ran |editor2-last=Garay |editor2-first=Juan A. |chapter-url=https://linkhdl.springerhandle.comnet/chapterhandle/101721.10071/978-3-642-40084-1_687953 |language=en |___location=Berlin, Heidelberg |publisher=Springer |pages=90–108 |doi=10.1007/978-3-642-40084-1_6 |hdl=1721.1/87953 |isbn=978-3-642-40084-1}}</ref>
|2013
|zk-SNARK
|{{No}}
|{{No}}
|{{No}}
|-
|Buffet<ref>{{Cite book |title=Efficient RAM and Control Flow in Verifiable Outsourced Computation |url=https://www.ndss-symposium.org/ndss2015/ndss-2015-programme/efficient-ram-and-control-flow-verifiable-outsourced-computation/ |access-date=2023-02-25 |website=NDSS Symposium |year=2015 |language=en-US |doi=10.14722/ndss.2015.23097 |last1=Wahby |first1=Riad S. |last2=Setty |first2=Srinath |last3=Ren |first3=Zuocheng |last4=Blumberg |first4=Andrew J. |last5=Walfish |first5=Michael |isbn=978-1-891562-38-9 }}</ref>
|2015
|zk-SNARK
|{{No}}
|{{No}}
|{{No}}
|-
|ZoKratesvRAM<ref>{{Cite book |last1=EberhardtZhang |first1=JacobYupeng |last2=TaiGenkin |first2=StefanDaniel |titlelast3=2018Katz IEEE|first3=Jonathan International|last4=Papadopoulos Conference|first4=Dimitrios on|last5=Papamanthou Internet|first5=Charalampos of Things (IThings) and|title=2018 IEEE GreenSymposium Computingon and Communications (GreenCom)Security and IEEE Cyber, Physical and Social ComputingPrivacy (CPSCom) and IEEE Smart Data (SmartDataSP) |chapter=ZoKratesVRAM: -Faster ScalableVerifiable Privacy-PreservingRAM with OffProgram-ChainIndependent ComputationsPreprocessing |date=JulyMay 2018 |chapter-url=https://ieeexplore.ieee.org/document/8726497 |___location=Halifax, NS, Canada |publisher=IEEE |pages=1084–1091908–925 |doi=10.1109/Cybermatics_2018SP.2018.00199 00013|isbn=978-1-5386-79754353-32 |s2cid=4947323741548742 }}</ref>
|2018
|zk-SNARK
|No
|No
|No
|-
|xJsnark<ref>{{Cite book |last1=Kosba |first1=Ahmed |last2=Papamanthou |first2=Charalampos |last3=Shi |first3=Elaine |title=2018 IEEE Symposium on Security and Privacy (SP) |chapter=XJsnark: A Framework for Efficient Verifiable Computation |date=May 2018 |chapter-url=https://ieeexplore.ieee.org/document/8418647 |pages=944–961 |doi=10.1109/SP.2018.00018|isbn=978-1-5386-4353-2 |s2cid=13741899 }}</ref>
|2018
|zk-SNARK
|No
|No
|No
|-
|vRAM<ref>{{Cite book |last1=Zhang |first1=Yupeng |last2=Genkin |first2=Daniel |last3=Katz |first3=Jonathan |last4=Papadopoulos |first4=Dimitrios |last5=Papamanthou |first5=Charalampos |title=2018 IEEE Symposium on Security and Privacy (SP) |chapter=VRAM: Faster Verifiable RAM with Program-Independent Preprocessing |date=May 2018 |chapter-url=https://ieeexplore.ieee.org/document/8418645 |pages=908–925 |doi=10.1109/SP.2018.00013|isbn=978-1-5386-4353-2 |s2cid=41548742 }}</ref>
|2018
|zk-SNARG
|{{No}}
|{{Yes}}
|{{No}}
|-
|vnTinyRAM<ref>{{Cite book |last1=Ben-Sasson |first1=Eli |last2=Chiesa |first2=Alessandro |last3=Tromer |first3=Eran |last4=Virza |first4=Madars |date=2014 |title=Succinct {Non-Interactive} Zero Knowledge for a von Neumann Architecture |url=https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/ben-sasson |language=en |pages=781–796 |publisher=USENIX Association |isbn=978-1-931971-15-7}}</ref>
|2014
|zk-SNARK
|{{No}}
|{{Yes}}
|{{No}}
|-
|MIRAGE<ref>{{Cite journal |last1=Kosba |first1=Ahmed |last2=Papadopoulos |first2=Dimitrios |last3=Papamanthou |first3=Charalampos |last4=Song |first4=Dawn |date=2020 |title=MIRAGE: Succinct Arguments for Randomized Algorithms with Applications to Universal zk-SNARKs |url=https://eprint.iacr.org/2020/278 |journal=Cryptology ePrint Archive |language=en}}</ref>
|2020
|zk-SNARK
