ZKP5.1 Plonk Interactive Oracle Proofs [KZG10]

ZKP学习笔记

ZK-Learning MOOC课程笔记

Lecture 5: The Plonk SNARK (Dan Boneh)

5.1 KZG’10

• general SNARK

  • A polynomial commitment scheme + A polynomial interactive oracle proof (IOP)

• Review: polynomial commitments
  

• The KZG poly-commit scheme

  • commit
    

    • a binding commitment, but not hiding

  • Eval
    

    • The verifier does not know $\tau$: using a “paring” (only need H0,H1 from gp)

  • Generalizations

    • Can also use KZG to commit to k-variate polynomials [PST’13]

  • Batch proofs
    

  • Properties of KZG: linear time commitment
    
    

  • KZG fast multi-point proof generation
    

  • The Dory polynomial commitment
    

  • PCS has many applications(KZG batch proof, proof shorter than merkle tree proof)[Verkle Trees]