pepper-project / pequin

A system for verifying outsourced computations, and applying SNARKs. Simplified release of the main Pepper codebase.
Other
122 stars 46 forks source link

How is this implementing zkSnark? #16

Closed harshvardhanagrawal closed 6 years ago

harshvardhanagrawal commented 6 years ago

The user gets to know the inputs used while verifying. How does the zero knowledge property remain intact?

maxhowald commented 6 years ago

In the context of SNARKs, zero-knowledge means that the verifier does not learn anything about the witness, i.e a variable assignment that satisfies the constraints of the computation in question, other than what is implied by the output (or input) to the computation itself. See, e.g. Section 1.1 here.

For many of the examples in this repo (e.g. matrix multiplication), the inputs to a computation completely determine its output as well as a unique satisfying assignment, so there is nothing left to be hidden.

For other applications, we leverage the zero-knowledge property of the SNARK to implement computations with private prover input. For example, the face-matching example, allows the verifier to take a commitment to a database of (bytes representing) faces, and the properties of the zkSNARK ensure that the verifier does not learn anything about the contents of the database, other than what is implied by the input / output. In the case of a successful match, the verifier will learn that the input face is contained in the database, but not anything about other entries. See this paper, section 6 for more details and examples.