[vc_row us_bg_overlay_color=”#f5f5f5″ us_shape_show_bottom=”1″ us_shape_color_bottom=”#ffffff” css=”%7B%22default%22%3A%7B%22background-color%22%3A%22_header_middle_text%22%7D%7D”][vc_column width=”5/6″][vc_column_text css=”%7B%22default%22%3A%7B%22color%22%3A%22%23023047%22%7D%7D”]
STAP use-cases: Zero Knowledge
[/vc_column_text][us_separator][/vc_column][vc_column width=”1/6″][/vc_column][/vc_row][vc_row height=”small” us_bg_overlay_color=”#ffffff”][vc_column][vc_column_text css=”%7B%22default%22%3A%7B%22color%22%3A%22%23023047%22%2C%22font-family%22%3A%22Source%20Code%20Pro%22%2C%22background-color%22%3A%22%23ffffff%22%7D%7D”]Zero Knowledge Proofs (ZKPs) allow one party – the prover – to prove to another party – the verifier – that a statement is true without disclosing any information beyond the statement’s validity.[/vc_column_text][/vc_column][/vc_row][vc_row height=”small” color_scheme=”alternate” us_bg_overlay_color=”#ffffff” css=”%7B%22default%22%3A%7B%22background-color%22%3A%22%23ffffff%22%7D%7D”][vc_column width=”1/12″][/vc_column][vc_column us_bg_overlay_color=”#ffffff” link=”%7B%22url%22%3A%22%22%7D” width=”11/12″][vc_column_text css=”%7B%22default%22%3A%7B%22color%22%3A%22%231a1a1a%22%7D%7D”]ZKPs use arithmetic circuits, which reduce computational problems to algebraic problems involving low-degree polynomials over a finite field. In several ZKP protocols, XOR relations can be proven for free, and the complexity essentially depends on the number of AND gates of the relation to be proven.
This cost metric suggests that ciphers that find a use-case in ZK protocols should desirably minimize their use of non-linear operations while most cryptographically relevant work is performed as linear operations. This design philosophy is related to the fundamental theoretical question of the minimal multiplicative complexity (MC) of certain tasks, which is simply the number of AND gates in a circuit. A lower MC allows for a positive impact on latency and throughput of the ZK evaluation of the cipher. Classical symmetric algorithms become inappropriate in this context, and new cryptographic protocols must then be combined with symmetric primitives whose proposed constructions use non-linear functions whose algebraic representations remain very simple on a large finite field F_q where q is either a large prime integer or a power of 2 greater than 2^128, such as a sparse polynomial of F_q[X].[/vc_column_text][/vc_column][/vc_row][vc_row height=”small” color_scheme=”alternate” us_bg_overlay_color=”#ffffff” css=”%7B%22default%22%3A%7B%22background-color%22%3A%22%23ffffff%22%7D%7D”][vc_column us_bg_overlay_color=”#ffffff” link=”%7B%22url%22%3A%22%22%7D” width=”11/12″][vc_custom_heading text=”Applications” font_container=”tag:h2|font_size:42|text_align:left|color:%23219ebc” google_fonts=”font_family:ABeeZee%3Aregular%2Citalic|font_style:400%20regular%3A400%3Anormal”][vc_column_text css=”%7B%22default%22%3A%7B%22color%22%3A%22%231a1a1a%22%7D%7D”]ZKPs are used in many different applications, including authentication protocols, digital signatures, electronic voting, and cryptocurrency transactions.