- 博客(52)
- 收藏
- 关注
RSS订阅转载 Bulletproofs用于verifiable shuffle随机组合证明
Consider two lists of committed values x1,…,xn and y1,…,yn. The goal is to prove that the second list is a permutation of the fi rst. This problem is called a veri able shuffle. It has many applicatio...
2019-06-28 18:47:46
325
转载 Provisions protocol 用于证明具有偿付能力的隐私保护
Dagher et al. [DBB+15] introduced the Provisions protocol which allows Bitcoin exchanges to prove that they are solvent without revealing any additional information.The protocol crucially relies on r...
2019-06-28 15:49:09
166
1
转载 Mimblewimble
Bitcoin allows a single UTXO to be spent to many distinct outputs, each associated with a different address. To spend a UTXO a user must provide a signature, or more precisely a scriptSig, that enable...
2019-06-28 15:21:11
247
原创 Fuzzing模糊测试
Fuzz testing or fuzzing is a software testing technique, often automated or semi-automated, that involves providing invalid, unexpected, or random data to the inputs of a computer program. The program...
2019-06-28 11:13:20
787
翻译 BulletProof伪代码说明
以证明数字在[0, 264 − 1]范围为例,考虑支持多个数字proof合计的情况,主要有以下几方面内容:1. public parameters 公共变量• l: cardinality of the subgroup of the elliptic curve used (Ed25519)• N: bitsize of the elements whose range one wants...
2019-06-28 00:04:24
347
原创 超大文件快速查找grep及多条件查询
LC_ALL=C fgrep -A 5 -B 5 'findtest' targetfile27G左右的文件中查找,用时仅需几分钟。按多个条件满足其一查询:LC_ALL=C fgrep -A 5 -B 5 -E 'findtesta|findtestb' targetfile参考资料:[1] https://stackoverflow.com/questions/13913014/g...
2019-06-27 23:31:34
2888
翻译 Monero bulletproof 源码结构解析
1. 代码下载并切换到指定commit切换到 bp-multi-aggregation 分支的7f964dfc8f15145e364ae4763c49026a3fab985d commit.git clone https://github.com/moneromooo-monero/bitmonero.gitcd bitmonerogit checkout 7f964dfc8fBull...
2019-06-27 17:24:03
725
转载 SQLException vs RuntimeException Runtime Exception vs Checked Exception in Java
1. SQLException vs RuntimeExceptionpublic class RuntimeExceptionextends ExceptionRuntimeException is the superclass of those exceptions that can be thrown during the normal operation of the Java V...
2019-06-27 14:20:13
291
原创 Bulletproof
Bulletproof is a new non-interactive zero-knowledge proof protocol with short proofs and without trusted setup. It is integrated in the Monero project as a replacement for the previous protocol based ...
2019-06-26 19:46:12
1411
转载 Chaum-Pedersen的零知识证明
1. What is Chaum-Pedersen Zero Knowledge ProofThe Chaum-Pedersen Zero Knowledge Proof can be used to show that Peggy (the Prover) knows a secret to Victor (the Verifier).In the Chaum-Pederson method...
2019-06-26 15:32:46
988
原创 Pedersen Commitment扫盲及sage和python脚本
1. What is Pedersen CommitmentThe Pedersen commitment allows us to commit to a message, but not actually reveal it until some time in the future. We can also use the Pedersen commitment to add commit...
2019-06-26 14:53:18
1949
原创 Jubjub性能表现测试及相关结论
基于Rust库 https://github.com/zkcrypto/jubjub ,在4G内存,1CPU Ubuntu16.04虚拟机内做的cargo bench --all。具体性能表现root@zyd-VirtualBox:/home/zyd/jubjub# cargo bench --all Updating `git://mirrors.ustc.edu.cn/crates...
2019-06-26 11:57:17
672
转载 Rust crate subtle:用于实现常量时间执行密码学操作的库
具体见 https://github.com/dalek-cryptography/subtlePure-Rust traits and utilities for constant-time cryptographic implementations.It consists of a Choice type, and a collection of traits using Choicei...
2019-06-26 11:00:58
370
原创 cargo bench用于package基准测试
cargo bench用于在代码中以#{bench]标识(代码目录下有benches文件夹),类似于测试用例#[test]标识(代码目录下有tests文件夹)支持的子命令如下:# cargo bench --helpcargo-benchExecute all benchmarks of a local packageUSAGE: cargo bench [OPTIONS] [...
