| For me, the most powerful use of ZKPs is proof of the output of general purpose computations of any kind. You can run an arbitrarily large, arbitrary long program, and whatever the program outputs, you can make a tiny proof-signature that says "this is the output you'll get if you run this program yourself". The proof-signatures are relatively small, and you can verify them on small devices in milliseconds. Another computer can trust the claimed output without having to run the program itself, by verifying the proof-signature. This scales to arbitrarily large computations, so for example if a supercomputer says "I ran a quadrillion petaflops of your program for 1 year, and the result was the picture attached to this signature", you actually can verify that the picture is correct, quickly and efficiently - without having to trust the supplier. It's as good as if you re-ran the program yourself (up to cryptography-grade probabilities, which is good enough). Or if the big computer says "this entire Debian distribution of binary files was indeed compiled with this version of GCC", you can quickly verify that all the binaries are exactly what they should be - without having to trust anyone. The proof process is rather slow, but it has gotten a lot faster over the last few years, and will continue to. I was amazed when I learned that it's possible to securely check an arbitrarily large computation's output or result without running it yourself. It was so counter to my intuition: it seemed like you would have to trust whoever makes the claim, or run it yourself. But you don't! (So amazed and intrigued that I had to learn how it's done, and now part of my work these days is optimising the proof process.) |
> So amazed and intrigued that I had to learn how it's done
Any chance you could just illustrate this somehow with a basic example? I just don't see how you could possibly verify that a program is produced with GCC without going through approximately as much effort as it'd take to compile it.