What is a zero-knowledge proof?
- A New Approach To Protecting Secrets Is Discovered - The New York Times, February 17th, 1987
- Zero Knowledge Proofs: An illustrated primer
- What are zk-SNARKs?
- “The Functionality of zk-SNARK” challenge set in “The Hunting of the SNARK”.
- “Probabilistic Proof Systems” course notes
- Vitalik Buterin’s introduction to SNARKs, part 1, 2, and 3; and STARKs, part 1, 2, and 3.
Zero-knowledge proving systems
- Invention of zero-knowledge
- ZKBoo [GMO16]
- Hybrid Interactive ZK [CCM16]
- ZKB++ / Picnic [CDGORRSZ17]
- Ligero [AHIV17]
- Hyrax [WTSTW17]
- zk-STARKs [BBHR18]
- Updatable Universal CRSs [GKMMM18]
- Hybrid NIZK [ACM18]
Implementations of proving systems
- libsnark - C++ library for zk-SNARK proofs
- bellman - Rust library for zk-SNARK proofs
- BulletProofLib - Java implementation (implements Bulletproofs [BBBPWM17] approach)
- secp256k1-zkp (experimental) - C implementation on secp256k1 (implements Bulletproofs [BBBPWM17] approach)
- dalek-cryptography/bulletproofs - Rust implementation using Ristretto on Curve25519 (implements Bulletproofs [BBBPWM17] approach) (notes)
- adjoint-io/bulletproofs - Haskell implementation on secp256k1 (implements Bulletproofs [BBBPWM17] approach)
- ZKP primitives for Camenisch-Lysyanskaya anonymous credentials
- Camenisch-Lysyanskaya anonymous credentials (work in progress)
- client-server (prover-verifier) communication based on Protobuffers and gRPC
- VC implementation accompanying the Pinocchio [PGHR13] and Geppetto [CFHKKNPZ14] papers
Generating structured reference strings
Some proving systems require a structured reference string (SRS). The following works discuss secure SRS generation.
- [BCGTV15] - MPC for generating the SRS for [PGHR13]/[BCGTV13]
- [BGG17] - improved MPC for generating the SRS for [PGHR13]/[BCGTV13]
- [BGM18] - “Powers of Tau” protocol for scalable generation of structured reference string for [Groth16]
Low-level libraries/languages for writing circuits
- libsnark’s gadgetlib1 and gadgetlib2 - C++ libraries for for building circuits for preprocessing zk-SNARKs
- jsnark - Java library for building circuits for preprocessing zk-SNARKs, backed by libsnark
- ZoKrates - Toolbox for zk-SNARKs on Ethereum, backed by libsnark
- Snarky - OCaml front-end for writing R1CS SNARKs, currently backed by libsnark
General-purpose compilers from high-level languages
- ZKPDL [MEKHL10]
- Cashlib - C++ implementation
- Pinocchio [PGHR13]
- Pinocchio toolchain - Python implementation
- Pantry [BFRSBW13]
- Geppetto [CFHKKNPZ14]
- TinyRAM [BCGTV13], vnTinyRAM [BCTV14a] and scalable TinyRAM [BCTV14b]
- Buffet [WSRBW15]
- C0C0 [KZMQCPPSS15]
- Pequin - Toolchain to verifiably execute programs expressed in (a large subset of) C, backed by libsnark.
- Snårkl [SML17] - Haskell embedded DSL for verifiable computing
- xJsnark [KPS18]
- Zcash Sprout
- ANONIZE [HMP15]
- Zcash Sapling
- Zero Knowledge Proof Standardization and 1st Workshop
- Letter to NIST on standardizing new cryptographic standards
So are they fast yet?
Stay tuned! 😁
Improve this page
Additions, corrections and other suggestions are welcome! You can propose an edit to this page here. (Note that after making your edits, there are 3 confirmations to click through in order to create the “pull request” in the Git repository underlying this page.)
For more broad changes, you can make a pull request here!