How does PLONK work? Part 11: Our final protocol! (Without the copy constraints) posted August 2021

In this eleventh video, I go back to the PLONK protocol and finally explain how it works with polynomial commitments. This version of the protocol is not finished, as it doesn't have zero-knowledgeness (the polynomial evaluations leak information about the polynomials) and the wiring (or copy constraint) has not been enforced (e.g. the output wire of this gate should be the left wire of this other gate). In the next video, I will explain how copy constraints can be enforced via the PLONK permutation argument.

Stay tuned for part 12... Check the full series here.

Well done! You've reached the end of my post. Now you can leave a comment or read something else.

Here are some random popular articles:

- Attacks on Ethereum Smart Contracts
- Zero'ing memory, compiler optimizations and memset_s
- A New Public-Key Cryptosystem via Mersenne Numbers
- KangarooTwelve
- Bits and Bytes ordering in 5 minutes
- Speed and Cryptography
- Proof of Elgamal's semantic security using a reduction to DDH

Here are some random recent articles:

- The case against slashing?
- Want to learn more about zkBitcoin? I've made some videos
- A note on the elliptic curve pairing checks in zero-knowledge proofs
- Two And A Half Coins: Exploring Layer 2 Solutions on Bitcoin with Kevin Hurley and Alex Akselrod
- Two And A Half Coins #7 - It's time to talk about Ethereum
- I talked about ZK security on the first episode of Node Guardians season 2!
- The zero-knowledge attack of the year might just have happened, or how Nova got broken

How does PLONK work? Part 11: Our final protocol! (Without the copy constraints) posted August 2021

Comments

leave a comment...

How does PLONK work? Part 11: Our final protocol! (Without the copy constraints) posted August 2021

Comments

leave a comment...

Subscribe to the mailing list