Computational Proof Systems
  • 👋Cryptography and ZKP research note
  • Protocol and Primitives
    • Chapter One: ZK fundamentals
      • Overview of Computation in Zero-Knowledge Proofs
      • Arithemetic Circuit
      • Arithemetic Circuit (RUST)
      • Polynomial
      • R1CS to QAP
      • Univariate Polynomial Multiplication Using FFT
    • Chapter Two: Interative and non-interative proof
      • Interactive and Non-interactive Zero-Knowledge Proof Systems
    • Chapter Three: Ploynomial Commitment Schemes
      • KZG Polynomial Commitment Scheme
        • Univariate KZG Polynomial Commitment Scheme
        • Multilinear KZG Polynomial commitment scheme
        • Batch Univariate KZG Polynomial Commitment Scheme
      • FRI Polynomial commitment scheme
    • Chapter Four: Sum Check Protocol
    • Chapter Five: GRK Protocol
      • The Protocol
      • Succinct GKR Protocol
    • Chapter Six: Groth16 Protocol
    • Chapter Seven: PLONK Protocol
    • Chapter Eight: PLONK Protocol Extensions
      • TurboPLONK
      • Lookup Arguments and PLONKUP
        • PLOOKUP
        • Halo2 Lookup Protocol
      • HYPERPLONK
Powered by GitBook
On this page
  • Interactive and Non-interactive Zero-Knowledge Proof Systems
  • Introduction
  • Interactive Zero-Knowledge Proofs
  • Non-interactive Zero-Knowledge Proofs (NIZK)
  • Applications
  • Technical Considerations
  1. Protocol and Primitives
  2. Chapter Two: Interative and non-interative proof

Interactive and Non-interactive Zero-Knowledge Proof Systems

Interactive and Non-interactive Zero-Knowledge Proof Systems

Introduction

Zero-knowledge proof systems come in two fundamental varieties: interactive and non-interactive protocols. Each has distinct characteristics and use cases that make them suitable for different applications in cryptography and secure computation.

Interactive Zero-Knowledge Proofs

Interactive zero-knowledge proofs involve a back-and-forth dialogue between two parties:

  • The prover (P): who possesses the secret information and wants to prove a statement

  • The verifier (V): who challenges the prover and verifies the proof

Key Characteristics

  1. Multiple Rounds: The proof consists of multiple rounds of communication between P and V

  2. Challenge-Response: Each round typically involves:

    • A commitment from the prover

    • A challenge from the verifier

    • A response from the prover

  3. Randomness: The verifier's challenges are randomly chosen

  4. Completeness: An honest prover can convince an honest verifier

  5. Soundness: A dishonest prover cannot convince a verifier except with negligible probability

  6. Zero-Knowledge: The verifier learns nothing beyond the validity of the statement

Public Coin Protocol Example: Graph 3-Coloring

Consider the following interactive protocol for proving that a graph G is 3-colorable without revealing the coloring:

Protocol Steps:
1. Prover has a valid 3-coloring C of graph G
2. In each round:
   a. P randomly permutes the three colors (e.g., red→blue, blue→green, green→red)
   b. P commits to the color of each vertex using a cryptographic commitment scheme
   c. V randomly selects an edge (u,v) from G
   d. P reveals the colors of vertices u and v
   e. V verifies that the revealed colors are different

Security Parameters:
- Each round has a 1/|E| chance of catching an invalid coloring
- k rounds achieve soundness error of (1-1/|E|)^k

This protocol exemplifies several key properties:

  • It is public coin because V's challenges are purely random

  • It reveals nothing about the actual coloring (zero-knowledge)

  • It can be repeated to achieve arbitrary security levels

Non-interactive Zero-Knowledge Proofs (NIZK)

Non-interactive zero-knowledge proofs eliminate the need for multiple rounds of interaction between the prover and verifier.

Key Features

  1. Single Message: The entire proof is contained in one message from P to V

  2. Common Reference String: Usually requires a trusted setup phase to generate a common reference string (CRS)

  3. Public Verifiability: Anyone with access to the verification key can verify the proof

  4. Reusability: The same proof can be verified multiple times by different parties

Construction Methods

  1. Fiat-Shamir Transform

    • Converts any public coin interactive ZK proof into a non-interactive one

    • Uses a cryptographic hash function to generate challenges

    • Security relies on the random oracle model

  2. zk-SNARKs (Zero-Knowledge Succinct Non-Interactive Arguments of Knowledge)

    • Provides succinct proofs (constant or logarithmic size)

    • Requires a trusted setup phase

    • Based on advanced cryptographic assumptions (e.g., pairing-based cryptography)

Comparison Table

Aspect
Interactive ZK
Non-interactive ZK

Communication Rounds

Multiple

Single

Setup Requirements

Minimal

CRS/Trusted Setup

Proof Size

Usually larger

Can be succinct

Computational Cost

Generally lower

Usually higher

Real-time Requirement

Yes

No

Public Verifiability

No

Yes

Applications

  1. Interactive ZK Use Cases

    • Authentication systems

    • Secure multiparty computation

    • Online zero-knowledge protocols

  2. NIZK Use Cases

    • Blockchain and cryptocurrency systems

    • Digital signature schemes

    • Anonymous credentials

    • Privacy-preserving smart contracts

Technical Considerations

When choosing between interactive and non-interactive protocols, consider:

  1. Performance Requirements

    • Proof generation time

    • Verification time

    • Communication complexity

    • Storage requirements

  2. Security Requirements

    • Trusted setup assumptions

    • Cryptographic assumptions

    • Required security level

  3. System Constraints

    • Network latency tolerance

    • Storage limitations

    • Real-time interaction capabilities

PreviousChapter Two: Interative and non-interative proofNextChapter Three: Ploynomial Commitment Schemes

Last updated 16 days ago