 Welcome to this teaser talk for our vapor counter vampires from univariate. Some check to update the bozika snark. My name is Jan Noseem and this is a joint work with Helger Lippema and Mihal Zayans. Let's start with a bit of motivation. In this work, we will focus on efficient zero knowledge arguments. This means we want to prove something without leaking any other information. Applications for this are well known. For example, private group occurrences, which are very popular right now. Electronic voting, when you try to prove that, let's say, the tally is computed correctly, delegation of computation, and so on. The model that we'll be using is the following. We have a prover, we have a verifier, and we have a trusted third party. So, a prover knows the statement, which is public and some secret witness. Verifier knows only the statement, and then the trusted party generates a structured reference string for prover and verifier, and using this, it's possible to generate a proof. And then verifier will either accept or reject the proof. In particular, we will look at Zika Snarks. These are zero-knowledge, succinct, non-interactive arguments of knowledge. Here, prover has X and W, which he claims isn't as some relation are. X is public, W is private, and we require the following. Knowledge sounds, meaning that prover succeeds knows the witness, and we have zero-knowledge, which means that only information that is leaked is that X and W satisfy the relation. And finally, we want succinctness, which means that the proof size is sublinear in the size of the statement and the witness. There's a big problem, however, with the generation of the SRS, because we cannot have a trusted party in most applications. It is possible to have a transparent common reference string, which means that you don't have to put any trust in the setup, but you also lose some efficiency by doing that. So that's why ideally, you want a distributed SRS generation so that you only have to trust some of the generators of the SRS, but not all of them. There are two good notions here. One is universal SRS, which means that the same SRS can be used for all relations, at least up to some size. And in that case, we can use, we can generate SRS once, and we can use it again and again. And secondly, we have a notion of updateability, which means that we have a very nice SRS generation protocol, where the first party can generate SRS, everyone else can verify this, and then the second party can update it, the third party can update it, and so on, until we get the final SRS. And this can now be securely used as long as one of the parties was honest. So let's get to our result. We construct the shortest universal and updateable CKS-NARC. So as we see from this table, only CKS-NARC known so far, which is more, besides the shorter group, is 16 CKS-NARC, but that is non-updateable and non-universal, so it's lot less inconvenient to use in practice. Additionally, we also achieve prover and verifier, which are competitive in runtime, to other updateable and universal CKS-NARCs, but we have to have a more complicated structured reference string, but still luckily it's updateable and universal. So how do we achieve this? We take two already known CKS-NARCs, Lunar and Marlin, and take some ideas from there, and then we add a new subject argument that we call count, a new polynomial patching technique, and lots of small optimization. And with each optimization, we will see that there's a trade-off between proof size and progress computational SRS size. Thank you for listening. I hope to see you in our full talk.