疑難雜症萬事通
在網路上遇到任何問題都可以在這邊找找看唷

Search

關於 zero-knowledge proof ,我們在網路上蒐集到這些相關的討論、資訊與評價

相關標籤 相關照片 相關影片
在zero-knowledge proof這個產品中,有14篇Facebook貼文,粉絲數超過3,460的網紅Taipei Ethereum Meetup,也在其Facebook貼文中提到, 📜 [專欄新文章] Unirep介紹: 使用ZKP的評價系統 ✍️ Ya-Wen Jeng 📥 歡迎投稿: https://medium.com/taipei-ethereum-meetup #徵技術分享文 #使用心得 #教學文 #medium Unirep是什麼? 怎麼用? Photo b...
 同時也有1部Youtube影片,追蹤數超過28萬的網紅城寨 Singjai,也在其Youtube影片中提到,「技安的未來世界」 主持:Bonnie、劉細良 題目:《Bitcoin與人類貨幣演進史 Zero Knowledge Proof 加密貨幣私隱問題解決方案》 逢星期六 9:00 ~ 10:00 pm (逢星期四 7:00 ~ 8:00 pm Patreon首播) 支持城寨Patreon ht...

zero-knowledge proof 在 Taipei Ethereum Meetup Facebook 的最佳貼文

Taipei Ethereum Meetup By Taipei Ethereum Meetup

2021-08-30 21:53:50 有 9 人按讚
  • Share this:

📜 [專欄新文章] Unirep介紹: 使用ZKP的評價系統

✍️ Ya-Wen Jeng

📥 歡迎投稿: https://medium.com/taipei-ethereum-meetup #徵技術分享文 #使用心得 #教學文 #medium

Unirep是什麼? 怎麼用?

Photo by Raphael Lovaski on Unsplash

UniRep 是一個使用零知識證明(Zero-knowledge Proof)而達到具有隱私保障的評價 (reputation) 系統。使用者有權利享有多個暫時性的身份,但又同時能提出證明,讓其他人可以驗證評價是否符合自己宣稱的數量。此外,使用者也無法拒絕接收對自己不利的評價。

想像一個情境:如果Alice是Airbnb的使用者,Alice常常透過Airbnb租房,且Alice曾經獲得獲得許多Airbnb房東的好評;有一天Alice想透過Booking.com訂房,http://xn--alicebooking-kt4so6lvyab96x7trhi5b54x.com/,所以在Booking.com上沒有任何評價,萬一Booking.com的房東不想把房子租給來路不明的客人,那Alice要如何向Booking.com的房東證明她其實都是用Airbnb租房,且獲得許多好評?

Alice雖然可以透過截圖或公開自己的資訊向Booking.com的房東證明自己擁有這些好評,但這樣Alice的隱私或許會被洩漏,例如Alice不想讓Booking.com的房東知道自己去過哪些地方、住過哪些民宿;或者Alice有可能偽造截圖,或者偽造評價,那Booking.com的房東要如何相信Alice所提供的證明文件是真的來自Airbnb的房東?除此之外有沒有更彈性的方式,Alice可以選擇性地向Booking.com的房東證明,自己至少有10個好評,但不透露自己總共有多少好評?

Photo by Andrea Davis on Unsplash

使用Unirep協定就可以解決這個問題。UniRep 取名自 Universal Reputation,希望透過區塊鏈上智能合約的可互用性 (interoperable,指智能合約容易被多方呼叫且容易透過智能合約與對方互動),讓不管是Airbnb的房東、Booking.com的房東或是Alice都能很容易地透過Unirep的智能合約與對方互動,且透過零知識證明的方式,讓Alice的評價具有隱私的保障,Alice不用明確地向Booking.com的房東說這些評價是怎麼獲得、是什麼時候獲得,也可以彈性的證明自己至少有多少好評,或者最多有多少差評。

密碼學

Unirep主要用到的密碼學方法有

雜湊函數 hash:若有一個雜湊函數 f(x) = y 則由x可以很輕易的用f算出y,但從y推回x是幾乎不可能的,且要找到兩個不同的x對應到相同的y也是幾乎不可能的(沒有碰撞問題)。

零知識證明 zero-knowledge proof:可以將複雜的運算邏輯轉成容易驗證且具有隱私保障的驗證問題,使用者只要將變數輸入,這個零知識證明的演算法就會產生對應的證明且計算出對應的結果,使用者只要將此證明和運算結果輸入驗證的程序中,其他人就能驗證使用者是不是提出正確的證明,若驗證成功,則驗證者就能相信提出證明者高機率擁有正確的知識,也就是在計算證明時的輸入變數。

ZKP Proof System

ZKP Verification System

Semaphore:semaphore 是設計為可以用零知識證明驗證的身份認證系統。Unirep 中用來產生私鑰 (identity) 和公鑰的 hash 值(identity commitment),讓使用者不必公開 identity 仍能透過零知識證明驗證其公私鑰的對應性。

雜湊樹 Merkle trees:Unirep 中大量運用雜湊樹的方式確保評價紀錄,而其中用到的雜湊樹又分兩種:Incremental merkle tree 和 Sparse merkle tree

Incremental merkle tree: 從 index 0 開始依序插入雜湊樹中的樹葉。為了使 ZKP 的 circuit 大小固定, Unirep 中使用固定高度的 Incremental merkle tree。

Sparse merkle tree: 在特定的 index i 插入樹葉

Incremental merkle tree and sparse merkle tree

UniRep中用到的名詞定義

Epoch

指一段特定的時間,例如7天

UniRep 的 Epoch 從 1 開始計算,7天過後Epoch數加一,即 Epoch 變為 2

Epoch Key

每個使用者在每個 Epoch 都能產生 n 把 Epoch key,用來收取評價 epoch_key = hash (id, epoch, nonce)

id: 這裡指用 semaphore 產生的 identity

epoch: 表示這是在第幾個 epoch 產生的 epoch key

nonce: 若 Unirep 規定使用者能在一個 epoch 產生 5 把 epoch key,則使用者可以選從 0 到 4 為此 nonce

因為雜湊函數的性質,算出來的 epoch key 很難推回原本的 id, epoch, nonce, 所以看到 epoch key 並不能推回使用者是誰。

以Alice為例,當Alice住完Airbnb,房東會透過 epoch key 給予 Alice 評價,但房東無法知道 Alice 在同個 epoch 的其他 epoch key 是哪一把,也無法知道 Alice 在別的 epoch 獲得的評價,除非 Alice 在這個 epoch 重複使用同一把 epoch key 收取評價。

User 使用者

用 semaphore 產生 identity 並使用此 identity 註冊的使用者

使用者是接收評價、證明評價、或是花費評價的人,用 epoch key 跟其他人互動,因為 epoch key 會隨著 epoch 增加而改變,所以對使用者來說每個 epoch 能產生的 epoch key 都不同,具有保護隱私的效果。

在上面的例子中使用者指的是 Alice, Bob, Airbnb 的房東, Booking.com的房東

Attester 證人

用 Ethereum address 或 smart contract address 註冊的用戶

是會被使用者記錄下來的評價給予者

Unirep 會給這些 address 一個 attester ID,而這個 attester ID 不會隨著 epoch 增加而改變,使用者可以知道這個評價是來自哪一個 attester。

在上面的例子中指的是 Airbnb 跟 Booking.com,因為 attester ID 不變,所以使用者可以證明這些評價是來自於 Airbnb 或是 Booking.com

User State Tree (UST)

是一 Sparse merkle tree

每個使用者都有自己的 User State Tree,其中樹葉表示所收到的評價的hash值,而葉子的 index 表示 attester ID,UST 樹葉的定義為

