Reposted from: PrivacyIN Privacy Academy
foreword
Privacy Institute [PrivacyIN] The first phase of ZK training camp courses is now online. In this class, Zhang Yupeng, an assistant professor from the School of Computer Science and Engineering at Texas A&M University (Texas A&M University), is invited to introduce ZK theory and related applications. The class topic is "Basics of ZK Cryptography & Research Overview".
The class was taught in small classes, and dozens of experts and scholars from cryptography and related fields at home and abroad were invited as students to participate in a high-intensity 90-minute cryptography training class.
Course Intensive Lecture Full Text
Zero-Knowledge-Proofs (Zero-Knowledge-Proofs) was proposed by Goldwasser, Micali and Rackoff in 1985. Zero-knowledge proof is a cryptographic protocol between the prover and the verifier. The prover proves to the verifier that it has a solution (witness) can solve a computational problem (statement) without revealing any additional information about the solution (witness).
The ability of Zero-Knowledge-Proofs to ensure correctness without revealing privacy makes Zero-Knowledge Proofs a powerful tool and widely used in various fields, such as electronic voting, anonymous certificates, group signatures, Verify outsourcing calculations, etc., especially with the development of WEB3 technology, digital currency and blockchain technology are very closely linked.
In this class, Mr. Zhang Yupeng will focus on zero-knowledge proof. The main contents include: proof system and definition of zero-knowledge proof, development history of zero-knowledge proof, zero-knowledge proof and blockchain application, etc.
Teacher Zhang Yupeng first described the proof problem in the traditional sense by taking the proof of "Pythagorean Theorem" as an example, that is, a triangle ABC with B as a right angle is given, and the proof is correct. The method of proof is to draw a vertical line through point B to intersect AC at point D , and then prove that the Pythagorean theorem relation is satisfied by the triangular similarity relation.
Here
is the proof statement, and the proof process (deduction steps) is prove. A statement can represent any calculation problem. The traditional statement proof is realized by providing all proof deduction steps, and then performing correctness detection and verification, where information (knowledge knowledge) will be leaked.
In the proof system, the prover/verifier interactive proof calculation model is very typical. Teacher Zhang Yupeng gave an example of color verification. In this proof, the prover claims to "know a piece of paper with different colors" as a statement.
By introducing a random challenge, the verifier generates random numbers to determine whether to flip the paper for a random challenge, and the prover answers whether the paper is flipped after receiving the challenge. If it is an honest prover, it will always be able to answer the verifier correctly (100% probability). Flip the paper, otherwise the blind guess only has a 1/2 probability of correctly answering the verifier's challenge. Repeat the process many times (such as 100 or more times), if the prover can correctly answer the verifer's challenge every time, it proves with a high probability (almost 100%) that the prover knows the correct answer, that is, proves what the prover claims "Know a piece of paper with different colors" statement; if the prover does not know the answer, the prover will guess right with a very low probability (such as 100 challenges, the probability of guessing is almost negligible), then prove that the prover is lying or is the perpetrator.
In the standard proof system, there are mainly the prover prover, the verifier verifier and the public calculation C, where the prover owns the data data, and the prover generates a proof proof indicating that it uses the calculation expression C to calculate the result result, and then sends the calculation proof proof to verifer; verifer receives the calculation proof proof to verify whether the proof is correct.
The proof system has main features:
Correctness : An honest prover can verify correctness with an extremely high rate (almost 1)
Soundness : If the prover is dishonest or evil, the probability of passing the verification is extremely small (negligible probability)
The main indicators of an efficient proof system are efficient verification time and small proof size, that is, it has the succinct feature.
Based on the proof system, construct a proof system that can prove the correctness of the calculation without revealing any original data of the prover, that is, has zero-knowledge (zero-knowledge), such a proof system is a zero-knowledge proof ZKP system.
In the course, Mr. Zhang Yupeng reviewed the development history of the zero-knowledge proof problem, introduced the earliest zero-knowledge proof system proposed by Goldwasser, Micali and Rackoff, and early related complex computing theories, including interactive proof (Interactive Proof), probability detection proof (Probabilistically checkable proofs), zero-knowledge (Zero-knowledge), etc.
The milestone breakthrough of the zero-knowledge proof system is the Pinocchio protocol. The Pinocchio protocol is the first simple, non-interactive zero-knowledge proof system zkSNARK (SNARK=Succint Non-interactive ARgument of Knowledge), which supports general computing. Convert the calculation problem to the form of R1CS (Rank1 Constraint System), and then convert R1CS to QAP (Quadratic Arithmetic Programs) to achieve concise polynomial proof and verification. The emergence of the Pinocchio protocol marks the beginning of zero-knowledge proof development from theory to practical stage. This is also the basis of the Groth16 protocol.
Next, Mr. Zhang Yupeng classified the cryptography technologies that the current zero-knowledge proof system relies on, which are mainly divided into: Bilinear Pairing, Secure Computation, Discrete-log, Interactive Oracle proof Interactive oracle proof, interactive proof Interactive proof, Lattice, etc.
At present, the performance of the zero-knowledge proof system is close to practicality. The current best proof system has performed very well on millions of computing circuits (such as generating proofs), but on the other hand, the proof size and verification time are not related to the specific cryptographic technology. How it's constructed has a lot to do with it.
Further, Mr. Zhang Yupeng briefly explored the characteristics of cryptocurrency, authentication and blockchain, and analyzed the privacy leakage issues involved in the privacy of Bitcoin, saying that its privacy protection is data disclosure and weak pseudo-anonymity. Zero-knowledge proofs are used to create data legality proofs to solve problems.
Teacher Zhang Yupeng also analyzed the scalability problem of the current blockchain (Scalability), that is, the ability of the blockchain system to process transactions is very inefficient (such as Bitcoin: 5tx/s, Ethereum: ~30 tx/s), and introduced The very popular ZK-Rollup technology means that it mainly uses an efficient zero-knowledge verification algorithm to aggregate batch transactions to build concise proofs and perform efficient verification.
Near the end of the class, Mr. Zhang Yupeng continued to analyze and discuss some differences between the privacy chain ZCash and ZK-Rollup, to help everyone further understand their characteristics, concepts and design goals.
In the free discussion session, Zhang Yupeng patiently answered a series of questions about the basics of cryptography and zero-knowledge proof for the students.
About PrivacyIN
PrivacyIN Privacy Institute (Privacy Institution) is initiated by the LatticeX Foundation, and is committed to building an open cryptography and privacy technology evangelism and research community, and unites the world's top scholars and privacy technology developers to promote ZK (Zero-Knowledge Proof), MPC (Security The innovation and implementation of multi-party computing) and FHE (full homomorphic encryption).