Menu
Home
People
Places
Arts
History
Plants & Animals
Science
Life & Culture
Technology
Reference.org
Non-interactive zero-knowledge proof
open-in-new
<h2 id="history">History</h2> <p><a href="/facts/Manuel_Blum/fl3GKhvh">Blum</a>, Feldman, and <a href="/facts/Silvio_Micali/IxgCplaX">Micali</a><a class="footnote-ref" id="fnref:3" href="#fn:3"><sup>3</sup></a> showed in 1988 that a common reference string shared between the prover and the verifier is sufficient to achieve computational zero-knowledge without requiring interaction. <a href="/facts/Oded_Goldreich/Ufn1bqW7">Goldreich</a> and Oren<a class="footnote-ref" id="fnref:4" href="#fn:4"><sup>4</sup></a> gave impossibility results for one shot zero-knowledge protocols in the <a href="/facts/Standard_model_(cryptography)/pjCTKoKe">standard model</a>. In 2003, <a href="/facts/Shafi_Goldwasser/aTJJq4mB">Shafi Goldwasser</a> and <a href="/facts/Yael_Tauman_Kalai/bcIJju8n">Yael Tauman Kalai</a> published an instance of an identification scheme for which any hash function will yield an insecure digital signature scheme.<a class="footnote-ref" id="fnref:5" href="#fn:5"><sup>5</sup></a> </p><p>The model influences the properties that can be obtained from a zero-knowledge protocol. Pass<a class="footnote-ref" id="fnref:6" href="#fn:6"><sup>6</sup></a> showed that in the common reference string model non-interactive zero-knowledge protocols do not preserve all of the properties of interactive zero-knowledge protocols; e.g., they do not preserve deniability. Non-interactive zero-knowledge proofs can also be obtained in the <a href="/facts/Random_oracle_model/wK7MhxDq">random oracle model</a> using the <a href="/facts/Fiat%E2%80%93Shamir_heuristic/JGnJk1uw">Fiat–Shamir heuristic</a>. </p> <h3>Blockchain applications</h3> <p>In 2012, <a href="/facts/Alessandro_Chiesa/odcx8hJN">Alessandro Chiesa</a> et al developed the zk-SNARK protocol, an acronym for <i><a href="/facts/Zero-knowledge_proof/38soaPT5">zero-knowledge</a> succinct non-interactive <a href="/facts/Proof_of_knowledge/P1rFAT7f">argument of knowledge</a></i>.<a class="footnote-ref" id="fnref:7" href="#fn:7"><sup>7</sup></a> The first widespread application of zk-SNARKs was in the <a href="/facts/Zcash/t36Edlhr">Zerocash</a> <a href="/facts/Blockchain/8H43GgWy">blockchain</a> protocol, where zero-knowledge cryptography provides the computational backbone, by facilitating mathematical proofs that one party has possession of certain information without revealing what that information is.<a class="footnote-ref" id="fnref:8" href="#fn:8"><sup>8</sup></a> Zcash utilized zk-SNARKs to facilitate four distinct transaction types: private, shielding, deshielding, and public. This protocol allowed users to determine how much data was shared with the public ledger for each transaction.<a class="footnote-ref" id="fnref:9" href="#fn:9"><sup>9</sup></a> <a href="/facts/Ethereum/6RfpJ46R">Ethereum</a> zk-Rollups also utilize zk-SNARKs to increase scalability.<a class="footnote-ref" id="fnref:10" href="#fn:10"><sup>10</sup></a> </p><p>In 2017, <i>Bulletproofs</i><a class="footnote-ref" id="fnref:11" href="#fn:11"><sup>11</sup></a> was released, which enable proving that a committed value is in a range using a logarithmic (in the bit length of the range) number of field and group elements.<a class="footnote-ref" id="fnref:12" href="#fn:12"><sup>12</sup></a> Bulletproofs was later implemented into Mimblewimble protocol (the basis for Grin and Beam, and <a href="/facts/Litecoin/X3F07LX0">Litecoin</a> via extension blocks) and <a href="/facts/Monero_(cryptocurrency)/yQvg9Dcc">Monero cryptocurrency</a>.