RT @DividendGrowth: This is very true

RT @tcoratger: Highly recommended (insane amount of resources)!. Cryptography 101 with Alfred Menezes.

The full details

5/ Groups of unknown order.🔍 Representative scheme: DARK.✅ Pros: Elegant, no pairings or trusted setup.⚠️ Cons: Currently impractical—slow with large parameters.

4/ Lattice‑based.🔒 Representative scheme: Ajtai commitment.✅ Pros: Post‑quantum secure.⚠️ Cons: Complex math; bulky proofs and keys.

3/ Hashing‑based.🔗 Representative schemes: FRI, Brakedown, STIR,WHIR, Basefold.✅ Pros: Post‑quantum secure; supports small/binary fields.⚠️ Cons: Large proofs (~100 KB+); high bandwidth requirements3.

2/ Group‑based.🧩 Representative schemes: Bulletproofs, Hyrax, Ligero, Dory.✅ Pros: No trusted setup, no pairings needed.⚠️ Cons: Verifier time grows linearly with polynomial size.

1/ Pairing‑based (cryptographic).🔐 Representative schemes: KZG, HyperKZG (univariate polynomials); Zeromorph (multilinear polynomials).✅ Pros: Tiny proofs, very fast verification.⚠️ Cons: Requires trusted setup (SRS); involves pairing operations (elliptic-curve.

Recall, polynomial commitment schemes are used to reduce a communication overhead between a prover and a verifier. Instead of sending a large polynomial, the prover sends a short commitment to it to the verifier.

What kinds of polynomial commitment schemes (PCS) are used in SNARKs? Let’s break them down into key categories with examples and trade-offs. Thread 👇.

RT @tcoratger: Foundations of High-Speed Cryptography course by @Ingo_zk .

RT @fenbushi: Missed our Fenbushi DeFi Salon #EthCC 2025? Watch the full recordings on YouTube below 👇🏼 . 📚 Featur….

10/ Full details

9/ Schwarz-Zippel Lemma allows effectively verify that two polynomials h and r are equal without comparing all their coefficients. Pick a random point r, h(r) = q(r) <=> if and only of h == r with high probability.#algebra.

8/ 🧮 Quotienting = a technique where a prover shows a polynomial h(x) is divisible by a vanishing polynomial Z(x). It simplifies verification. Used in Groth16, Plonk, Marlin.

7/ PIOP is an interactive protocol between a prover and a verifier. Two main PIOP families: 1️⃣ Quotienting-based (e.g. Groth16, Plonk). 2️⃣ Sumcheck-based (e.g. GKR, Spartan, Jolt) #ZKP.

6/ Instead of sending a whole polynomial, which can be a quite big (degree >= 1000), a prover sends a short polynomial commitment to a verifier. The commitment can be either a hash or a field element.

5/ ⛔ Mismatching PIOP/PCS causes overhead:.✅ univariate + univariate = OK.✅ multilinear + multilinear = OK.❌ univariate + multilinear = NO.❌ multilinear + univariate = NO.

4/ SNARKs = PIOP + PCS.🔸 PIOP = Polynomial Interactive Oracle Proof.🔸 PCS = Polynomial Commitment Scheme.Together, they give us SNARKs. But not all combos are efficient. .

3/ Polynomials can be in:.📍 Coefficient form: (c_1,. c_n).📍 Evaluation form: (p(x_1). p(x_n)) easier to prove properties .#ZK.