zkp.md

Zero-knowledge Proof (ZKP)

"We are currently experiencing a Cambrian Explosion in the field of cryptographic proofs of computational integrity (CI), a subset of which include zero knowledge proofs. While a couple of years ago there were about 1–3 new systems a year, the rate has picked up so much that today we are seeing this same amount monthly, if not weekly."

-- ELI BEN-SASSON, A Cambrian Explosion of Crypto Proofs

Since its invention in 1986, ZKP systems, more and more, become building blocks for many other important domains, such as blockchains, Anonymous Credentials (in Web3), authentication systems, etc. In the following, we will mainly elaborate on the pratical ZKPs and roughly divide them into two categories: specific purpose ZKP and general purpose ZKP, in which their differences mainly come from the ability to prove different statements.

If we compare this with Partial Homomorphic Encryption and Fully Homomorphic Encryption, specific ZKP can only prove some specific(simple) and finite statements, while general ZK (theoretically) can prove any statements.

• Zero-knowledge Proof (ZKP)
  • Survey & Tutorial
  • Milestones
  • Specific ZKP
    • Traditional & simple relations (over logarithm)
    • Membership(Range) Proof
  • General purpose ZKP
    • Frameworks
    • with SRS(Structured Reference String), including ZKSNARK
    • with updatable universal SRS
    • with URS(Uniform Reference String), including ZKSTARK
      • DL-based
      • MPC-in-the-head-based
      • VOLE-based (Commit-and-prove type)
  • Applications on ZKP systems
    • For Credential
    • For Machine Learning(Federated Learning)
    • For Blockchains
    • Signature from ZKP
  • ZKP Standard Efforts

Survey & Tutorial

• Zero-Knowledge twenty years after its invention, also called A Short Tutorial of Zero-Knowledge Oded Goldreich Gol10, paper, Gol04 older version,homepage

• Proofs, Arguments, and Zero-Knowledge Justin Thaler Tha23, paper

Milestones

• The Knowledge Complexity of Interactive Proof-Systems (Invention of zero-knowledge) Shafi Goldwasser, Silvio Micali, and Charle Rackoff STOC 1985, paper, GMR85

• On defining proofs of knowledge Bellare Mihir and Oded Goldreich CRYPTO 1992, paper, BG92

• Algebraic methods for interactive proof systems Carsten Lund, Lance Fortnow, Howard Karloff, and Noam Nisan JACM 1992, paper, LFKN92

• Efficient Identification and Signatures for Smart Cards Schnorr Claus-Peter CRYPTO 1989, paper, Sch89

• Zero-knowledge from secure multiparty computation Yuval Ishai, Eyal Kushilevitz, Rafail Ostrovsky, and Amit Sahai STOC 2007, paper, IKOS07

• Delegating computation: interactive proofs for muggles Shafi Goldwasser, Yael Tauman Kalai, and Guy N. Rothblum STOC 2008, paper, GKR08 older version, GKR08

• Short Pairing-Based Non-Interactive Zero-Knowledge Arguments Groth Jens ASIACRYPT 2010, paper, Gro10

• Quadratic Span Programs and Succinct NIZKs without PCPs Rosario Gennaro, Craig Gentry, Bryan Parno, and Mariana Raykova EUROCRYPT 2013, paper, GGPR13

• On the Size of Pairing-Based Non-Interactive Arguments Groth Jens EUROCRYPT 2016, paper, Gro16

• Bulletproofs: Short Proofs for Confidential Transactions and More Benedikt Bunz, Jonathan Bootle, Dan Boneh, Andrew Poelstra, Pieter Wuille, and Greg Maxwell S&P 2018, paper, BBB+18

• Fast Reed-Solomon Interactive Oracle Proofs of Proximity Eli Ben-Sasson, Iddo Bentov, Ynon Horesh, and Michael Riabzev ICALP 2018, paper, BBHR18

• Scalable Zero Knowledge with no Trusted Setup Eli Ben-Sasson, Iddo Bentov, Ynon Horesh, and Michael Riabzev CRYPTO 2019, paper, BBHR19

