From actual scene to equation:
The specific definition of proving something from P to V in zkSNARK involves knowledge of P and NP. But roughly speaking, zkSNARK is committed to the following practical scenarios:
Trusted computing scenario: V has a complex function to be calculated, and the calculation process is outsourced to P for calculation due to insufficient computing power. P needs to submit a proof that the calculation result is correct after completing the calculation. V can use this proof to verify the correctness of the calculation result, and the calculation difficulty of verification is far less than recalculating by itself.
Zero-knowledge proof scenario: P needs to prove to V that he has legal data and does not disclose any information about the data, such as the deposit balance (encrypted) greater than a certain number, the private key of an address, and so on. V can verify the legitimacy of the data through this proof but cannot obtain any information about the data.
The problem to be solved by a large number of trusted computing and zero-knowledge proof is essentially a series of equations, that is, the P proves V that he knows the solution of a certain equation (system). For example, the following code:
The code is written in functional form, which is f (w, a, b) = wab + (1 − w)(a + b). Furthermore, if P wants to prove to V that he knows that the assignment of a set of input variables makes the running result of the code 8, he just wants to prove the existence of (w,a,b) such that f(a,b,w) = 8.
The reference material also lists other examples, including
• Prove that you know the solution of the equation x^3 + x + 5 = 35 (V God data).
• Prove that you know the solution of the equation ab(a + c) = 7 (ZCash data).
These are all problems where P proves to know the solution of the equation. We will explain how to prove the solution of the equation
The problem is combined with the above-mentioned problem of proving that polynomials of specific properties are known.
R1CS:
R1CS is the abbreviation of Rank-1 Constraint System, which unifies a complex equation into a constraint direction the amount of form.
Let us take the equation ab(a + c) = d as an example to show this construction process. (Note that there is no limit at this time d = 7).
• We must first introduce a number of intermediate variables to transform the original equation into a number of equations, where each of the equations.
The equations are:
This is actually a process of transforming a calculation process into an arithmetic circuit, where the part with three colors is called the left input, right input and output of a gate of the circuit. In order to save drawing, we still use the form of equation to illustrate.