Bulletproof

最新推荐文章于 2023-11-01 11:17:08 发布
最新推荐文章于 2023-11-01 11:17:08 发布
阅读量1.4k 收藏 1
点赞数
分类专栏: 零知识证明
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/mutourend/article/details/93752389
版权

Bulletproof is a new non-interactive zero-knowledge proof protocol with short proofs and without trusted setup. It is integrated in the Monero project as a replacement for the previous protocol based on ring signatures which generates larger proofs. Bulletproof proves that amounts lie in a given positive interval, which is crucial in validating a transaction.

以下来自论文《Bulletproofs-Efficient Range Proofs for Confidential Transactions》

Bulletproofs, a new non-interactive zero-knowledge proof protocol with very short proofs and without a trusted setup; the proof size is only logarithmic in the witness size. Bulletproofs are especially well suited for effcient range proofs on committed values: they enable proving that a committed value is in a range using only 2 log2(n) + 9 group and field elements, where n is the bit length of the range. Proof generation and verification times are linear in n.

Beyond range proofs, Bulletproofs provide short zero-knowledge proofs for general arithmetic circuits while only relying on the discrete logarithm assumption and without requiring a trusted setup.

Bulletproofs greatly improve on the linear (in n) sized range proofs currently used to implement Confidential Transactions (CT) in Bitcoin and other cryptocurrencies. Moreover, Bulletproofs supports aggregation of range proofs, so that a party can prove that m commitments lie within a given range by providing only an additive O(log(m)) group elements over the length of a single proof. To aggregate proofs from multiple parties, we enable the parties to generate a single proof without revealing their inputs to each other via a simple multi-party computation (MPC) protocol for constructing Bulletproofs. This MPC protocol uses either a constant number of rounds and linear communication, or a logarithmic number of rounds and logarithmic communication.

In general, we separate privacy for payments into two properties: (1) anonymity, hiding the identities of sender and receiver in a transaction and (2) confidentiality, hiding the amount transferred. While Bitcoin provides some weak anonymity through the unlinkability of Bitcoin addresses to real world identities, it lacks any confidentiality.

While we focus on confidential transactions, where our work translates to significant practical savings, we stress that the improvements are not limited to CT. We present Bulletproofs for general NP languages. The proof size is logarithmic in the number of multiplication gates in the arithmetic circuit for verifying a witness.

All current implementations of confidential transactions [Max16,MP15,PBF+,NM+16] use range proofs over committed values, where the proof size is linear in n. These range proofs are the main contributor to the size of a confidential transaction. In current implementations, a confidential transaction with only two outputs and 32 bits of precision is 5.5kB bytes, of which 5.3kB are allocated to the range proof.

At the time of writing, Bitcoin has roughly 50 million UTXOs from 22 million transactions (see statoshi.info). Using a 52-bit representation of bitcoin that can cover all values from 1 satoshi up to 21 million bitcoins, this results in roughly 160GB of range proof data using the current systems. Using aggregated Bulletproofs, the range proofs for all UTXOs would take less than 17GB, about a factor 10 reduction in size.

A Mimblewimble blockchain only grows with the size of the UTXO set. Using Bulletproofs, it would only grow with the number of transactions that have unspent outputs. Overall, Bulletproofs can not only act as a drop-in replacement for the range proofs in confidential transactions, but it can also help make Mimblewimble a practical scheme with a blockchain that is significantly smaller than the current Bitcoin blockchain.

以下来自审计报告《Evaluation of Bulletproof Implementation》

The Monero project currently uses Borromean-style range proofs [MP15] in their confidential transactions, and plan to replace them with bulletproofs. Their motivation to move from Borromean range proofs to bulletproofs is the size of the proof: bulletproofs would significantly reduce the size of the blockchain, as well as bring down transaction fees on the platform by an estimated 70-80%.

2018年1月,Monero Research Lab委托Quarkslab做安全审计。
The review target is the C++ code of the https://github.com/moneromooo-monero/bitmonero repository, branch bp-multi-aggregation, commit 7f964dfc8f15145e364ae4763c49026a3fab985d, directory src/ringct.

