DYOR Crypto Wiki
Advertisement

After great community collaboration DYOR has rebranded into CryptoWiki.me 🥳 a moment to celebrate!

From now on all new information will be added within the CryptoWiki.mecommunity website! No longer over here. So be sure to move over to stay on top of new research developments!

Same content - better & cleaner experience 🤝

DYOR started out in 2015 on Fandom and has now grown to ~3500 pages on CryptoWiki.me 🤩

All the information that you can find in these pages is public knowledge with sources provided. The community is encouraged to add truthful and unbiased entries to further this body of work.

Follow @cryptowiki_me on Twitter to be up to date on pages being created or edited.

Basics

"A new general-purpose zero-knowledge proof scheme called PLONK, standing for the unwieldy quasi-backronym "Permutations over Lagrange-bases for Oecumenical Noninteractive arguments of Knowledge". While improvements to general-purpose zero-knowledge proof protocols have been coming for years, what PLONK (and the earlier but more complex SONIC and the more recent Marlin) bring to the table is a series of enhancements that may greatly improve the usability and progress of these kinds of proofs in general.

The first improvement is that while PLONK still requires a trusted setup procedure similar to that needed for the SNARKs in Zcash, it is a "universal and updateable" trusted setup. This means two things: first, instead of there being one separate trusted setup for every program you want to prove things about, there is one single trusted setup for the whole scheme after which you can use the scheme with any program (up to some maximum size chosen when making the setup). Second, there is a way for multiple parties to participate in the trusted setup such that it is secure as long as any one of them is honest, and this multi-party procedure is fully sequential: first one person participates, then the second, then the third... The full set of participants does not even need to be known ahead of time; new participants could just add themselves to the end. This makes it easy for the trusted setup to have a large number of participants, making it quite safe in practice.

The second improvement is that the "fancy cryptography" it relies on is one single standardized component, called a "polynomial commitment". PLONK uses "Kate commitments", based on a trusted setup and elliptic curve pairings, but you can instead swap it out with other schemes, such as FRI (which would turn PLONK into a kind of STARK) or DARK (based on hidden-order groups). This means the scheme is theoretically compatible with any (achievable) tradeoff between proof size and security assumptions.

What this means is that use cases that require different tradeoffs between proof size and security assumptions (or developers that have different ideological positions about this question) can still share the bulk of the same tooling for "arithmetization" - the process for converting a program into a set of polynomial equations that the polynpomial commitments are then used to check. If this kind of scheme becomes widely adopted, we can thus expect rapid progress in improving shared arithmetization techniques."

Used by

According to AZTEC's blog:

  1. AZTEC Protocol
  2. Dusk Network announced their switch to PLONK
  3. Matter Labs is implementing a form of PLONK in the transparent setting
Advertisement