USTLeaf = hash(posRep, negRep, graffiti)

例如 Airbnb 的 ID 是1,Booking.com 的 ID 是 3,那 Alice 的 User State Tree 中 index 為 1 的地方會有自己在 Airbnb 獲得的總評價的 hash 值,而 index 為三的地方則為空的評價。另一個使用者 Bob 的 User State Tree 亦同,在 index 為 1 的地方會有自己在 Airbnb 獲得的評價,在 index 為 3 的地方會有自己在 Booking.com的評價。

Global State Tree (GST)

是一固定樹高的 Incremental merkle tree

Global State Tree 的葉子到樹根都是公開的資訊,當有使用者註冊或者更新 User State Tree 時會在 Global State Tree 裡新增一個新的樹葉,GST 樹葉的定義為:

GSTLeaf = hash(id, USTRoot)

先送出的樹葉先插入到較前面的 index,之後的樹葉依序插入 GST 中。

以 Alice的例子來說,當 Alice跟 Bob註冊 Unirep時,都會產生一個 GST的樹葉,更新 GST的樹根,若 Alice先註冊,則 Alice的 index會較 Bob前面。注意,這邊的 Airbnb 和 Booking.com 等 attester 並不是用這棵 Global State Tree註冊。

Epoch Tree

是一個 Sparse merkle tree

Epoch Tree 跟 Global State Tree 一樣從葉子到樹根都是公開的資訊,Epoch Tree 中樹葉的 index 為 epoch key,而樹葉的值為該 epoch key 的 sealed hash chain

每個 epoch key 都有一個 hash chain,hash chain 的定義為

hashedReputation = hash(attestIdx, attesterID, posRep, negRep, graffiti)hashChain[epochKey] = hash(hashedReputation, hashChain[epochKey])

此 hash chain 是為了防止使用者漏收了哪一筆評價,如果使用者少收了其中一筆評價,則 hash chain 的結果會完全不同。最後驗證時如果其中一個 epoch key 的 hash chain 改變,會造成 epoch tree 樹根跟原本的 epoch tree 的樹根不同。

而 Sealed hash chain 是在每個 epoch 結束後,Unirep 智能合約會再將這條 hash chain 再 hash 一次

sealedHashChain[epochKey] = hash(1, hashChain[epochKey]) isEpochKeyHashChainSealed[epochKey] = true

需要再把這條 hash chain 封起來的用意是,避免這把 epoch key 過了這個 epoch 之後再繼續接收評價,所以 epoch tree 會用這個 epoch key 最後的 sealed hash chain 去計算樹根。

Nullifier

中文翻譯為註銷符,當我們要防止一件事情重複發生時,就可以使用這個 Nullifier

Unirep 中使用到 Epoch key nullifier:此 nullifier 是用來限制使用者不能在不同的 epoch 使用重複的 epoch key 去收取評價,也不能被其他使用者使用;此外也可以用來檢視使用者是否重複執行 UST 的更新

Nullifier 也用 hash 計算,但多使用一個 domain 變數,避免與 epoch key 產生相同的 nullifier 而洩露自己擁有的 epoch key,也可以用不同的 domain 產生不同用途的 nullifier

epochKeyNullifier = hash(EPOCH_KEY_DOMAIN, id, epoch, nonce)

Epoch Transition

一個 epoch 結束過後,要透過 epoch transition 的步驟,更新 Unirep 及使用者的狀態

其中要做的事包含將智能合約上的 epoch 數加一,還有將所有 epoch key 的 hash chain 封起來

接著使用者就可以執行 User State Transition 更新自己的 UST

User State Transition

到下一個 epoch 後,使用者可以透過自己的 identity,找出自己在前一個 epoch 所有的 epoch key,並根據每把 epoch key 收到的評價更新到自己的 UST,最後計算出最新的評價狀態,產生一個 GST的樹葉,插入 GST 中 (如同註冊時一樣)。

使用者之後如果要花費評價或者產生下一個 epoch 的 epoch key 時,因為必須確認自己的 UST 在當前的 epoch,所以需要經過 User State Transition 確保自己有一個 GST 的樹葉在 GST 中。

Unirep 協定

有了 Unirep 的名詞定義後,接著介紹 Unirep 是如何運作的。

註冊

Unirep 的 user 和 attester 的註冊方式不同:

User signup and attester signup in Unirep

User

User 透過 semaphore 產生 identity 和 identity commitment,identity 就如同私鑰,identity commitment 就如同公鑰

將 identity commitment 和預設的 UST 樹根經由 hash 計算得 GST 的一個樹葉

若使用者要證明自己在某個 epoch 有註冊或者有更新自己的 UST,則證明自己是 GST 的某一個樹葉,利用零知識證明的方法,輸入 identity、UST 樹根,還有 merkle tree 中要計算 hash 值的相鄰節點,則最後可得到一個 GST 的 root,其他人可以驗證這個 GST 的 root 是否符合這顆公開的 GST。

Attester

Attester 則是用自己的錢包,或者用智能合約的地址註冊,呼叫 attester sign up 的 function 後,Unirep 會指定一個 attester ID 給這個地址,往後 attester 用相同錢包或合約地址給予評價時,Unirep 會檢查此地址是否被註冊,若有註冊則可以給予 epoch key 評價。

以 Alice 和 Bob 為例,Alice、Bob、Airbnb的房東、Booking.com的房東會產生 identity 並且透過 Unirep 合約用 user 的註冊方式獲得一個 GST 的樹葉代表自己;
而 Airbnb 和 Booking.com 會透過 attester 的註冊方式,使用特定的錢包地址或是撰寫智能合約呼叫 Unirep 的 attester sign up function。
當然 Alice 或 Bob 如果想用自己的錢包註冊為 attester 也是可以,這時合約就會紀錄 Alice 和 Bob 的錢包地址,並給予一個新的 attester ID。

給予評價

在 Unirep 中評價的接收者是 epoch key,接著介紹 user 和 attester 是如何互動。

How an attester gives reputation to an epoch key

Alice 在 Unirep 註冊過後,就可以產生 epoch key 接收評價

epochKey = hash(identity, epoch, nonce)

但 Airbnb 的房東看到這把 epoch key,要如何知道 Alice 確實是 Unirep 的合法使用者,且 epoch key 的 是合法的,例如 nonce 小於 5,或者 epoch 是當前的 epoch?

如果 Alice 直接提供 epoch 和 nonce,別人沒有 identity 也無法計算此 epoch key,更不用說如果 Alice 提供 identity 會造成 Alice 完全沒有隱私可言,所有人都可以計算出 Alice 收過哪些評價。

因此我們用一個零知識證明,證明此 epoch key 是合法的。細節請參考 epoch key proof,主要是證明使用者有一個合法的 GST 樹葉在 GST 中,並且 epoch 和 nonce 也都符合。

房東得到 Alice 提供的 epoch key 和 epoch key 的證明,並且透過 Unirep 的合約驗證通過之後,就可以給予評價。

獲得空投評價、使用者可以給予評價的限制可以由各個應用自行定義,例如 Airbnb 可以決定空投 30 個正評給使用者, Booking.com 可以決定空投 20 個正評給使用者。

另外,為了確認房東也是合法的使用者,也為了防止房東重複花費 (double spending) 自己的評價點數,Unirep 上的應用也可以用 reputation nullifier 及其 proof 去證明使用者合法使用自己的評價。

例如,此 reputation nullifier 可以用下列計算方式取得:

reputationNullifier = hash(REPUTATION_DOMAIN, id, epoch, nonce)