|{{No}}
|{{Yes}}
|{{No}}
|-
|Sonic<ref>{{Cite book |last1=Maller |first1=Mary |last2=Bowe |first2=Sean |last3=Kohlweiss |first3=Markulf |last4=Meiklejohn |first4=Sarah |title=Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security |chapter=Sonic |date=2019-11-06 |chapter-url=https://doi.org/10.1145/3319535.3339817 |series=CCS '19 |___location=New York, NY, USA |publisher=Association for Computing Machinery |pages=2111–2128 |doi=10.1145/3319535.3339817 |isbn=978-1-4503-6747-9|s2cid=60442921 |url=https://www.research.ed.ac.uk/en/publications/739b94f1-54f0-4ec3-9644-3c95eea1e8f5 }}</ref>
|2019
|zk-SNARK
|{{No}}
|{{Yes}}
|{{No}}
|-
|Marlin<ref>{{Cite book |last1=Chiesa |first1=Alessandro |last2=Hu |first2=Yuncong |last3=Maller |first3=Mary |last4=Mishra |first4=Pratyush |last5=Vesely |first5=Noah |last6=Ward |first6=Nicholas |title=Advances in Cryptology – EUROCRYPT 2020 |chapter=Marlin: Preprocessing zkSNARKs with Universal and Updatable SRS |series=Lecture Notes in Computer Science |date=2020 |volume=12105 |editor-last=Canteaut |editor-first=Anne |editor2-last=Ishai |editor2-first=Yuval |chapter-url=https://link.springer.com/chapter/10.1007/978-3-030-45721-1_26 |language=en |___location=Cham |publisher=Springer International Publishing |pages=738–768 |doi=10.1007/978-3-030-45721-1_26 |isbn=978-3-030-45721-1|s2cid=204772154 }}</ref>
|2020
|zk-SNARK
|{{No}}
|{{Yes}}
|{{No}}
|-
|PLONK<ref>{{Cite journal |last1=Gabizon |first1=Ariel |last2=Williamson |first2=Zachary J. |last3=Ciobotaru |first3=Oana |date=2019 |title=PLONK: Permutations over Lagrange-bases for Oecumenical Noninteractive arguments of Knowledge |url=https://eprint.iacr.org/2019/953 |journal=Cryptology ePrint Archive |language=en}}</ref>
|2019
|zk-SNARK
|{{No}}
|{{Yes}}
|{{No}}
|-
|SuperSonic<ref>{{Cite book |last1=Bünz |first1=Benedikt |last2=Fisch |first2=Ben |last3=Szepieniec |first3=Alan |title=Advances in Cryptology – EUROCRYPT 2020 |chapter=Transparent SNARKs from DARK Compilers |series=Lecture Notes in Computer Science |date=2020 |volume=12105 |editor-last=Canteaut |editor-first=Anne |editor2-last=Ishai |editor2-first=Yuval |chapter-url=https://link.springer.com/chapter/10.1007/978-3-030-45721-1_24 |language=en |___location=Cham |publisher=Springer International Publishing |pages=677–706 |doi=10.1007/978-3-030-45721-1_24 |isbn=978-3-030-45721-1|s2cid=204892714 }}</ref>
|2020
|zk-SNARK
|{{Yes}}
|{{Yes}}
|{{No}}
|-
|Bulletproofs<ref>{{Cite book |last1=Bünz |first1=Benedikt |last2=Bootle |first2=Jonathan |last3=Boneh |first3=Dan |last4=Poelstra |first4=Andrew |last5=Wuille |first5=Pieter |last6=Maxwell |first6=Greg |title=2018 IEEE Symposium on Security and Privacy (SP) |chapter=Bulletproofs: Short Proofs for Confidential Transactions and More |date=May 2018 |chapter-url=https://ieeexplore.ieee.org/document/8418611 |pages=315–334 |doi=10.1109/SP.2018.00020|isbn=978-1-5386-4353-2 |s2cid=3337741 }}</ref>
|2018
|Bulletproofs
|{{Yes}}
|{{Yes}}
|{{No}}
|-
|Hyrax<ref>{{Cite book |last1=Wahby |first1=Riad S. |last2=Tzialla |first2=Ioanna |last3=Shelat |first3=Abhi |last4=Thaler |first4=Justin |last5=Walfish |first5=Michael |title=2018 IEEE Symposium on Security and Privacy (SP) |chapter=Doubly-Efficient zkSNARKs Without Trusted Setup |date=May 2018 |chapter-url=https://ieeexplore.ieee.org/document/8418646 |pages=926–943 |doi=10.1109/SP.2018.00060|isbn=978-1-5386-4353-2 |s2cid=549873 }}</ref>
|2018
|zk-SNARK
|{{Yes}}
|{{Yes}}
|{{No}}
|-
