Can zksnark prove DLP?

Question

Can one use zksnark to prove the knowledge of a discrete logarithm? In another word, can zksnark (R1CS) encode exponentiation?

score 2 · Accepted Answer · answered May 24 '20 at 00:56

2

final_exp_gadget<>() of libsnark could be a practical example to tune for DLP. The idea is, "final exponentiation" is a part of Ate pairing, that is verified as a part of check_e_equals_e_gadget<>(), which stands for Groth16 verification equation.

answered May 24 '20 at 00:56

Vadym Fedyukovych

2,347
14
19

score 1 · Answer 2 · answered May 23 '20 at 07:55

Yes, for sure! R1CS is an NP-complete language. It is basically a characterization of arithmetic circuits, hence every computation can be expressed as a R1CS.

There are compilers that reduce program executions to R1CS. One of my favourite tools is Zokrates.

Can zksnark prove DLP?

2 Answers2