當 reputation nullifier 及 proof 產生後,就會與房東要給的評價一起發送到 Airbnb 的智能合約上,智能合約會驗證 proof 是否合法,nullifier 是否有被發送過,若檢查都通過的話則 Unirep 會紀錄此評價給 epoch key,並將 hash chain 更新。

接收評價

使用者即使可以證明自己擁有哪一把 epoch key 並且大家都知道這把 epoch key 有多少評價,但這有可能造成使用者故意忽略其他把 epoch key 中對自己不好的評價,因此 Unirep 限制使用者只能在每個 epoch 結束,每把 epoch key 都封起來之後,才能用 User State Transition 更新自己的評價。

User State Transition in Unirep

這裏也是用 User State Transition Proof 去保證使用者是根據正確的方式計算出最新的 UST,且用 epoch tree 限制使用者必須處理每一把 epoch key 的結果。

亦即,需要等到 epoch 結束後,Alice 才能透過 User State Transition 獲得 Airbnb 房東的評價,更新自己的使用者狀態。

證明評價

當使用者通過 User State Transition 之後會有最新的 UST 狀態,此時 Alice 就可以透過 reputation proof 向 Booking.com 她有來自 Airbnb 的評價,在reputation proof 中檢查使用者是否有其宣稱的 UST (例如總共有多少好評、多少差評來自哪一個 attester ID),並且此 UST 的狀態儲存在當前 epoch 的 GST 中。

在生成 reputation proof 時,即使 Alice 總共有 100 個好評,但 Alice 仍可以產生「至少有10個好評」的證明,Booking.com 的房東若驗證成功,則只能知道 Alice 宣稱的「至少有 10 個好評」而不能知道 Alice 總共有 100 個好評。

常見問題

Alice 能不能給 Airbnb 的房東評價? Alice 能不能給 Bob 評價?

可以。

Airbnb 的房東和 Bob 也都能產生 epoch key,因此如果 Alice 有兩者的 epoch key 及合法的 proof 則可以給予評價。此時 Alice 可以選擇透過 Airbnb、Booking.com、或甚至自己的 Ethereum account 當作證人給予評價 (也必須選擇一個證人)。

Alice 可以透過 Unirep 給 Airbnb 評價嗎?

如果 Airbnb 也透過 Unirep 註冊為使用者,並且產生 epoch key 的話就可以。但如果 Airbnb 只註冊為證人的話不行。

Alice 可以證明評價來自哪一個 Airbnb 房東嗎?

如果 Airbnb 的房東沒有註冊為證人,則 Alice 不能證明評價來自哪個房東。

若 Airbnb 的房東用自己的 Ethereum account 註冊為證人,則 Alice 只能證明評價來自這個 Ethereum account,但無法知道這個 account 是一個 Airbnb 的房東。

從 Airbnb 獲得的評價可以在 Booking.com 花費嗎?

需看 Booking.com 的智能合約如何定義,但一般來說不行,因為 attester ID不同,但未來可能會開發各個應用程式之間的兌換評價功能。

如果遲遲不執行 User State Transition 會發生什麼事?會不會收不到之前的評價?

若 Alice 在第一個 epoch 註冊,並在第一個 epoch 產生 epoch key 接收評價,但 Alice 到第五個 epoch 才執行 User State Transition,那 Alice 會根據第一個 epoch 的 GST、epoch tree 執行 User State Transition,因此仍然可以在第五個 epoch 收到來自第一個 epoch 的評價;而在第二到第四個 epoch 因為 Alice 無法產生出合法的 epoch key proof,因此無法接收評價。

User State Transition 可以自動執行嗎?

不行。

只有使用者主動給出私鑰,即 semaphore 的 identity,才可以產生合法的 User State Transition proof,若將私鑰交給第三方幫忙執行可能會侵害使用者的隱私。

結論

Unirep 是一個具有隱私保障的評價系統,透過 ZKP 的保護使用者可以在匿名的情況下收取評價、給予評價、並且向他人證明自己的評價。Unirep 可以用於跨應用程式間的評價證明,可以在 A 應用程式中獲得評價,並向 B 應用程式證明在 A 應用程式中獲得多少評價。若想了解更多有關 Unirep ,可以參考 Github、文件或加入 telegram 群組討論。

本文感謝 CC, Nic, Kevin, Doris 協助審稿。

Unirep介紹: 使用ZKP的評價系統 was originally published in Taipei Ethereum Meetup on Medium, where people are continuing the conversation by highlighting and responding to this story.

👏 歡迎轉載分享鼓掌

Tags:
Taipei Ethereum Meetup

About author
We have regular meeting twice per month on discussing blockchain technology, smart contracts and DApps development! We would love to have you join us!
3460 followers 3097 likes "https://www.meetup.com/Taipei-Ethereum-Meetup/"
View all posts

zero-knowledge proof 在 Taipei Ethereum Meetup Facebook 的精選貼文

Taipei Ethereum Meetup By Taipei Ethereum Meetup

2021-06-21 17:57:20 有 6 人按讚
  • Share this:

📜 [專欄新文章] Scaling Ethereum 參賽心得

✍️ Johnson

📥 歡迎投稿: https://medium.com/taipei-ethereum-meetup #徵技術分享文 #使用心得 #教學文 #medium

Scaling Ethereum 是一場由 ETHGlobal 所舉辦的線上黑客松,也是我第一次參加與以太坊有關的黑客松活動,這篇文章就來分享一人參賽的過程與心得。

源起

一開始是在 telegram 群組中得知這場比賽的消息,因緣際會之下剛好有人想組隊參賽,於是就在報名截止的前一天一起跟著報名了。

報名的方式除了填一些基本資料外,最特別的是還要 stack 以太幣,也就是要傳送 0.01 顆以太幣給主辦方,規則是必須在比賽的最後,有提交作品的人才能贖回 0.01 顆以太幣,之後看到 meme 頻道有人留言:

When your project is incomplete but you submit to get back stake.

一方面,這確實也會激勵你好好把比賽完成,就算沒做完也要有些成果上去,這也是主辦方秉持的精神,他們認為大家來黑客松相互學習成長,競賽獎金則是其次。

獎金

比賽方式是由 25 個左右的贊助者(sponsor)分別提供獎金,每個 sponsor 都有錄製一段影片,說明怎麼獲得他們的獎金,大部分會要你使用他們開發的工具,或者必須跟 sponsor 在做的研究有關,去實作出創新的作品。可參考:Prizes — Scaling Ethereum

你的專案可以選擇要投入哪個 sponsor 的獎金,一個專案可以投入多個 sponsor 底下,這樣獲獎機會也會比較高。

我選擇的 sponsor 是 zkSync,他們的說明如下:

zkSync is a user-centric zkRollup developed by Matter Labs. It uses zero-knowledge proofs to keep data availability on mainnet to achieve exponentially lower transaction costs. You may have seen us powering projects such as payments and Gitcoin Grants. We are currently rapidly developing zkSync 2.0, which will feature EVM-compatibility in testnet May 2021, soon followed by zkPorter, our new exponential scalability solution.

PrizeszkSync will be awarding their Prizes as follows:
- 1 winner — 4,000 USDC
- 2 winners — 2,000 USDC
- 4 winners — 500 USDC

We encourage builders to utilize zkSync SDK’s, implemented in JavaScript/Typescript and Rust. Prizes will be awarded to projects that make it simpler and easier for non-technical users to use zkSync, other ideas include integrations of current tools such as in Gitcoin Grants and tools for easy mass payments and multi-sigs.

