[vc_row us_bg_overlay_color=”#f5f5f5″ us_shape_show_bottom=”1″ us_shape_color_bottom=”#ffffff” css=”%7B%22default%22%3A%7B%22background-color%22%3A%22_header_middle_text%22%7D%7D”][vc_column width=”5\/6″][vc_column_text css=”%7B%22default%22%3A%7B%22color%22%3A%22%23023047%22%7D%7D”]<\/p>\n
[\/vc_column_text][us_separator][\/vc_column][vc_column width=”1\/6″][\/vc_column][\/vc_row][vc_row height=”small” us_bg_overlay_color=”#ffffff”][vc_column][vc_column_text css=”%7B%22default%22%3A%7B%22color%22%3A%22%23023047%22%2C%22font-family%22%3A%22Source%20Code%20Pro%22%2C%22background-color%22%3A%22%23ffffff%22%7D%7D”]Zero Knowledge Proofs (ZKPs) allow one party – the prover – to prove to another party – the verifier – that a statement is true without disclosing any information beyond the statement\u2019s validity.[\/vc_column_text][\/vc_column][\/vc_row][vc_row height=”small” color_scheme=”alternate” us_bg_overlay_color=”#ffffff” css=”%7B%22default%22%3A%7B%22background-color%22%3A%22%23ffffff%22%7D%7D”][vc_column width=”1\/12″][\/vc_column][vc_column us_bg_overlay_color=”#ffffff” link=”%7B%22url%22%3A%22%22%7D” width=”11\/12″][vc_column_text css=”%7B%22default%22%3A%7B%22color%22%3A%22%231a1a1a%22%7D%7D”]ZKPs use arithmetic circuits, which reduce computational problems to algebraic problems involving low-degree polynomials over a finite field. In several ZKP protocols, XOR relations can be proven for free, and the complexity essentially depends on the number of AND gates of the relation to be proven.<\/p>\n
This cost metric suggests that ciphers that find a use-case in ZK protocols should desirably minimize their use of non-linear operations while most cryptographically relevant work is performed as linear operations<\/strong>. This design philosophy is related to the fundamental theoretical question of the minimal multiplicative complexity (MC) of certain tasks, which is simply the number of AND gates in a circuit. A lower MC allows for a positive impact on latency and throughput of the ZK evaluation of the cipher. Classical symmetric algorithms become inappropriate in this context, and new cryptographic protocols must then be combined with symmetric primitives whose proposed constructions use non-linear functions whose algebraic representations remain very simple on a large finite field<\/strong> F_q where q is either a large prime integer or a power of 2 greater than 2^128, such as a sparse polynomial of F_q[X].[\/vc_column_text][\/vc_column][\/vc_row][vc_row height=”small” color_scheme=”alternate” us_bg_overlay_color=”#ffffff” css=”%7B%22default%22%3A%7B%22background-color%22%3A%22%23ffffff%22%7D%7D”][vc_column us_bg_overlay_color=”#ffffff” link=”%7B%22url%22%3A%22%22%7D” width=”11\/12″][vc_custom_heading text=”Applications” font_container=”tag:h2|font_size:42|text_align:left|color:%23219ebc” google_fonts=”font_family:ABeeZee%3Aregular%2Citalic|font_style:400%20regular%3A400%3Anormal”][vc_column_text css=”%7B%22default%22%3A%7B%22color%22%3A%22%231a1a1a%22%7D%7D”]ZKPs are used in many different applications, including authentication protocols, digital signatures, electronic voting, and cryptocurrency transactions.