Fangirl of Dusk Network
Before we give our hero the undivided attention it deserves, let us try and explain zero-knowledge proof in one sentence. Zero-knowledge proofs allow you to prove that you know a ‘secret’, without actually telling and revealing the secret to the other.
The mathematics used for zero-knowledge proofs is extremely powerful, and very useful, as it can be used for passwordless login, age verification, to demonstrate club membership, public key ownership, and so on, without disclosing any information.
Still a bit fuzzy on zero-knowledge proofs? A quick read on Zero-knowledge proofs and why they matter might help you out.
What is Plonk?
Plonk is designed by Gabizon, Williamson and Ciobotaru and is very short for ‘Permutations over Lagrange-bases for Oecumenical Noninteractive arguments of Knowledge.
You probably know exactly what I am talking about, let me explain anyway.
Plonk is a zero-knowledge proof system that utilizes an updatable reference string (hang in there) which lends it some very interesting features.
Up until recently, we could count all different zero-knowledge proof systems on one hand, but ever since the application of cryptography in blockchain technology, they have become all the rage.
Plonk, the hero of the zero-knowledge proof systems
In recent years, we have seen the surfacing of a wide variety of zero-knowledge proof systems: Bulletproofs, zk-STARKs, and zk-SNARKs with several subspecies like Groth16, Marlin, Sonic or Plonk. Without further ado, let us dive straight into the 3 reasons why PLONK is our favorite.
Safe - updatable reference string
Plonk utilizes a trusted setup with an updatable reference string, meaning two things. Firstly, multiple participants in the ceremony generate the original reference string, which cannot be compromised as long as at least one of the participants is honest. A common process, where participants are also known to actually destroy their hardware for additional safety.
Secondly, and definitely Plonk-specific, the original reference string is constantly being updated. In the case of Dusk Network, the string will be updated by Block Generators every N blocks. This adds another level of security as the probability of at least one single participant being honest increases over time.
“All for one, one for all”, Alexandre Dumas on updatable reference strings in the 1844 novel The Three Musketeers.
Fast - prover and verification times
When it comes to prover and verification times, we would like them to be fast enough to be of use for projects. Here we distinguish between prover- and verification times.
Approaching it from a blockchain perspective, prover time sits with the prover, and takes only place on his/her side of the equation. In other words, a prover can easily wait a few seconds when proving a statement, but if it takes any longer it will definitely be an inconvenience at best.
At this moment, our Plonk prover times are roughly 6 seconds on a mobile Intel Core i5 processor.
Verification times are a different story as they need to be included in the block. In other words, the longer it takes to verify transactions, the fewer transactions can be included in the block, sincerely affecting blockchain scalability.
What is special about Plonk is that verification times are near-constant, not affected by the complexity of proofs, and thus the far better choice in comparison to other zero-knowledge proof systems like Bulletproofs.
This image shows how verification times of Plonk stay constant for increasingly difficult proofs.
Scalable - universal reference string
Not only do fast verification times add to the scalability of your project. Unlike other zk-SNARKs, Plonk has an original reference string that is universal. In other words, the original trusted setup can be used to build proofs with any type of circuit, even if the circuit is created after the original ceremony. E.g. For Dusk Network this means that platform users can rely on the network being safe and secure, without partners having to set up original reference strings everytime a new circuit is required.
Stay tuned for our next article on how to add a dash of zero-knowledge power to your project. For up to date articles, we invite you to visit our website.