社群互動

這個 hackathon 很棒的地方是他把使用者體驗做的很好。每個人都會有自己的 dashboard 顯示目前專案的進度和一些訊息。

Check-In #1 和 Check-In #2 的階段會要你提供專案的構想,你隨時都可以修改。主辦方會看你提交的資訊,幫助你找到適合的 sponsor,或是給你一些建議,就算是一人參賽也能感受到回饋。

整個賽程期間,社群都是使用 discord 在互動,discord 裡頭有很多頻道,像是基本的大會報告的頻道,或是一些不重要的迷因、閒聊頻道都有。

每個 sponsor 也都有自己的頻道,我就會在 sponsor-zksync 的頻道詢問技術的問題,例如我想問問 zkSync 一些關於專案構想的意見:

Hi there, I want to build a gas fee relayer which make my ERC-20 token transfer without transaction fee, to be more precise, delegating gas payment by another party. I think this is done by GSN https://opengsn.org/ , but maybe it could built on L2 with zkSync? I’m not sure, could somebody give me some advice about this topic?

zkSync 團隊的人回應我:

This is an amazing idea! This can totally be built, as we support batching transactions which can be used for all kinds of creative things such as paying for transaction fees in an erc-20 token. Your idea seems like a combination of that and the gitcoin grants integration. To get started, I suggest you watch the short 10 minute presentation I made on using the SDK and batching. Looking forward to your project!!

在 Check-In #2 的時候,我提交新版的專案構想,有一個欄位是問:「目前專案遇到什麼阻礙?」我的問題應該是被主辦方貼給 zkSync 的團隊,於是 zkSync 的團隊成員就用 discord 私訊我,貼了一些程式碼教我怎麼使用他們的 Javascript SDK,這突如其來的救援也幫了大忙。

除此之外,主辦方每個禮拜都會寄 email 通知一些重要的活動,賽程期間舉辦了四個 Summits 研討會,邀請世界各地有名的以太坊開發者分享議題,主辦方還有一個自己的 TV 網頁,直播所有的線上活動。這些活動都有錄影,可以在 youtube 看到過去所有的演講內容:https://www.youtube.com/c/ETHGlobal/videos

因為我的作品是使用 zkSync 的 Javascript SDK 製作的,好像也只能投稿 zkSync 作為獎金的 sponsor,不過主辦方在最後一個禮拜,也寄 email 告訴我說可以多投稿不同的 sponsors 看看,他依據我的專案構想給我一些適合的 sponsors 作為參考。

不過最後我還是只投稿了 zkSync,有點懶著再看其他 sponsors 的文件,也覺得其他 sponsors 的題目需要花比較大的功夫才能完成,一個人能力有限,就做點簡單的東西就好。

關於我的專案 — Gas Relay Service

在以太坊的世界,每一筆交易都需要額外付一筆交易費,也就是以太坊的 gas fee。

我的專案是讓「收款人」能夠幫「付款人」支付以太坊的手續費。

在黑客松之前,我就想研究「第三方支付手續費」的議題,因此我大部分時間其實都在研究一般的 meta-transactions 是怎麼實作的,有興趣的人可以看看 simple meta-transactions 的原始碼:https://github.com/chnejohnson/simple-meta-transaction

之後我才開始玩 zkSync 的 SDK,並研究怎麼在 Layer 2 實現第三方支付手續費的問題,以下就附上作品連結以及簡單的專案介紹給有興趣的人參考:https://showcase.ethglobal.co/scaling/gas-relay-service-on-zksync

The target is that token sender can choose to find another account to pay for fee. The another account can be (1) the token receiver’s account, (2) sender’s another account, (3) third party’s account.

In this project, I finished the demo, which is the (1) above, that receiver pay gas fee for the sender.

有趣的是,我在研究 meta-transactions 時學到很多智能合約的寫法,結果在最後專案上都沒用到(沒寫到合約的程式),zkSync Javascript SDK 其實很簡單,他們的文件寫得很清楚。最後 Demo 還是用 zkSync 團隊的成品修改來的…XD。

所幸在沒有懂太多技術的前提下完成了這場黑客松的專案,成功贖回了 0.01 顆以太幣。

評審與決選

整個賽程來到最後一個禮拜,主辦方安排兩天的時間進行 Judges,使用 zoom 進行線上研討會,一個人基本上是 7 分鐘,前 4 分鐘播放 Demo 簡報,後三分鐘會有評審問問題。

第一個問題是說:「Demo 中你是使用 zkSync 的錢包網頁去操作,那實際上你做得部分是什麼?」

我就回答我在他們的網頁上加了一顆按鈕,使用他們的 SDK 做出 gas relay 的功能,還有一個後端的 server 去作 relay。

第二個問題大概是問:「什麼樣的情境下會需要由 receiver 幫 sender 支付 gas fee?」

我的回答是,在一般超商購物的情境,消費者通常只支付商品的價格,不會支付額外的交易費,我認為以太坊的手續費應該屬於軟體的營運成本,由賣方支付比較適合。那如果賣方希望手續費的成本是由消費者承擔,可以直接調高商品的價格。

當然,我英文講得零零落落,希望評審有聽懂就是了…

最後一場直播就是 Finale 決選,主辦方選出十二個隊伍,公開再 Demo 一次,以及提供線上觀眾詢問問題,至此整個賽程就差不多進入尾聲。

決選後的不久,主辦方就公布了這次有獲得獎金的隊伍,幸運拿到了 zkSync 頒發的小獎~

zkSync — Matter Labs

- Zeneth — 2000 USDC
- ZeroSwap — 1500 USDC
- Kangaroo — 500 USDC
- Gas Relay Service — 500 USDC

後記

這次的參賽隊伍中,Zeneth 跟我的主題非常相似:
Zeneth — Use Flashbots to enable arbitrary meta-transactions so EOAs can enter L2s without ETH

另一個我覺得有趣的專案是 Alexandria:
Alexandria — A dApp using STARKs to verify aspects of your identity without revealing more than you should

沒想到主辦方 ETHGlobal 下個月又要再舉辦一場黑客松,有興趣的人可以看看:https://defi.ethglobal.co/ ,這次的主題是 De-Fi。

最後,只要有到 ETHGlobal 的 TV 網頁參加 Summit 研討會的直播,就能夠獲得 POAP 勳章,它就是一個酷東西~😋

POAP: Proof of Attendance Protocol

Scaling Ethereum 參賽心得 was originally published in Taipei Ethereum Meetup on Medium, where people are continuing the conversation by highlighting and responding to this story.

👏 歡迎轉載分享鼓掌

Tags:
Taipei Ethereum Meetup

About author
We have regular meeting twice per month on discussing blockchain technology, smart contracts and DApps development! We would love to have you join us!
3460 followers 3097 likes "https://www.meetup.com/Taipei-Ethereum-Meetup/"
View all posts

zero-knowledge proof 在 Taipei Ethereum Meetup Facebook 的精選貼文

Taipei Ethereum Meetup By Taipei Ethereum Meetup

2021-06-21 17:57:12 有 1 人按讚
  • Share this:

📜 [專欄新文章] ZKP 與智能合約的開發入門

✍️ Johnson

📥 歡迎投稿: https://medium.com/taipei-ethereum-meetup #徵技術分享文 #使用心得 #教學文 #medium

這篇文章將以程式碼範例,說明 Zero Knowledge Proofs 與智能合約的結合,能夠為以太坊的生態系帶來什麼創新的應用。

本文為 Tornado Cash 研究系列的 Part 2,本系列以 tornado-core 為教材,學習開發 ZKP 的應用,另兩篇為:

Part 1:Merkle Tree in JavaScript

Part 3:Tornado Cash 實例解析

Special thanks to C.C. Liang for review and enlightenment.

