# ZK

## Circuit 

A circuit can be represented as follows:

$$
C(x: { \dots },\ w: { \dots })
$$

Here, $$x$$ denotes the **public input**, and $$w$$ denotes the **witness** (i.e., private input).

The circuit outputs $$C(x, w) = 1$$ if the conditions are satisfied; otherwise, it returns $$0$$.

### **Example**

Suppose you want to create a circuit that checks whether you know the square root of a value $$X$$ without revealing the square root itself. The circuit can be expressed as:

$$
C(x: { X },\ w: { y }):\quad y^2 \stackrel{?}{=} X
$$

This verifies that $$y$$ is a valid square root of the public input $$X$$.

## Symbols

* $$\mathcal{P}$$ : Prover — the party who knows the witness and constructs a proof.
* $$\mathcal{V}$$ : Verifier — the party who checks the validity of the proof.
* $$\mathcal{A}$$ : Adversary — an attacker or a malicious party in the security model.
* $$\mathcal{O}$$ : Oracle — an abstract function or idealized interface (e.g., random oracle).
* $$\pi$$ : The proof generated by the prover.
* $$\textsf{poly}(\cdot)$$ : A polynomial function, typically used to express a bound of computational power of a party. (e.g., "runs in $$\textsf{poly}(\lambda)$$ time").
* $$\lambda$$ : Security parameter — determines cryptographic strength; higher $$\lambda$$ indicates stronger security.