blocksight 2021-04-26 16:18:46 阅读数:332
In the last introduction RSA Accumulator Non member proof and application in blockchain , Some of the details didn't unfold , For example, why use prime factors ？ Because their product will uniquely represent the set . otherwise , There will be confusion 【 The same product , There will be different combinations of factors , Such as 18 = 2 9 = 3 6】 wait .
Up to now , There's a signature , Cryptography promises , Homomorphic computation , Elliptic curve and so on , Next, we can see the specific content of zero knowledge proof . This article belongs to popular science , Compared with the previous , Happy reading does not burn the brain ！
Generally speaking, zero knowledge proof makes the verifier believe by some means （ confirm ） The witness's statement is correct （ For example, knowing some key information ）, Without exposing the information itself .** There are many examples on the Internet to help understand , Here's a scene ： If V Found a lost bank card ,P Come and say that the bank card is his , And said he knew the bank card number and password , Because the bank card is V In the hands of ,V It's easy to judge P Is the card number correct , however V I still don't believe it P It's the owner of the card , therefore P He also said that he knew the withdrawal code of the bank card , But I can't tell you directly V Otherwise, it will be leaked .** So they agreed , Come to the nearby ATM By the machine ,V leave ATM Keep a certain distance from the plane , To make visible P Perform the withdrawal operation , But not so close as to see P The withdrawal code you entered .P It's just ATM Wait by the side V Operation instructions of .
When they're in place ,V Let's take it out 100 element ,P Insert the card , Enter the password and take it out 100 element （ Suppose that Cary is rich ）,V Let's take it out again 300 element ,P Do it and take it out again 300 element , After a few repetitions ,V Make sure the bank card is P Of .
P I got my bank card in this way , Didn't let V Know the withdrawal code , This simulation scenario is the application scenario of zero knowledge proof .
Zero knowledge proof is often used in the following scenarios ：**(1） Proof of privacy data ： A person's bank account is more than X; last year , A bank is not associated with an entity Y Make a deal ; A person's credit score is higher than Z;** Without exposing the whole DNA Matching on the premise of data DNA
(2） Anonymous Authentication ：** Without revealing identity （ Like the login password ）, Prove that the requester R Have access to restricted areas of the site ; Prove that a person comes from a group of allowed countries / A country in the region list / region , But it doesn't reveal which one ; Prove that a person is a member of an organization but not who .（3） Anonymous payment / Tokens, ： In the blockchain （ Untraceable ） Privacy coin ; Payment is completely separated from any kind of display identity ;** Paying taxes without disclosing income ;
（4） Outsourcing Computing ** Outsource expensive computing tasks , And verify whether the calculation results are correct without re execution ; It opens up a category of zero Trust Computing ;** Improve the blockchain model , Do the same calculation from all nodes , To only need one side to calculate and then other nodes to verify and so on ,zk rollup layer2 Plan, etc .
since 1985 year , The concept of zero knowledge proof is in “ Knowledge complexity of interactive proof system ” In this paper, we introduce , Later included non interactive research , In recent years, the research and application of blockchain has developed rapidly .**** The zero knowledge proof system should satisfy the following properties .
At present, the mature application is zk-SNARK Technical solution . This term means ：
ZK-SNARK Full name :****zero-knowledge succinct non-interactive arguments of knowledge
Succint ( Conciseness )** : Compared with the actual calculated length , The generated zero knowledge evidence message is very small .**
Non-interactive ( Non interactivity )** : about zk-SNARK Algorithm , There is usually a build phase , After the build phase is complete , Certifier (prover) Just report to the verifier (verifier) Just send a message . and ,SNARK There's usually another one called " Public verifier " Characteristics of , It means that anyone can verify zero knowledge evidence without any interaction , This is crucial to blockchain .**
Arguments ( Controversial )** : The verifier can only resist the attack of the verifier with limited computing power . The prover with enough computing power can create forged zero knowledge evidence to deceive the verifier . This is also often called " Computational completeness (computational soundness)", instead of " Perfect integrity (perfect soundness) ".**
of Knowledge** : For a certifier , Without knowing the specific proof (witness) Under the premise of , It is impossible to construct an effective zero knowledge evidence .**
In any zero knowledge proof system , There is one. prover Let... Without divulging any additional information verifier Be sure of certain statements （Statement） That's right. .
ZK-SNARK At present, it is widely used , There are many mature Libraries , Such as libsnark,bellman etc. .**** Some don't need to setup Of zk-stark The plan , Let's talk about it later .
Okay , Next, we'll go on to zero knowledge proof ！.
Welcome to your attention & Looking at , If you have any questions, please leave a message ！
Mathematics in blockchain （ Seventy two ） RSA Accumulator Non member proof and blockchain applications
Mathematics in blockchain （ seventy-one ) Accumulator and RSA Accumulator
Mathematics in blockchain （ Sixty-nine ) Kate Promise volume Certification
Mathematics in blockchain （ sixty-seven ） Knowledge and commitment
Mathematics in blockchain （ sixty-six ） Pedersen Key sharing
Mathematics in blockchain （ Sixty five ） Cryptography promises --Pedersen promise
Mathematics in blockchain （ sixty-three ） Oblivious transport protocol
Mathematics in blockchain （ Twelve ） RSA Encryption and decryption algorithm
Mathematics in blockchain （ sixty one ） BLS m of n Threshold signature
Mathematics in blockchain （ fifty-nine ） BLS Key aggregation
Schnorr Signature and elliptic curve Schnorr Signature and elliptic curve
Mathematics in blockchain （ Thirty-seven ） Uniwap Core algorithm analysis （ in ）