近十年來最強大的密碼學科技可能就是零知識證明,或稱 zk-SNARKs (zero knowledge succinct arguments of knowledge)。

zk-SNARKs 可以將某個能得出特定結果 (output) 的計算過程 (computation),產出一個證明,而儘管計算過程可能非常耗時,這個證明卻可以快速的被驗證。

此外,零知識證明的額外特色是:你可以在不告訴對方輸入值 (input) 的情況下,證明你確實經過了某個計算過程並得到了結果。

上述來自 Vitalik’s An approximate introduction to how zk-SNARKs are possible 文章的首段,該文說是給具有 “medium level” 數學程度的人解釋 zk-SNARKs 的運作原理。(可惜我還是看不懂 QQ)

本文則是從零知識證明 (ZKP) 應用開發的角度,結合電路 (circuit) 與智能合約的程式碼來說明 ZKP 可以為既有的以太坊智能合約帶來什麼創新的突破。

基本上可以謹記兩點 ZKP 帶來的效果:

1. 擴容:鏈下計算的功能。
2. 隱私:隱藏秘密的功能。

WithoutZK.sol

首先,讓我們先來看一段沒有任何 ZKP 的智能合約:

這份合約的主軸在 process(),我們向它輸入一個秘密值 secret,經過一段計算過程後會與 answer 比對,如果驗證成功就會改寫變數 greeting 為 “answer to the ultimate question of life, the universe, and everything”。

Computation

而計算過程是一個簡單的函式:f(x) = x**2 + 6。

我們可以輕易推出秘密就是 42。

這個計算過程有很多可能的輸入值 (input) 與輸出值 (output):
f(2) = 10
f(3) = 15
f(4) = 22


但是能通過驗證的只有當輸出值和我們存放在合約的資料 answer 一樣時,才會驗證成功,並執行 process 的動作。

可以看到有一個 calculate 函式,說明這份合約在鏈上進行的計算,以及 process 需要輸入參數 _secret,而我們知道合約上所有交易都是公開的,所以這個 _secret 可以輕易在 etherscan 上被看到。

從這個簡單的合約中我們看到 ZKP 可以解決的兩個痛點:鏈下計算與隱藏秘密。

Circuits

接下來我們就改寫這份合約,加入 ZKP 的電路語言 circom,使用者就能用他的 secret 在鏈下進行計算後產生一個 proof,這 proof 就不會揭露有關 secret 的資訊,同時證明了當 secret 丟入 f(x) = x**2 + 6 的計算過程後會得出 1770 的結果 (output),把這個 proof 丟入 process 的參數中,經過 Verifier 的驗證即可執行 process 的內容。

有關電路 circuits 的環境配置,可以參考 ZKP Hello World,這裡我們就先跳過去,直接來看 circom 的程式碼:

template Square() { signal input in; signal output out; out <== in * in;}template Add() { signal input in; signal output out; out <== in + 6;}template Calculator() { signal private input secret; signal output out; component square = Square(); component add = Add(); square.in <== secret; add.in <== square.out; out <== add.out;}component main = Calculator();

這段就是 f(x) = x**2 + 6 在 circom 上的寫法,可能需要時間去感受一下。

ZK.sol

circom 寫好後,可以產生一個 Verifier.sol 的合約,這個合約會有一個函式 verifyProof,於是我們把上方的合約改寫成使用 ZKP 的樣子:

我們可以發現 ZK 合約少了 calculate 函式,顯然 f(x) = x**2 + 6 已經被我們寫到電路上了。

snarkjs

產生證明的程式碼以 javascript 寫成如下:

let { proof, publicSignals } = await groth16.fullProve(input, wasmPath, zkeyPath);

於是提交 proof 給合約,完成驗證,達到所謂鏈下計算的功能。

最後讓我們完整看一段 javascript 的單元測試,使用 snarkjs 來產生證明,對合約的 process 進行測試:

對合約來說, secret = 42 是完全不知情的,因此隱藏了秘密。

publicSignals

之前不太清楚 publicSignals 的用意,因此在這裡特別說明一下。

基本上在產生證明的同時,也會隨帶產生這個 circom 所有的 public 值,也就是 publicSignals,如下:

let { proof, publicSignals } = await groth16.fullProve(input, wasmPath, zkeyPath);

在我們的例子中 publicSignals 只有一個,就是 1770。

而 verifyProof 要輸入的參數除了 proof 之外,也要填入 public 值,簡單來說會是:

const isValid = verifyProof(proof, publicSignals);

問題來了,我們在設計應用邏輯時,當使用者要提交參數進行驗證的時候,publicSignals 會是由「使用者」填入嗎?或者是說,儘管是使用者填入,那它需不需要先經過檢查,才可以填入 verifyProof?

關鍵在於我們的合約上存有一筆資料:answer = 1770

回頭看合約上的 process 在進行 verifyProof 之前,必須要檢查 isAnswer(publicSignals[0]):

想想要是沒有檢查 isAnswer,這份合約會發生什麼事情?

我們的應用邏輯就會變得毫無意義,因為少了要驗證的答案,就只是完成計算 f(42) = 1770,那麼不論是 f(1) = 7 或 f(2) = 10,使用者都可以自己產生證明與結果,自己把 proof 和 publicSignals 填入 verifyProof 的參數中,都會通過驗證。

至此可以看出,ZKP 只有把「計算過程」抽離到鏈下的電路,計算後的結果仍需要與鏈上既有的資料進行比對與確認後,才能算是有效的應用 ZKP。

應用邏輯的開發

本文主要談到的是 zk-SNARKs 上層應用邏輯的開發,關於 ZKP 的底層邏輯如上述使用的 groth16 或其他如 plonk 是本文打算忽略掉的部分。

從上述的例子可以看到,即使我們努力用 circom 實作藏住 secret,但由於計算過程太過簡單,只有 f(x) = x**2+6,輕易就能從 answer 反推出我們的 secret 是 42,因此在應用邏輯的開發上,也必須注意 circom 的設計可能出了問題,導致私密訊息容易外洩,那儘管使用再強的 ZKP 底層邏輯,在應用邏輯上有漏洞,也沒辦法達到隱藏秘密的效果。

此外,在看 circom 的程式碼時,可以關注最後一個 template 的 private 與 public 值分別是什麼。以本文的 Calculator 為例,private 值有 secret,public 值有 out。

另外補充:

如果有個 signal input 但它不是 private input,就會被歸類為 public。

一個 circuit 至少會有一個 public,因為計算過程一定會有一個結果。

最後,在開發的過程中我會用 javascript 先實作計算過程,也可以順便產出 input.json,然後再用 circom 語言把計算過程實現,產生 proof 和 public 後,再去對照所有 public 值和 private 值,確認是不是符合電路計算後所要的結果,也就是比較 javascript 算出來的和 circom 算出來的一不一樣,如果不一樣就能確定程式碼是有 bug 的。

參考範例:https://github.com/chnejohnson/circom-playground

總結

本文的程式碼展現 ZKP 可以做到鏈下計算與隱藏秘密的功能,在真實專案中,可想而知電路的計算過程不會這麼單純。

會出現在真實專案中的計算像是 hash function,複雜一點會加入 Merkle Tree,或是電子簽章 EdDSA,於是就能產生更完整的應用如 Layer 2 擴容方案之一的 ZK Rollup,或是做到匿名交易的 Tornado Cash。

本文原始碼:https://github.com/chnejohnson/mini-zkp

下篇文章就來分享 Tornado Cash 是如何利用 ZKP 達成匿名交易的!

參考資料

概念介紹

Cryptography Playground

zk-SNARKs-Explainer

神奇的零知識證明!既能保守秘密,又讓別人信你!