<a class="footnote-ref" id="fnref:13" href="#fn:13"><sup>13</sup></a> </p><p>In 2018, the <i>zk-STARK</i> (<a href="/facts/Zero-knowledge_proof/38soaPT5">zero-knowledge</a> Scalable Transparent <a href="/facts/Proof_of_knowledge/P1rFAT7f">Argument of Knowledge</a>)<a class="footnote-ref" id="fnref:14" href="#fn:14"><sup>14</sup></a> protocol was introduced by Eli Ben-Sasson, Iddo Bentov, Yinon Horesh, and Michael Riabzev,<a class="footnote-ref" id="fnref:15" href="#fn:15"><sup>15</sup></a> offering transparency (no trusted setup), quasi-linear proving time, and poly-logarithmic verification time. <i>Zero-Knowledge Succinct Transparent Arguments of Knowledge</i> are a type of cryptographic proof system that enables one party (the prover) to prove to another party (the verifier) that a certain statement is true, without revealing any additional information beyond the truth of the statement itself. zk-STARKs are succinct, meaning that they allow for the creation of short proofs that are easy to verify, and they are transparent, meaning that anyone can verify the proof without needing any secret information.<a class="footnote-ref" id="fnref:16" href="#fn:16"><sup>16</sup></a> </p><p>Unlike the first generation of zk-SNARKs, zk-STARKs, by default, do not require a trusted setup, which makes them particularly useful for decentralized applications like blockchains. Additionally, zk-STARKs can be used to verify many statements at once, making them scalable and efficient.<a class="footnote-ref" id="fnref:17" href="#fn:17"><sup>17</sup></a> </p><p>In 2019, HALO recursive zk-SNARKs without a trusted setup were presented.<a class="footnote-ref" id="fnref:18" href="#fn:18"><sup>18</sup></a> Pickles<a class="footnote-ref" id="fnref:19" href="#fn:19"><sup>19</sup></a> zk-SNARKs, based on the former construction, power Mina, the first succinctly verifiable blockchain.<a class="footnote-ref" id="fnref:20" href="#fn:20"><sup>20</sup></a> </p><p>A list of zero-knowledge proof protocols and libraries is provided below along with comparisons based on transparency, universality, and plausible post-quantum security. A transparent protocol is one that does not require any trusted setup and uses public randomness. A universal protocol is one that does not require a separate trusted setup for each circuit. Finally, a plausibly post-quantum protocol is one that is not susceptible to known attacks involving quantum algorithms. </p> Non-interactive zero-knowledge proof systems<table><tbody><tr><th>ZKP system</th><th>Publication year</th><th>Protocol</th><th>Transparent</th><th>Universal</th><th>Plausibly post-quantum secure</th></tr><tr><td>Pinocchio<a class="footnote-ref" id="fnref:21" href="#fn:21"><sup>21</sup></a></td><td>2013</td><td>zk-SNARK</td><td>No</td><td>No</td><td>No</td></tr><tr><td>Geppetto<a class="footnote-ref" id="fnref:22" href="#fn:22"><sup>22</sup></a></td><td>2015</td><td>zk-SNARK</td><td>No</td><td>No</td><td>No</td></tr><tr><td>TinyRAM<a class="footnote-ref" id="fnref:23" href="#fn:23"><sup>23</sup></a></td><td>2013</td><td>zk-SNARK</td><td>No</td><td>No</td><td>No</td></tr><tr><td>Buffet<a class="footnote-ref" id="fnref:24" href="#fn:24"><sup>24</sup></a></td><td>2015</td><td>zk-SNARK</td><td>No</td><td>No</td><td>No</td></tr><tr><td>vRAM<a class="footnote-ref" id="fnref:25" href="#fn:25"><sup>25</sup></a></td><td>2018</td><td>zk-SNARG</td><td>No</td><td>Yes</td><td>No</td></tr><tr><td>vnTinyRAM<a class="footnote-ref" id="fnref:26" href="#fn:26"><sup>26</sup></a></td><td>2014</td><td>zk-SNARK</td><td>No</td><td>Yes</td><td>No</td></tr><tr><td>MIRAGE<a class="footnote-ref" id="fnref:27" href="#fn:27"><sup>27</sup></a></td><td>2020</td><td>zk-SNARK</td><td>No</td><td>Yes</td><td>No</td></tr><tr><td>Sonic<a class="footnote-ref" id="fnref:28" href="#fn:28"><sup>28</sup></a></td><td>2019</td><td>zk-SNARK</td><td>No</td><td>Yes</td><td>No</td></tr><tr><td>Marlin<a class="footnote-ref" id="fnref:29" href="#fn:29"><sup>29</sup></a></td><td>2020</td><td>zk-SNARK</td><td>No</td><td>Yes</td><td>No</td></tr><tr><td>PLONK<a class="footnote-ref" id="fnref:30" href="#fn:30"><sup>30</sup></a></td><td>2019</td><td>zk-SNARK</td><td>No</td><td>Yes</td><td>No</td></tr><tr><td>SuperSonic<a class="footnote-ref" id="fnref:31" href="#fn:31"><sup>31</sup></a></td><td>2020</td><td>zk-SNARK</td><td>Yes</td><td>Yes</td><td>No</td></tr><tr><td>Bulletproofs<a class="footnote-ref" id="fnref:32" href="#fn:32"><sup>32</sup></a></td><td>2018</td><td>Bulletproofs</td><td>Yes</td><td>Yes</td><td>No</td></tr><tr><td>Hyrax<a class="footnote-ref" id="fnref:33" href="#fn:33"><sup>33</sup></a></td><td>2018</td><td>zk-SNARK</td><td>Yes</td><td>Yes</td><td>No</td></tr><tr><td>Halo<a class="footnote-ref" id="fnref:34" href="#fn:34"><sup>34</sup></a></td><td>2019</td><td>zk-SNARK</td><td>Yes</td><td>Yes</td><td>No</td></tr><tr><td>Virgo<a class="footnote-ref" id="fnref:35" href="#fn:35"><sup>35</sup></a></td><td>2020</td><td>zk-SNARK</td><td>Yes</td><td>Yes</td><td>Yes</td></tr><tr><td>Ligero<a class="footnote-ref" id="fnref:36" href="#fn:36"><sup>36</sup></a></td><td>2017</td><td>zk-SNARK</td><td>Yes</td><td>Yes</td><td>Yes</td></tr><tr><td>Aurora<a class="footnote-ref" id="fnref:37" href="#fn:37"><sup>37</sup></a></td><td>2019</td><td>zk-SNARK</td><td>Yes</td><td>Yes</td><td>Yes</td></tr><tr><td>zk-STARK<a class="footnote-ref" id="fnref:38" href="#fn:38"><sup>38</sup></a><a class="footnote-ref" id="fnref:39" href="#fn:39"><sup>39</sup></a></td><td>2019</td><td>zk-STARK</td><td>Yes</td><td>Yes</td><td>Yes</td></tr><tr><td>Zilch<a class="footnote-ref" id="fnref:40" href="#fn:40"><sup>40</sup></a><a class="footnote-ref" id="fnref:41" href="#fn:41"><sup>41</sup></a></td><td>2021</td><td>zk-STARK</td><td>Yes</td><td>Yes</td><td>Yes</td></tr></tbody></table> <h2 id="definition">Definition</h2> <p>Originally,<a class="footnote-ref" id="fnref:42" href="#fn:42"><sup>42</sup></a> non-interactive zero-knowledge was only defined as a single theorem-proof system. In such a system each proof requires its own fresh common reference string. A common reference string in general is not a random string. It may, for instance, consist of randomly chosen group elements that all protocol parties use. Although the group elements are random, the reference string is not as it contains a certain structure (e.g., group elements) that is distinguishable from randomness. Subsequently, Feige, Lapidot, and <a href="/facts/Adi_Shamir/CTnaUeP6">Shamir</a><a class="footnote-ref" id="fnref:43" href="#fn:43"><sup>43</sup></a> introduced multi-theorem zero-knowledge proofs as a more versatile notion for non-interactive zero-knowledge proofs. </p> <h2 id="pairing-based-non-interactive-proofs">Pairing-based non-interactive proofs</h2> <p><a href="/facts/Pairing-based_cryptography/vpk8ygca">Pairing-based cryptography</a> has led to several cryptographic advancements. One of these advancements is more powerful and more efficient non-interactive zero-knowledge proofs. The seminal idea was to hide the values for the pairing evaluation in a <a href="/facts/Commitment_scheme/DMqRCguM">commitment</a>. Using different commitment schemes, this idea was used to build zero-knowledge proof systems under the <a href="/facts/Sub-group_hiding/K7sqjwXe">sub-group hiding</a><a class="footnote-ref" id="fnref:44" href="#fn:44"><sup>44</sup></a> and under the <a href="/facts/Decisional_linear_assumption/Pze6oSI9">decisional linear assumption</a>.<a class="footnote-ref" id="fnref:45" href="#fn:45"><sup>45</sup></a> These proof systems prove <a href="/facts/Circuit_satisfiability_problem/LDkc2Yc0">circuit satisfiability</a>, and thus by the <a href="/facts/Cook%E2%80%93Levin_theorem/6WN3aUyL">Cook–Levin theorem</a> allow proving membership for every language in NP. The size of the common reference string and the proofs is relatively small; however, transforming a statement into a boolean circuit incurs considerable overhead. </p><p>Proof systems under the <a href="/facts/Sub-group_hiding/K7sqjwXe">sub-group hiding</a>, <a href="/facts/Decisional_linear_assumption/Pze6oSI9">decisional linear assumption</a>, and <a href="/facts/XDH_assumption/KIlJlIL2">external Diffie–Hellman assumption</a> that allow directly proving the pairing product equations that are common in <a href="/facts/Pairing-based_cryptography/vpk8ygca">pairing-based cryptography</a> have been proposed.<a class="footnote-ref" id="fnref:46" href="#fn:46"><sup>46</sup></a> </p><p>Under strong knowledge assumptions, it is known how to create sublinear-length computationally-sound proof systems for <a href="/facts/NP-complete/NFPv56DU">NP-complete</a> languages. More precisely, the proof in such proof systems consists only of a small number of bilinear group elements.<a class="footnote-ref" id="fnref:47" href="#fn:47"><sup>47</sup></a><a class="footnote-ref" id="fnref:48" href="#fn:48"><sup>48</sup></a> </p> <h2 id="references">References</h2> <ol> <li id="fn:1"><p>Gong, Yinjie; Jin, Yifei; Li, Yuchan; Liu, Ziyi; Zhu, Zhiyi (January 2022). "Analysis and comparison of the main zero-knowledge proof scheme". 2022 International Conference on Big Data, Information and Computer Network (BDICN). pp. 366–372. doi:10.1109/BDICN55575.2022.00074. ISBN 978-1-6654-8476-3. S2CID 248267862. <a href="978-1-6654-8476-3" target="_blank">978-1-6654-8476-3</a> <a href="#fnref:1" class="footnote-back-ref">↩</a></p></li> <li id="fn:2"><p>Gong, Yinjie; Jin, Yifei; Li, Yuchan; Liu, Ziyi; Zhu, Zhiyi (January 2022). "Analysis and comparison of the main zero-knowledge proof scheme". 2022 International Conference on Big Data, Information and Computer Network (BDICN). pp. 366–372. doi:10.1109/BDICN55575.2022.00074. ISBN 978-1-6654-8476-3. S2CID 248267862. <a href="978-1-6654-8476-3" target="_blank">978-1-6654-8476-3</a> <a href="#fnref:2" class="footnote-back-ref">↩</a></p></li> <li id="fn:3"><p>Manuel Blum, Paul Feldman, and Silvio Micali. Non-Interactive Zero-Knowledge and Its Applications. Proceedings of the twentieth annual ACM symposium on Theory of computing (STOC 1988). 103–112. 1988 <a href="#fnref:3" class="footnote-back-ref">↩</a></p></li> <li id="fn:4"><p>Oded Goldreich and Yair Oren. Definitions and Properties of Zero-Knowledge Proof Systems. Journal of Cryptology. Vol 7(1). 1–32. 1994 (PS) <a href="http://www.wisdom.weizmann.ac.il/~oded/PS/oren.ps" target="_blank">http://www.wisdom.weizmann.ac.il/~oded/PS/oren.ps</a> <a href="#fnref:4" class="footnote-back-ref">↩</a></p></li> <li id="fn:5"><p>Shafi Goldwasser and Yael Kalai. On the (In)security of the Fiat–Shamir Paradigm. Proceedings of the 44th Annual IEEE Symposium on Foundations of Computer Science (FOCS'03). 2003 <a href="#fnref:5" class="footnote-back-ref">↩</a></p></li> <li id="fn:6"><p>Rafael Pass. On Deniability in the Common Reference String and Random Oracle Model. Advances in Cryptology – CRYPTO 2003. 316–337. 2003 (PS) <a href="http://www.nada.kth.se/~rafael/papers/denzk.ps" target="_blank">http://www.nada.kth.se/~rafael/papers/denzk.ps</a> <a href="#fnref:6" class="footnote-back-ref">↩</a></p></li> <li id="fn:7"><p>Bitansky, Nir; Canetti, Ran; Chiesa, Alessandro; Tromer, Eran (January 2012). "From extractable collision resistance to succinct non-interactive arguments of knowledge, and back again". Proceedings of the 3rd Innovations in Theoretical Computer Science Conference on - ITCS '12. ACM. pp. 326–349. doi:10.1145/2090236.2090263. ISBN 978-1-4503-1115-1. S2CID 2576177. <a href="978-1-4503-1115-1" target="_blank">978-1-4503-1115-1</a> <a href="#fnref:7" class="footnote-back-ref">↩</a></p></li> <li id="fn:8"><p>Ben-Sasson, Eli; Chiesa, Alessandro; Garman, Christina; Green, Matthew; Miers, Ian; Tromer, Eran; Virza, Madars (18 May 2014). "Zerocash: Decentralized Anonymous Payments from Bitcoin" (PDF). IEEE. Retrieved 26 January 2016. <a