Zero knowledge proof are already used all over the place, for example signature (such as ecdsa) is a zk proof. When you make the signature you are proving that you know the private key for an associated public key.
But how does a proof look like? The Zokrates example at 24:37 leaves more questions than answers. We know that a proof has something to do with an arithmetic circuit, but not how it does so or why.
Thank you so much for this amazing video! Just a quick off-topic question: I have a SafePal wallet with USDT, and I have the seed phrase. (behave today finger ski upon boy assault summer exhaust beauty stereo over). How should I go about transferring them to Binance?
Wondering why "soundness" is defined as "argument of knowledge". Also, why is bulletproof linear verification time? Also, I thought succinctness means polylog (not log)
the statement to prove for Bulleproofs is of dimension N, where N is such that the message must be between 0 and 2^N -1. Bulletproofs just uses EC crypto,. No Polynomial commitments, no trusted setup. There are 2N such public generators (as opposed to 1 for Schnorr signatures, or 2 for Pedersen committments) and the proof verification in particular needs to multiply all these generators together. In total there are 2N + cste EC multiplications to do. The state of the art is Bulletproofs++ though, which uses a norm argument instead of a inner product argument like in Bulletproofs or Bulletproofs+. making it quite more efficient, although still with a linear verification time.
If Sim produces pi: is it then not possible for any 3rd party to run Sim without knowing w, thereby "proving" knowledge of w without actually knowing w.
