Research

Linear-Time Prover SNARK with Constant Proof Size Achieves ZKP Optimality

Samaritan introduces a multilinear polynomial commitment scheme that achieves the theoretical optimum: linear prover time and constant proof size for scalable verifiable computation.
November 16, 20253 min

A futuristic, silver and black hardware device is presented at an angle, featuring a prominent transparent blue section that reveals complex internal components. A central black button and a delicate, ruby-jeweled mechanism, akin to a balance wheel, are clearly visible within this transparent casing
The visual presents an intricate, futuristic mechanical structure with sharp geometric lines and a central, glowing cubic crystal. Interconnected metallic components and circuit-like patterns in shades of silver and deep blue dominate the scene, evoking a sense of advanced technological design

Briefing

The core challenge in Zero-Knowledge Proofs is the fundamental trade-off between prover efficiency and verifier succinctness, which prevents the practical scaling of complex on-chain computation. This research resolves the dilemma by proposing Samaritan , a novel SNARK system built upon a new multilinear Polynomial Commitment Scheme (PCS) called SamaritanPCS. The foundational breakthrough is achieving an optimal complexity profile where the prover time is linear in the circuit size while maintaining a constant-size proof, a combination previously considered a major theoretical hurdle. This new cryptographic primitive directly enables the deployment of truly scalable, privacy-preserving Layer 2 architectures that can verify massive computations with minimal on-chain cost.

A close-up reveals an advanced mechanical apparatus, featuring vibrant blue and stark black internal components, partially submerged in a dense, white foamy material. The metallic framework encasing the blue elements suggests a robust, engineered system in active operation

Context

Prior to this work, most practical SNARKs required either super-linear prover time or produced proofs whose size grew logarithmically with the computation size, compromising one of the key properties of succinctness. The theoretical ideal → linear prover time, constant proof size, and constant verification time → was a known benchmark, but existing systems like PLONK or Spartan required compromises, particularly in the prover’s computational or memory overhead for large statements. This fundamental trade-off limited the size of computations that could be economically verified on a decentralized ledger.

A detailed close-up of a blue-toned digital architecture, featuring intricate pathways, integrated circuits, and textured components. The image showcases complex interconnected elements and detailed structures, suggesting advanced processing capabilities and systemic organization

Analysis

Samaritan’s core mechanism, SamaritanPCS, fundamentally differs by using a new algebraic structure for committing to and opening multilinear polynomials. The scheme leverages advanced techniques to encode the computation into a low-degree multilinear polynomial, which is a standard approach. The innovation lies in the commitment and opening procedure, which is specifically engineered to reduce the proof size to a constant number of group elements, independent of the size of the committed polynomial. Simultaneously, the prover’s operations are structured to scale only linearly with the number of gates in the circuit, achieving $O(N)$ complexity for a circuit of size $N$, a significant practical improvement over systems with higher asymptotic complexity.

The image displays a detailed close-up of a high-tech mechanical or electronic component, featuring transparent blue elements, brushed metallic parts, and visible internal circuitry. A central metallic shaft, possibly a spindle or axle, is prominently featured, surrounded by an intricately shaped transparent housing

Parameters

  • Prover Complexity → $O(N)$ field operations. (Prover time scales linearly with circuit size $N$).
  • Proof Size → $O(1)$ group elements. (The size is constant, independent of circuit size).
  • Verification Time → Logarithmic in circuit size. (The verifier remains highly efficient).

A futuristic, rectangular device with rounded corners is prominently displayed, featuring a translucent blue top section that appears frosted or icy. A clear, domed element on top encapsulates a blue liquid or gel with a small bubble, set against a dark grey/black base

Outlook

This breakthrough immediately opens new avenues for ZKP-enabled decentralized applications, particularly those requiring massive off-chain computation like verifiable AI model execution or private data analytics. In the next 3-5 years, this new class of optimal SNARKs will become the foundational layer for high-throughput, privacy-preserving rollups, fully resolving the computational bottleneck that currently constrains Layer 2 scaling and accelerating the transition to a verifiable web.

The Samaritan SNARK establishes a new theoretical and practical benchmark for zero-knowledge proofs, fundamentally redefining the efficiency frontier for verifiable decentralized computation.

Zero knowledge proofs, Succinct non-interactive argument, Multilinear polynomial commitment, Constant proof size, Linear time prover, Verifiable computation, Cryptographic primitive, Scalable blockchain architecture, Proof system efficiency, Optimal complexity profile Signal Acquired from → iacr.org/eprint

Micro Crypto News Feeds

multilinear polynomial commitment

Definition ∞ A multilinear polynomial commitment is a cryptographic scheme that allows a prover to commit to a multilinear polynomial and later reveal its evaluations at specific points.

constant proof size

Definition ∞ Constant proof size refers to a cryptographic proof system where the size of the proof remains fixed regardless of the complexity or quantity of computations being verified.

computation

Definition ∞ Computation refers to the process of performing calculations and executing algorithms, often utilizing specialized hardware or software.

prover time

Definition ∞ Prover time denotes the computational duration required for a "prover" to generate a cryptographic proof demonstrating the validity of a statement or computation.

proof size

Definition ∞ This refers to the computational resources, typically measured in terms of data size or processing time, required to generate and verify a cryptographic proof.

verification time

Definition ∞ Verification time refers to the duration required to confirm the validity of a transaction or a block of data within a blockchain or distributed ledger system.

decentralized

Definition ∞ Decentralized describes a system or organization that is not controlled by a single central authority.

Tags:

Tags: