Plonk is a widely used succinct non-interactive proof system that uses univariate polynomial
commitments. Plonk is quite flexible: it supports circuits with low-degree “custom” gates as …

We propose Bulletproofs, a new non-interactive zero-knowledge proof protocol with very
short proofs and without a trusted setup; the proof size is only logarithmic in the witness size …

We construct a new polynomial commitment scheme for univariate and multivariate
polynomials over finite fields, with logarithmic size evaluation proofs and verification time …

We present a much-improved practical protocol, based on the hardness of Module-SIS and
Module-LWE problems, for proving knowledge of a short vector s→ satisfying A s→= t→ mod …

Accumulation is a simple yet powerful primitive that enables incrementally verifiable
computation (IVC) without the need for recursive SNARKs. We provide a generic, efficient …

We present a framework for building efficient folding-based SNARKs. First we develop a
new “uniformizing” compiler for NP statements that converts any poly-time computation to a …

We present a new method for transforming zero-knowledge protocols in the designated
verifier setting into public-coin protocols, which can be made non-interactive and publicly …

Interactive proofs (IPs) and arguments are cryptographic protocols that enable an untrusted
prover to provide a guarantee that it performed a requested computation correctly …

This paper introduces Brakedown, 1 the first built system that provides linear-time SNARKs
for NP, meaning the prover incurs O (N) finite field operations to prove the satisfiability of an …

An important part in proving machine computation is to prove the correctness of the read and
write operations performed from the memory, which we term memory-proving. Previous …