Enable making some inputs private

a16z / jolt

The simplest and most extensible zkVM. Fast and fully open source from a16z crypto and friends. ⚡

https://jolt.a16zcrypto.com

MIT License

580 stars 105 forks source link

Enable making some inputs private #371

Open imikushin opened 1 month ago

imikushin commented 1 month ago

The user experience of this could look something like this:

#[jolt::provable]
fn correct_factors(p: i32, #[private] a: i32, #[private] b: i32) -> bool {
    p == a * b
}

jolt::provable would treat all #[private] arguments as private inputs.

To enable this, Jolt verifier should be represented by a circuit, so that it could itself be verified by a SNARK (like Groth16, Plonk, GKR).

recmo commented 2 weeks ago

Note that excluding some inputs from the verification is also useful for succinctness. It is not blocked on ZK to be useful.

Example use case: I have a large JSON file of which verifier knows the hash (and is allowed to learn contents). I want to provably look up a value without transferring the whole file.

Example use case: Verifying computations using hint values for prover efficiency (e.g. multiplicative inverses). Having to send the hints to the verifier, or have verifier re-derive them defeats succinctness.