Proofs, Arguments, and Zero-Knowledge读书笔记--2024年5月6日星期一（Day 1，P1-P11）

Proofs, Arguments, and Zero-Knowledge笔记
2024年5月6日星期一（Day 1，P1-P11）：

1. interactive proofs (IPs) and arguments之间区别是：arguments (but not IPs) permit the existence of “proofs” of incorrect statements, so long as those “proofs” require exorbitant computational power to find.
2. zk-SNARK: Succinct Non-interactive Arguments of Knowledge。zk-SNARK的解释：“Succinct” means that the proofs are short. “Non-interactive” means that the proof is static, consisting of a single message from the prover. “Of Knowledge” roughly means that the protocol establishes not only that a statement is true, but also that the prover knows a “witness” to the veracity of the statement.
3. Argument systems的发展包括两个阶段：（1）信息理论上的安全协议，例如：IP，multi-prover interactive proof (MIP), or probabilistically checkable proof (PCP)，他们是包含了一个或多个证明者；（2）信息理论安全协议与密码学结合，只有一个的证明者。
4. 根据信息理论进行分类，zk-SNARK可以分为：(1) IPs, (2) MIPs, (3) PCPs（or interactive oracle proofs(IOPs)),（4）linear PCPs.
5. (1) IPs, (2) MIPs, (3) PCPs要转化为succinct interactive arguments，则（1）与polynomial commitment scheme结合，（2）利用Fiat Shamir transformation。linear PCPs稍有不同。
6. 非正式定义证明：A proof is anything that convinces someone that a statement is
   true,
7. 非正式定义证明系统：A “proof system” is any procedure that decides what is and is not a convincing proof. That is, a proof system is specified by a verification procedure that takes as input any statement and a claimed “proof” that the statement is true, and decides whether or not the proof is valid.
8. 证明系统的属性：（1）Completeness：Any true statement should have a convincing proof of its validity；（2）Soundness：No false statement should have a convincing proof；（3） The verification procedure will be “efficient”. Roughly, this means that simple statements should have short (convincing) proofs that can be checked quickly; (4) Ideally, proving should be efficient too. Roughly, this means that simple statements should have short
   (convincing) proofs that can be found quickly.
9. 证明是概率的，这意味着验证程序是做随机选择的（错误声称为真的概率可忽略）。
10. Static proofs和 IPs之间的区别：（1）Static proofs are transferrable, meaning that if Peggy (prover) hands Victor (verifier) a proof that a statement is true, Victor can turn around and convince Tammy (a third party) that the same statement is true, simply by copying the proof. （2）an interactive proof may not be transferrable. Victor can try to convince Tammy that the statement is true by sending Tammy a transcript of his interaction with Peggy, but Tammy will not be convinced unless Tammy trusts that Victor correctly represented the interaction. This is because soundness of the IP only holds if, every time Peggy sends a response to Victor, Peggy does not know what challenge Victor will respond with next. The transcript alone does not give Tammy a guarantee that this holds.