How does PLONK work? Part 11: Our final protocol! (Without the copy constraints) posted August 2021

In this eleventh video, I go back to the PLONK protocol and finally explain how it works with polynomial commitments. This version of the protocol is not finished, as it doesn't have zero-knowledgeness (the polynomial evaluations leak information about the polynomials) and the wiring (or copy constraint) has not been enforced (e.g. the output wire of this gate should be the left wire of this other gate). In the next video, I will explain how copy constraints can be enforced via the PLONK permutation argument.

Stay tuned for part 12... Check the full series here.

Well done! You've reached the end of my post. Now you can leave a comment or read something else.

Here are some random popular articles:

- How did length extension attacks made it into SHA-2?
- Attacks on Ethereum Smart Contracts
- Let's Encrypt Overview
- KangarooTwelve
- The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations
- Speed and Cryptography
- Developers Are Not Idiots

Here are some random recent articles:

- Some unrelated rambling about counter strike
- State monads in OCaml
- zkVMs are cool, but have you heard of zkCPUs?
- noname developer update #1: learning about zero-knowledge apps and circuits using the noname educational DSL
- the noname language, a toy DSL for zkapps
- Real-World Cryptography, a bit more than a year later
- ZK Security - A Whole New Layer to Worry About

How does PLONK work? Part 11: Our final protocol! (Without the copy constraints) posted August 2021

Comments

leave a comment...

How does PLONK work? Part 11: Our final protocol! (Without the copy constraints) posted August 2021

Comments

leave a comment...

Subscribe to the mailing list