To extend the work done on multi-exponentiation during the evaluation, we also studied the code in the branch bp-multi-aggregation-pippenger. The last commit taken in the branch bp-multi-aggregation-pippenger is b7e61db030da8c97b3e82354bfee8caae57d3137 (Wed Jun 20).

Monero relies on three cryptographic mechanisms.
• One-time keys generated for each transaction hide the actual recipient of a transaction.
• Ring signatures mix the spender’s input among other people’s inputs (which are hidden, see below). The spender can spend (sign) the amount spent but it is not possible for an external party to link different transactions. A special adaptation of this mechanism detects double spending.
• Ring confidential transactions hide the transferred amount.

Ring confidential transactions [NMM16] use zero-knowledge proof techniques (Perdersen commitments) to hide amounts and also keep the verifiability of the blockchain.

In short, a transaction is valid if the total of inputs equals the total of outputs and fees. This means that the total amount of inputs minus the total amount of outputs minus the fees equals zero, which can also be committed to by zero-knowledge techniques.

Such techniques however, relying on group based cryptography, do not differentiate between a small negative amount or a big positive amount (due to modular arithmetic), which could cause, left unchecked, the fraudulent creation of coins.

To ensure that amounts spent are indeed reasonably positive amounts (and not huge amounts equivalent to negative ones) without revealing them, a proof of interval is necessary for each output amount. In Monero, the interval has been fixed to [0, 264 − 1]. A first version of a proof of interval implemented in Monero also used ring signature techniques. The size of this proof was linear in the size of the upper-bound of the interval and the major contributor to the size of a transaction.

Bulletproof is a new proof of interval whose size is only logarithmic in the size of the upperbound of the interval. It has further optimizations reducing the overall size when several proofs are combined.

Bulletproof实用的Hash函数为Keccak

Bulletproof depends on a hash function to turn the interactive protocols into non-interactive ones using Fiat-Shamir heuristic. Besides, in Monero, such a hash function is also used as a
subroutine in many other functions: hashing (to points for instance), random generation and point derivation.
In Monero’s Bulletproof, the underlying hash function is [Keccak]. Keccak is based on a sponge construction, a class of algorithms that produce a pseudorandom bit stream of a chosen length from an input bit stream of arbitrary length. To achieve this, a finite internal state is processed using the Keccak-?[1600] permutation.
Keccak has been chosen by NIST as the basis of its SHA-3 standard. Choosing Keccak as the underlying hash function in Monero is a sound choice from a cryptographic point of view.

Bulletproof随机数生成

A strong PRNG is therefore a critical requirement for Bulletproof.

src/crypto/crypto.h:152

/* Generate N random bytes
*/
inline void rand(size_t N, uint8_t *bytes) {
    generate_random_bytes_thread_safe(N, bytes);
}

The function generate_random_bytes_thread_safe is a simple wrapper, calling generate_random_bytes_not_thread_safe, making it thread-safe with a lock.
src/crypto/crypto.cpp:89

void generate_random_bytes_thread_safe(size_t N, uint8_t *bytes)
{
    static boost::mutex random_lock;
    boost::lock_guard<boost::mutex> lock(random_lock);
    generate_random_bytes_not_thread_safe(N, bytes);
}

The low-level routine generate_random_bytes_not_thread_safe uses iterations of the permutation Keccak-?[1600] on a global state. Each iteration produces a maximum of 136 bytes (= 1088 bits), which corresponds to the security parameters of Keccak [1088,512]. The production of pseudorandom bits is the squeezing phase in the sponge construction vocabulary.
This construction is sound as long as the global state is initialized with true random bits coming from the system.

Multi-exponentiation

Multi-exponentiation computes simultaneously multiple exponentiations of different elements of a group with different exponents, in a much faster way than a naive approach.

In Bulletproof, multi-exponentiation is at the heart of the proof verification algorithm. The batch verification of multiple aggregated proofs combines gracefully with a simple verification of aggregated proofs in a single large multi-exponentiation.

In the branch bp-multi-aggregation we had to evaluate, the Straus algorithm is used up to a given number of exponentiations, then from this number, Bos-Coster algorithm is preferred.

In the new branch bp-multi-aggregation-pippenger, the Straus algorithm is used up to another number of exponentiations, then from this number, Pippenger algorithm is preferred.

