zec
/
zips
mirror of https://github.com/zcash/zips.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Specify ZK keypair generation as a randomized algorithm. 

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
Daira Hopwood 2016-09-05 21:15:19 +01:00
parent 26c0ad45b6
commit 1fba55a213
1 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
protocol/protocol.tex
View File

@ -516,7 +516,7 @@
\newcommand{\ZKVerifyingKey}{\mathsf{ZK.VerifyingKey}}
\newcommand{\pk}{\mathsf{pk}}
\newcommand{\vk}{\mathsf{vk}}
\newcommand{\ZKParameterDistribution}{\mathsf{ZK.ParameterDistribution}}
\newcommand{\ZKGen}{\mathsf{ZK.Gen}}
\newcommand{\ZKProof}{\mathsf{ZK.Proof}}
\newcommand{\ZKPrimary}{\mathsf{ZK.PrimaryInput}}
\newcommand{\ZKAuxiliary}{\mathsf{ZK.AuxiliaryInput}}
@ -1245,7 +1245,7 @@ be a function satisfying the security requirements of computational hiding
and computational binding, as defined in \todo{need reference}.
\nsubsubsection{\ZeroKnowledgeProvingSystem}
\nsubsubsection{\ZeroKnowledgeProvingSystem} \label{abstractzk}
A \zeroKnowledgeProvingSystem is a cryptographic protocol that allows
proving a particular \statement, dependent on \primary and \auxiliaryInputs,
@ -1258,17 +1258,18 @@ A \ppzkSNARK instance $\ZK$ defines:
\begin{itemize}
\item a type of \zkProvingKeys, $\ZKProvingKey$;
\item a type of \zkVerifyingKeys, $\ZKVerifyingKey$;
\item a probability distribution over $\ZKProvingKey \times \ZKVerifyingKey$ of parameters, $\ZKParameterDistribution$;
\item a type of \primaryInputs $\ZKPrimary$;
\item a type of \auxiliaryInputs $\ZKAuxiliary$;
\item a type of proofs $\ZKProof$;
\item a type $\ZKSatisfying \subseteq \ZKPrimary \times \ZKAuxiliary$ of inputs satisfying
the \statement;
\item a function $\ZKProve{} \typecolon \ZKProvingKey \times \ZKSatisfying \rightarrow \ZKProof$;
\item a function $\ZKVerify{} \typecolon \ZKVerifyingKey \times \ZKPrimary \times \ZKProof \rightarrow \bit$;
\item a randomized key pair generation algorithm $\ZKGen \typecolon () \rightarrowR \ZKProvingKey \times \ZKVerifyingKey$;
\item a proving algorithm $\ZKProve{} \typecolon \ZKProvingKey \times \ZKSatisfying \rightarrow \ZKProof$;
\item a verifying algorithm $\ZKVerify{} \typecolon \ZKVerifyingKey \times \ZKPrimary \times \ZKProof \rightarrow \bit$;
\end{itemize}
The security requirements below are supposed to hold with overwhelming
probability for $(\pk, \vk)$ sampled at random from $\ZKParameterDistribution$.
probability for $(\pk, \vk) \leftarrow \ZKGen()$.
\begin{securityrequirements}
\item \textbf{Completeness:} An honestly generated proof will convince a verifier: