mirror of https://github.com/zcash/zips.git
Specify ZK keypair generation as a randomized algorithm.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
26c0ad45b6
commit
1fba55a213
|
@ -516,7 +516,7 @@
|
|||
\newcommand{\ZKVerifyingKey}{\mathsf{ZK.VerifyingKey}}
|
||||
\newcommand{\pk}{\mathsf{pk}}
|
||||
\newcommand{\vk}{\mathsf{vk}}
|
||||
\newcommand{\ZKParameterDistribution}{\mathsf{ZK.ParameterDistribution}}
|
||||
\newcommand{\ZKGen}{\mathsf{ZK.Gen}}
|
||||
\newcommand{\ZKProof}{\mathsf{ZK.Proof}}
|
||||
\newcommand{\ZKPrimary}{\mathsf{ZK.PrimaryInput}}
|
||||
\newcommand{\ZKAuxiliary}{\mathsf{ZK.AuxiliaryInput}}
|
||||
|
@ -1245,7 +1245,7 @@ be a function satisfying the security requirements of computational hiding
|
|||
and computational binding, as defined in \todo{need reference}.
|
||||
|
||||
|
||||
\nsubsubsection{\ZeroKnowledgeProvingSystem}
|
||||
\nsubsubsection{\ZeroKnowledgeProvingSystem} \label{abstractzk}
|
||||
|
||||
A \zeroKnowledgeProvingSystem is a cryptographic protocol that allows
|
||||
proving a particular \statement, dependent on \primary and \auxiliaryInputs,
|
||||
|
@ -1258,17 +1258,18 @@ A \ppzkSNARK instance $\ZK$ defines:
|
|||
\begin{itemize}
|
||||
\item a type of \zkProvingKeys, $\ZKProvingKey$;
|
||||
\item a type of \zkVerifyingKeys, $\ZKVerifyingKey$;
|
||||
\item a probability distribution over $\ZKProvingKey \times \ZKVerifyingKey$ of parameters, $\ZKParameterDistribution$;
|
||||
\item a type of \primaryInputs $\ZKPrimary$;
|
||||
\item a type of \auxiliaryInputs $\ZKAuxiliary$;
|
||||
\item a type of proofs $\ZKProof$;
|
||||
\item a type $\ZKSatisfying \subseteq \ZKPrimary \times \ZKAuxiliary$ of inputs satisfying
|
||||
the \statement;
|
||||
\item a function $\ZKProve{} \typecolon \ZKProvingKey \times \ZKSatisfying \rightarrow \ZKProof$;
|
||||
\item a function $\ZKVerify{} \typecolon \ZKVerifyingKey \times \ZKPrimary \times \ZKProof \rightarrow \bit$;
|
||||
\item a randomized key pair generation algorithm $\ZKGen \typecolon () \rightarrowR \ZKProvingKey \times \ZKVerifyingKey$;
|
||||
\item a proving algorithm $\ZKProve{} \typecolon \ZKProvingKey \times \ZKSatisfying \rightarrow \ZKProof$;
|
||||
\item a verifying algorithm $\ZKVerify{} \typecolon \ZKVerifyingKey \times \ZKPrimary \times \ZKProof \rightarrow \bit$;
|
||||
\end{itemize}
|
||||
|
||||
The security requirements below are supposed to hold with overwhelming
|
||||
probability for $(\pk, \vk)$ sampled at random from $\ZKParameterDistribution$.
|
||||
probability for $(\pk, \vk) \leftarrow \ZKGen()$.
|
||||
|
||||
\begin{securityrequirements}
|
||||
\item \textbf{Completeness:} An honestly generated proof will convince a verifier:
|
||||
|
|
Loading…
Reference in New Issue