[\/vc_column_text][\/vc_column][vc_column width=”1\/12″][\/vc_column][\/vc_row][vc_row height=”small” color_scheme=”alternate” us_bg_overlay_color=”#ffffff” css=”%7B%22default%22%3A%7B%22background-color%22%3A%22%23ffffff%22%7D%7D”][vc_column us_bg_overlay_color=”#ffffff” link=”%7B%22url%22%3A%22%22%7D” width=”11\/12″][vc_custom_heading text=”Symmetric primitives” font_container=”tag:h2|font_size:42|text_align:left|color:%23219ebc” google_fonts=”font_family:ABeeZee%3Aregular%2Citalic|font_style:400%20regular%3A400%3Anormal”][vc_column_text css=”%7B%22default%22%3A%7B%22color%22%3A%22%231a1a1a%22%7D%7D”]ZK-friendly symmetric primitives are usually classified in 3 types.[\/vc_column_text][\/vc_column][vc_column width=”1\/12″][\/vc_column][\/vc_row][vc_row height=”small” color_scheme=”alternate” us_bg_overlay_color=”#ffffff” css=”%7B%22default%22%3A%7B%22background-color%22%3A%22%23ffffff%22%7D%7D”][vc_column width=”1\/12″][\/vc_column][vc_column us_bg_overlay_color=”#ffffff” link=”%7B%22url%22%3A%22%22%7D” width=”10\/12″][vc_tta_tabs layout=”trendy” title_transform=”uppercase” css=”%7B%22default%22%3A%7B%22color%22%3A%22_content_primary%22%2C%22max-height%22%3A%22800px%22%2C%22min-height%22%3A%22400px%22%2C%22margin-left%22%3A%2215px%22%2C%22margin-top%22%3A%2215px%22%2C%22margin-bottom%22%3A%2215px%22%2C%22margin-right%22%3A%2215px%22%2C%22padding-left%22%3A%2215px%22%2C%22padding-top%22%3A%2215px%22%2C%22padding-bottom%22%3A%2215px%22%2C%22padding-right%22%3A%2215px%22%2C%22box-shadow-v-offset%22%3A%223px%22%2C%22box-shadow-color%22%3A%22_footer_text%22%7D%7D”][vc_tta_section title=”Type I” tab_link=”%7B%22url%22%3A%22%22%7D”][vc_custom_heading text=”Low-degree primitives” font_container=”tag:h4|text_align:left|color:%231e73be” use_theme_fonts=”yes”][us_separator size=”small”][vc_column_text css=”%7B%22default%22%3A%7B%22color%22%3A%22%231a1a1a%22%7D%7D”]The first wave of ZK-friendly primitives aimed at limiting the number of nonlinear operations by relying on inner functions of low degree so that it is trivial to verify the result using low-degree functions.[\/vc_column_text][vc_row_inner][vc_column_inner width=”1\/3″][vc_column_text]Primitives<\/strong>[\/vc_column_text][vc_column_text]Feistel-MiMC The STAP Zoo currently collects information about the following list of STAP primitives used in ZK:<\/p>\n \u25ca Anemoi<\/a><\/span> [\/vc_column_text][us_separator][us_image image=”1739″ meta=”1″ align=”center” link=”%7B%22url%22%3A%22%22%7D” css=”%7B%22default%22%3A%7B%22color%22%3A%22_header_middle_bg%22%7D%7D”][\/vc_column_inner][vc_column_inner width=”1\/12″][\/vc_column_inner][\/vc_row_inner][\/vc_column][\/vc_row]<\/p>\n","protected":false},"excerpt":{"rendered":" [vc_row us_bg_overlay_color=”#f5f5f5″ us_shape_show_bottom=”1″ us_shape_color_bottom=”#ffffff” css=”%7B%22default%22%3A%7B%22background-color%22%3A%22_header_middle_text%22%7D%7D”][vc_column width=”5\/6″][vc_column_text css=”%7B%22default%22%3A%7B%22color%22%3A%22%23023047%22%7D%7D”] STAP use-cases: Zero Knowledge [\/vc_column_text][us_separator][\/vc_column][vc_column width=”1\/6″][\/vc_column][\/vc_row][vc_row height=”small” us_bg_overlay_color=”#ffffff”][vc_column][vc_column_text css=”%7B%22default%22%3A%7B%22color%22%3A%22%23023047%22%2C%22font-family%22%3A%22Source%20Code%20Pro%22%2C%22background-color%22%3A%22%23ffffff%22%7D%7D”]Zero Knowledge Proofs (ZKPs) allow one party – the prover – to prove to another party – the verifier – that a statement is true without disclosing any information beyond the statement\u2019s validity.[\/vc_column_text][\/vc_column][\/vc_row][vc_row height=”small” color_scheme=”alternate” us_bg_overlay_color=”#ffffff” css=”%7B%22default%22%3A%7B%22background-color%22%3A%22%23ffffff%22%7D%7D”][vc_column width=”1\/12″][\/vc_column][vc_column us_bg_overlay_color=”#ffffff” link=”%7B%22url%22%3A%22%22%7D” […]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":12,"comment_status":"open","ping_status":"open","template":"","meta":{"footnotes":""},"class_list":["post-1810","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/stap-wiki.fr\/index.php\/wp-json\/wp\/v2\/pages\/1810","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/stap-wiki.fr\/index.php\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/stap-wiki.fr\/index.php\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/stap-wiki.fr\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/stap-wiki.fr\/index.php\/wp-json\/wp\/v2\/comments?post=1810"}],"version-history":[{"count":0,"href":"https:\/\/stap-wiki.fr\/index.php\/wp-json\/wp\/v2\/pages\/1810\/revisions"}],"wp:attachment":[{"href":"https:\/\/stap-wiki.fr\/index.php\/wp-json\/wp\/v2\/media?parent=1810"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\nGMiMC
\nMiMC
\nNeptune
\nPoseidon
\nPoseidon2[\/vc_column_text][\/vc_column_inner][vc_column_inner width=”1\/3″][vc_column_text]Field size
\n<\/strong>[\/vc_column_text][vc_column_text]F_2^n or F_p
\nF_2^n
\nF_2^n or F_p
\nF_p
\nF_p
\nF_p[\/vc_column_text][\/vc_column_inner][vc_column_inner width=”1\/3″][vc_column_text]State size
\n<\/strong>[\/vc_column_text][vc_column_text]m = 2
\nany m
\nm = 1
\nm even
\nany m
\nany m[\/vc_column_text][\/vc_column_inner][\/vc_row_inner][\/vc_tta_section][vc_tta_section title=”Type II” tab_link=”%7B%22url%22%3A%22%22%7D”][vc_custom_heading text=”Equivalence relations” font_container=”tag:h4|text_align:left|color:%231e73be” use_theme_fonts=”yes”][us_separator size=”small”][vc_column_text css=”%7B%22default%22%3A%7B%22color%22%3A%22%231a1a1a%22%7D%7D”]The second type of primitive is based on equivalence relation or design strategies allowing high-degree evaluation and low-degree verification at the same time.[\/vc_column_text][vc_row_inner][vc_column_inner width=”1\/3″][vc_column_text]Primitives<\/strong>[\/vc_column_text][vc_column_text]Anemoi
\nArion
\nFriday
\nGrendel
\nGriffin
\nJarvis
\nRescue
\nRescue-Prime
\nRescue-Prime Optimized
\nVision[\/vc_column_text][\/vc_column_inner][vc_column_inner width=”1\/3″][vc_column_text]Field size
\n<\/strong>[\/vc_column_text][vc_column_text]F_2^n or F_p
\nF_p
\nF_2^n
\nF_p
\nF_p
\nF_2^n
\nF_p
\nF_p
\nF_p with p = 2^{64} – 2^{32} + 1
\nF_2^n[\/vc_column_text][\/vc_column_inner][vc_column_inner width=”1\/3″][vc_column_text]State size
\n<\/strong>[\/vc_column_text][vc_column_text]m even
\nany m
\nany m
\nany m
\nm = 3 or 4m’
\nm = 1
\nany m
\nany m
\nm = 12 or 16
\nany m[\/vc_column_text][\/vc_column_inner][\/vc_row_inner][\/vc_tta_section][vc_tta_section title=”Type III” tab_link=”%7B%22url%22%3A%22%22%7D”][vc_custom_heading text=”Look-up tables” font_container=”tag:h4|text_align:left|color:%231e73be” use_theme_fonts=”yes”][us_separator size=”small”][vc_column_text]The last family corresponds to more recent primitives that use look-up tables.[\/vc_column_text][vc_row_inner][vc_column_inner width=”1\/3″][vc_column_text]Primitives<\/strong>[\/vc_column_text][vc_column_text]Monolith
\nReinforced Concrete
\nTip5
\nTip4[\/vc_column_text][\/vc_column_inner][vc_column_inner width=”1\/3″][vc_column_text]Field size
\n<\/strong>[\/vc_column_text][vc_column_text]F_p with p = 2^{64} – 2^{32} + 1 or 2^{31} – 1
\nF_p
\nF_p with p = 2^{64} – 2^{32} + 1
\nF_p with p = 2^{64} – 2^{32} + 1[\/vc_column_text][\/vc_column_inner][vc_column_inner width=”1\/3″][vc_column_text]State size
\n<\/strong>[\/vc_column_text][vc_column_text]m >= 8
\nm = 3
\nm = 16
\nm = 12 or 16[\/vc_column_text][\/vc_column_inner][\/vc_row_inner][\/vc_tta_section][\/vc_tta_tabs][us_separator size=”huge”][\/vc_column][vc_column width=”1\/12″][\/vc_column][\/vc_row][vc_row height=”small” color_scheme=”alternate” us_bg_overlay_color=”#f5f5f5″ css=”%7B%22default%22%3A%7B%22background-color%22%3A%22_header_middle_bg%22%7D%7D”][vc_column link=”%7B%22url%22%3A%22%22%7D” css=”%7B%22default%22%3A%7B%22background-color%22%3A%22%23f5f5f5%22%7D%7D”][vc_row_inner content_placement=”middle” css=”%7B%22default%22%3A%7B%22background-color%22%3A%22%23f5f5f5%22%2C%22border-style%22%3A%22solid%22%2C%22border-color%22%3A%22%231a1a1a%22%7D%7D”][vc_column_inner width=”1\/12″][\/vc_column_inner][vc_column_inner us_bg_overlay_color=”#f5f5f5″ link=”%7B%22url%22%3A%22%22%7D” css=”%7B%22default%22%3A%7B%22background-color%22%3A%22%23f5f5f5%22%2C%22border-radius%22%3A%225px%22%2C%22border-style%22%3A%22double%22%2C%22border-left-width%22%3A%2255%22%2C%22border-top-width%22%3A%2244%22%2C%22border-bottom-width%22%3A%2255%22%2C%22border-right-width%22%3A%2255%22%2C%22border-color%22%3A%22%23023047%22%2C%22box-shadow-blur%22%3A%223px%22%2C%22box-shadow-color%22%3A%22%23023047%22%7D%7D” width=”10\/12″][vc_custom_heading text=”STAP Lounge” font_container=”tag:h2|font_size:42|text_align:center|color:%23219ebc” google_fonts=”font_family:ABeeZee%3Aregular%2Citalic|font_style:400%20regular%3A400%3Anormal”][vc_column_text css=”%7B%22default%22%3A%7B%22color%22%3A%22%23333333%22%7D%7D”]<\/p>\n
\n\u25ca Arion<\/a>
\n<\/span>\u25ca GMiMC<\/a><\/span>
\n\u25ca Grendel<\/a><\/span>
\n\u25ca Griffin<\/a><\/span>
\n\u25ca MARVELlous designs<\/a> (Jarvis and Friday)<\/span>
\n\u25ca Marvellous designs<\/a> (Rescue, Rescue-Prime, Rescue-Prime Optimized, Vision, Vision Mark-32, XHash8 and XHash12)<\/span>
\n\u25ca MiMC<\/a><\/span>
\n\u25ca Monolith<\/a><\/span>
\n\u25ca Poseidon variants<\/a> (HadesMiMC, Neptune, Poseidon and Poseidon 2)<\/span>
\n\u25ca Reinforced Concrete<\/a><\/span>
\n\u25ca Tip5 variants<\/a> (Tip5, Tip4 and Tip4′)<\/span><\/p>\n