To build the project I mentioned in this topic I started learning about zk-SNARKs. One of the things I seem to understand is that the ECDSA signature scheme and the SHA-3 hash (formerly known as Keccak) don’t play well with zk-SNARKs because they result in massive circuits. IIUC, EdDSA with certain curves and the Poseidon hash fare much better in that regard, with circuits that could be hundreds of times smaller.
Hashing and verifying signatures are very common use cases in Solidity smartcontracts, but Solidity uses SHA-3 for hashes and AFAIK all Ethereum wallets are based on ECDSA. Does that mean that all Solidity smartcontracts are inherently hard to prove in zk-SNARKs? If so, how did Polygon zkEVM solve that problem? What zk-SNARK scheme does it use (Groth16 / PLONK / PLONKish / Halo2 / other) ?
