## What is a zero-knowledge proof?

- A New Approach To Protecting Secrets Is Discovered - The New York Times, February 17th, 1987
- Zero Knowledge Proofs: An illustrated primer
- What are zk-SNARKs?
- “The Functionality of zk-SNARK” challenge set in “The Hunting of the SNARK”.
- “Probabilistic Proof Systems” course notes
- Vitalik Buterin’s introduction to SNARKs, part 1, 2, and 3; and STARKs, part 1, 2, and 3.

## Zero-knowledge proving systems

- Invention of zero-knowledge
- [GGPR13]
- [BCTV14b]
- [CTV15]
- ZKBoo [GMO16]
- [Groth16]
- [BCCGP16]
- Hybrid Interactive ZK [CCM16]
- ZKB++ / Picnic [CDGORRSZ17]
- Ligero [AHIV17]
- Hyrax [WTSTW17]
- zk-STARKs [BBHR18]
- Updatable Universal CRSs [GKMMM18]
- Hybrid NIZK [ACM18]
- DIZK [WZCPS18]
- Aurora [BCRSVW18]

## Implementations of proving systems

- libsnark - C++ library for zk-SNARK proofs
- bellman - Rust library for zk-SNARK proofs
- ZKBoo
- ZKB++
- [BCC+16]
- BulletProofLib - Java implementation (implements Bulletproofs [BBBPWM17] approach)
- secp256k1-zkp (experimental) - C implementation on secp256k1 (implements Bulletproofs [BBBPWM17] approach)
- dalek-cryptography/bulletproofs - Rust implementation using Ristretto on Curve25519 (implements Bulletproofs [BBBPWM17] approach) (notes)
- adjoint-io/bulletproofs - Haskell implementation on secp256k1 (implements Bulletproofs [BBBPWM17] approach)

- Picnic
- libSTARK
- emmy
- ZKP primitives for Camenisch-Lysyanskaya anonymous credentials
- Camenisch-Lysyanskaya anonymous credentials (work in progress)
- client-server (prover-verifier) communication based on Protobuffers and gRPC

- VC implementation accompanying the Pinocchio [PGHR13] and Geppetto [CFHKKNPZ14] papers
- DIZK - Java library for distributed zero knowledge proof systems
- [WZCPS18] (distributed implementation of [Groth16])
- Enables zkSNARK computations of up to billions of logical gates (100x larger than prior art) at a cost of 10μs per gate (100x faster than prior art)
- Implements distributed polynomial evaluation/interpolation, distributed Lagrange polynomial computations, and distributed multi-scalar multiplication

- snarkjs - JavaScript library for zk-SNARK proofs

## Generating structured reference strings

Some proving systems require a structured reference string (SRS). The following works discuss secure SRS generation.

- [BCGTV15] - MPC for generating the SRS for [PGHR13]/[BCGTV13]
- [BGG17] - improved MPC for generating the SRS for [PGHR13]/[BCGTV13]
- [BGM18] - “Powers of Tau” protocol for scalable generation of structured reference string for [Groth16]

## Low-level libraries/languages for writing circuits

- libsnark’s gadgetlib1 and gadgetlib2 - C++ libraries for building circuits for preprocessing zk-SNARKs
- jsnark - Java library for building circuits for preprocessing zk-SNARKs, backed by libsnark
- ZoKrates - Toolbox for zk-SNARKs on Ethereum, backed by libsnark
- Snarky - OCaml front-end for writing R1CS SNARKs, currently backed by libsnark

## General-purpose compilers from high-level languages

- ZKPDL [MEKHL10]
- Cashlib - C++ implementation

- Pinocchio [PGHR13]
- Pinocchio toolchain - Python implementation

- Pantry [BFRSBW13]
- Geppetto [CFHKKNPZ14]
- TinyRAM [BCGTV13], vnTinyRAM [BCTV14a] and scalable TinyRAM [BCTV14b]
- Buffet [WSRBW15]
- C0C0 [KZMQCPPSS15]
- Pequin - Toolchain to verifiably execute programs expressed in (a large subset of) C, backed by libsnark.
- Snårkl [SML17] - Haskell embedded DSL for verifiable computing
- xJsnark [KPS18]

## Example circuits

## Circuit optimization

## Standardization efforts

- Zero Knowledge Proof Standardization and 1st Workshop
- Letter to NIST on standardizing new cryptographic standards

## So are they fast yet?

Stay tuned! 😁

## Improve this page

Additions, corrections and other suggestions are welcome! You can propose an edit to this page here. (Note that after making your edits, there are 3 confirmations to click through in order to create the “pull request” in the Git repository underlying this page.)

For more broad changes, you can make a pull request here!