基于当前 Web 3 世界的快速发展，零知识证明在落地应用方面取得了快速进展。本书从技术原理和相关具体工程实现的角度对其进行介绍。本书第1章从总体上回顾了 Web 3 的发展，以及当前的表现形态，第2章和第3章从最简洁的数学层面向读者介绍了零知识证明是什么，以及如何构建零知识证明。第4章从技术层面介绍了 Web 3 世界中零知识证明的主流实现方案，第5章从应用层面介绍了零知识证明在 Web 3 世界中的一些典型应用，第6章介绍了零知识证明在其他领域的应用及展望。本书定位为科普读物，面向的读者包括但不限于 Web 3 领域的从业者、对零知识证明感兴趣的学生及业内人士。

高承实，密码学博士。中国计算机学会高级会员、区块链专委会执行委员，中国工业与应用数学学会区块链专委会常务委员，中国移动通信联合会元宇宙产业工作委员会常务委员，中国指挥与控制学会会员、城市大脑与社会综合治理专家咨询团队团员，云安全联盟CSA大中华区元宇宙技术安全专家组专家，中国密码学会会员，蚂蚁链大学认证专家，深圳市信息服务业区块链协会专家导师，亚洲区块链产业研究院专家顾问委员，高承实，密码学博士，中国计算机学会区块链专委会执行委员、中国工业与应用数学学会区块链专委会常务委员，现担任安徽栈谷科技有限公司董事长，2020年被浙商产业区块链促进联盟、宏链财经评为"年度行业贡献者”。出版《区块链技术本质与应用》《元宇宙进化逻辑》《回归常识——高博士区块链观察》《区块链中的密码技术》等著作。同时也是多所大学客座教授。

目 录
第1 章 Web 3 新基建崛起 ..................................................................................................... 001
1.1 Web 3 主流叙事 ···············································································.001
1.1.1 史前叙事 ···············································································.002
1.1.2 公链降临 ···············································································.004
1.1.3 去中心化金融DeFi 创世 ····························································.007
1.1.4 非同质化代币NFT 异军突起 ······················································.012
1.1.5 链游GameFi 先声夺人 ······························································.017
1.2 Web 3 基础设施体系初现 ···································································.020
1.2.1 Web 3 基础设施框架 ·································································.020
1.2.2 数据服务 ···············································································.023
1.2.3 去中心化身份堆栈 ···································································.030
1.2.4 安全与审计 ············································································.034
1.3 零知识证明叙事升温 ·········································································.038
1.3.1 零知识证明的奥妙 ···································································.039
1.3.2 自主掌控隐私 ·········································································.041
1.3.3 破解可扩展性难题 ···································································.045
第2 章 揭开零知识证明的神秘面纱 .................................................................................... 050
2.1 “证明”的历史 ···············································································.050
2.1.1 从归纳推理到演绎推理 ·····························································.050
2.1.2 形式化符号语言推理 ································································.051
2.1.3 计算机证明 ············································································.052
2.1.4 交互式证明 ············································································.053
2.2 绕不开的计算复杂性 ·········································································.054
2.2.1 基本概念 ···············································································.054
2.2.2 P 问题、NP 问题与NPC 问题 ·····················································.059
2.2.3 电路复杂性 ············································································.064
2.3 零知识证明的基本原理 ······································································.068
2.3.1 故事中的零知识证明 ································································.068
2.3.2 模拟器定义“零知识性” ··························································.071
2.3.3 提取器定义“可靠性” ·····························································.075
2.3.4 从交互式证明到简洁非交互式证明 ··············································.078
第3 章 零知识简洁非交互论证系统的构造 ........................................................................ 091
3.1 构造零知识简洁非交互论证系统的主要步骤 ···········································.092
3.1.1 SNARK 系统的底层 ·································································.092
3.1.2 可验证计算及其设计 ································································.095
3.2 将计算需求转化为电路 ······································································.103
3.2.1 将问题转化为程序 ···································································.103
3.2.2 将程序转化为计算电路 ·····························································.104
3.3 信息论模型的构造 ············································································.112
3.3.1 LIP 模型 ················································································.113
3.3.2 IOP 模型 ···············································································.114
3.4 证明多项式 ·····················································································.115
3.4.1 FRI 承诺 ················································································.115
3.4.2 KZG10 承诺 ···········································································.120
3.4.3 IPA 承诺 ················································································.123
3.4.4 不同方案的对比 ······································································.126
3.5 非交互及零知识的实现 ······································································.127
3.5.1 非交互性 ···············································································.127
3.5.2 零知识 ··················································································.130
3.6 小结······························································································.132
3.6.1 ZK-SNARK 的分类 ··································································.132
3.6.2 更多的组合和递归 ···································································.133
