Zero Knowledge Internet Computer Virtual Machine

Not sure. If the claim is that f(x)=2*x why wouldn’t just the proof of computation work? Why would I (as a verifier) need to see the inner workings (open source) if there is a witness to the computation?

You don’t need to see f, but you do need to see x.

In the case of building a canister, the compiler is f and the canister source code is x.

In order to verify a zk proof, I believe you need:

  • the input x
  • the output f(x)
  • some hash of the program hash(f)
  • the zk proof itself

The zero-knowledge part means that you don’t need to actually run f on x (or perhaps know what f is, just its hash).

Please correct me if I’m wrong here…

1 Like

Yes.

My thinking was around how to get verifiable builds around a closed source system; without “trusted members of community” vouching for the veracity of the build.

I was thinking about this too, but I’m not sure the word “verifiable” even makes sense for closed source canisters. What is there to verify if you don’t know the source code? By definition, “verifiable” usually means to verify that some binary came from some source, in this context.

But perhaps you could verify something else, for example privacy.

Another quote from that same article I linked:

Even if some canisters do not want to disclose their source code, there may be help on the way. For instance, there may be verifiably built canisters that offer privacy protection as a service and act as an intermediary between users and closed source canisters to guarantee your privacy. Internet Identity can be seen as an example of a privacy-protection service, offering access to other canisters via a pseudonymous principal.

This is really interesting because now you don’t need “trusted” human intermediaries but instead can rely on “trustless” canister intermediaries. Perhaps the closed source canister can somehow “prove” to the trustless canister intermediary that it makes certain privacy guarantees. Not clear on the details here.

I wanted to add something I just learned about STARKs, which is that they appear to be post-quantum secure: https://eprint.iacr.org/2018/046.pdf

I wonder if part of an elegant solution to post-quantum security on the IC would be to implement the zkICVM.