Homomorphisms by Example A homomorphism between two groups exists if a structure preserving map between the two groups exists. Suppose we have two algebraic data structures $(A,\square)$ and $(B,...

Reducing the number of equality checks (constraints) through random linear combinations Random linear combinations are a common trick in zero knowledge proof algorithms to enable $m$ equality checks...

A Zero Knowledge Proof for the Inner Product An inner product argument is a proof that the prover carried out the inner product computation correctly. This chapter shows how to construct a zero...

Introduction to ZK Bulletproofs Bulletproofs are a zero knowledge inner product argument, which enable a prover to convince a verifier that they correctly computed an inner product. That is, the...

Bulletproofs ZKP: Zero Knowledge and Succinct Proofs for Inner Products Bulletproofs ZKPs allow a prover to prove knowledge of an inner product with a logarithmic-sized proof. Bulletproofs do not...

Building a Zero Knowledge Proof from an R1CS Given an arithmetic circuit encoded as a Rank 1 Constraint System, it is possible to create a ZK-proof of having a witness, albeit not a succinct one....

What are Pedersen Commitments and How They Work Pedersen commitments allow us to encode arbitrarily large vectors with a single elliptic curve point, while optionally hiding any information about the...

Bilinear Pairings in Python, Solidity, and the EVM Sometimes also called bilinear mappings, bilinear pairings allow us to take three numbers, $a$, $b$, and $c$, where $ab = c$, encrypt them to become...

Trusted Setup A trusted setup is a mechanism ZK-SNARKs use to evaluate a polynomial at a secret value. Observe that a polynomial $f(x)$ can be evaluated by computing the inner product of the...

Arithmetic Circuits for ZK In the context of zero-knowledge proofs, an arithmetic circuit is a system of equations that models a problem in NP. A key point from our article on P vs NP is that any...