Research

Linear-Time Prover SNARK with Constant Proof Size Achieves ZKP Optimality

Samaritan introduces a multilinear polynomial commitment scheme that achieves the theoretical optimum: linear prover time and constant proof size for scalable verifiable computation.
November 16, 20253 min

A white, spherical technological core with intricate paneling and a dark central aperture anchors a dynamic, radially expanding composition. Surrounding this central element, blue translucent blocks, metallic linear structures, and irregular white cloud-like masses radiate outwards, imbued with significant motion blur
The image prominently displays multiple blue-toned, metallic hardware modules, possibly server racks or specialized computing units, arranged in a linear sequence. A striking blue, translucent, gel-like substance flows dynamically between these components, while white, fibrous material adheres to their surfaces

Briefing

The core challenge in Zero-Knowledge Proofs is the fundamental trade-off between prover efficiency and verifier succinctness, which prevents the practical scaling of complex on-chain computation. This research resolves the dilemma by proposing Samaritan , a novel SNARK system built upon a new multilinear Polynomial Commitment Scheme (PCS) called SamaritanPCS. The foundational breakthrough is achieving an optimal complexity profile where the prover time is linear in the circuit size while maintaining a constant-size proof, a combination previously considered a major theoretical hurdle. This new cryptographic primitive directly enables the deployment of truly scalable, privacy-preserving Layer 2 architectures that can verify massive computations with minimal on-chain cost.

A futuristic metallic device, possibly a satellite or specialized node, is partially submerged in a calm body of water. From its lower section, a vigorous stream of bright blue liquid, intermingled with white foam, forcefully ejects, creating dynamic ripples and splashes on the water's surface

Context

Prior to this work, most practical SNARKs required either super-linear prover time or produced proofs whose size grew logarithmically with the computation size, compromising one of the key properties of succinctness. The theoretical ideal → linear prover time, constant proof size, and constant verification time → was a known benchmark, but existing systems like PLONK or Spartan required compromises, particularly in the prover’s computational or memory overhead for large statements. This fundamental trade-off limited the size of computations that could be economically verified on a decentralized ledger.

The image displays a high-tech modular hardware component, featuring a central translucent blue unit flanked by two silver metallic modules. The blue core exhibits internal structures, suggesting complex data processing, while the silver modules have ribbed designs, possibly for heat dissipation or connectivity

Analysis

Samaritan’s core mechanism, SamaritanPCS, fundamentally differs by using a new algebraic structure for committing to and opening multilinear polynomials. The scheme leverages advanced techniques to encode the computation into a low-degree multilinear polynomial, which is a standard approach. The innovation lies in the commitment and opening procedure, which is specifically engineered to reduce the proof size to a constant number of group elements, independent of the size of the committed polynomial. Simultaneously, the prover’s operations are structured to scale only linearly with the number of gates in the circuit, achieving $O(N)$ complexity for a circuit of size $N$, a significant practical improvement over systems with higher asymptotic complexity.

A high-tech device displays a transparent, blue, looping structure, with intricate digital patterns glowing within. A central component emits a bright blue circular light, anchoring the internal visual complexity

Parameters

  • Prover Complexity → $O(N)$ field operations. (Prover time scales linearly with circuit size $N$).
  • Proof Size → $O(1)$ group elements. (The size is constant, independent of circuit size).
  • Verification Time → Logarithmic in circuit size. (The verifier remains highly efficient).

The image presents a detailed, angled view of an intricate mechanical system, dominated by a vibrant blue conduit gracefully traversing a network of metallic and dark grey components. Prominent silver plates, secured by visible bolts and featuring a central circular aperture, highlight the precision engineering involved

Outlook

This breakthrough immediately opens new avenues for ZKP-enabled decentralized applications, particularly those requiring massive off-chain computation like verifiable AI model execution or private data analytics. In the next 3-5 years, this new class of optimal SNARKs will become the foundational layer for high-throughput, privacy-preserving rollups, fully resolving the computational bottleneck that currently constrains Layer 2 scaling and accelerating the transition to a verifiable web.

The Samaritan SNARK establishes a new theoretical and practical benchmark for zero-knowledge proofs, fundamentally redefining the efficiency frontier for verifiable decentralized computation.

Zero knowledge proofs, Succinct non-interactive argument, Multilinear polynomial commitment, Constant proof size, Linear time prover, Verifiable computation, Cryptographic primitive, Scalable blockchain architecture, Proof system efficiency, Optimal complexity profile Signal Acquired from → iacr.org/eprint

Micro Crypto News Feeds

multilinear polynomial commitment

Definition ∞ A multilinear polynomial commitment is a cryptographic scheme that allows a prover to commit to a multilinear polynomial and later reveal its evaluations at specific points.

constant proof size

Definition ∞ Constant proof size refers to a cryptographic proof system where the size of the proof remains fixed regardless of the complexity or quantity of computations being verified.

computation

Definition ∞ Computation refers to the process of performing calculations and executing algorithms, often utilizing specialized hardware or software.

prover time

Definition ∞ Prover time denotes the computational duration required for a "prover" to generate a cryptographic proof demonstrating the validity of a statement or computation.

proof size

Definition ∞ This refers to the computational resources, typically measured in terms of data size or processing time, required to generate and verify a cryptographic proof.

verification time

Definition ∞ Verification time refers to the duration required to confirm the validity of a transaction or a block of data within a blockchain or distributed ledger system.

decentralized

Definition ∞ Decentralized describes a system or organization that is not controlled by a single central authority.

Tags:

Tags: