More On ZKP

SNARKs with universal trusted setup

With PLONK being the cheapest and most interesting one, but still significantly more expensive than groth16 (1.5x to more than 4x more expensive to generate the proofs depending on the circuit, because of how Poseidon works I think it will be much more expensive for us). The cost for verifying the proof on-chain is comparable to groth16.

Recursive SNARKs

Currently 3 options:

MNT4/6 curve (this will make most calculations more expensive)
SNARK recursion without pairing cycles
Halo
Fractal

When can we do this on Ethereum:

Wait on precompile support for these curves (maybe in the Berlin HF)
Don't wait on the precompile support:
- do the SNARK verification without the pre-compile on-chain (unsure if possible because of high gas costs).
- do the SNARK verification inside a SNARK with the alt_bn128 curve which we can verify with the precompile. (unsure if possible, could use A LOT of constraints)

Efficient proofs

n Groth16 proofs in O(log(n))

Accumulators (Merkle tree replacements)

Scaling Verifiable Computation Using Efficient Set Accumulators

High level languages

isekai

Loopring Foundation

nothing here

Provide feedback

Saved searches

Use saved searches to filter your results more quickly