Research

Linear-Time Prover SNARK with Constant Proof Size Achieves ZKP Optimality

Samaritan introduces a multilinear polynomial commitment scheme that achieves the theoretical optimum: linear prover time and constant proof size for scalable verifiable computation.
November 16, 20253 min

A translucent blue fluid mass, heavily foamed with effervescent bubbles, cascades across a stack of dark gray modular hardware units. The units display glowing blue digital interfaces featuring data visualizations and intricate circuit patterns
A sophisticated, open-casing mechanical apparatus, predominantly deep blue and brushed silver, reveals its intricate internal workings. At its core, a prominent circular module bears the distinct Ethereum logo, surrounded by precision-machined components and an array of interconnected wiring

Briefing

The core challenge in Zero-Knowledge Proofs is the fundamental trade-off between prover efficiency and verifier succinctness, which prevents the practical scaling of complex on-chain computation. This research resolves the dilemma by proposing Samaritan , a novel SNARK system built upon a new multilinear Polynomial Commitment Scheme (PCS) called SamaritanPCS. The foundational breakthrough is achieving an optimal complexity profile where the prover time is linear in the circuit size while maintaining a constant-size proof, a combination previously considered a major theoretical hurdle. This new cryptographic primitive directly enables the deployment of truly scalable, privacy-preserving Layer 2 architectures that can verify massive computations with minimal on-chain cost.

A high-tech device displays a transparent, blue, looping structure, with intricate digital patterns glowing within. A central component emits a bright blue circular light, anchoring the internal visual complexity

Context

Prior to this work, most practical SNARKs required either super-linear prover time or produced proofs whose size grew logarithmically with the computation size, compromising one of the key properties of succinctness. The theoretical ideal → linear prover time, constant proof size, and constant verification time → was a known benchmark, but existing systems like PLONK or Spartan required compromises, particularly in the prover’s computational or memory overhead for large statements. This fundamental trade-off limited the size of computations that could be economically verified on a decentralized ledger.

The image displays a detailed close-up of a high-tech mechanical or electronic component, featuring transparent blue elements, brushed metallic parts, and visible internal circuitry. A central metallic shaft, possibly a spindle or axle, is prominently featured, surrounded by an intricately shaped transparent housing

Analysis

Samaritan’s core mechanism, SamaritanPCS, fundamentally differs by using a new algebraic structure for committing to and opening multilinear polynomials. The scheme leverages advanced techniques to encode the computation into a low-degree multilinear polynomial, which is a standard approach. The innovation lies in the commitment and opening procedure, which is specifically engineered to reduce the proof size to a constant number of group elements, independent of the size of the committed polynomial. Simultaneously, the prover’s operations are structured to scale only linearly with the number of gates in the circuit, achieving $O(N)$ complexity for a circuit of size $N$, a significant practical improvement over systems with higher asymptotic complexity.

A detailed close-up of a blue-toned digital architecture, featuring intricate pathways, integrated circuits, and textured components. The image showcases complex interconnected elements and detailed structures, suggesting advanced processing capabilities and systemic organization

Parameters

  • Prover Complexity → $O(N)$ field operations. (Prover time scales linearly with circuit size $N$).
  • Proof Size → $O(1)$ group elements. (The size is constant, independent of circuit size).
  • Verification Time → Logarithmic in circuit size. (The verifier remains highly efficient).

A translucent, textured casing encloses an intricate, luminous blue internal structure, featuring a prominent metallic lens. The object rests on a reflective surface, casting a subtle shadow and highlighting its precise, self-contained design

Outlook

This breakthrough immediately opens new avenues for ZKP-enabled decentralized applications, particularly those requiring massive off-chain computation like verifiable AI model execution or private data analytics. In the next 3-5 years, this new class of optimal SNARKs will become the foundational layer for high-throughput, privacy-preserving rollups, fully resolving the computational bottleneck that currently constrains Layer 2 scaling and accelerating the transition to a verifiable web.

The Samaritan SNARK establishes a new theoretical and practical benchmark for zero-knowledge proofs, fundamentally redefining the efficiency frontier for verifiable decentralized computation.

Zero knowledge proofs, Succinct non-interactive argument, Multilinear polynomial commitment, Constant proof size, Linear time prover, Verifiable computation, Cryptographic primitive, Scalable blockchain architecture, Proof system efficiency, Optimal complexity profile Signal Acquired from → iacr.org/eprint

Micro Crypto News Feeds

multilinear polynomial commitment

Definition ∞ A multilinear polynomial commitment is a cryptographic scheme that allows a prover to commit to a multilinear polynomial and later reveal its evaluations at specific points.

constant proof size

Definition ∞ Constant proof size refers to a cryptographic proof system where the size of the proof remains fixed regardless of the complexity or quantity of computations being verified.

computation

Definition ∞ Computation refers to the process of performing calculations and executing algorithms, often utilizing specialized hardware or software.

prover time

Definition ∞ Prover time denotes the computational duration required for a "prover" to generate a cryptographic proof demonstrating the validity of a statement or computation.

proof size

Definition ∞ This refers to the computational resources, typically measured in terms of data size or processing time, required to generate and verify a cryptographic proof.

verification time

Definition ∞ Verification time refers to the duration required to confirm the validity of a transaction or a block of data within a blockchain or distributed ledger system.

decentralized

Definition ∞ Decentralized describes a system or organization that is not controlled by a single central authority.

Tags:

Tags: