Zero knowledge proof are already used all over the place, for example signature (such as ecdsa) is a zk proof. When you make the signature you are proving that you know the private key for an associated public key.
But how does a proof look like? The Zokrates example at 24:37 leaves more questions than answers. We know that a proof has something to do with an arithmetic circuit, but not how it does so or why.
Thank you so much for this amazing video! Just a quick off-topic question: I have a SafePal wallet with USDT, and I have the seed phrase. (behave today finger ski upon boy assault summer exhaust beauty stereo over). How should I go about transferring them to Binance?
If Sim produces pi: is it then not possible for any 3rd party to run Sim without knowing w, thereby "proving" knowledge of w without actually knowing w.
Wondering why "soundness" is defined as "argument of knowledge". Also, why is bulletproof linear verification time? Also, I thought succinctness means polylog (not log)
the statement to prove for Bulleproofs is of dimension N, where N is such that the message must be between 0 and 2^N -1. Bulletproofs just uses EC crypto,. No Polynomial commitments, no trusted setup. There are 2N such public generators (as opposed to 1 for Schnorr signatures, or 2 for Pedersen committments) and the proof verification in particular needs to multiply all these generators together. In total there are 2N + cste EC multiplications to do. The state of the art is Bulletproofs++ though, which uses a norm argument instead of a inner product argument like in Bulletproofs or Bulletproofs+. making it quite more efficient, although still with a linear verification time.
This is a BRILLIANT lecture ( especially for a Computer Engineer like me, whose head starts spinning when studying maths )
Very well explained !
Nothing short of GREAT. Succint explanations, yet to see any clearer introduction to zk-SNARKS, just great!!!!
That was really great, simple yet comprehensive explanation of what is going on in the backstage of a zk-snark, thank you
Finally a real life use case of Zero Knowledge Proof. Good to see it being used within blockchains.
Zero knowledge proof are already used all over the place, for example signature (such as ecdsa) is a zk proof. When you make the signature you are proving that you know the private key for an associated public key.
just got to 3:41 but I'm already liking this awesome explanation
Finally, an actually good lecture on zk-Snarks... :)
Thank you, great explanation!!!
But how does a proof look like? The Zokrates example at 24:37 leaves more questions than answers. We know that a proof has something to do with an arithmetic circuit, but not how it does so or why.
great explanation of the argument system.....I really enjoyed the video although I expected more knowledge about the zk-snarks itself :(
Finally this makes sense to me thank you
Great and clear video, thanks a lot!
what an aawesome simple explaination
Thank you so much for this amazing video! Just a quick off-topic question: I have a SafePal wallet with USDT, and I have the seed phrase. (behave today finger ski upon boy assault summer exhaust beauty stereo over). How should I go about transferring them to Binance?
Beautiful explanation thank you so much
thanks for the zk explanation
Nicely explained thanks
Amazing 😍👏
zkp = a proof that shows one knows secret.... but anyone who does not know secret can produce the proof of knowing the secret?
great
If Sim produces pi: is it then not possible for any 3rd party to run Sim without knowing w, thereby "proving" knowledge of w without actually knowing w.
i think it would be a proof π and not the π, but im also interested to hear...
Same question. This seem inherently against security?
ditto! seems to contradict itself. zkp is giving proof that one knows secret.... but anyone who does not know secret can produce the proof???
thanks again
that was amazing
Have you seen the Midnight network?
Wondering why "soundness" is defined as "argument of knowledge". Also, why is bulletproof linear verification time? Also, I thought succinctness means polylog (not log)
the statement to prove for Bulleproofs is of dimension N, where N is such that the message must be between 0 and 2^N -1. Bulletproofs just uses EC crypto,. No Polynomial commitments, no trusted setup. There are 2N such public generators (as opposed to 1 for Schnorr signatures, or 2 for Pedersen committments) and the proof verification in particular needs to multiply all these generators together. In total there are 2N + cste EC multiplications to do. The state of the art is Bulletproofs++ though, which uses a norm argument instead of a inner product argument like in Bulletproofs or Bulletproofs+. making it quite more efficient, although still with a linear verification time.
Crystel Skyway
where do i find this 32:50 cs251
no such thing as succinct x or remarx or taike or not etc, outx infix any nmw and any s perfect
how did you do it can you share with me , thank you
the video image is too poor, you need to fix it more
23:50, can the witness be anything and it will just yield a proof? or does it need to be specifically chosen so that C(witness) = 0?
how did you do it can you share with me , thank you