認識零知識證明 — COSCUP 2019 | Youtube

應用零知識證明 — COSCUP 2020 | Youtube

ZK Rollup

動手實做零知識 — circom — Kimi

ZK-Rollup 开发经验分享 Part I — Fluidex

ZkRollup Tutorial

ZK Rollup & Optimistic Rollup — Kimi Wu | Medium

Circom

circom/TUTORIAL.md at master · iden3/circom · GitHub

ZKP Hello World

其他

深入瞭解 zk-SNARKs

瞭解神秘的 ZK-STARKs

zk-SNARKs和zk-STARKs解釋 | Binance Academy

[ZKP 讀書會] MACI

Semaphore

Zero-knowledge Virtual Machines, the Polaris License, and Vendor Lock-in | by Koh Wei Jie

Introduction & Evolution of ZK Ecosystem — YouTube

The Limitations of Privacy — Barry Whitehat — YouTube

Introduction to Zero Knowledge Proofs — Elena Nadolinski

ZKP 與智能合約的開發入門 was originally published in Taipei Ethereum Meetup on Medium, where people are continuing the conversation by highlighting and responding to this story.

👏 歡迎轉載分享鼓掌

Tags:
Taipei Ethereum Meetup

About author
We have regular meeting twice per month on discussing blockchain technology, smart contracts and DApps development! We would love to have you join us!
3460 followers 3097 likes "https://www.meetup.com/Taipei-Ethereum-Meetup/"
View all posts

zero-knowledge proof 在 城寨 Singjai Youtube 的最佳貼文

城寨 Singjai By 城寨 Singjai

2021-05-08 21:00:13 有 13,374 人看過 有 618 人喜歡
  • Share this:

「技安的未來世界」

主持:Bonnie、劉細良

題目:《Bitcoin與人類貨幣演進史 Zero Knowledge Proof 加密貨幣私隱問題解決方案》

逢星期六 9:00 ~ 10:00 pm
(逢星期四 7:00 ~ 8:00 pm Patreon首播)

支持城寨Patreon
https://www.patreon.com/kowloonsingjai

post-title
城寨 Singjai

About author
Facebook Page:城寨 https://www.facebook.com/kowloonsingjai/
281000 subscribers 95571386 viewes
View all posts
社群媒體上有些相關的討論:

zero-knowledge proof 在 Computer Scientist Explains One Concept in 5 ... - YouTube 的推薦與評價

影片讀取中

Computer scientist Amit Sahai, PhD, is asked to explain the concept of zero - knowledge proofs to 5 different people; a child, a teen, ... ... <看更多>

zero-knowledge proof 在 Awesome zero knowledge proofs (zkp) - GitHub 的推薦與評價

A curated list of awesome things related to learning Zero-Knowledge Proofs (ZKP). - GitHub - matter-labs/awesome-zero-knowledge-proofs: A curated list of ... ... <看更多>

zero-knowledge proof 在 Efficient Zero-Knowledge Proof Systems - Jonathan Bootle 的推薦與評價

Thus, there are three core requirements in zero-knowledge proofs: Page 2. Completeness For true statements, a prover can convince the verifier. Soundness For ... ... <看更多>

你可能也想看看
zero knowledge proof中文
零知識證明例子
零知識證明應用
零知識證明ptt
zero-knowledge proof blockchain
Zero-knowledge proof algorithm
zero-knowledge proof crypto
Zero knowledge proof example
搜尋相關連結

#1. Zero-knowledge proof - Wikipedia

In cryptography, a zero-knowledge proof or zero-knowledge protocol is a method by which one party (the prover) can prove to another party (the verifier) ...

#2. 新手科普|零知識證明(zero-knowledge proofs) 詳解 - 動區動趨

零知識證明是一種加密協議,它允許一方(示證者)向另一方(驗證者)確認陳述的真實性,而無需透露有關該方的任何其他訊息(示證者了解到的內容和來源)。

#3. Zero-knowledge proofs | ethereum.org

A zero-knowledge proof allows you to prove the truth of a statement without sharing the statement's contents or revealing how you discovered the ...

#4. 看懂零知識證明(zero-knowledge proofs) | by 許明恩Astro Hsu

嗨,我是區塊勢的作者許明恩。. “#069|看懂零知識證明(zero-knowledge proofs)” is published by 許明恩Astro Hsu.

#5. Computer Scientist Explains One Concept in 5 ... - YouTube

Computer scientist Amit Sahai, PhD, is asked to explain the concept of zero - knowledge proofs to 5 different people; a child, a teen, ...

#6. Zero-Knowledge Proofs | Binance Academy

Zero -Knowledge Proofs | Definition: Verify transactions are valid without revealing any information about the transactions, providing privacy.

#7. What is Zero Knowledge Proof? | Security Wiki - Double Octopus

Zero knowledge proof or protocol is a way for a “prover” to convince a “verifier” that a statement about some secret information is true without revealing ...

#8. Cryptography - Zero-Knowledge Proofs

Zero -Knowledge Proof Systems ... The goal is to prove a statement without leaking extra information, for example, for some N,x N , x , prove x x is a quadratic ...

#9. Zero Knowledge Proof - GeeksforGeeks

Zero -knowledge protocols are probabilistic assessments, which means they don't prove something with as much certainty as simply revealing the ...

#10. Zero Knowledge Proofs

This class aims to bring together students and experts in academia and industry to explore Zero-Knowledge Proofs (ZKP). ZKP is a classical cryptographic ...

#11. Zero-knowledge proof: how it works and why it's important

Zero -Knowledge Proof (ZKP) algorithms are cryptographic algorithms that calculate a probability that a party in a transaction possesses a piece of information ...

#12. Zero Knowledge Proof: A Introductory Guide - 101 Blockchains

The concept behind zero-knowledge proof is unique indeed. A zero-knowledge proof is a unique method where a user can prove to another user that ...

#13. Zero Knowledge Proof: how to maintain privacy in a data ...

Is it possible to show that something is true without revealing the data that proves it? This is what 'Zero Knowledge Proof' technology ...

#14. Zero-knowledge proofs of knowledge without interaction

A zero-knowledge proof system of knowledge is a protocol between two parties called the prover and the verifier. The prover wants to convince the verifier ...

#15. ZKProof Standards: Homepage

ZKProof is an open-industry academic initiative that seeks to mainstream zero-knowledge proof (ZKP) cryptography through an inclusive, community-driven ...

#16. What are Zero-Knowledge Proofs in Crypto?

A zero-knowledge proof (ZKP) is a way to verify the truth of information without revealing anything else about the information itself or the ...

#17. DIZK: A Distributed Zero Knowledge Proof System - USENIX

Recently there has been much academic and industrial interest in practical implementations of zero knowledge proofs. These techniques allow a party to prove ...

#18. Zero-knowledge proofs - a powerful addition to blockchain

Zero -knowledge proof is an encryption scheme whereby one party (the prover) can prove the truth of specific information to another party ...

#19. Zero Knowledge Proofs and ZK-rollups: Everything you need ...

Zero -knowledge proofs allow users to prove something is true without giving away any other information. To achieve this, it uses algorithms that ...

#20. What are interactive proofs and zero-knowledge proofs?

(Not all interactive proofs have this property.) A typical round in a zero-knowledge proof consists of a "commitment" message from the prover, followed by a ...

#21. What is a zero-knowledge proof? ZKPs explained in different ...

Zero -knowledge proofs are all about reliably achieving accountability on your own terms. In this article, we'll look at the concept of zero- ...

#22. Enhancing Code Based Zero-knowledge Proofs using Rank ...

Keywords: Post Quantum · Code-based cryptography · Rank metric ·. Zero-knowledge proof · Identification protocol · Commitment scheme. 1 Introduction.