|Halo<ref name=":1">{{Cite journal |last1=Bowe |first1=Sean |last2=Grigg |first2=Jack |last3=Hopwood |first3=Daira |date=2019 |title=Recursive Proof Composition without a Trusted Setup |url=https://eprint.iacr.org/2019/1021 |journal=Cryptology ePrint Archive |language=en}}</ref>
|2019
|zk-SNARK
|{{Yes}}
|{{Yes}}
|{{No}}
|-
|Virgo<ref>{{Cite book |last1=Zhang |first1=Jiaheng |last2=Xie |first2=Tiancheng |last3=Zhang |first3=Yupeng |last4=Song |first4=Dawn |title=2020 IEEE Symposium on Security and Privacy (SP) |chapter=Transparent Polynomial Delegation and Its Applications to Zero Knowledge Proof |date=May 2020 |chapter-url=https://ieeexplore.ieee.org/document/9152704 |pages=859–876 |doi=10.1109/SP40000.2020.00052|isbn=978-1-7281-3497-0 |s2cid=209467198 }}</ref>
|2020
|zk-SNARK
|{{Yes}}
|{{Yes}}
|{{Yes}}
|-
|Ligero<ref>{{Cite book |last1=Ames |first1=Scott |last2=Hazay |first2=Carmit |last3=Ishai |first3=Yuval |last4=Venkitasubramaniam |first4=Muthuramakrishnan |title=Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security |chapter=Ligero |date=2017-10-30 |chapter-url=https://doi.org/10.1145/3133956.3134104 |series=CCS '17 |___location=New York, NY, USA |publisher=Association for Computing Machinery |pages=2087–2104 |doi=10.1145/3133956.3134104 |isbn=978-1-4503-4946-8|s2cid=5348527 }}</ref>
|2017
|zk-SNARK
|{{Yes}}
|{{Yes}}
|{{Yes}}
|-
|Aurora<ref>{{Cite book |last1=Ben-Sasson |first1=Eli |last2=Chiesa |first2=Alessandro |last3=Riabzev |first3=Michael |last4=Spooner |first4=Nicholas |last5=Virza |first5=Madars |last6=Ward |first6=Nicholas P. |title=Advances in Cryptology – EUROCRYPT 2019 |chapter=Aurora: Transparent Succinct Arguments for R1CS |series=Lecture Notes in Computer Science |date=2019 |volume=11476 |editor-last=Ishai |editor-first=Yuval |editor2-last=Rijmen |editor2-first=Vincent |chapter-url=https://link.springer.com/chapter/10.1007/978-3-030-17653-2_4 |language=en |___location=Cham |publisher=Springer International Publishing |pages=103–128 |doi=10.1007/978-3-030-17653-2_4 |isbn=978-3-030-17653-2|s2cid=52832327 }}</ref>
|2019
|zk-SNARK
|{{Yes}}
|{{Yes}}
|{{Yes}}
|-
|zk-STARK<ref name="iacr2018" /><ref>{{Cite book |last1=Ben-Sasson |first1=Eli |last2=Bentov |first2=Iddo |last3=Horesh |first3=Yinon |last4=Riabzev |first4=Michael |title=Advances in Cryptology – CRYPTO 2019 |chapter=Scalable Zero Knowledge with No Trusted Setup |series=Lecture Notes in Computer Science |date=2019 |volume=11694 |editor-last=Boldyreva |editor-first=Alexandra |editor2-last=Micciancio |editor2-first=Daniele |chapter-url=https://link.springer.com/chapter/10.1007/978-3-030-26954-8_23 |language=en |___location=Cham |publisher=Springer International Publishing |pages=701–732 |doi=10.1007/978-3-030-26954-8_23 |isbn=978-3-030-26954-8|s2cid=199501907 }}</ref>
|2019
|zk-STARK
|{{Yes}}
|{{Yes}}
|{{Yes}}
|-
|Zilch<ref>{{Cite web |last=Computing |first=Trustworthy |date=2021-08-30 |title=Transparent Zero-Knowledge Proofs With Zilch |url=https://trustworthy-computing.medium.com/transparent-zero-knowledge-proofs-with-zilch-2031a63fcef3 |access-date=2023-02-25 |website=Medium |language=en}}</ref><ref name="Mouris 2021 3269–3284">{{Cite journal |last1=Mouris |first1=Dimitris |last2=Tsoutsos |first2=Nektarios Georgios |date=2021 |title=Zilch: A Framework for Deploying Transparent Zero-Knowledge Proofs |url=https://ieeexplore.ieee.org/document/9410618 |journal=IEEE Transactions on Information Forensics and Security |volume=16 |pages=3269–3284 |doi=10.1109/TIFS.2021.3074869 |bibcode=2021ITIF...16.3269M |issn=1556-6021 |s2cid=222069813}}</ref>
|2021
|zk-STARK
|{{Yes}}
|{{Yes}}
|{{Yes}}
|}
 
Retrieved from "https://en.wikipedia.org/wiki/Non-interactive_zero-knowledge_proof"