第4 章 零知识证明的主流实现方案 .................................................................................... 136
4.1 零知识证明技术和应用发展 ································································.137
4.1.1 零知识证明的技术发展 ·····························································.137
4.1.2 重新定义区块链运作方式 ··························································.138
4.2 ZK-SNARK ····················································································.141
4.2.1 工作原理 ···············································································.142
4.2.2 主要协议 ···············································································.142
4.3 ZK-STARK ·····················································································.152
4.3.1 工作原理 ···············································································.152
4.3.2 ZK-SNARK 与ZK-STARK ·························································.159
4.4 Bulletproofs ·····················································································.163
4.4.1 工作原理 ···············································································.163
4.4.2 应用场景 ···············································································.169
4.5 ZKP 系统的比较维度 ········································································.171
4.5.1 效率和安全维度 ······································································.171
4.5.2 底层技术维度 ·········································································.173
第5 章 零知识证明“众神殿” ............................................................................................. 177
5.1 市场机会 ························································································.178
5.1.1 基础设施 ···············································································.178
5.1.2 身份与安全 ············································································.184
5.1.3 DeFi 与支付 ···········································································.187
5.1.4 硬件加速 ···············································································.191
5.1.5 NFT 交易 ···············································································.193
5.2 Web 3 系统扩容 ···············································································.194
5.2.1 zkSync ··················································································.195
5.2.2 StarkNet ················································································.201
5.2.3 Scroll ····················································································.206
5.2.4 Polygon zkEVM ·······································································.212
5.3 挑战可交互性 ··················································································.215
5.3.1 跨链桥概述 ············································································.215
5.3.2 ZKP 跨链原理及难点 ································································.219
5.3.3 实现以太坊PoS 轻客户端 ··························································.220
5.3.4 将IBC 引入以太坊 ···································································.223
5.3.5 分布式零知识证明 ···································································.227
5.4 数字身份解决方案 ············································································.229
5.4.1 去中心化身份堆栈 ···································································.229
5.4.2 ZK 勋章证明声誉 ····································································.232
5.4.3 ZKDID 预言机 ········································································.234
5.4.4 ZK-KYC 助力合规 ···································································.238
5.5 博弈中的隐私支付 ············································································.242
5.5.1 隐私币 ··················································································.243
5.5.2 隐私交易网络 ·········································································.248
5.5.3 隐私智能合约 ·········································································.251
第6 章 Web 3 之外的零知识证明 ........................................................................................ 254
6.1 零知识证明赋能生成式AI ··································································.255
6.1.1 为ML 上链提供基础设施 ··························································.256
6.1.2 实现信任证明 ·········································································.257
6.1.3 开拓游戏新属性 ······································································.257
6.2 抵抗虚假信息 ··················································································.259
6.2.1 音频的ZK 证明 ·······································································.259
6.2.2 新闻照片的ZK 证明 ·································································.260
6.3 分布式智能电网的安全控制 ································································.262
6.4 医疗数据保护与安全共享 ···································································.264
6.4.1 医疗数据安全共享 ···································································.264
6.4.2 医疗数据安全采集 ···································································.267
参考文献 ....................................................................................................................................... 271
后记 ............................................................................................................................................... 277