[/vc_column_text][/vc_column][vc_column width=”1/12″][/vc_column][/vc_row][vc_row height=”small” color_scheme=”alternate” us_bg_overlay_color=”#ffffff” css=”%7B%22default%22%3A%7B%22background-color%22%3A%22%23ffffff%22%7D%7D”][vc_column us_bg_overlay_color=”#ffffff” link=”%7B%22url%22%3A%22%22%7D” width=”11/12″][vc_custom_heading text=”Symmetric primitives” font_container=”tag:h2|font_size:42|text_align:left|color:%23219ebc” google_fonts=”font_family:ABeeZee%3Aregular%2Citalic|font_style:400%20regular%3A400%3Anormal”][vc_column_text css=”%7B%22default%22%3A%7B%22color%22%3A%22%231a1a1a%22%7D%7D”]ZK-friendly symmetric primitives are usually classified in 3 types.[/vc_column_text][/vc_column][vc_column width=”1/12″][/vc_column][/vc_row][vc_row height=”small” color_scheme=”alternate” us_bg_overlay_color=”#ffffff” css=”%7B%22default%22%3A%7B%22background-color%22%3A%22%23ffffff%22%7D%7D”][vc_column width=”1/12″][/vc_column][vc_column us_bg_overlay_color=”#ffffff” link=”%7B%22url%22%3A%22%22%7D” width=”10/12″][vc_tta_tabs layout=”trendy” title_transform=”uppercase” css=”%7B%22default%22%3A%7B%22color%22%3A%22_content_primary%22%2C%22max-height%22%3A%22800px%22%2C%22min-height%22%3A%22400px%22%2C%22margin-left%22%3A%2215px%22%2C%22margin-top%22%3A%2215px%22%2C%22margin-bottom%22%3A%2215px%22%2C%22margin-right%22%3A%2215px%22%2C%22padding-left%22%3A%2215px%22%2C%22padding-top%22%3A%2215px%22%2C%22padding-bottom%22%3A%2215px%22%2C%22padding-right%22%3A%2215px%22%2C%22box-shadow-v-offset%22%3A%223px%22%2C%22box-shadow-color%22%3A%22_footer_text%22%7D%7D”][vc_tta_section title=”Type I” tab_link=”%7B%22url%22%3A%22%22%7D”][vc_custom_heading text=”Low-degree primitives” font_container=”tag:h4|text_align:left|color:%231e73be” use_theme_fonts=”yes”][us_separator size=”small”][vc_column_text css=”%7B%22default%22%3A%7B%22color%22%3A%22%231a1a1a%22%7D%7D”]The first wave of ZK-friendly primitives aimed at limiting the number of nonlinear operations by relying on inner functions of low degree so that it is trivial to verify the result using low-degree functions.[/vc_column_text][vc_row_inner][vc_column_inner width=”1/3″][vc_column_text]Primitives[/vc_column_text][vc_column_text]Feistel-MiMC
GMiMC
MiMC
Neptune
Poseidon
Poseidon2[/vc_column_text][/vc_column_inner][vc_column_inner width=”1/3″][vc_column_text]Field size
[/vc_column_text][vc_column_text]F_2^n or F_p
F_2^n
F_2^n or F_p
F_p
F_p
F_p[/vc_column_text][/vc_column_inner][vc_column_inner width=”1/3″][vc_column_text]State size
[/vc_column_text][vc_column_text]m = 2
any m
m = 1
m even
any m
any m[/vc_column_text][/vc_column_inner][/vc_row_inner][/vc_tta_section][vc_tta_section title=”Type II” tab_link=”%7B%22url%22%3A%22%22%7D”][vc_custom_heading text=”Equivalence relations” font_container=”tag:h4|text_align:left|color:%231e73be” use_theme_fonts=”yes”][us_separator size=”small”][vc_column_text css=”%7B%22default%22%3A%7B%22color%22%3A%22%231a1a1a%22%7D%7D”]The second type of primitive is based on equivalence relation or design strategies allowing high-degree evaluation and low-degree verification at the same time.[/vc_column_text][vc_row_inner][vc_column_inner width=”1/3″][vc_column_text]Primitives[/vc_column_text][vc_column_text]Anemoi
Arion
Friday
Grendel
Griffin
Jarvis
Rescue
Rescue-Prime
Rescue-Prime Optimized
Vision[/vc_column_text][/vc_column_inner][vc_column_inner width=”1/3″][vc_column_text]Field size
[/vc_column_text][vc_column_text]F_2^n or F_p
F_p
F_2^n
F_p
F_p
F_2^n
F_p
F_p
F_p with p = 2^{64} – 2^{32} + 1
