Difference between revisions of "Groth16"
Jump to navigation
Jump to search
| Line 8: | Line 8: | ||
How it Works: | How it Works: | ||
| − | + | All pairing-based SNARKs follow a common method: | |
| + | * Prover computes a number of group elements using generic group operations | ||
| + | * Verifier checks proof using pairing product equations | ||
| + | Bitansky et al. formalize the above method into LIPs. | ||
| + | In Groth16, a LIP system for arithmetic circuits is designed where te prover only sends 3 field elements. | ||
Performance: | Performance: | ||
Latest revision as of 13:17, 14 October 2020
Key points about Groth16:
- Uses Asymmetric Bilinear Pairings (can be instantiated with any type of pairings). Asymmetric setting is more efficient.
- It is a NIZK for Artithmetic Satisfiability.
- The Proof only needs 3 group elements.
- The Verifier only needs to check a single pairing equation and compute a number of exponentiations proportional to the statement size.
- Perfect completeness and perfect zero-knowledge.
- Relies on a security proof in the generic bilinear group.
How it Works: All pairing-based SNARKs follow a common method:
- Prover computes a number of group elements using generic group operations
- Verifier checks proof using pairing product equations
Bitansky et al. formalize the above method into LIPs. In Groth16, a LIP system for arithmetic circuits is designed where te prover only sends 3 field elements. Performance:
