An approximate introduction to how zk-SNARKs are possible

zk-SNARKs ("zero knowledge succinct arguments of knowledge").

A zk-SNARK allows you to generate a proof that some computation has some particular output, in such a way that the proof can be verified extremely quickly even if the underlying computation takes a very long time to run.

The "ZK" ("zero knowledge") part adds an additional feature: the proof can keep some of the inputs to the computation hidden.

In the context of blockchains, this has two very powerful applications:

1.Scalability: if a block takes a long time to verify, one person can verify it and generate a proof, and everyone else can just quickly verify the proof instead
2.Privacy: you can prove that you have the right to transfer some asset (you received it, and you didn't already transfer it) without revealing the link to which asset you received. This ensures security without unduly leaking information about who is transacting with whom to the public.

Why ZK-SNARKs "should" be hard

Fiat–Shamir heuristic

It only takes one deliberately inserted error, that a random check would almost never catch, to make a computation give a completely incorrect result.

//Errorが1個でもあると全体に影響が出てしまう。どのようにverifierが1つ1つをcheckしないで全体でそのerrorを検出できるか

If tasked with the problem of coming up with a zk-SNARK protocol, many people would make their way to this point and then get stuck and give up.
How can a verifier possibly check every single piece of the computation, without looking at each piece of the computation individually? But it turns out that there is a clever solution.

Polynomials

12 + 1 = 13
10 + 8 = 18
15 + 8 = 23
15 + 13 = 28

C(x)= 5X + 13

Comparing a polynomial to itself

F(x+2) = F(x) + F(x+1) within the integer range {0, 1...98} {F(100) would be the 100th Fibonacci number}. https://en.wikipedia.org/wiki/
F(x+2) - F(x+1) - F(x) would not be exactly zero, as it could give arbitrary answers outside the range x ={0, 1...98}

Polynomial P is zero across some set S ={x1,x2...Xn} P(x) = Z(x) * H(x) , where Z(x) = (x - x1) * (x - x2) ... (x - Xn) and H(x) is polynomial

any polynomial that equals zero across some set is a (polynomial) multiple of the simplest (lowest-degree) polynomial that equals zero across that same set.