*Bounty: 50*

*Bounty: 50*

I am currently trying to implement a proof of knowledge of the preimage to a public hash image using different zkp system implementations.

There are a lot of examples that do exactly this (see this question for some further reference). But: All of these have a fixed input size to the hash function (often two times 256-bits to do merkle tree proofs). Now while this is very convenient for examples, I would like to allow the preimage to be variable in length.

I have some questions on this:

- Is a variable length input possible in zkSNARKs, where the verifier and prover keys have to be calculated beforehand? Can I create a prover key that permits arbitrary input lengths? To my understanding this is not possible and the prover would have to reveal the preimage length before the trusted setup.
- In Bulletproofs I have to split up the preimage into 32 byte chunks, represent them as scalars and commit to each. Is there a way to avoid a linear amount of commitments to the size of the preimage?