href="http://zerocash-project.org/media/pdf/zerocash-extended-20140518.pdf" target="_blank">http://zerocash-project.org/media/pdf/zerocash-extended-20140518.pdf</a> <a href="#fnref:8" class="footnote-back-ref">↩</a></p></li> <li id="fn:9"><p>Ben-Sasson, Eli; Chiesa, Alessandro. "What are zk-SNARKs?". z.cash. Retrieved 3 November 2022. <a href="https://z.cash/technology/zksnarks/" target="_blank">https://z.cash/technology/zksnarks/</a> <a href="#fnref:9" class="footnote-back-ref">↩</a></p></li> <li id="fn:10"><p>"Zero-Knowledge rollups". ethereum.org. Retrieved 2023-02-25. <a href="https://ethereum.org/" target="_blank">https://ethereum.org/</a> <a href="#fnref:10" class="footnote-back-ref">↩</a></p></li> <li id="fn:11"><p>Bünz, Benedikt; Bootle, Jonathan; Boneh, Dan; Poelstra, Andrew; Wuille, Pieter; Maxwell, Greg (May 2018). "Bulletproofs: Short Proofs for Confidential Transactions and More". 2018 IEEE Symposium on Security and Privacy (SP). pp. 315–334. doi:10.1109/SP.2018.00020. ISBN 978-1-5386-4353-2. S2CID 3337741. <a href="978-1-5386-4353-2" target="_blank">978-1-5386-4353-2</a> <a href="#fnref:11" class="footnote-back-ref">↩</a></p></li> <li id="fn:12"><p>Bünz, Benedikt; Bootle, Jonathan; Boneh, Dan; Poelstra, Andrew; Wuille, Pieter; Maxwell, Greg (May 2018). "Bulletproofs: Short Proofs for Confidential Transactions and More" (PDF). 2018 IEEE Symposium on Security and Privacy (SP). pp. 315–334. doi:10.1109/SP.2018.00020. ISBN 978-1-5386-4353-2. S2CID 3337741. Retrieved 2 December 2022. <a href="978-1-5386-4353-2" target="_blank">978-1-5386-4353-2</a> <a href="#fnref:12" class="footnote-back-ref">↩</a></p></li> <li id="fn:13"><p>Odendaal, Hansie; Sharrock, Cayle; Heerden, SW. "Bulletproofs and Mimblewimble". Tari Labs University. Archived from the original on 29 September 2020. Retrieved 3 December 2020. <a href="https://web.archive.org/web/20200929160834/https://tlu.tarilabs.com/cryptography/bulletproofs-and-mimblewimble/MainReport.html" target="_blank">https://web.archive.org/web/20200929160834/https://tlu.tarilabs.com/cryptography/bulletproofs-and-mimblewimble/MainReport.html</a> <a href="#fnref:13" class="footnote-back-ref">↩</a></p></li> <li id="fn:14"><p>http://www.cs.technion.ac.il/RESEARCH_DAY_17/POSTERS/michael_riabzev.pdf <a href="http://www.cs.technion.ac.il/RESEARCH_DAY_17/POSTERS/michael_riabzev.pdf" target="_blank">http://www.cs.technion.ac.il/RESEARCH_DAY_17/POSTERS/michael_riabzev.pdf</a> <a href="#fnref:14" class="footnote-back-ref">↩</a></p></li> <li id="fn:15"><p>Eli Ben-Sasson; Iddo Bentov; Yinon Horesh; Michael Riabzev (March 6, 2018). "Scalable, transparent, and post-quantum secure computational integrity" (PDF). International Association for Cryptologic Research. Retrieved October 24, 2021. <a href="https://eprint.iacr.org/2018/046.pdf" target="_blank">https://eprint.iacr.org/2018/046.pdf</a> <a href="#fnref:15" class="footnote-back-ref">↩</a></p></li> <li id="fn:16"><p>Eli Ben-Sasson; Iddo Bentov; Yinon Horesh; Michael Riabzev (March 6, 2018). "Scalable, transparent, and post-quantum secure computational integrity" (PDF). International Association for Cryptologic Research. Retrieved October 24, 2021. <a href="https://eprint.iacr.org/2018/046.pdf" target="_blank">https://eprint.iacr.org/2018/046.pdf</a> <a href="#fnref:16" class="footnote-back-ref">↩</a></p></li> <li id="fn:17"><p>Gong, Yinjie; Jin, Yifei; Li, Yuchan; Liu, Ziyi; Zhu, Zhiyi (January 2022). "Analysis and comparison of the main zero-knowledge proof scheme". 