#23. Awesome zero knowledge proofs (zkp) - GitHub

A curated list of awesome things related to learning Zero-Knowledge Proofs (ZKP). - GitHub - matter-labs/awesome-zero-knowledge-proofs: A curated list of ...

#24. Zero-Knowledge Proof Systems - EECS Instructional

Loosely speaking, zero-knowledge proofs are proofs that yield nothing (i.e., \no knowl- edge") beyond the validity of the assertion. In the rest of this ...

#25. zero knowledge proofs Archives | Andreessen Horowitz

zero knowledge proofs ; Achieving Crypto Privacy and Regulatory Compliance · Joseph Burleson · Michele Korver, and Dan Boneh ; Privacy-Protecting Regulatory ...

#26. zero-knowledge proof - Wiktionary

EnglishEdit. NounEdit · zero-knowledge proof (plural zero-knowledge proofs). (cryptography) An interactive method for one party to prove to another that a ...

#27. Physical Zero-Knowledge Proofs of Physical Properties

In the digital domain, zero-knowledge is an established concept where a prover convinces a verifier of a statement without revealing any information beyond the ...

#28. Implementation and Optimization of Zero-Knowledge Proof ...

As the national cryptographic hash function standard, the zero-knowledge proof circuit of SM3 (Chinese Commercial Cryptography) has not been ...

#29. Zero-Knowledge Proofs: How it Works & Use Cases in 2023

A zero-knowledge proof (ZKP), also called a zero-knowledge protocol, is a mathematical technique to verify the truth of information without ...

#30. What is Zero Knowledge Proof and its role in blockchain?

Zero -Knowledge Proof is a cryptographic technique where no information is revealed during a transaction except for the interchange of some value known to both ...

#31. Zero-Knowledge Proof - Glossary | CSRC

Zero -Knowledge Proof ... Definitions: A cryptographic scheme where a prover is able to convince a verifier that a statement is true, without providing any more ...

#32. Understanding Zero Knowledge Proof - LinkedIn

“Zero-knowledge” proofs allow one party (the prover) to prove to another (the verifier) that a statement is true, without revealing any ...

#33. Lecture 14: Zero knowledge proofs - Boaz Barak

Zero knowledge proofs are proofs that fully convince that a statement is true without yielding any additional knowledge. So, after seeing a zero knowledge ...

#34. DEFINITIONS AND PROPERTIES OF ZERO-KNOWLEDGE ...

As a result, all known zero-knowledge proof systems are ... zero-knowledge proofs in modular design of cryptographic protocols. In GMW2] a compiler.

#35. Zero-Knowledge from Secure Multiparty Computation∗

A zero-knowledge proof allows a prover to convince a verifier of an assertion without revealing any further information beyond the fact that the assertion is ...

#36. Introducing Zero-Knowledge Proofs for Private Web ...

But sometimes this is possible. If I claim to have the key to a mailbox, you can put a letter inside the mailbox, walk away, and ask me to read ...

#37. Zero Knowledge Canon, part 1 & 2 - a16z crypto

And these innovations have been a long time coming: Zero-knowledge proof systems were introduced by Shafi Goldwasser, Silvio Micali, ...

#38. Efficient Zero-Knowledge Proof Systems - Jonathan Bootle

Thus, there are three core requirements in zero-knowledge proofs: Page 2. Completeness For true statements, a prover can convince the verifier. Soundness For ...

#39. Zero-Knowledge Proof Systems (Chapter 4) - Foundations of ...

4 - Zero-Knowledge Proof Systems ... HTML view is not available for this content. However, as you have access to this content, a full PDF is available via the ' ...

#40. What is a Zero-Knowledge Proof? - Anoma

Zero -knowledge proofs, sometimes known as zero-knowledge protocols, are a mathematical technique for the verification of the knowledge of ...

#41. Zero-Knowledge Proof | Alexandria - CoinMarketCap

In cryptography, a zero-knowledge proof enables one party to provide evidence that a transaction or event happened without revealing private details of that ...

#42. RFC 8235: Schnorr Non-interactive Zero-Knowledge Proof

Non-interactive Zero-Knowledge Proof The Schnorr NIZK proof is obtained from the interactive Schnorr identification scheme through a Fiat-Shamir ...

#43. How to explain zero-knowledge protocols to your children

They even proposed an arithmetic solution where a reply with a single number as proof could replaced many actors. Still, a compromise between the number of ...

#44. Trinsic Basics: What Are Zero-Knowledge Proofs?

In short, zero-knowledge proofs (ZKPs) allow you to prove a piece of information is true (like, that you're over 18) without revealing the information itself ( ...

#45. What Is a Zero-Knowledge Proof (ZKP)? - Chainlink Blog

Zero -Knowledge Proofs (ZKPs) allow one party to cryptographically prove to another that they possess knowledge about a piece of information ...

#46. Zero Knowledge Proofs - CoinDesk

With bitcoin trading flat over the weekend, plus a look at how to use blockchain tech to avoid the next FTX implosion, CoinDesk's “Markets Daily” is back ...

#47. Zero-Knowledge Proofs meet TLS - IETF Datatracker

zero -knowledge proof, sends to verifier. Page 8. ZKMBs enforce policies on traffic they cannot see.

#48. Watch Computer Scientist Explains One Concept in 5 Levels ...

Zero - knowledge proof is proof to a statement. You don't show them why or what. You just show them a tiny segment. Or just do some sort of,.

#49. Zero Knowledge Proofs

The notion of Zero Knowledge Systems is introduced by Shafi Goldwasser, Silvio Micali, ... A zero knowledge proof is a game between a prover and a verifier.

#50. What is a zero-knowledge proof? - Quora

A zero knowledge proof allows A to prove to B that a certain secret information is known without revealing the information to B. Since the information is ...

#51. Unifying Zero-Knowledge Proofs of Knowledge

We present a simple zero-knowledge proof of knowledge pro- tocol of which many protocols in the literature are instantiations. These.

#52. Proofs, Arguments, and Zero-Knowledge

interest in zero-knowledge proofs and arguments. ... above really requires a zero-knowledge proof of knowledge for the statement “there.

#53. NONINTERACTIVE ZERO-KNOWLEDGE - People

verifier ina zero-knowledge proof if they share beforehand a short random string. ... posed the name of noninteractive zero-knowledge proofs for them, ...

#54. Zero Knowledge Proof Protocol: Beginner's Guide -

Proofs of zero-knowledge contain both the information stored in the storage unit and a security mechanism for that storage unit. Most ...

#55. A Survey of Noninteractive Zero Knowledge Proof System and ...

Zero knowledge proof system which has received extensive attention since it was proposed is an important branch of cryptography and computational complexity ...

#56. Chapter 7: Zero-Knowledge Proof Technology - World Scientific

A zero-knowledge proof is a cryptographic method that separates data verification from the data itself. One party (the prover) can prove to another party (the ...

#57. Recursive Zero-Knowledge Proofs: Proof of a proof of a proof…

We present recursive Zero-Knowledge Proofs (ZKPs), where a proof attests to the validity of another proof. We show its benefits over ...

#58. Definition of zero-knowledge proof - PCMag

A cryptographic protocol that allows a party to prove possession of information without revealing the details. Zero-knowledge proofs are one of two types of ...

#59. How to construct physical zero-knowledge proofs for puzzles ...

Introduced by Goldwasser, Micali, and Rackoff [13], Zero-Knowledge Proof (ZKP) systems are cryptographic protocols between a prover P and a ...

#60. How to Prove You Know a Secret Without Giving It Away

Zero -knowledge proofs allow researchers to prove their knowledge without divulging the knowledge itself. 10. Read Later.

