{ "cells": [ { "cell_type": "markdown", "metadata": {}, "source": [ "Pedersen Commitment\n", "==================" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Pedersen commitment:" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "$Gen(1^\\lambda) \\rightarrow ck$\n", "\n", "$$\n", "g \\leftarrow \\mathbb{G}\\\\\n", "h = g^x\\\\\n", "ck:=(\\mathbb{G}, p, g, h)\n", "$$\n", "\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "$Com_{ck}(m) \\rightarrow c$" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "$$\n", "c:=(g^r, g^mh^r)\n", "$$" ] }, { "cell_type": "code", "execution_count": 18, "metadata": {}, "outputs": [], "source": [ "from klefki.types.algebra.concrete import EllipticCurveGroupSecp256k1 as Curve\n", "from klefki.types.algebra.concrete import FiniteFieldCyclicSecp256k1 as CF\n", "from klefki.types.algebra.concrete import FiniteFieldSecp256k1 as F\n", "from klefki.types.algebra.utils import randfield\n", "from klefki.utils import to_sha256int\n", "import hashlib\n", "\n", "G = Curve.G\n", "s = bytes.fromhex(\"0479be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8\")\n", "x = int(hashlib.sha256(s).hexdigest(),16)\n", "H = Curve.lift_x(F(x))" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### $\\Sigma$-protocol" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "Consider a commitment $A$ opening to m to be part of the statement. The prover computes a random commitment $B = Com_{ck}(m; s)$ and sends it to the verifier, which answer with a random challenge $x$. The prover then sends opening information $z$ to the verifier, which checks the commitment $A^x B$ opens to m using randomness $z$." ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "$s \\leftarrow \\mathbb{Z}_p$\n", "$B=Com_{ck}(m;s)$\n", "$$\n", "P \\rightarrow V: B\n", "$$" ] }, { "cell_type": "code", "execution_count": 6, "metadata": {}, "outputs": [], "source": [ "m = randfield(CF)\n", "r = randfield(CF)\n", "\n", "A = G ** m + H ** r" ] }, { "cell_type": "code", "execution_count": 7, "metadata": {}, "outputs": [], "source": [ "s = randfield(CF)\n", "\n", "\n", "B = G ** s * H ** r" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "$x \\leftarrow \\mathbb{Z}_p$\n", "\n", "$$\n", "P \\leftarrow V: x\n", "$$" ] }, { "cell_type": "code", "execution_count": 8, "metadata": {}, "outputs": [], "source": [ "e = randfield(CF)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "$z = me + s; x = re + r$\n", "\n", "$$\n", "P \\rightarrow V: z, x\n", "$$" ] }, { "cell_type": "code", "execution_count": 9, "metadata": {}, "outputs": [], "source": [ "z = m*e + s\n", "x = r*e + r" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "Accept $\\iff$ $B \\in \\mathbf{G}, z \\in \\mathbb{Z}_p$\n", "\n", "$$\n", "Com_{ck}(z;x) = A^eB\n", "$$" ] }, { "cell_type": "code", "execution_count": 10, "metadata": {}, "outputs": [ { "data": { "text/plain": [ "True" ] }, "execution_count": 10, "metadata": {}, "output_type": "execute_result" } ], "source": [ "G ** z * H ** x == A ** e * B" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Implementation" ] }, { "cell_type": "code", "execution_count": 19, "metadata": {}, "outputs": [], "source": [ "from klefki.zkp.pedersen import PedersonCommitment" ] }, { "cell_type": "code", "execution_count": 20, "metadata": {}, "outputs": [], "source": [ "#priv = randfield(CF)\n", "secret = CF(73570390403507240989674623545632060650466613362119649500108200592951986722161)\n", "\n", "r = randfield(CF)\n", "P = PedersonCommitment(G, G@x, secret, r)" ] }, { "cell_type": "code", "execution_count": 21, "metadata": {}, "outputs": [ { "data": { "text/plain": [ "EllipticCurveGroupSecp256k1::(FiniteFieldSecp256k1::76201704871179190780475307638115978518301654908825034157386315651276262400510, FiniteFieldSecp256k1::77268800855390143539124184346541682025370673032906278995802703732885034967010)" ] }, "execution_count": 21, "metadata": {}, "output_type": "execute_result" } ], "source": [ "m = randfield(CF)\n", "s = randfield(CF)\n", "\n", "\n", "P.commit(m, s)" ] }, { "cell_type": "code", "execution_count": 22, "metadata": {}, "outputs": [ { "data": { "text/plain": [ "(FiniteFieldCyclicSecp256k1::89447814369209904756588252129833606768839036881297533466290775855388358949321,\n", " FiniteFieldCyclicSecp256k1::44683317883183669291202167938139287483071112847656724484292910426096615830465)" ] }, "execution_count": 22, "metadata": {}, "output_type": "execute_result" } ], "source": [ "e = randfield(CF)\n", "P.challenge(e)" ] }, { "cell_type": "code", "execution_count": 23, "metadata": {}, "outputs": [ { "data": { "text/plain": [ "True" ] }, "execution_count": 23, "metadata": {}, "output_type": "execute_result" } ], "source": [ "P.proof()" ] }, { "cell_type": "code", "execution_count": 16, "metadata": {}, "outputs": [], "source": [ "m1 = randfield(CF)\n", "\n", "\n", "P.trapdoor(m1, x)" ] }, { "cell_type": "code", "execution_count": 17, "metadata": {}, "outputs": [ { "data": { "text/plain": [ "True" ] }, "execution_count": 17, "metadata": {}, "output_type": "execute_result" } ], "source": [ "P.challenge(e)\n", "P.proof()" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## NIZK" ] }, { "cell_type": "code", "execution_count": 1, "metadata": {}, "outputs": [], "source": [ "from klefki.zkp.schnorr import NIZKSchnoor" ] }, { "cell_type": "code", "execution_count": 2, "metadata": {}, "outputs": [ { "data": { "text/plain": [ "True" ] }, "execution_count": 2, "metadata": {}, "output_type": "execute_result" } ], "source": [ "NIZKSchnoor.verify(*NIZKSchnoor.proof(42))" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Ref:\n", "\n", "* Efficient Zero-Knowledge Proof Systems, Jonathan Bottle, ..., UCL\n", "* Zero-Knowledge Proof and Cryptographic Commitment https://www.cs.purdue.edu/homes/ninghui/courses/555_Spring12/handouts/555_Spring12_topic23.pdf" ] } ], "metadata": { "kernelspec": { "display_name": "Python 3", "language": "python", "name": "python3" }, "language_info": { "codemirror_mode": { "name": "ipython", "version": 3 }, "file_extension": ".py", "mimetype": "text/x-python", "name": "python", "nbconvert_exporter": "python", "pygments_lexer": "ipython3", "version": "3.8.2" } }, "nbformat": 4, "nbformat_minor": 2 }