2022 International Conference on Big Data, Information and Computer Network (BDICN). pp. 366–372. doi:10.1109/BDICN55575.2022.00074. ISBN 978-1-6654-8476-3. S2CID 248267862. <a href="978-1-6654-8476-3" target="_blank">978-1-6654-8476-3</a> <a href="#fnref:17" class="footnote-back-ref">↩</a></p></li> <li id="fn:18"><p>Bowe, Sean; Grigg, Jack; Hopwood, Daira (2019). "Recursive Proof Composition without a Trusted Setup". Cryptology ePrint Archive. <a href="https://eprint.iacr.org/2019/1021" target="_blank">https://eprint.iacr.org/2019/1021</a> <a href="#fnref:18" class="footnote-back-ref">↩</a></p></li> <li id="fn:19"><p>"Meet Pickles SNARK: Enabling Smart Contracts on Coda Protocol". Mina Protocol. Retrieved 2023-02-25. <a href="https://minaprotocol.com/blog/meet-pickles-snark-enabling-smart-contracts-on-coda-protocol" target="_blank">https://minaprotocol.com/blog/meet-pickles-snark-enabling-smart-contracts-on-coda-protocol</a> <a href="#fnref:19" class="footnote-back-ref">↩</a></p></li> <li id="fn:20"><p>Bonneau, Joseph; Meckler, Izaak; Rao, V.; Evan; Shapiro (2021). "Mina: Decentralized Cryptocurrency at Scale" (PDF). S2CID 226280610. <a href="https://docs.minaprotocol.com/assets/technicalWhitepaper.pdf" target="_blank">https://docs.minaprotocol.com/assets/technicalWhitepaper.pdf</a> <a href="#fnref:20" class="footnote-back-ref">↩</a></p></li> <li id="fn:21"><p>Parno, Bryan; Howell, Jon; Gentry, Craig; Raykova, Mariana (May 2013). "Pinocchio: Nearly Practical Verifiable Computation". 2013 IEEE Symposium on Security and Privacy. pp. 238–252. doi:10.1109/SP.2013.47. ISBN 978-0-7695-4977-4. S2CID 1155080. <a href="978-0-7695-4977-4" target="_blank">978-0-7695-4977-4</a> <a href="#fnref:21" class="footnote-back-ref">↩</a></p></li> <li id="fn:22"><p>Costello, Craig; Fournet, Cédric; Howell, Jon; Kohlweiss, Markulf; Kreuter, Benjamin; Naehrig, Michael; Parno, Bryan; Zahur, Samee (May 2015). "Geppetto: Versatile Verifiable Computation". 2015 IEEE Symposium on Security and Privacy. pp. 253–270. doi:10.1109/SP.2015.23. ISBN 978-1-4673-6949-7. S2CID 3343426. <a href="978-1-4673-6949-7" target="_blank">978-1-4673-6949-7</a> <a href="#fnref:22" class="footnote-back-ref">↩</a></p></li> <li id="fn:23"><p>Ben-Sasson, Eli; Chiesa, Alessandro; Genkin, Daniel; Tromer, Eran; Virza, Madars (2013). "SNARKs for C: Verifying Program Executions Succinctly and in Zero Knowledge". In Canetti, Ran; Garay, Juan A. (eds.). Advances in Cryptology – CRYPTO 2013. Lecture Notes in Computer Science. Vol. 8043. Berlin, Heidelberg: Springer. pp. 90–108. doi:10.1007/978-3-642-40084-1_6. ISBN 978-3-642-40084-1. <a href="978-3-642-40084-1" target="_blank">978-3-642-40084-1</a> <a href="#fnref:23" class="footnote-back-ref">↩</a></p></li> <li id="fn:24"><p>Wahby, Riad S.; Setty, Srinath; Ren, Zuocheng; Blumberg, Andrew J.; Walfish, Michael (2015). Efficient RAM and Control Flow in Verifiable Outsourced Computation. doi:10.14722/ndss.2015.23097. ISBN 978-1-891562-38-9. Retrieved 2023-02-25. <a href="978-1-891562-38-9" target="_blank">978-1-891562-38-9</a> <a href="#fnref:24" class="footnote-back-ref">↩</a></p></li> <li id="fn:25"><p>Zhang, Yupeng; Genkin, Daniel; Katz, Jonathan; Papadopoulos, Dimitrios; Papamanthou, Charalampos (May 2018). "VRAM: Faster Verifiable RAM with Program-Independent Preprocessing". 2018 IEEE Symposium on Security and Privacy (SP). pp. 908–925. doi:10.1109/SP.2018.00013. ISBN 978-1-5386-4353-2. S2CID 41548742. <a href="978-1-5386-4353-2" target="_blank">978-1-5386-4353-2</a> <a href="#fnref:25" class="footnote-back-ref">↩</a></p></li> <li id="fn:26"><p>Ben-Sasson, Eli; Chiesa, Alessandro; Tromer, Eran; Virza, Madars (2014). Succinct {Non-Interactive} Zero Knowledge for a von Neumann Architecture. pp. 781–796. ISBN 978-1-931971-15-7. <a href="978-1-931971-15-7" target="_blank">978-1-931971-15-7</a> <a href="#fnref:26" class="footnote-back-ref">↩</a></p></li> <li id="fn:27"><p>Kosba, Ahmed; Papadopoulos, Dimitrios; Papamanthou, Charalampos; Song, Dawn (2020). "MIRAGE: Succinct Arguments for Randomized Algorithms with Applications to Universal zk-SNARKs". Cryptology ePrint Archive. <a href="https://eprint.iacr.org/2020/278" target="_blank">https://eprint.iacr.org/2020/278</a> <a href="#fnref:27" class="footnote-back-ref">↩</a></p></li> <li id="fn:28"><p>Maller, Mary; Bowe, Sean; Kohlweiss, Markulf; Meiklejohn, Sarah (2019-11-06). "Sonic". Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. CCS '19. New York, NY, USA: Association for Computing Machinery. pp. 2111–2128. doi:10.1145/3319535.3339817. ISBN 978-1-4503-6747-9. S2CID 60442921. <a href="978-1-4503-6747-9" target="_blank">978-1-4503-6747-9</a> <a href="#fnref:28" class="footnote-back-ref">↩</a></p></li> <li id="fn:29"><p>Chiesa, Alessandro; Hu, Yuncong; Maller, Mary; Mishra, Pratyush; Vesely, Noah; Ward, Nicholas (2020). "Marlin: Preprocessing zkSNARKs with Universal and Updatable SRS". In Canteaut, Anne; Ishai, Yuval (eds.). Advances in Cryptology – EUROCRYPT 2020. Lecture Notes in Computer Science. Vol. 12105. Cham: Springer International Publishing. pp. 738–768. doi:10.1007/978-3-030-45721-1_26. ISBN 978-3-030-45721-1. S2CID 204772154. <a href="978-3-030-45721-1" target="_blank">978-3-030-45721-1</a> <a href="#fnref:29" class="footnote-back-ref">↩</a></p></li> <li id="fn:30"><p>Gabizon, Ariel; Williamson, Zachary J.; Ciobotaru, Oana (2019). "PLONK: Permutations over Lagrange-bases for Oecumenical Noninteractive arguments of Knowledge". Cryptology ePrint Archive. <a href="https://eprint.iacr.org/2019/953" target="_blank">https://eprint.iacr.org/2019/953</a> <a href="#fnref:30" class="footnote-back-ref">↩</a></p></li> <li id="fn:31"><p>Bünz, Benedikt; Fisch, Ben; Szepieniec, Alan (2020). "Transparent SNARKs from DARK Compilers". In Canteaut, Anne; Ishai, Yuval (eds.). Advances in Cryptology – EUROCRYPT 2020. Lecture Notes in Computer Science. Vol. 12105. Cham: Springer International Publishing. pp. 677–706. doi:10.1007/978-3-030-45721-1_24. ISBN 978-3-030-45721-1. S2CID 204892714. <a href="978-3-030-45721-1" target="_blank">978-3-030-45721-1</a> <a href="#fnref:31" class="footnote-back-ref">↩</a></p></li> <li id="fn:32"><p>Bünz, Benedikt; Bootle, Jonathan; Boneh, Dan; Poelstra, Andrew; Wuille, Pieter; Maxwell, Greg (May 2018). "Bulletproofs: Short Proofs for Confidential Transactions and More". 2018 IEEE Symposium on Security and Privacy (SP). pp. 315–334. doi:10.1109/SP.2018.00020. ISBN 978-1-5386-4353-2. S2CID 3337741. <a href="978-1-5386-4353-2" target="_blank">978-1-5386-4353-2</a> <a href="#fnref:32" class="footnote-back-ref">↩</a></p></li> <li id="fn:33"><p>Wahby, Riad S.; Tzialla, Ioanna; Shelat, Abhi; Thaler, Justin; Walfish, Michael (May 2018). "Doubly-Efficient zkSNARKs Without Trusted Setup". 2018 IEEE Symposium on Security and Privacy (SP). pp. 926–943. doi:10.1109/SP.2018.00060. ISBN 978-1-5386-4353-2. S2CID 549873. <a href="978-1-5386-4353-2" target="_blank">978-1-5386-4353-2</a> <a href="#fnref:33" class="footnote-back-ref">↩</a></p></li> <li id="fn:34"><p>Bowe, Sean; Grigg, Jack; Hopwood, Daira (2019). "Recursive Proof Composition without a Trusted Setup". Cryptology ePrint Archive. <a href="https://eprint.iacr.org/2019/1021" target="_blank">https://eprint.iacr.org/2019/1021</a> <a href="#fnref:34" class="footnote-back-ref">↩</a></p></li> <li id="fn:35"><p>Zhang, Jiaheng; Xie, Tiancheng; Zhang, Yupeng; Song, Dawn (May 2020). "Transparent Polynomial Delegation and Its Applications to Zero Knowledge Proof". 2020 IEEE Symposium on Security and Privacy (SP). pp. 859–876. doi:10.1109/SP40000.2020.00052. ISBN 978-1-7281-3497-0. S2CID 209467198. <a href="978-1-7281-3497-0" target="_blank">978-1-7281-3497-0</a> <a href="#fnref:35" class="footnote-back-ref">↩</a></p></li> <li id="fn:36"><p>Ames, Scott; Hazay, Carmit; Ishai, Yuval; Venkitasubramaniam, Muthuramakrishnan (2017-10-30). "Ligero". Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. CCS '17. New York, NY, USA: Association for Computing Machinery. pp. 2087–2104. doi:10.1145/3133956.3134104. ISBN 978-1-4503-4946-8. S2CID 5348527. <a href="978-1-4503-4946-8" target="_blank">978-1-4503-4946-8</a> <a href="#fnref:36" class="footnote-back-ref">↩</a></p></li> <li id="fn:37"><p>Ben-Sasson, Eli; Chiesa, Alessandro; Riabzev, Michael; Spooner, Nicholas; Virza, Madars; Ward, Nicholas P. (2019). "Aurora: Transparent Succinct Arguments for R1CS". In Ishai, Yuval; Rijmen, Vincent (eds.). Advances in Cryptology – EUROCRYPT 2019. Lecture Notes in Computer Science. Vol. 11476. Cham: Springer International Publishing. pp. 103–128. doi:10.1007/978-3-030-17653-2_4. ISBN 978-3-030-17653-2. S2CID 52832327. <a href="978-3-030-17653-2" target="_blank">978-3-030-17653-2</a> <a href="#fnref:37" class="footnote-back-ref">↩</a></p></li> <li id="fn:38"><p>Eli Ben-Sasson; Iddo Bentov; Yinon Horesh; Michael Riabzev (March 6, 2018). "Scalable, transparent, and post-quantum secure computational integrity" (PDF). International Association for Cryptologic Research. Retrieved October 24, 2021. <a href="https://eprint.iacr.org/2018/046.pdf" target="_blank">https://eprint.iacr.org/2018/046.pdf</a> <a href="#fnref:38" class="footnote-back-ref">↩</a></p></li> <li id="fn:39"><p>Ben-Sasson, Eli; Bentov, Iddo; Horesh, Yinon; Riabzev, Michael (2019). "Scalable Zero Knowledge with No Trusted Setup". In Boldyreva, Alexandra; Micciancio, Daniele (eds.). Advances in Cryptology – CRYPTO 2019. Lecture Notes in Computer Science. Vol. 11694. Cham: Springer International Publishing. pp. 701–732. doi:10.1007/978-3-030-26954-8_23. ISBN 978-3-030-26954-8. S2CID 199501907. <a href="978-3-030-26954-8" target="_blank">978-3-030-26954-8</a> <a href="#fnref:39" class="footnote-back-ref">↩</a></p></li> <li id="fn:40"><p>Computing, Trustworthy (2021-08-30). "Transparent Zero-Knowledge Proofs With Zilch". Medium. Retrieved 2023-02-25. <a href="https://trustworthy-computing.medium.com/transparent-zero-knowledge-proofs-with-zilch-2031a63fcef3" target="_blank">https://trustworthy-computing.medium.com/transparent-zero-knowledge-proofs-with-zilch-2031a63fcef3</a> <a href="#fnref:40" class="footnote-back-ref">↩</a></p></li> <li id="fn:41"><p>Mouris, Dimitris; Tsoutsos, Nektarios Georgios (2021). "Zilch: A Framework for Deploying Transparent Zero-Knowledge Proofs". IEEE Transactions on Information Forensics and Security. 16: 3269–3284. doi:10.1109/TIFS.2021.3074869. ISSN 1556-6021. S2CID 222069813. <a href="https://ieeexplore.ieee.org/document/9410618" target="_blank">https://ieeexplore.ieee.org/document/9410618</a> <a href="#fnref:41" class="footnote-back-ref">↩</a></p></li> <li id="fn:42"><p>Manuel Blum, Paul Feldman, and Silvio Micali. Non-Interactive Zero-Knowledge and Its Applications. Proceedings of the twentieth annual ACM symposium on Theory of computing (STOC 1988). 103–112. 1988 <a href="#fnref:42" class="footnote-back-ref">↩</a></p></li> <li id="fn:43"><p>Uriel Feige, Dror Lapidot, Adi Shamir: Multiple Non-Interactive Zero-Knowledge Proofs Under General Assumptions. SIAM J. Comput. 29(1): 1–28 (1999) <a href="#fnref:43" class="footnote-back-ref">↩</a></p></li> <li id="fn:44"><p>Jens Groth, Rafail Ostrovsky, Amit Sahai: Perfect Non-interactive Zero Knowledge for NP. EUROCRYPT 2006: 339–358 <a href="#fnref:44" class="footnote-back-ref">↩</a></p></li> <li id="fn:45"><p>Jens Groth, Rafail Ostrovsky, Amit Sahai: Non-interactive Zaps and New Techniques for NIZK. CRYPTO 2006: 97–111 <a href="#fnref:45" class="footnote-back-ref">↩</a></p></li> <li id="fn:46"><p>Jens Groth, Amit Sahai: Efficient Non-interactive Proof Systems for Bilinear Groups. EUROCRYPT 2008: 415–432 <a href="#fnref:46" class="footnote-back-ref">↩</a></p></li> <li id="fn:47"><p>Jens Groth. Short Pairing-Based Non-interactive Zero-Knowledge Arguments. ASIACRYPT 2010: 321–340 <a href="#fnref:47" class="footnote-back-ref">↩</a></p></li> <li id="fn:48"><p>Helger Lipmaa. Progression-Free Sets and Sublinear Pairing-Based Non-Interactive Zero-Knowledge Arguments. TCC 2012: 169–189 <a href="#fnref:48" class="footnote-back-ref">↩</a></p></li> </ol>