• PLONK: Permutations over Lagrange-Bases for Oecumenical Noninteractive Arguments of Knowledge Ariel Gabizon, Zachary J. Williamson, and Oana Ciobotaru eprint 2019, paper, GWC19

• Wolverine: Fast, Scalable, and Communication-Efficient Zero-Knowledge Proofs for Boolean and Arithmetic Circuits Chenkai Weng, Kang Yang, Jonathan Katz, and Xiao Wang S&P 2021, paper, WYK+21

• Gemini: Elastic SNARKs for Diverse Environments Jonathan Bootle, Alessandro Chiesa, Yuncong Hu, and Michele Orrù EUROCRYPT 2022, paper, BCHO22

Specific ZKP

Traditional & simple relations (over logarithm)

• Efficient Identification and Signatures for Smart Cards Claus-Peter Schnorr CRYPTO 1989, paper, Sch89

• A Practical Zero-Knowledge Protocol Fitted to Security Microprocessor Minimizing Both Transmission and Memory Louis C. Guillou, and Jean-Jacques Quisquater EUROCRYPT 1988, paper, GQ88

• Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols Ronald Cramer, Ivan Damgård, and Berry Schoenmakers CRYPTO 1994, paper, CDS94

• Proof Systems for General Statements about Discrete Logarithms Jan Camenisch, and Markus Stadler ETH Zurich Report 1997, paper, CS97

• Short Group Signatures Dan Boneh, Xavier Boyen, and Hovav Shacham CRYPTO 2004, paper, BBS04

• Unifying Zero-Knowledge Proofs of Knowledge Maurer Ueli AFRICACRYPT 2009, paper, Mau09

• Non-Interactive Composition of Sigma-Protocols via Share-Then-Hash Masayuki Abe, Miguel Ambrona, Andrej Bogdanov, Miyako Ohkubo, and Alon Rosen ASIACRYPT 2020, paper, AAB+20

• Compressing Proofs of K-Out-Of-n Partial Knowledge Thomas Attema, Ronald Cramer, and Serge Fehr CRYPTO 2021, paper, ACF21

• DAG-Sigma: A DAG-Based Sigma Protocol for Relations in CNF Gongxian Zeng, Junzuo Lai, Zhengan Huang, Yu Wang, and Zhiming Zheng ASIACRYPT 2022, paper, ZLH+22

• Revisiting BBS Signatures Stefano Tessaro and Chenzhi Zhu EUROCRYPT 2023, paper, TZ23

Membership(Range) Proof

• A Digital Signature Based on a Conventional Encryption Function Ralph C Merkle CRYPTO 1987, paper, Mer87

• Statistical Zero Knowledge Protocols to Prove Modular Polynomial Relations Eiichiro Fujisaki, and Tatsuaki Okamoto CRYPTO 1997, paper, FO97

• Efficient proofs that a committed number lies in an interval Fabrice Boudot EUROCRYPT 2000, paper, Bou00

• Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials Jan Camenisch and Anna Lysyanskaya CRYPTO 2002, paper, CL02

• Accumulators from Bilinear Pairings and Applications to ID-Based Ring Signatures and Group Membership Revocation Nguyen Lan CT-RSA 2005, paper, Ngu05

• Efficient Protocols for Set Membership and Range Proofs Jan Camenisch, Rafik Chaabouni, and abhi shelat ASIACRYPT 2008, paper, CCs08

• An Accumulator Based on Bilinear Maps and Efficient Revocation for Anonymous Credentials Jan Camenisch, Markulf Kohlweiss, and Claudio Soriente PKC 2009, paper, CKS09

• Bulletproofs: Short Proofs for Confidential Transactions and More Benedikt Bunz, Jonathan Bootle, Dan Boneh, Andrew Poelstra, Pieter Wuille, and Greg Maxwell S&P 2018, paper, BBB+18

• Batching Techniques for Accumulators with Applications to IOPs and Stateless Blockchains Dan Boneh, Benedikt Bünz, and Ben Fisch CRYPTO 2019, paper, BBF19

• Compressed $\varSigma$-Protocol Theory and Practical Application to Plug & Play Secure Algorithmics Thomas Attema, and Ronald Cramer CRYPTO 2020, paper, AC20

