tornadocash
/
docs
mirror of https://github.com/tornadocash/docs
1
0
Fork 0
Code

s/intermediary/intermediate/

This commit is contained in:
Justin Martin 2021-10-09 16:37:02 -07:00
parent e982997e6d
commit 0fd812b73b
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
circuits.md
View File

@ -92,7 +92,7 @@ compacted, and their bodies disposed of as you please.
In the context of a PLONK circuit, a witness is the set of values that need to be generated from the inputs to the
circuit, based on the circuit design, to satisfy all of the constraints imposed by the circuit. You can think of the
witness generator produced by Circom as a circuit-specific decompression function which runs your inputs through the
circuit, and snapshots all of the various intermediary values that are produced along the way.
circuit, and snapshots all of the various intermediate values that are produced along the way.
With this expanded form generated from your inputs, you know which values must be assigned to the constraints specified
by the R1CS in order to construct a valid proof.
@ -103,14 +103,14 @@ When you think of a "proof", you probably imagine that it's an incontrovertible
However, in the context of a SNARK, a "proof" actually represents an *argument* that something is *almost certainly*
true. If we were to try to transmit the solution to every single polynomial constraint imposed by a circuit, we would
end up with proofs that were orders of magnitude larger than if we simply show that certain sorts of relationships hold
true between the intermediary values of state within the circuit.
true between the intermediate state values within the circuit.
It's possible that for any given circuit, someone with sufficient computing power could generate a proof that satisfies
the circuit's constraints in a malformed way, but this would be roughly equivalent in difficulty to
[factoring large primes](https://en.wikipedia.org/wiki/RSA_Factoring_Challenge).
So, when generating a proof for a SNARK circuit, you're calculating the intermediate states of your circuit for a given
input (witness generation), and then calculating the relationships between your inputs, the intermediary states, and
input (witness generation), and then calculating the relationships between your inputs, the intermediate states, and
the circuit's outputs.
Once you have the proof that you've satisfied the necessary set of constraints, you can then publish that proof and
@ -120,6 +120,9 @@ are what would be expected to correspond to your proof.
## Circuits
With that understanding of ZK proving circuits well-in-hand, let's delve into how Tornado.cash uses some very simple
circuits to enable you to privately
### Deposit
### Tornado Trees