183 lines
8.2 KiB
HTML
183 lines
8.2 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
|
<HTML>
|
|
<HEAD>
|
|
<TITLE> [zapps-wg] Zkproofs.org standards workshop
|
|
</TITLE>
|
|
<LINK REL="Index" HREF="/pipermail/zapps-wg/2018/index.html" >
|
|
<LINK REL="made" HREF="mailto:zapps-wg%40lists.zfnd.org?Subject=Re%3A%20%5Bzapps-wg%5D%20Zkproofs.org%20standards%20workshop&In-Reply-To=%3CCAF7tpEzct4tMBT2M_p8f26hQUOXwxxzkUCzAz0_wpk-gjDggug%40mail.gmail.com%3E">
|
|
<META NAME="robots" CONTENT="index,nofollow">
|
|
<style type="text/css">
|
|
pre {
|
|
white-space: pre-wrap; /* css-2.1, curent FF, Opera, Safari */
|
|
}
|
|
</style>
|
|
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
|
|
<LINK REL="Previous" HREF="000343.html">
|
|
<LINK REL="Next" HREF="000351.html">
|
|
</HEAD>
|
|
<BODY BGCOLOR="#ffffff">
|
|
<H1>[zapps-wg] Zkproofs.org standards workshop</H1>
|
|
<B>Andrew Miller</B>
|
|
<A HREF="mailto:zapps-wg%40lists.zfnd.org?Subject=Re%3A%20%5Bzapps-wg%5D%20Zkproofs.org%20standards%20workshop&In-Reply-To=%3CCAF7tpEzct4tMBT2M_p8f26hQUOXwxxzkUCzAz0_wpk-gjDggug%40mail.gmail.com%3E"
|
|
TITLE="[zapps-wg] Zkproofs.org standards workshop">soc1024 at illinois.edu
|
|
</A><BR>
|
|
<I>Sat Mar 24 19:05:14 EDT 2018</I>
|
|
<P><UL>
|
|
<LI>Previous message (by thread): <A HREF="000343.html">[zapps-wg] Zkproofs.org standards workshop
|
|
</A></li>
|
|
<LI>Next message (by thread): <A HREF="000351.html">[zapps-wg] Zkproofs.org standards workshop
|
|
</A></li>
|
|
<LI> <B>Messages sorted by:</B>
|
|
<a href="date.html#344">[ date ]</a>
|
|
<a href="thread.html#344">[ thread ]</a>
|
|
<a href="subject.html#344">[ subject ]</a>
|
|
<a href="author.html#344">[ author ]</a>
|
|
</LI>
|
|
</UL>
|
|
<HR>
|
|
<!--beginarticle-->
|
|
<PRE>Lucas's post reminded me of something I wanted to post about:
|
|
If there's one thing I'd like to take up the torch for and advocate as a
|
|
standard, it's to use a conventional pseudocode for describing snark
|
|
application ideas. What I have in mind is Camenisch-Stadler proof
|
|
notation. It looks like this:
|
|
|
|
ZkPoK{ (witness): Predicate(statement, witness) }
|
|
|
|
The idea is that "witness" is the private witness, "statement" is
|
|
public information that the verifier provides, and you replace
|
|
"Predicate" with whatever pseudocode you want to check.
|
|
Here are some examples:
|
|
|
|
1. Pay-to-Sudoku:
|
|
ZkPoK{ (solution, nonce):
|
|
SHA2(nonce || solution) == H,
|
|
CheckSudokuSolution(puzzleBoard, solution) == 1 }
|
|
|
|
2. Show two hashes have related preimages:
|
|
|
|
ZkPoK{ (R1, R2): H1 = sha256(R1) and H2 = sha256(R2) and R1 = R2 ^ X }
|
|
|
|
<A HREF="https://github.com/ebfull/lightning_circuit/blob/master/README.md">https://github.com/ebfull/lightning_circuit/blob/master/README.md</A>
|
|
|
|
This notation is a starting point, it can be extended to say a
|
|
Signature-of-Knowledge, like in BabyZoe (a simplified form of ZSL,
|
|
where the only shielded operation is to withdraw 1.0 coin from the
|
|
shielded pool):
|
|
|
|
3. SoK[tx]{ (secretkey, Com, merkleProof):
|
|
// Com is included in the commitment tree
|
|
MerkleVerify(coinTree, merkleProof, Com),
|
|
Com is a commitment to (secretkey, Nullifier)
|
|
}
|
|
|
|
Notes on BabyZoe:
|
|
<A HREF="https://github.com/zcash-hackworks/babyzoe/blob/master/talks/2016-07-27-IC3---SNARKs-for-Ethereum.pdf">https://github.com/zcash-hackworks/babyzoe/blob/master/talks/2016-07-27-IC3---SNARKs-for-Ethereum.pdf</A>
|
|
|
|
To take a stab at translating the snark-based password authentication
|
|
idea into this pseudocode, I think it could look like this:
|
|
|
|
4. SoK[signedMessage]{ (derivedkey):
|
|
username = SHA256(addrContract, derivedkey)
|
|
}
|
|
|
|
The user would then use standard PBKDF2 from something like:
|
|
derivedKey := Argon2(addrContract, password)
|
|
|
|
so the snark circuit itself doesn't even have to have the expensive
|
|
hash. The smart contract would use the final password hash as the
|
|
username.