#61. ZK-SecreC: a Domain-Specific Language for Zero Knowledge ...

We also show the integration of the compiler with the implementation of a zero-knowledge proof technique, and evaluate the running time of ...

#62. Zero Knowledge Proofs & ID - Concordium

Zero Knowledge Proofs & ID. Background. A central goal of the Concordium blockchain is to provide a built-in identity layer that on one hand allows entities ...

#63. Specialized Zero-Knowledge Proof failures | Trail of Bits Blog

By Opal Wright Zero-knowledge (ZK) proofs are useful cryptographic tools that have seen an explosion of interest in recent years, ...

#64. Why aren't zero-knowledge proofs used in practice for ...

Answering the question in your title (and not addressing your proposed alternative which I don't quite understand) there is a zero knowledge proof of ...

#65. What is Zero-Knowledge Proof? - Ledger

Put simply, zero-knowledge Proof or ZKP is a type of cryptography that allows you to prove your identity or specific credentials to a third ...

#66. Zero trust vs. zero-knowledge proof: What's the difference?

A zero-knowledge proof requires no real knowledge or secret information to prove the claim. Instead, a scenario must be set up that ...

#67. Zero-knowledge proof finds new life in the blockchain | InfoWorld

A zero-knowledge proof, also known as ZKP protocol, attempts to establish a fact between parties with a minimum amount of information ...

#68. Zero-Knowledge Proofs

Recent Zero-Knowledge proving systems · GM17 · BG18 · DIZK (WZCPS18). Distributed implementation of Groth16; Enables zkSNARK computations of up to billions of ...

#69. Reclaiming Our Privacy with Zero-Knowledge Proofs

Today, I wanted to explain a bit more about “zero-knowledge proofs” (ZK Proofs), the technology that will make this a viable reality.

#70. 'Zero Knowledge Proofs' Could Boost Blockchain Adoption on ...

According to a recent Bloomberg article, a "mind-boggling" mathematical operation known as "Zero Knowledge Proof" has made it possible to encrypt ...

#71. Application of Zero-Knowledge Proof in Resolving Disputes of ...

knowledge proof. Zero-knowledge proof has a seemingly contradictory definition: to be successful, a protocol needs to convince the verifier of the veracity.

#72. Twitter 上的Coinbase:"3. Zero knowledge proof technology ...

Zero knowledge proof technology will see increased traction 4. Regulated Defi and the emergence of on-chain KYC attestation 5.

#73. A Survey of Zero-Knowledge Proof for Authentication

Zero -knowledge proofs are cryptographic protocols which do not disclose the information or secret itself during the protocol. Zero-knowledge ...

#74. PipeZK: Accelerating Zero-Knowledge Proof with a Pipelined ...

Zero -knowledge proof (ZKP) is a promising cryptographic protocol for both computation integrity and privacy.

#75. Zero Knowledge Proofs Theory and Applications

In this paper we will survey the theory underlying Zero Knowledge. Proofs, developing the idea of interactive proving protocols, which will then be formalized ...

#76. How does zero-knowledge proof authentication help create a ...

A zero-knowledge proof is a cryptographic technique that establishes the authenticity of a specific claim. It enables a protocol to demonstrate ...

#77. Hardware Acceleration for Zero Knowledge Proofs - Paradigm

Zero Knowledge Proofs (ZKPs) offer unique properties that make them essential components of various blockchain scaling and privacy solutions, ...

#78. Zero Knowledge Proofs: An illustrated primer, Part 2

In the last post we defined a zero knowledge proof as an interaction between two computer programs (or Turing machines) — respectively called a ...

#79. How zero-knowledge proofs will guarantee compliance for ...

Zero -knowledge proofs are a tool that can transform the way we handle sensitive data, allowing information to be verified without disclosing the ...

#80. CHAPTER 12 - Zero-knowledge proof protocols - fi muni

Very informally, a zero-knowledge proof protocol allows one party, usually called PROVER, to convince another party, called VERIFIER, that PROVER knows some ...

#81. Zero Knowledge Protocol

Zero knowledge proof or protocol is method in which a party A can prove that given statement X is certainly true to party B without revealing any additional ...

#82. Zero-Knowledge Proofs

A zero-knowledge proof is perfectly complete if all runs between honest prover and honest verifier are accepting. A zero knowledge protocol is ε1-incomplete if ...

#83. Alternative Variants of Zero-Knowledge Proofs

Whereas zero- knowledge proofs require the existence of a polynomial-time simulator, we say that an interactive proof is T(·)-simulatable if there exist a ...

#84. How Zero-Knowledge Proofs (ZKPs) Enable Smarter ...

A better way: Zero-knowledge proofs (ZKPs) ... ZKPs have the potential to prove transformational for consumers, for business, and for regulators.

#85. Lowering the Barrier of Entry to Zero Knowledge Proofs

Innovation in Zero Knowledge Proofs. Today, developers working on secure computing algorithms and Zero Knowledge Proofs have limited options for ...

#86. Zero-Knowledge Proof for Blockchain Transaction Privacy

A zero-knowledge proof is a cryptographic process by which one party (the prover) can prove that they know the value x to another party (the ...

#87. Why You Should Care About Zero-Knowledge Proofs - VIA

For the second installment of “Mastery Monday with VIA” we're sharing two excellent explanations of Zero-Knowledge Proofs and why the ...

#88. Why You Should Know About Zero Knowledge Proofs

Blockchain Technology : As stated above, cryptos such as ZCash use zero-knowledge proof to validate transactions unlike bitcoin or ethereum ...

#89. Zero-knowledge proof - Wikiwand

In cryptography, a zero-knowledge proof or zero-knowledge protocol is a method by which one party can prove to another party that a given statement is true ...

#90. What are Zero Knowledge Proofs? - Horizen

A zero-knowledge proof is a form of cryptography that enables one party in a transaction, the prover, to prove that they have knowledge of information that ...

#91. What Is Zero-Knowledge Proof (ZKP)? - Coinspeaker

A zero-knowledge proof is a method by which one party (the prover) can prove to another party (the verifier) that they know a value X without ...

#92. Lecture 17 - Zero Knowledge Proofs

In the example before, not only are you convinced that 26781 is not a prime, but you also learned its factorization. A zero knowledge proof ...

#93. Zero Knowledge Proofs

A Zero Knowledge Proof of a statement satisfies thee properties: 1) Completeness: if the statement is true, verifier will be convinced by ...

#94. Guide to zero-knowledge proof systems | CoinLoan Blog

Zero -knowledge proofs allow one party to prove to another party that a statement is true without revealing it. They increase blockchain ...

#95. SSI essentials: Zero Knowledge Proof (ZKP) and Selective ...

Zero -Knowledge Proof (ZKP) has been in the spotlight in the past year. In theory, ZKP is a protocol that enables one party to prove a ...

#96. CO6GC: Introduction to Zero-Knowledge Proofs (Part 1) | COSIC

Zero -Knowledge (ZK): ZK ensures that the Verifier learn nothing more than the truth of the statement from the proof. Finding a way to formalize ...

#97. Zero-Knowledge Proof | Bybit Learn

A zero-knowledge proof offers a method of data authentication that limits the actual disclosure of the data in question.

#98. Danish researcher explains zero-knowledge proofs and post ...

A zero-knowledge proof is a protocol between two parties – a “prover” and a “verifier”. Through an interaction, the prover demonstrates to ...

#99. Zero-Knowledge Proof: Protecting Your Personal Information ...

A cryptographic method known as "zero-knowledge proof" (ZKP) could be the answer. Conceived in 1985 by three MIT researchers, ...