Serialization

Serialization is used to transmit and store structured data in the blockchain; therefore its robustness is critical. Monero serialization library is inspired by the boost::serialization framework.

It provides a generic implementation, that can be specialized for various objects. Serializing a high level object reuses all low-level specializations for types it depends on. A complementary goal is to describe how an object needs to be dealt with only once. It means the same code is used in order to generate both serialization and deserialization routines. This nice feature, in theory, comes with various downsides.

mutourend
关注
  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
算法证明_「技术」理解零知识证明算法之Bulletproofs:Range Proof I
weixin_39625709的博客
12-24 795
前言Bulletproofs,又一个有意思的零知识证明算法,相信读者已经很熟悉它了。和zk-snark相比,它不需要可信设置;和zk-stark算法相比,它具有较小的proof size。根据论文,它有两个方面的应用:1. 用于range proof;2. 用于一般算术电路的零知识证明。下面,让我们先看一下Bulletproofs是如何高效的实现第一点。Range proof1. 预备知识aL:表...
Bulletproofs: Short Proofs for Confidential Transactions and More学习笔记
mutourend的博客
08-04 2353
1. 引言 Benedikt B¨unz、 Jonathan Bootle和 Dan Boneh等人2018年论文《Bulletproofs: Short Proofs for Confidential Transactions and More》中: 提出了Bulletproofs算法——无需trusted setup,具有short proofs的NIZK算法。Bulletproofs尤其适合用于为committed values提供range proofs: – 证明a committed val
Bulletproofs: Short Proofs for Confidential Transactions and More论文解读
weixin_42419147的博客
06-29 3778
Bulletproofs是由斯坦福大学、伦敦大学学院、区块链协议公司 Blockstream 共同提出和维护的非交互式零知识证明,得到了美国国家科学基金会(NSF)、美国国防高级研究计划局(DARPA)、美国海军研究局 (ONR) 以及西蒙斯基金会的支持。本文是对Bulletproofs的调研报告。 详情请点击链接->https://zhuanlan.zhihu.com/p/385156851 ...
论文浅析:Bulletproofs: Short Proofs for Confidential Transactions and More
m0_46204256的博客
06-16 805
bulletproofs
Bulletproof现有代码实现说明
mutourend的博客
07-03 1852
1. Bulletproof特征 Bulletproof相对于zk-SNARK,不需要trust setup过程。但是verify一个proof的时长要超过zk-SNARK。 Bulletproof可用于加密货币的隐私交易(如隐藏UTXO的交易金额),可将现有10KB的proof压缩到1KB,且支持同时对m个交易生成聚合proof,相对于单个交易的proof,只需额外增加O(log(m))个元素。...
BulletProof-开源
05-01
【标题】"BulletProof-开源"所代表的知识点主要集中在两个方面:一是“BulletProof”这个项目本身,二是“开源”这一概念。 首先,让我们来理解一下“BulletProof”。这个名字暗示了该程序的设计目标,即提供强大的...
BulletProof I-开源
05-29
BulletProof I-开源】是一个针对sgh-t 989设备定制的ROM,这款ROM是专门为T Mobile网络用户设计的。"开源软件"的标签表明了它的核心特性,即其源代码对公众开放,允许用户自由查看、修改和分发,这在Android社区中...
Bulletproof Web Design(3rd) epub
04-18
Bulletproof Web Design(3rd) 英文epub 第3版 本资源转载自网络,如有侵权,请联系上传者或csdn删除 查看此书详细信息请在美国亚马逊官网搜索此书
Bulletproof Web Design(3rd) mobi
04-18
Bulletproof Web Design(3rd) 英文mobi 第3版 本资源转载自网络,如有侵权,请联系上传者或csdn删除 查看此书详细信息请在美国亚马逊官网搜索此书
Bulletproof SSL and TLS
08-08
Bulletproof SSL and TLS is a complete guide to using SSL and TLS encryption to deploy secure servers and web applications. Written by Ivan Ristic, the author of the popular SSL Labs web site, this ...
基于Borromean 环签名的隐私数据认证方案
01-29
在区块链系统中, 隐私保护是一个非常重要的问题. 事实上, 如果交易的金额比较大, 那么交易 的发起者和接收者都不希望将这笔金额公开.利用Borromean 环签名得到对金额承诺消息的最终签名, 则该签名是对隐藏金额的范围证明.
Bulletproof SSL and TLS,PDF , Ivan Ristic
09-27
Bulletproof SSL and TLS by Ivan Ristić Table of Contents Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv Scope and Audience xvi Contents xvii SSL versus TLS xix SSL Labs xix Online Resources xx Feedback xxi About the Author xxi Acknowledgments xxi 1. SSL, TLS, and Cryptography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Transport Layer Security 1 Networking Layers 2 Protocol History 3 Cryptography 4 Building Blocks 5 Protocols 15 Attacking Cryptography 16 Measuring Strength 17 Man-in-the-Middle Attack 18 2. Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Record Protocol 24 Handshake Protocol 25 Full Handshake 26 Client Authentication 32 Session Resumption 34 Key Exchange 35 RSA Key Exchange 38 Diffie-Hellman Key Exchange 38 Elliptic Curve Diffie-Hellman Key Exchange 40 iii Authentication 41 Encryption 42 Stream Encryption 42 Block Encryption 43 Authenticated Encryption 44 Renegotiation 45 Application Data Protocol 47 Alert Protocol 47 Connection Closure 47 Cryptographic Operations 48 Pseudorandom Function 48 Master Secret 48 Key Generation 49 Cipher Suites 49 Extensions 52 Application Layer Protocol Negotiation 53 Certificate Transparency 53 Elliptic Curve Capabilities 54 Heartbeat 55 Next Protocol Negotiation 56 Secure Renegotiation 57 Server Name Indication 57 Session Tickets 58 Signature Algorithms 59 OCSP Stapling 59 Protocol Limitations 60 Differences between Protocol Versions 60 SSL 3 60 TLS 1.0 61 TLS 1.1 61 TLS 1.2 61 3. Public-Key Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 Internet PKI 63 Standards 65 Certificates 66 Certificate Fields 67 Certificate Extensions 68 Certificate Chains 71 Relying Parties 72 iv Certification Authorities 74 Certificate Lifecycle 74 Revocation 76 Weaknesses 76 Root Key Compromise 79 Ecosystem Measurements 80 Improvements 82 4. Attacks against PKI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 VeriSign Microsoft Code-Signing Certificate 87 Thawte login.live.com 88 StartCom Breach (2008) 89 CertStar (Comodo) Mozilla Certificate 89 RapidSSL Rogue CA Certificate 90 Chosen-Prefix Collision Attack 92 Construction of Colliding Certificates 92 Predicting the Prefix 94 What Happened Next 96 Comodo Resellers Breaches 96 StartCom Breach (2011) 98 DigiNotar 99 Public Discovery 99 Fall of a Certification Authority 99 Man-in-the-Middle Attacks 102 ComodoHacker Claims Responsibility 103 DigiCert Sdn. Bhd. 104 Flame 105 Flame against Windows Update 106 Flame against Windows Terminal Services 107 Flame against MD5 107 TURKTRUST 109 ANSSI 110 5. HTTP and Browser Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 Sidejacking 113 Cookie Stealing 115 Cookie Manipulation 116 Understanding HTTP Cookies 117 Cookie Manipulation Attacks 118 Impact 122 Mitigation 122 v SSL Stripping 123 MITM Certificates 125 Certificate Warnings 126 Why So Many Invalid Certificates? 127 Effectiveness of Certificate Warnings 129 Click-Through Warnings versus Exceptions 130 Mitigation 131 Security Indicators 131 Mixed Content 133 Root Causes 134 Impact 136 Browser Treatment 136 Prevalence of Mixed Content 138 Mitigation 139 Extended Validation Certificates 140 Certificate Revocation 141 Inadequate Client-Side Support 141 Key Issues with Revocation-Checking Standards 142 Certificate Revocation Lists 143 Online Certificate Status Protocol 146 6. Implementation Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151 Certificate Validation Flaws 152 Library and Platform Validation Failures 152 Application Validation Failures 155 Hostname Validation Issues 156 Random Number Generation 158 Netscape Navigator (1994) 158 Debian (2006) 159 Insufficient Entropy on Embedded Devices 160 Heartbleed 162 Impact 163 Mitigation 164 Protocol Downgrade Attacks 165 Rollback Protection in SSL 3 165 Interoperability Problems 167 Voluntary Protocol Downgrade 169 Rollback Protection in TLS 1.0 and Better 171 Attacking Voluntary Protocol Downgrade 172 Modern Rollback Defenses 172 vi Truncation Attacks 173 Truncation Attack History 175 Cookie Cutting 175 Deployment Weaknesses 177 Virtual Host Confusion 177 TLS Session Cache Sharing 178 7. Protocol Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181 Insecure Renegotiation 181 Why Was Renegotiation Insecure? 