• Caulk: Lookup Arguments in Sublinear Time Arantxa Zapico, Vitalik Buterin, Dmitry Khovratovich, Mary Maller, Anca Nitulescu, and Mark Simkin CCS21, paper, ZBK+21

• Zero-Knowledge Proofs for Set Membership: Efficient, Succinct, Modular Daniel Benarroch, Matteo Campanelli, Dario Fiore, Kobi Gurkan, and Dimitris Kolonelos FC 2021, paper, BGF+21

• Batching, Aggregation, and Zero-Knowledge Proofs in Bilinear Accumulators Shravan Srinivasan, Ioanna Karantaidou, Foteini Baldimtsi, and Charalampos Papamanthou CCS 2022, paper, SKB+22

• Succinct Zero-Knowledge Batch Proofs for Set Accumulators Matteo Campanelli, Dario Fiore, Semin Han, Jihye Kim, Dimitris Kolonelos, and Hyunok Oh CCS 2022, paper, CFH+22

General purpose ZKP

Frameworks

• Interactive Oracle Proofs Eli Ben-Sasson, Alessandro Chiesa, and Nicholas Spooner TCC 2016, paper, BCS16

• Spartan: Efficient and General-Purpose ZkSNARKs Without Trusted Setup Srinath Setty CRYPTO 2020, paper, Set20

• VOProof: Efficient ZkSNARKs from Vector Oracle Compilers Yuncong Zhang, Alan Szepeniec, Ren Zhang, Shi-Feng Sun, Geng Wang, and Dawu Gu CCS 2022, paper, ZSZ+22

with SRS(Structured Reference String), including ZKSNARK

Traditional SRS usually need trusted setup per curcuit.

• Short Pairing-Based Non-Interactive Zero-Knowledge Arguments Groth Jens ASIACRYPT 2010, paper, Gro10

• From extractable collision resistance to succinct non-interactive arguments of knowledge, and back again Nir Bitansky, R. Canetti, A. Chiesa, and Eran Tromer ITCS 2012, paper, BCC+12

• Quadratic Span Programs and Succinct NIZKs without PCPs Rosario Gennaro, Craig Gentry, Bryan Parno, and Mariana Raykova EUROCRYPT 2013, paper, GGPR13

• Succinct Non-Interactive Zero Knowledge for a von Neumann Architecture Eli Ben-Sasson, A. Chiesa, Eran Tromer, and M. Virza USENIX 2014, paper, BCT+14

• On the Size of Pairing-Based Non-Interactive Arguments Groth Jens EUROCRYPT 2016, paper, Gro16

• DIZK: A Distributed Zero Knowledge Proof System Howard Wu, Wenting Zheng, Alessandro Chiesa, Raluca Ada Popa, and Ion Stoica USENIX 2018, paper, WZC+18

• Snarky Ceremonies Markulf Kohlweiss, Mary Maller, Janno Siim, and Mikhail Volkhov ASIACRYPT 2021, paper, KMS+21

with updatable universal SRS

Updatable universal SRS means that the same SRS by a trusted setup could be used for statements about all circuits of a certain bounded size.

• Sonic: Zero-Knowledge SNARKs from Linear-Size Universal and Updatable Structured Reference Strings Mary Maller, Sean Bowe, Markulf Kohlweiss, and Sarah Meiklejohn CCS 2019, paper, MBK+19

• Marlin: Preprocessing ZkSNARKs with Universal and Updatable SRS Alessandro, Chiesa, Yuncong Hu, Mary Maller, Pratyush Mishra, Noah Vesely, and Nicholas Ward EUROCRYPT 2020, paper, CHM+20

• PLONK: Permutations over Lagrange-Bases for Oecumenical Noninteractive Arguments of Knowledge Ariel Gabizon, Zachary J. Williamson, and Oana Ciobotaru eprint 2019, paper, GWC19

• Libra: Succinct Zero-Knowledge Proofs with Optimal Prover Computation Tiancheng Xie, Jiaheng Zhang, Yupeng Zhang, Charalampos Papamanthou, and Dawn Song CRYPTO 2019, paper, XZZ+19

• MIRAGE: Succinct Arguments for Randomized Algorithms with Applications to Universal Zk-SNARKs Ahmed Kosba, Dimitrios Papadopoulos, Charalampos Papamanthou, and Dawn Song USENIX Security 2020, paper, KPP+20

• Lunar: A Toolbox for More Efficient Universal and Updatable ZkSNARKs and Commit-and-Prove Extensions Matteo Campanelli, Antonio Faonio, Dario Fiore, Anaïs Querol, and Hadrián Rodríguez ASIACRYPT 2021, paper, CFF+21

• An Algebraic Framework for Universal and Updatable SNARKs Carla Ràfols, and Arantxa Zapico CRYPTO 2021, paper, RZ21

• Counting Vampires: From Univariate Sumcheck to Updatable ZK-SNARK Helger Lipmaa, Janno Siim, and Michał Zając ASIACRYPT 2022, paper, LSZ22

• HyperPlonk: Plonk with Linear-Time Prover and High-Degree Custom Gates Binyi Chen, Benedikt Bünz, Dan Boneh, and Zhenfei Zhang EUROCRYPT 2023, paper, CBB+23

with URS(Uniform Reference String), including ZKSTARK

Without trusted setup.

• Ligero: Lightweight Sublinear Arguments Without a Trusted Setup Scott Ames, Carmit Hazay, Yuval Ishai, and Muthuramakrishnan Venkitasubramaniam CCS 2017, paper, AHI+17

• Scalable Zero Knowledge with No Trusted Setup Eli Ben-Sasson, Iddo Bentov, Yinon Horesh, and Michael Riabzev CRYPTO 2019, paper, BBH+19

• HALO: Recursive Proof Composition without a Trusted Setup Sean Bowe, J. Grigg, and Daira Hopwood eprint 2019, paper, BGH19

• Aurora: Transparent Succinct Arguments for R1CS Eli Ben-Sasson, Alessandro Chiesa, Michael Riabzev, Nicholas Spooner, Madars Virza, and Nicholas P. Ward EUROCRYPT 2019, paper, BCR+19

• DEEP-FRI: Sampling Outside the Box Improves Soundness Eli Ben-Sasson, Lior Goldberg, Swastik Kopparty, and Shubhangi Saraf arXiv 2019, paper, BGKS19

• Ligero++: A New Optimized Sublinear IOP Rishabh Bhadauria, Zhiyong Fang, Carmit Hazay, Muthuramakrishnan Venkitasubramaniam, Tiancheng Xie, and Yupeng Zhang CCS 2020, paper, BFH+20

• Fractal: Post-Quantum and Transparent Recursive Proofs from Holography Alessandro Chiesa, Dev Ojha, and Nicholas Spooner EUROCRYPT 2020, paper, COS20

• Transparent Polynomial Delegation and Its Applications to Zero Knowledge Proof Jiaheng Zhang, Tiancheng Xie, Yupeng Zhang, and Dawn Song S&P 2020, paper, ZXZ+20

• Sumcheck Arguments and Their Applications Jonathan Bootle, Alessandro Chiesa, and Katerina Sotiraki CRYPTO 2021, paper, BCS21

• Doubly Efficient Interactive Proofs for General Arithmetic Circuits with Linear Prover Time Jiaheng Zhang, Tianyi Liu, Weijie Wang, Yinuo Zhang, Dawn Song, and Xiang Xie CCS 2021, paper, ZLW+21

• RedShift: Transparent SNARKs from List Polynomial Commitments Assimakis A. Kattis, Konstantin Panarin, and Alexander Vlasov CCS 2022, paper, KPV22

• Flashproofs: Efficient Zero-Knowledge Arguments of Range and Polynomial Evaluation with Transparent Setup Nan Wang, and Sid Chi-Kin Chau ASIACRYPT 2022, paper, WC22

• Linear-Time Arguments with Sublinear Verification from Tensor Codes Jonathan Bootle, Alessandro Chiesa, and Jens Groth TCC 2020, paper, BCG20

• Orion: Zero Knowledge Proof with Linear Prover Time Tiancheng Xie, Yupeng Zhang, and Dawn Song CRYPTO 2022, paper, XZS22

• Dew: Transparent Constant-sized zkSNARKs Arasu Arun, Chaya Ganesh, Satya Lokam, Tushar Mopuri, and Sriram Sridhar PKC 2023, paper, AGL+23

DL-based

• Efficient Zero-Knowledge Arguments for Arithmetic Circuits in the Discrete Log Setting Jonathan Bootle, Andrea Cerulli, Pyrros Chaidos, Jens Groth, and Christophe Petit EUROCRYPT 2016, paper, BCC+16

• Doubly-Efficient ZkSNARKs Without Trusted Setup Riad S. Wahby, Ioanna Tzialla, Abhi Shelat, Justin Thaler, and Michael Walfish SP 2018, paper, WTS+18

• Bulletproofs: Short Proofs for Confidential Transactions and More Benedikt Bunz, Jonathan Bootle, Dan Boneh, Andrew Poelstra, Pieter Wuille, and Greg Maxwell S&P 2018, paper, BBB+18

• Non-Interactive Zero-Knowledge Proofs for Composite Statements Shashank Agrawal, Chaya Ganesh, and Payman Mohassel CRYPTO 2018, paper, AGM18

• Shorter Non-Interactive Zero-Knowledge Arguments and ZAPs for Algebraic Languages Geoffroy Couteau, and Dominik Hartmann CRYPTO 2020, paper, CH20

• Compressed $\varSigma$-Protocol Theory and Practical Application to Plug & Play Secure Algorithmics Thomas Attema, and Ronald Cramer CRYPTO 2020, paper, AC20

• Compressed $\varSigma$-Protocols for Bilinear Group Arithmetic Circuits and Application to Logarithmic Transparent Threshold Signatures Thomas Attema, Ronald Cramer, and Matthieu Rambaud ASIACRYPT 2021, paper, ACR21

• Halo Infinite: Proof-Carrying Data from Additive Polynomial Commitments Dan Boneh, Justin Drake, Ben Fisch, and Ariel Gabizon CRYPTO 2021, paper, BDF+21

• Efficient NIZKs for Algebraic Sets Geoffroy Couteau, Helger Lipmaa, Roberto Parisella, and Arne Tobias Ødegaard ASIACRYPT 2021, paper, CLP+21

• ECLIPSE: Enhanced Compiling Method for Pedersen-Committed ZkSNARK Engines Diego F. Aranha, Emil Madsen Bennedsen, Matteo Campanelli, Chaya Ganesh, Claudio Orlandi, and Akira Takahashi PKC 2022, paper, ABC+22

MPC-in-the-head-based

• Zero-knowledge from secure multiparty computation Yuval Ishai, Eyal Kushilevitz, Rafail Ostrovsky, and Amit Sahai STOC 2007, paper, IKOS07

• Zkboo: Faster zero-knowledge for boolean circuits Irene Giacomelli, Jesper Madsen, and Claudio Orlandi USENIX 2016, paper, GMO16

• Post-quantum zero-knowledge and signatures from symmetric-key primitives Melissa Chase, David Derler, Steven Goldfeder, Claudio Orlandi, Sebastian Ramacher, Christian Rechberger, Daniel Slamanig, and Greg Zaverucha CCS 2017, paper, CDG+17

• Ligero: Lightweight sublinear arguments without a trusted setup Scott Ames, Carmit Hazay, Yuval Ishai, and Muthuramakrishnan Venkitasubramaniam CCS 2017, paper, AHIV17

• Improved non-interactive zero knowledge with applications to post-quantum signatures Jonathan Katz, Vladimir Kolesnikov, and Xiao Wang CCS 2018, paper, KKW18

• Concretely-efficient zero-knowledge arguments for arithmetic circuits and their application to lattice-based cryptography Carsten Baum and Ariel Nof PKC 2020, paper, BN20

• Limbo: Efficient zero-knowledge MPCitH-based arguments Cyprien de Saint Guilhem, Emmanuela Orsini, and Titouan Tanguy CCS 2021, paper, dOT21

VOLE-based (Commit-and-prove type)

• Appenzeller to Brie: Efficient Zero-Knowledge Proofs for Mixed-Mode Arithmetic and Z2k Carsten Baum, Lennart Braun, Alexander Munch-Hansen, Benoit Razet, and Peter Scholl CCS 2021, paper, BBM+21

• $\mathsf{Mac’n’Cheese}$: Zero-Knowledge Proofs for Boolean and Arithmetic Circuits with Nested Disjunctions Carsten Baum, Alex J. Malozemoff, Marc B. Rosen, and Peter Scholl CRYPTO 2021, paper, BMR+21

• Line-Point Zero Knowledge and Its Applications Samuel Dittmer, Yuval Ishai, and Rafail Ostrovsky ITC 2021, paper, DIO21

• Wolverine: Fast, Scalable, and Communication-Efficient Zero-Knowledge Proofs for Boolean and Arithmetic Circuits Chenkai Weng, Kang Yang, Jonathan Katz, and Xiao Wang S&P 2021, paper, WYK+21

• QuickSilver: Efficient and Affordable Zero-Knowledge Proofs for Circuits and Polynomials over Any Field Kang Yang, Pratik Sarkar, Chenkai Weng, and Xiao Wang CCS 2021, paper, YSW+21

• Mystique: Efficient Conversions for Zero-Knowledge Proofs with Applications to Machine Learning Chenkai Weng, Kang Yang, Xiang Xie, Jonathan Katz, and Xiao Wang USENIX 2021. paper, WYX+21

• Improving Line-Point Zero Knowledge: Two Multiplications for the Price of One Samuel Dittmer, Yuval Ishai, Steve Lu, and Rafail Ostrovsky CCS 2022, paper, DIL+22

• AntMan: Interactive Zero-Knowledge Proofs with Sublinear Communication Chenkai Weng, Kang Yang, Zhaomin Yang, Xiang Xie, and Xiao Wang CCS 2022, paper, WYY+22

ZKP Standard Efforts

• RFC: Schnorr Non-Interactive Zero-Knowledge Proof Hao, Feng IETF rfc8235, paper, Hao21

Below are from organization zkproof:

ZKProof is an open-industry academic initiative that seeks to mainstream zero-knowledge proof (ZKP) cryptography through an inclusive, community-driven standardization process that focuses on interoperability and security.

• Proposal: Commit-and-Prove Zero-Knowledge Proof Systems and Extensions Daniel Benarroch, Matteo Campanelli, Dario Fiore, Jihye Kim, Jiwon Lee, Hyunok Oh, and Anaıs Querol ZKProof 2,3,4th workshop, paper, BCF+21

• Rinocchio: SNARKs for Ring Arithmetic Ganesh, Chaya, Anca Nitulescu, and Eduardo Soria-Vazquez ZKProof 4th workshop, 2021, paper, CNS21

• Zk-Proof Community——Proposal: Σ-Protocols Stephan Krenn and Michele Orrù ZKProof 4th workshop, 2021, paper, KO21

• See more at zkproof proposals.

Applications on ZKP systems

Here just list several interesting applicaitons.

• Scaling Verifiable Computation Using Efficient Set Accumulators Alex Ozdemir, Riad S Wahby, Barry Whitehat, and Dan Boneh USENIX 2020, paper, OWW+20

• Efficient Zero-Knowledge Proofs on Signed Data with Applications to Verifiable Computation on Data Streams Dario Fiore, and Ida Tucker CCS 2022, paper, FT22

For Credential

• Zero Knowledge Proofs for Decision Tree Predictions and Accuracy Jiaheng Zhang, Zhiyong Fang, Yupeng Zhang, and Dawn Song CCS 2020. paper, ZFZ+20

• ZkCNN: Zero Knowledge Proofs for Convolutional Neural Network Predictions and Accuracy Tianyi Liu, Xiang Xie, and Yupeng Zhang CCS 2021, paper, LXZ21

For Web3(Authentication)

• Constant-Size Dynamic k-TAA Man Ho Au, Willy Susilo, and Yi Mu SCN06, paper, ASM06

