Chaum-Pedersen的零知识证明

1. What is Chaum-Pedersen Zero Knowledge Proof

The Chaum-Pedersen Zero Knowledge Proof can be used to show that Peggy (the Prover) knows a secret to Victor (the Verifier).

In the Chaum-Pederson method, we initially define the values of ⟨g,A,B,C⟩ = ⟨g,ga,gb,gab⟩. The basic method is:

在这里插入图片描述
Peggy (the prover) defines a secret value of r.

Peggy sends Vector (the Verifier) the commitments of y1=gr and y2=Br.

Victor generate a random value (s) and sends it to Peggy.

Peggy computes z=r+as(mod q) and sends it to Victor.

Victor checks that gz=Asy1(mod q) and:

Victor checks that Bz=Csy2(mod q)

2. Python脚本示例

import random
import sys

q=10009

s=random.randint(1,1000)
r=random.randint(1,1000)

if (len(sys.argv)>1):
        r=int(sys.argv[1])

g=3
a=10
b=13
A=pow(g,a,q)
B=pow(g,b, q)
C=pow(g,(a*b),q)

y1=pow(g,r,q)
y2=pow(B,r,q)

z=(r+a*s) % q


print "Victor and Peggy agree of (g,g^a, g^b and g^ab) =(",g,A,B,C,")"
print "\nPeggy generates random number (r)",r
print "Peggy sends y1 (g^r, B^r)=(",y1,y2,")"

print


print "Victor sends a challenge (s)=",s

print "Peggy computes z=r+as (mod q)=",z

print "\nVictor now checks these are the same"
print "Victor checks g^z=",pow(g,z,q)

print "Victor checks A^s y1=",(A**s * y1) % q

print "\nVictor now checks these are the same"
print "Victor checks B^z=", pow(B,z,q)
print "Victor checks C^s y2=",(C**s * y2) % q

对应的执行结果为:

Victor and Peggy agree of (g,g^a, g^b and g^ab) =( 3 9004 2892 5980 )

Peggy generates random number (r) 887
Peggy sends y1 (g^r, B^r)=( 4584 834 )

Victor sends a challenge (s)= 396
Peggy computes z=r+as (mod q)= 4847

Victor now checks these are the same
Victor checks g^z= 9541
Victor checks A^s y1= 9541

Victor now checks these are the same
Victor checks B^z= 5923
Victor checks C^s y2= 5923

参考资料:
[1] https://asecuritysite.com/encryption/chaum

  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值