182 Triggering the Weakness 183 Attacks against HTTP 184 Attacks against Other Protocols 187 Insecure Renegotiation Issues Introduced by Architecture 188 Impact 188 Mitigation 188 Discovery and Remediation Timeline 189 BEAST 191 How the Attack Works 191 Client-Side Mitigation 195 Server-Side Mitigation 197 History 198 Impact 199 Compression Side Channel Attacks 201 How the Compression Oracle Works 201 History of Attacks 203 CRIME 204 Mitigation of Attacks against TLS and SPDY 212 Mitigation of Attacks against HTTP Compression 213 Padding Oracle Attacks 214 What Is a Padding Oracle? 214 Attacks against TLS 215 Impact 216 Mitigation 217 RC4 Weaknesses 218 Key Scheduling Weaknesses 218 Early Single-Byte Biases 219 Biases across the First 256 Bytes 220 Double-Byte Biases 222 Mitigation: RC4 versus BEAST and Lucky 13 222 vii Triple Handshake Attack 224 The Attack 224 Impact 229 Prerequisites 230 Mitigation 231 Bullrun 232 Dual Elliptic Curve Deterministic Random Bit Generator 232 8. Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235 Key 235 Key Algorithm 235 Key Size 236 Key Management 237 Certificate 238 Certificate Type 238 Certificate Hostnames 239 Certificate Sharing 239 Signature Algorithm 240 Certificate Chain 240 Revocation 241 Choosing the Right Certificate Authority 241 Protocol Configuration 243 Cipher Suite Configuration 244 Server cipher suite preference 244 Cipher Strength 244 Forward Secrecy 244 Performance 245 Interoperability 246 Server Configuration and Architecture 246 Shared Environments 246 Virtual Secure Hosting 247 Session Caching 247 Complex Architectures 248 Issue Mitigation 249 Renegotiation 249 BEAST (HTTP) 249 CRIME (HTTP) 250 Lucky 13 250 RC4 250 TIME and BREACH (HTTP) 251 viii Triple Handshake Attack 252 Heartbleed 252 Pinning 253 HTTP 253 Making Full Use of Encryption 253 Cookie Security 254 Backend Certificate and Hostname Validation 254 HTTP Strict Transport Security 254 Content Security Policy 255 Protocol Downgrade Protection 255 9. Performance Optimization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257 Latency and Connection Management 258 TCP Optimization 259 Connection Persistence 260 SPDY, HTTP 2.0, and Beyond 262 Content Delivery Networks 263 TLS Protocol Optimization 265 Key Exchange 265 Certificates 270 Revocation Checking 271 Session Resumption 272 Transport Overhead 273 Symmetric Encryption 275 TLS Record Buffering Latency 277 Interoperability 279 Hardware Acceleration 279 Denial of Service Attacks 280 Key Exchange and Encryption CPU Costs 281 Client-Initiated Renegotiation 282 Optimized TLS Denial of Service Attacks 282 10. HSTS, CSP, and Pinning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285 HTTP Strict Transport Security 285 Configuring HSTS 286 Ensuring Hostname Coverage 287 Cookie Security 288 Attack Vectors 289 Robust Deployment Checklist 290 Browser Support 291 Privacy Implications 293 ix Content Security Policy 293 Preventing Mixed Content Issues 294 Policy Testing 295 Reporting 295 Browser Support 296 Pinning 296 What to Pin? 297 Where to Pin? 299 Should You Use Pinning? 