ZK

Circuit

A circuit can be represented as follows:

C(x:{}, w:{})C(x: \{ \dots \},\ w: \{ \dots \})

Here, xx denotes the public input, and ww denotes the witness (i.e., private input).

The circuit outputs C(x,w)=1C(x, w) = 1 if the conditions are satisfied; otherwise, it returns 00.

Example

Suppose you want to create a circuit that checks whether you know the square root of a value XX without revealing the square root itself. The circuit can be expressed as:

C(x:{X}, w:{y}):y2=?XC(x: \{ X \},\ w: \{ y \}):\quad y^2 \stackrel{?}{=} X

This verifies that yy is a valid square root of the public input XX.

Symbols

  • P\mathcal{P} : Prover — the party who knows the witness and constructs a proof.

  • V\mathcal{V} : Verifier — the party who checks the validity of the proof.

  • A\mathcal{A} : Adversary — an attacker or a malicious party in the security model.

  • O\mathcal{O} : Oracle — an abstract function or idealized interface (e.g., random oracle).

  • π\pi : The proof generated by the prover.

  • poly()\textsf{poly}(\cdot) : A polynomial function, typically used to express a bound of computational power of a party. (e.g., "runs in poly(λ)\textsf{poly}(\lambda) time").

  • λ\lambda : Security parameter — determines cryptographic strength; higher λ\lambda indicates stronger security.

Last updated