Idea: User Defined Circuits

So currently Zcash ZKPs circuit is mainly used to prove the user has knowledge of a private key. In Zcash wouldn’t a smart contract simply be a user defined circuit? And now that we have halo 2 (recursion) can’t the on-chain user defined circuit simply verify (recursively) that the user ran an more complex application locally?

In practice would this also make QEDIT’s task of supporting ZSAs simply a matter of deploying the new circuit on-chain. Maybe we should ask QEDIT about this when they are done (@LeCryptoMath) :joy:.

Doesn’t this also solve @zooko’s concerns about forking? Nobody would need to ever fork Zcash they could simply just deploy their new circuit :thinking:.

It is true but it is quite an oversimplification of what was achieved by zcash. Yes, anyone could write halo circuits but not everyone can. I suggest you try your hands on implementing a smart contract. For example a sudoku verifier. It is the classic beginner project of zkp.

1 Like

This is effectively the “pay to verification key” idea that was floated in 2016-17. See this thread (and links therein):


@str4d nice! So my understanding is pay-to-verification-key is, at least in the first instance, describing a way to associate a note to a “circuit”? I’m guessing initially that was referring to embedded/native circuits? But I’m sure that could be extended to user deployed circuits too (with a little more work of course)?

Is this still viable? I imagine the benefits outweigh the cons but I guess it’s simply a question of priorities right? Would anyone be on board to try prioritising this?