300 Pinning in Native Applications 300 Chrome Public Key Pinning 301 Microsoft Enhanced Mitigation Experience Toolkit 303 Public Key Pinning Extension for HTTP 303 DNS-Based Authentication of Named Entities (DANE) 305 Trust Assertions for Certificate Keys (TACK) 309 Certification Authority Authorization 310 11. OpenSSL Cookbook . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313 Getting Started 314 Determine OpenSSL Version and Configuration 314 Building OpenSSL 315 Examine Available Commands 316 Building a Trust Store 318 Key and Certificate Management 319 Key Generation 320 Creating Certificate Signing Requests 323 Creating CSRs from Existing Certificates 325 Unattended CSR Generation 325 Signing Your Own Certificates 326 Creating Certificates Valid for Multiple Hostnames 326 Examining Certificates 327 Key and Certificate Conversion 330 Configuration 333 Cipher Suite Selection 333 Performance 345 Creating a Private Certification Authority 348 Features and Limitations 348 Creating a Root CA 349 Creating a Subordinate CA 355 12. Testing with OpenSSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359 x Connecting to SSL Services 359 Testing Protocols that Upgrade to SSL 363 Using Different Handshake Formats 363 Extracting Remote Certificates 364 Testing Protocol Support 365 Testing Cipher Suite Support 366 Testing Servers that Require SNI 366 Testing Session Reuse 367 Checking OCSP Revocation 368 Testing OCSP Stapling 371 Checking CRL Revocation 371 Testing Renegotiation 373 Testing for the BEAST Vulnerability 375 Testing for Heartbleed 376 13. Configuring Apache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381 Installing Apache with Static OpenSSL 382 Enabling TLS 383 Configuring TLS Protocol 384 Configuring Keys and Certificates 385 Configuring Multiple Keys 386 Wildcard and Multisite Certificates 387 Virtual Secure Hosting 388 Reserving Default Sites for Error Messages 390 Forward Secrecy 391 OCSP Stapling 392 Configuring OCSP Stapling 392 Handling Errors 393 Using a Custom OCSP Responder 394 Configuring Ephemeral DH Key Exchange 394 TLS Session Management 395 Standalone Session Cache 395 Standalone Session Tickets 396 Distributed Session Caching 396 Distributed Session Tickets 398 Disabling Session Tickets 399 Client Authentication 400 Mitigating Protocol Issues 401 Insecure Renegotiation 402 BEAST 402 xi CRIME 402 Deploying HTTP Strict Transport Security 403 Monitoring Session Cache Status 403 Logging Negotiated TLS Parameters 404 Advanced Logging with mod_sslhaf 406 14. Configuring Java and Tomcat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409 Java Cryptography Components 409 Strong and Unlimited Encryption 410 Provider Configuration 411 Features Overview 411 Protocol Vulnerabilities 412 Interoperability Issues 413 Tuning via Properties 414 Common Error Messages 417 Securing Java Web Applications 420 Common Keystore Operations 425 Tomcat 430 Configuring TLS Handling 434 JSSE Configuration 436 APR and OpenSSL Configuration 439 15. Configuring Microsoft Windows and IIS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 443 Schannel 443 Features Overview 443 Protocol Vulnerabilities 445 Interoperability Issues 446 Microsoft Root Certificate Program 448 Managing System Trust Stores 448 Importing a Trusted Certificate 449 Blacklisting Trusted Certificates 449 Disabling the Auto-Update of Root Certificates 449 Configuration 450 Schannel Configuration 450 Cipher Suite Configuration 452 Key and Signature Restrictions 454 Configuring Renegotiation 460 Configuring Session Caching 461 Monitoring Session Caching 462 FIPS 140-2 463 Third-Party Utilities 465 xii Securing ASP.NET Web Applications 466 Enforcing SSL Usage 466 Securing Cookies 467 Securing Session Cookies and Forms Authentication 467 Deploying HTTP Strict Transport Security 468 Internet Information Server 469 Managing Keys and Certificates 470 16. Configuring Nginx . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477 Installing Nginx with Static OpenSSL 478 Enabling TLS 478 Configuring TLS Protocol 479 Configuring Keys and Certificates 479 Configuring Multiple Keys 480 Wildcard and Multisite Certificates 480 Virtual Secure Hosting 481 Reserving Default Sites for Error Messages 482 Forward Secrecy 483 OCSP Stapling 483 Configuring OCSP Stapling 484 Using a Custom OCSP Responder 485 Manual Configuration of OCSP Responses 485 Configuring Ephemeral DH Key Exchange 486 Configuring Ephemeral ECDH Key Exchange 487 TLS Session Management 488 Standalone Session Cache 488 Standalone Session Tickets 488 Distributed Session Cache 489 Distributed Session Tickets 489 Disabling Session Tickets 491 Client Authentication 491 Mitigating Protocol Issues 492 Insecure Renegotiation 492 BEAST 492 CRIME 493 Deploying HTTP Strict Transport Security 493 Tuning TLS Buffers 494 Logging 494 17. Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 497
BulletProof的工作原理
最新发布
qq_44722300的博客
11-01 253
在这篇文章,我们会详细介绍 bulletProof 的工作原理
Bulletproofs 代码解析
mutourend的博客
08-10 2306
1. 引言 Benedikt B¨unz、 Jonathan Bootle和 Dan Boneh等人2018年论文《Bulletproofs: Short Proofs for Confidential Transactions and More》,相应的代码实现库有: https://github.com/dalek-cryptography/bulletproofs https://github.com/adjoint-io/bulletproofs https://github.com/lovesh
Bulletproofs+: Shorter Proofs for Privacy-Enhanced Distributed Ledger学习笔记
mutourend的博客
09-02 1112
1. 引言 Chung等人2020年论文《Bulletproofs+: Shorter Proofs for Privacy-Enhanced Distributed Ledger》,暂无收录信息。 代码实现参见: https://github.com/ZenGo-X/bulletproofs 本文为range proof和arithmetic circuit提供了无需trusted setup的zero-knowledge argument,proof size为当前最短的。以prove a comm
三大零知识(ZK)证明系统全面深度分析:STARKs SNARKs Bulletproof
FeelTouch Labs
11-15 1969
ZK学术定义:使用密码学允许某人(证明者)向其他人(验证者)证明事实是百分百真实的,但除了特定真实性的陈述之外,不会透露任何额外信息。即能保守秘密,又能让人相信你。ZK通俗定义:ZK证明本质上是让某人证明他们知道或拥有某些东西,而不会泄露他们知道或拥有什么的任何信息。
Monero bulletproof 源码结构解析
mutourend的博客
06-27 745
1. 代码下载并切换到指定commit 切换到 bp-multi-aggregation 分支的7f964dfc8f15145e364ae4763c49026a3fab985d commit. git clone https://github.com/moneromooo-monero/bitmonero.git cd bitmonero git checkout 7f964dfc8f Bull...
我们跟Bulletproofs发明人, 以太坊2.0密码学核心组件作者聊聊了零知识证明的最前沿进展……...
区块链大本营
09-30 3748
来源 |链闻撰文&采访|潘致雄责编 | Carol出品 | 区块链大本营(blockchain_camp)斯坦福大学计算机密码学博士 Benedikt Bü...
Bulletproof零知识证明
跨链技术践行者
09-16 2278
如何使用dalek-cryptography中的Bulletproofs实现(Bulletproofs implementation)[1]创建各种零知识证明。示例为i)证明自己知道给定数字的因数而不披露该因数,ii)范围证明,即证明自己知道能使a≤x≤b的x值,而不披露x,iii)证明该x值非零并不披露(而且不使用上面的范围证明),iv)集合的包含证明,即给定一个集合S,证明自己知道集合中的一个...
抽象类、继承、接口综合 设计一个系统: XXX门的实现过程: 流程: 设计一张抽象的门Door,那么对于这张门来说,就应该拥有所有门的共性,开门openDoor()和关门closeDoor();然后对门进行另外的功能设计,防盗--theftproof()、防水--waterproof()、防弹--bulletproof()、综合门…… 要求:利用继承、抽象类、接口的知识设计该门
07-12
4. 接口 Bulletproof:定义防弹功能 bulletproof()。 ```java public interface Bulletproof { void bulletproof(); } ``` 5. 综合门类 ComprehensiveDoor:继承 Door 抽象类,并实现 TheftProof、Waterproof 和 ...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值