F_2^n[/vc_column_text][/vc_column_inner][vc_column_inner width=”1/3″][vc_column_text]State size
[/vc_column_text][vc_column_text]m even
any m
any m
any m
m = 3 or 4m’
m = 1
any m
any m
m = 12 or 16
any m[/vc_column_text][/vc_column_inner][/vc_row_inner][/vc_tta_section][vc_tta_section title=”Type III” tab_link=”%7B%22url%22%3A%22%22%7D”][vc_custom_heading text=”Look-up tables” font_container=”tag:h4|text_align:left|color:%231e73be” use_theme_fonts=”yes”][us_separator size=”small”][vc_column_text]The last family corresponds to more recent primitives that use look-up tables.[/vc_column_text][vc_row_inner][vc_column_inner width=”1/3″][vc_column_text]Primitives[/vc_column_text][vc_column_text]Monolith
Reinforced Concrete
Tip5
Tip4[/vc_column_text][/vc_column_inner][vc_column_inner width=”1/3″][vc_column_text]Field size
[/vc_column_text][vc_column_text]F_p with p = 2^{64} – 2^{32} + 1 or 2^{31} – 1
F_p
F_p with p = 2^{64} – 2^{32} + 1
F_p with p = 2^{64} – 2^{32} + 1[/vc_column_text][/vc_column_inner][vc_column_inner width=”1/3″][vc_column_text]State size
[/vc_column_text][vc_column_text]m >= 8
m = 3
m = 16
m = 12 or 16[/vc_column_text][/vc_column_inner][/vc_row_inner][/vc_tta_section][/vc_tta_tabs][us_separator size=”huge”][/vc_column][vc_column width=”1/12″][/vc_column][/vc_row][vc_row height=”small” color_scheme=”alternate” us_bg_overlay_color=”#f5f5f5″ css=”%7B%22default%22%3A%7B%22background-color%22%3A%22_header_middle_bg%22%7D%7D”][vc_column link=”%7B%22url%22%3A%22%22%7D” css=”%7B%22default%22%3A%7B%22background-color%22%3A%22%23f5f5f5%22%7D%7D”][vc_row_inner content_placement=”middle” css=”%7B%22default%22%3A%7B%22background-color%22%3A%22%23f5f5f5%22%2C%22border-style%22%3A%22solid%22%2C%22border-color%22%3A%22%231a1a1a%22%7D%7D”][vc_column_inner width=”1/12″][/vc_column_inner][vc_column_inner us_bg_overlay_color=”#f5f5f5″ link=”%7B%22url%22%3A%22%22%7D” css=”%7B%22default%22%3A%7B%22background-color%22%3A%22%23f5f5f5%22%2C%22border-radius%22%3A%225px%22%2C%22border-style%22%3A%22double%22%2C%22border-left-width%22%3A%2255%22%2C%22border-top-width%22%3A%2244%22%2C%22border-bottom-width%22%3A%2255%22%2C%22border-right-width%22%3A%2255%22%2C%22border-color%22%3A%22%23023047%22%2C%22box-shadow-blur%22%3A%223px%22%2C%22box-shadow-color%22%3A%22%23023047%22%7D%7D” width=”10/12″][vc_custom_heading text=”STAP Lounge” font_container=”tag:h2|font_size:42|text_align:center|color:%23219ebc” google_fonts=”font_family:ABeeZee%3Aregular%2Citalic|font_style:400%20regular%3A400%3Anormal”][vc_column_text css=”%7B%22default%22%3A%7B%22color%22%3A%22%23333333%22%7D%7D”]
The STAP Zoo currently collects information about the following list of STAP primitives used in ZK:
◊ Anemoi
◊ Arion
◊ GMiMC
◊ Grendel
◊ Griffin
◊ MARVELlous designs (Jarvis and Friday)
◊ Marvellous designs (Rescue, Rescue-Prime, Rescue-Prime Optimized, Vision, Vision Mark-32, XHash8 and XHash12)
◊ MiMC
◊ Monolith
◊ Poseidon variants (HadesMiMC, Neptune, Poseidon and Poseidon 2)
◊ Reinforced Concrete
◊ Tip5 variants (Tip5, Tip4 and Tip4′)
[/vc_column_text][us_separator][us_image image=”1739″ meta=”1″ align=”center” link=”%7B%22url%22%3A%22%22%7D” css=”%7B%22default%22%3A%7B%22color%22%3A%22_header_middle_bg%22%7D%7D”][/vc_column_inner][vc_column_inner width=”1/12″][/vc_column_inner][/vc_row_inner][/vc_column][/vc_row]