• Anonymous Credentials Light Foteini Baldimtsi, and Anna Lysyanskaya CCS 2013, paper, BL13

• Anonymous Attestation Using the Strong Diffie Hellman Assumption Revisited Jan Camenisch, Manu Drijvers, and Anja Lehmann Trust and Trustworthy Computing 2016, paper, CDL16

• DECO: Liberating Web Data Using Decentralized Oracles for Threshold Fan Zhang, Sai Krishna Deepak Maram, Harjasleen Malvai, Steven Goldfeder, and Ari Juels CCS 2020, paper, ZMM+20

• Zero-Knowledge Middleboxes Paul Grubbs, Arasu Arun, Ye Zhang, Joseph Bonneau, and Michael Walfish USENIX 2022, paper, GAZ+22

• Zk-Creds: Flexible Anonymous Credentials from ZkSNARKs and Existing Identity Infrastructure Michael Rosenberg, Jacob White, Christina Garman, and Ian Miers S&P 2023, paper, RWG+23

For Blockchains

• Zerocash: Decentralized Anonymous Payments from Bitcoin Ben Sasson, Eli, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, and Madars Virza S&P 2014, paper, BCG+14

• ZeeStar: Private Smart Contracts by Homomorphic Encryption and Zero-Knowledge Proofs Samuel Steffen, Benjamin Bichsel, Roger Baumgartner, and Martin Vechev S&P 2022, paper, SBB+22

Signature from ZKP

• Post-quantum zero-knowledge and signatures from symmetric-key primitives Melissa Chase, David Derler, Steven Goldfeder, Claudio Orlandi, Sebastian Ramacher, Christian Rechberger, Daniel Slamanig, and Greg Zaverucha CCS 2017, paper, CDG+17

• Improved non-interactive zero knowledge with applications to post-quantum signatures Jonathan Katz, Vladimir Kolesnikov, and Xiao Wang CCS 2018, paper, KKW18

• BBQ: Using AES in picnic signatures Cyprien de Saint Guilhem, Lauren De Meyer, Emmanuela Orsini, and Nigel P. Smart SAC 2019, paper, dDOS19

• Improving the Performance of the Picnic Signature Scheme Daniel Kales and Greg Zaverucha TCHES20, paper, The picnic signature scheme, design document v2.1, KZ20

• Banquet: Short and fast signatures from AES Carsten Baum, Cyprien de Saint Guilhem, Daniel Kales, Emmanuela Orsini, Peter Scholl, and Greg Zaverucha PKC 2021, paper, BdK+21

• Limbo: Efficient zero-knowledge MPCitH-based arguments Cyprien de Saint Guilhem, Emmanuela Orsini, and Titouan Tanguy CCS 2021, paper, dOT21

• Shorter signatures based on tailor-made minimalist symmetric-key crypto Christoph Dobraunig, Daniel Kales, Christian Rechberger, Markus Schofnegger, and Greg Zaverucha CCS 2022, paper, DKR+21

ZKP Standard Efforts

• RFC: Schnorr Non-Interactive Zero-Knowledge Proof Hao, Feng IETF rfc8235, paper, Hao21

Below are from organization zkproof:

ZKProof is an open-industry academic initiative that seeks to mainstream zero-knowledge proof (ZKP) cryptography through an inclusive, community-driven standardization process that focuses on interoperability and security.

• Proposal: Commit-and-Prove Zero-Knowledge Proof Systems and Extensions Daniel Benarroch, Matteo Campanelli, Dario Fiore, Jihye Kim, Jiwon Lee, Hyunok Oh, and Anaıs Querol ZKProof 2,3,4th workshop, paper, BCF+21

• Rinocchio: SNARKs for Ring Arithmetic Ganesh, Chaya, Anca Nitulescu, and Eduardo Soria-Vazquez ZKProof 4th workshop, 2021, paper, CNS21

• Zk-Proof Community——Proposal: Σ-Protocols Stephan Krenn and Michele Orrù ZKProof 4th workshop, 2021, paper, KO21

• See more at zkproof proposals.