How does one construct a SNARK circuit for proving the knowledge of a SHA256 pre-image?

DeLorean88

12/23/22, 1:27 AM

Usually one explains how the R1CS/QAPs and SNARKs work using examples of circuits with multiplication and addition nodes, and constructing polynomials from that is relatively straightforward. SHA-2 hashing uses complicated bit-wise arithmetic applied to itself multiple times, not simple multiplications and additions. How does one even construct a circuit to prove that a string hashes to a hash? Is there anywhere online I could read about this in an approachable form?

120

0 + 3

sha-256

zero-knowledge-proofs

circuit

snarks

Vadym Fedyukovych

12/23/22, 2:15 PM

Would you read source code of SHA libsnark gadget?

DeLorean88

12/23/22, 6:43 PM

@VadymFedyukovych I was hoping for something like an overview and explanation of a general principle

Vadym Fedyukovych

12/24/22, 2:25 PM

What if someone will ask you about general principles of C++ or Java programming? R1CS is the language, there are known-good examples in the gadgets library ranging from elementary to SHA (which is large). Would you start from the idea of bit representation of the input string-to-hash, considering each bit as an R1CS variable?

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How does one construct a SNARK circuit for proving the knowledge of a SHA256 pre-image?

TH: เราจะสร้างวงจร SNARK เพื่อพิสูจน์ความรู้เกี่ยวกับพรีอิมเมจ SHA256 ได้อย่างไร

RO: Cum se construiește un circuit SNARK pentru a demonstra cunoașterea unei imagini prealabile SHA256?

RU: Как построить схему SNARK для подтверждения знания прообраза SHA256?

VI: Làm cách nào để xây dựng mạch SNARK để chứng minh kiến thức về hình ảnh trước SHA256?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.