RareSkills/zk-book

groth-16 article

Closed this issue · 2 comments

TakeASwing-420 commented

@RareSkills,

  1. In the original groth-16 paper, the sim function can compute a valid proof from the publicly available parameters for a given circuit( or relation) without actually knowing the witness but it was not included in this book.

Although it is optional as per the verification system, but I think it could have been added.

  1. In the groth-16.md a small hint could have been added about making a commitment towards the proof before providing the encrypted proofs here👇

The prover can create an unlimited number of proofs for the same witness

This isn't a "security issue" per se -- it is necessary to achieve Zero Knowledge. However, the application needs a mechanism to track which facts have already been proven and cannot rely on the uniqueness of the proof to achieve that.

jeffreyscholz commented

The simulator and extractor elements of ZK proofs is something I intentionally want to leave out. They really only matter to researchers, not engineers.