|
|
|
|
On Sat, Mar 24, 2018 at 4:47 PM, Andrew Miller <<A HREF="/mailman/listinfo/zapps-wg">soc1024 at illinois.edu</A>> wrote:
|
|
><i> That's awesome Lucas, thanks for this input, these are pretty cool
|
|
</I>><i> application scenarios. They're all quite relevant to a standards effort
|
|
</I>><i> because they seem to involve interfacing between zkSNARKs and other
|
|
</I>><i> standardized primitives (password hash functions, anonymous credentials,
|
|
</I>><i> extensions to ZSL).
|
|
</I>><i>
|
|
</I>><i> On Sat, Mar 24, 2018 at 4:42 PM, Lucas Vogelsang via zapps-wg
|
|
</I>><i> <<A HREF="/mailman/listinfo/zapps-wg">zapps-wg at lists.z.cash.foundation</A>> wrote:
|
|
</I>>><i>
|
|
</I>>><i> I've put some thoughts into possible use cases, here are some that we have
|
|
</I>>><i> been thinking about in the context of decentralized business applications.
|
|
</I>>><i> Some of these concepts are things we are actually working on, others just
|
|
</I>>><i> ideas
|
|
</I>>><i>
|
|
</I>>><i> - blind auctions (including double dutch auctions)
|
|
</I>>><i> - page-rank style algorithms on top of anonymous credentials or
|
|
</I>>><i> reputations
|
|
</I>>><i> - build a password-based authentication out of any password hash
|
|
</I>>><i> - give out "referral capabilities" that automatically assign a commission
|
|
</I>>><i> to whoever introduced a subscriber who signs up (this would be part of a
|
|
</I>>><i> privacy-preserving subscription service, that could be built on top of a
|
|
</I>>><i> zcash-like (ZSL protocol) cryptocurrency)
|
|
</I>>><i> - consumer credit scores: create a registry of "bad debtors". use zkproofs
|
|
</I>>><i> both to "register" a bad debt/bad action and allow individuals to provide a
|
|
</I>>><i> proof revealing your score without actual transaction details (not sure how
|
|
</I>>><i> exactly this could work)
|
|
</I>>><i>
|
|
</I>>><i> Curious to hear what other people have thought of!
|
|
</I>>><i>
|
|
</I>>><i>
|
|
</I>>><i> On Fri, Mar 23, 2018 at 11:11 AM, Andrew Miller via zapps-wg
|
|
</I>>><i> <<A HREF="/mailman/listinfo/zapps-wg">zapps-wg at lists.z.cash.foundation</A>> wrote:
|
|
</I>>>><i>
|
|
</I>>>><i> Dear Zapps, I just wanted to let you know that there will be a standards
|
|
</I>>>><i> workshop organized by several academics / industry participants in May.
|
|
</I>>>><i> <A HREF="https://zkproof.org">https://zkproof.org</A>
|
|
</I>>>><i> I want to make sure that the workshop includes input from all the groups
|
|
</I>>>><i> involved in this open source community that are developing tools and
|
|
</I>>>><i> applications and even making initial standardization efforts around
|
|
</I>>>><i> portability between different libraries.
|
|
</I>>>><i>
|
|
</I>>>><i> I'm especially interested in collecting application ideas to include as
|
|
</I>>>><i> case studies to help make the conversation more concrete. So far I don't
|
|
</I>>>><i> have many ideas. So far I have:
|
|
</I>>>><i> - anonymous credentials
|
|
</I>>>><i> - zcash
|
|
</I>>>><i> - voting
|
|
</I>>>><i> - sudoku solutions / contingent payments
|
|
</I>>>><i> - compressing blockchain verification
|
|
</I>>>><i> - a log of photo edits
|
|
</I>>>><i> - checking that a cloud compute task was done correctly (this is arguably
|
|
</I>>>><i> not specific enough).
|
|
</I>>>><i>
|
|
</I>>>><i> Suggestions of what I'm missing?
|
|
</I>>><i>
|
|
</I>>><i>
|
|
</I>><i>
|
|
</I>><i>
|
|
</I>><i>
|
|
</I>><i> --
|
|
</I>><i> Andrew Miller
|
|
</I>><i> University of Illinois at Urbana-Champaign
|
|
</I>
|
|
|
|
|
|
--
|
|
Andrew Miller
|
|
University of Illinois at Urbana-Champaign
|
|
|
|
</PRE>
|
|
|
|
<!--endarticle-->
|
|
<HR>
|
|
<P><UL>
|
|
<!--threads-->
|
|
<LI>Previous message (by thread): <A HREF="000343.html">[zapps-wg] Zkproofs.org standards workshop
|
|
</A></li>
|
|
<LI>Next message (by thread): <A HREF="000351.html">[zapps-wg] Zkproofs.org standards workshop
|
|
</A></li>
|
|
<LI> <B>Messages sorted by:</B>
|
|
<a href="date.html#344">[ date ]</a>
|
|
<a href="thread.html#344">[ thread ]</a>
|
|
<a href="subject.html#344">[ subject ]</a>
|
|
<a href="author.html#344">[ author ]</a>
|
|
</LI>
|
|
</UL>
|
|
|
|
<hr>
|
|
<a href="/mailman/listinfo/zapps-wg">More information about the zapps-wg
|
|
mailing list</a><br>
|
|
</body></html>
|