2019-06-25 19:07:48
1568
原创 jubjub safety curve验证
在 https://github.com/zkcrypto/jubjub/tree/master/doc/evidence 中,有相应的sage脚本来验证其符合SafeCurves criteria。做SafeCurves criteria验证的主要原因如下:There are several different standards covering selection of curves f...
2019-06-25 18:13:52
384
转载 MiMC: Efficient Encryption and Cryptographic Hashing with Minimal Multiplicative Complexity
MiMC: Efficient Encryption and Cryptographic Hashing with Minimal Multiplicative ComplexityMartin Albrecht and Lorenzo Grassi and Christian Rechberger and Arnab Roy and Tyge TiessenAbstract: We expl...
2019-06-25 12:02:44
479
原创 什么是Pedersen Hash?
PedersenHash被用于ZCash sapling版本的Pedersen commitment和incremental Merkle tree中,是一种对fixed input length 抗撞击的hash函数,但是对variable-length inputs是not collision-resistant的。The Pederson hash function Pederson(D,...
2019-06-24 18:59:57
1273
原创 彩虹攻击及密码加盐 rainbow attack and password salt
What is rainbow attack?彩虹攻击,是指攻击者存储了一个大的密码->hash字典表Rainbow Tables。相比于普通的字典表,Rainbow Tables经过了空间优化和查找优化。 A rainbow table is a large list of pre-computed hashes for commonly-used passwords.通过获得一系列密...
2019-06-24 10:46:10
2889
转载 FlatBuffers: Memory Efficient Serialization Library
FlatBuffers is a cross platform serialization library architected for maximum memory efficiency. It allows you to directly access serialized data without parsing/unpacking it first, while still having...
2019-06-21 13:58:32
125
原创 bls12 curve生成器,可生成ZCash sapling版本中所使用的BLS12-381曲线
使用的编译工具为SageMath——在GPL协议下发布的开源数学软件。可从官网下载最新版本,双击下载的exe文件安装即可。下载bls12 curve 生成器代码,代码库来自 https://github.com/kobigurk/curve_generatorgit clone https://github.com/kobigurk/curve_generator.git拷贝下载下来的代码...
2019-06-21 12:13:20
9744
转载 zcash官方介绍 Pinocchio protocol
参见Zcash官方blog < Explaining SNARKs Part VI: The Pinocchio Protocol>The question is whether we have the tools to implement this sketch. The most crucial point is that Alice must choose the poly...
2019-06-20 17:15:29
530
转载 zcash官方介绍 zk-SNARK circuit->QAP转化
除了V神的博客值得推荐外,zcash官方的blog也做了形象的解释。也可参看本人另一篇博文<Vitalik Buterin Quardratic Arithmetic Programs: from Zero to Hero 实现>,有更直观的了解。在zcash官方blogExplaining SNARKs Part V: From Computations to Polynomial...
2019-06-20 15:56:11
646
转载 zcash zksnarks
Currently, the most efficient known way to produce zero-knowledge proofs that are non-interactive and short enough to publish to a block chain is to have an initial setup phase that generates a common...
2019-06-20 13:29:57
340
转载 zk-SNARKS setup pubkey数学背景介绍,公式很直观
参考 https://electriccoin.co/blog/generating-zcash-parametersSNARKs require something called “the public parameters”. The SNARK public parameters are numbers with a specific cryptographic structure tha...
2019-06-20 11:58:55
312
翻译 zk-SNARKs中input和witness size的权衡
主要来源 https://blog.ethereum.org/2016/12/05/zksnarks-in-a-nutshell/ 中“Tradeoff between Input and Witness Size”段落论文GGPR12中,生成的proof只有7个elements of a group.Verifier主要需要计算pairing等式的成立(如 W := E(w(s)),W’ :...
2019-06-19 15:10:56
390
原创 加法/乘法同态加密算法及在zk-SNARK中的应用
目前,全同态加密(Fully Homomorphic Encryption, FHE)因当前算法复杂度问题,离实用仍有距离。半同态加密一般指的是:加法同态和乘法同态。加法同态:满足E(X)E(Y)=E(X+Y)。典型的例子为:椭圆曲线加密算法中,E(x)=gx(其中g为椭圆曲线的generator),则E(x)E(y)=gxgy=g(x+y)=E(x+y),具有加法同态性。乘法同态:满足E...
2019-06-19 14:40:59
9485
5
原创 椭圆曲线generator点的特征
在zk-SNARK等密码学实现中,常用到椭圆曲线Elliptic Curve,参照《Elliptic Curves Number Theory And Cryptography 2n》一般形式为:y2 = x3 + Ax + B over Finite field Fq相应的group order为n.Generator相当于所在椭圆曲线的“1”单位值。具有的特点为:A group el...
2019-06-19 13:51:41
565
转载 NP和SAT
摘自 https://blog.ethereum.org/2016/12/05/zksnarks-in-a-nutshell/Two of the main classes of problems in complexity theory are P and NP:P is the class of problems L that have polynomial-time programs....
2019-06-19 12:27:16
584
转载 rust 不再默认为jemalloc
摘自 https://www.reddit.com/r/rust/comments/9twam5/jemalloc_was_just_removed_from_the_standard/jemalloc was just removed from the standard library
2019-06-19 11:23:36
615
转载 zcash的Jubjub
参考 https://z.cash/technology/jubjubJubjub is a twisted Edwards curve of the form −x2+y2=1+dx2y2 built over the BLS12-381 scalar field, with d=−(10240/10241). Being a twisted Edwards curve, it has a c...
2019-06-18 19:05:54
574
原创 zcash Sapling升级背后的安全多方计算协议
zcash Sapling 采用的安全多方计算协议是基于论文《Scalable Multi-party Computation for zk-SNARK Parameters in the Random Beacon Model》及 https://github.com/arielgabizon/sapling-security-analysis/blob/master/secondmpc.pdf...
2019-06-18 16:37:06
581
原创 zk-SNARK零知识证明曲线选择——BN128 VS BLS12-381曲线
libsnark中提供的椭圆曲线选择有:bn128: an instantiation based on a Barreto-Naehrig curve, providing 128 bits of security. The underlying curve implementation is [ate-pairing], which has incorporated our p...
2019-06-18 14:06:03
5559
8
转载 可信硬件加密方案——Intel SGX和Apple SEP
摘自 https://blog.decentriq.ch/soft-introduction-to-secure-crytpographic-enclaves/从数据隔离——》数据隐私保护。When Apple released the iPhone 5S in 2013, most people focused on its new camera and features such as T...
2019-06-17 11:56:45
1318
转载 Pinoccho的意义
摘自 https://blog.decentriq.ch/evolution-of-cryptography/In 2012 Project Pinocchio from IBM and Microsoft found a way to reduce the computing needs of a zero-knowledge proof by 20x and for zero-knowled...
2019-06-17 11:46:15
192
原创 QAP-based Simulation-Extractable SNARK with a Single Verification及代码实现
Jihye Kim and Jiwon Lee and Hyunok Oh 发表于2019年6月的论文《QAP-based Simulation-Extractable SNARK with a Single Verification》,摘要内容如下:The pairing-based simulation-extractable succinct non-interactive argumen...
2019-06-17 10:17:04
317
原创 Zokrates利用现有standard libaray编写code注意事项
需设置至stdlib目录。export ZOKRATES_HOME=$PATH_TO_ZOKRATES/zokrates_stdlib/stdlib/对于sha256运算,可直接引入zokcrates提供的官方实现:import "hashes/sha256/512Padded.code"若$ZOKRATES_HOME设置不正确,./zokrates compile -i ***时会报...
2019-06-14 17:59:06
647
2
原创 code flattening ——> conversion to R1CS——>formulation of QAP
https://blog.decentriq.ch/zk-snarks-primer-part-one/除Vitalik Buterin博客Quardratic Arithmetic Programs: from Zero to Hero 外的很好的学习资料。https://blog.decentriq.ch/zk-snarks-primer-part-one/ 中很形象连贯的解释了code ...
2019-06-14 14:40:37
476
原创 零知识证明libSnark中Groth16算法的优劣——可加工性攻击问题
Groth16相比于PGHR13和GM17实现,具有一定的时间和空间优势,具体可参考:libsnark中有对snark的不同实现方法做了性能对比:ZoKrates中采用的是Ethereum支持的ALT_BN128曲线,同时也对这三种方法做了实现,默认采用的是Groth16。同时,在其指导网页中也指出,Groth16算法存在可加工性攻击问题——即攻击者可利用已知的valid proof再加工出...
2019-06-13 18:07:03
2232
转载 零知识证明zkSNARK的应用场景
摘自 https://medium.com/coinmonks/zk-snarks-a-realistic-zero-knowledge-example-and-deep-dive-c5e6eaa7131c?email=287494524%40qq.comzk-SNARKs can be used in a wide array of areas, for example:Verifica...
2019-06-13 16:30:36
1387
空空如也
空空如也
TA创建的收藏夹 TA关注的收藏夹
TA关注的人