Groth16

From zkstacks
Jump to navigation Jump to search

Key points about Groth16:

  • Uses Asymmetric Bilinear Pairings (can be instantiated with any type of pairings). Asymmetric setting is more efficient.
  • It is a NIZK for Artithmetic Satisfiability.
  • The Proof only needs 3 group elements.
  • The Verifier only needs to check a single pairing equation and compute a number of exponentiations proportional to the statement size.
  • Perfect completeness and perfect zero-knowledge.
  • Relies on a security proof in the generic bilinear group.

How it Works: All pairing-based SNARKs follow a common method:

  • Prover computes a number of group elements using generic group operations
  • Verifier checks proof using pairing product equations

Bitansky et al. formalize the above method into LIPs. In Groth16, a LIP system for arithmetic circuits is designed where te prover only sends 3 field elements. Performance:

Retrieved from "http://161.35.113.184/index.php?title=Groth16&oldid=103"