Recently, a small partner asked about the introduction of zero-knowledge proof. Now I will make a brief summary of my (non-cryptography major) learning zero-knowledge proof:
-
About the basics of number theory and elliptic curves: see " Elliptic Curves Number Theory and Cryptography (second edition) ", which helps literacy.
-
Practical math software: sageMath (open source and free), Magma (authorization required), but Magma provides an online version for free use: Magma Calculator .
-
Regarding homomorphic algorithms: The so-called homomorphic algorithms refer to ciphertext-based operations that can reflect the true relationship of the plaintext, and are often used in the verification link of zero-knowledge proofs. Such as e (gx, gy) = e (g, gxy) e(g^x,g^y)=e(g,g^(xy))e ( gx,gand )=e ( g ,gx y )has multiplicative homomorphic properties,gx ⋅ gy = gx + yg^x\cdot g^y=g^{x+y}gx⋅gY=gx + y has the property of additive homomorphism.
-
About pairing: pairing has the attribute of homomorphic multiplication. The pairing algorithm can be divided into eta pairing, ate pairing, Weil pairing, Tate pairing, etc. For the specific pairing algorithm basis, please refer to Craig Costello's " Pairings for beginners ", with Magma code attached. , Intuitive and easy to understand.
-
About commitment: You can refer to " From Zero (Knowledge) to Bulletproof " to understand that the pedersen commitment under the elliptic curve has additive homomorphism properties. I blog See also Pedersen commitment in the form of an elliptic curve - vector commitment and commitment Polynomial .
-
About group: The commonly contacted groups include: pairing-friendly group, unknown order group, known order group, etc.
-
About cryptography hypothesis: cryptography hypothesis refers to a certain mathematical problem that is difficult to solve. Common mathematical problems include discrete logarithm problem, factoring, pairing, lattice and so on. See 2013 report " Final Report ON Main Computational Assumptions in Cryptography ", see also my blog mainstream cryptographic hardness / computational assumptions .
-
Regarding programming languages: There are many corresponding implementations of C++, Rust, Go, Python, Haskell, etc. on github, and many of the latest papers are based on Rust. Rust is a system-safe static language. If you are interested in becoming a coder, it is worth learning.
-
Zero-knowledge proof database: Awesome zero knowledge proofs (zkp) contains various current mainstream zero-knowledge proof algorithms, and you can choose the direction of interest to learn more.
-
The role in zero-knowledge proof:
Prover: The person who knows the secret.
Verifier: I don't know the secret, but I want to prove whether Prover really knows the secret.
For example:
– public instance: y, gy,gand ,g (both Verifier and Prover know)
– witness:xxx (only Prover knows)
– relation:y = gxy=g^xY=gthe X- (to prove the relationship Verifier want to verify the relationship or Prover)
classic methods of proof for the use of sigma protocol (the core idea for the commit-and-prove), details can be found in my blogbased on zero-knowledge proof protocol Sigma protocol implementation highlights. -
Application of zero-knowledge proof:
such as hiding the transaction amount and counterparty in the blockchain (Monero/Zcash);
compressed storage space (such as Filecoin);
multi-party secure computing;
computing power outsourcing;
blacklist and whitelist access control;
Privacy computing and so on.