How to convert exponents and group operations to gates in arithmetic circuit

Question

I am following Vitalik Buterin's article to study zk-SNARKs recently.

I can understand the main procedure of zk-SNARKs when given example equation x**3 + x + 5 == 35. However, in cryptography, most equations contain exponents. For example, the prover may want to prove the knowledge of $a$ in $g^a=A$. In this case, an arithmetic circuit seems hard to be built by multiplication gates (since the number of multiplication gates is not fixed).

Then I think of elliptic curve, which can transform $g^a=A$ into $a\cdot g=A$ where $g$ is an elliptic curve point. By doing so, it suits the *form of multiplication gate. But this brings up another problem: the multiplication is actually an elliptic curve operation instead of basic arithmetic.

Therefore, I wonder how exponents and group operations can be transformed into arithmetic circuits.

Answer 1

$1)$ Why no exponentiation provided?

$A)$ Exponentiation is multiplication.

$5^4 = 5\star5\star5\star5$ (4 times)

So any exponentiation can be done using the multiplication gate

---

$2)$ How do scalar multiplication in elliptic curves using the addition & multiplication gates?

$A)$ First of all, there is no multiplication operation in the Elliptic Curve Group - the Elliptic Curve group supports only the addition operation. Scalar multiplication is actually addition. Elliptic Curve Group has formulas for addition of two points & also point doubling (doubling is addition of a point to itself).

Assuming $P=(x_1,y_1)$, $Q=(x_2, y_2)$, then you can compute

1. Addition ($P \ne Q$)

$R= (x_3, y_3) = P + Q$

2. Doubling (Addition where $P = Q$)

$R = 2P = 2Q = P + Q$

There are formulas for this

If you check the formulas it involves numerical addition & subtraction (which can be done with the addition gate of a circuit.

The division is actually multiplication by the inverse. So you have first calculate the inverse of $(x_2 - x_1)$ or $2y_1$ first in the finite field which again needs to be broken into basic operations (numerical addition/multiplication). And then the whole formula becomes something which can be just done using addition & multiplication gates.

So the addition, scalar multiplication etc are all notational operations which have to be broken down to basic arithmetic operations & then are done using circuit gates.