1 / 16

Zero-Knowledge Argument for Polynomial Evaluation with Applications to Blacklists

Zero-Knowledge Argument for Polynomial Evaluation with Applications to Blacklists. Stephanie Bayer Jens Groth University College London. TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: A A A A A A A A A A A A A. P olynomial.

yakov
Download Presentation

Zero-Knowledge Argument for Polynomial Evaluation with Applications to Blacklists

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Zero-Knowledge Argument for Polynomial Evaluation with Applications to Blacklists Stephanie Bayer Jens Groth University College London TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AAAAAAAAAAAAA

  2. Polynomial

  3. Zero-knowledge argument for correct polynomial evaluation Statement: such that SoundnessStatement is true Zero-knowledgeNothing else revealed remains secret Witness  Prover Verifier

  4. Membership and non-membership proofs • List and • Define • If then • Prove where committed trivially • If then • Prove where and prove

  5. Zero-knowledge argument for correct polynomial evaluation Statement: such that Special honest-verifier zero-knowledgeGiven any challenge possible to simulate the argument Argument of knowledgeCan extract such that Witness 3-move argument Public coinVerifier picks challenge Easy to convert to full zero-knowledge Prover Verifier

  6. Commitment properties • Additively homomorphic • SHVZK argument for multiplicative relationship • Examples • Pedersen commitments • ElGamal-style commitments

  7. Simple SHVZK argument for correct polynomial evaluation Horner’s rule gives us Commit to the intermediate values and prove correct )

  8. Efficiency – using Pedersen commitments

  9. Rewriting the polynomial Prover wants to demonstrate Without loss of generality Write in binary to get

  10. Commit to powers of … … commitments and arguments

  11. Zero-knowledge argument of knowledge of power of KnowledgeAnswers to 2 challenges would reveal Zero-knowledge is uniformly random regardless of Statement: Witness Accept if opens to

  12. Masked powers of

  13. Completeness If prover ok SoundnessIf prover fails A helpful polynomial … commitments

  14. SHVZK argument for point on polynomial Statement: such that … Accept if is inside Soundness …

  15. SHVZK argument for polynomial evaluation Statement: such that • 3-move public coin argument • Simple setup with commitment key • Perfect completeness • Comp. soundness based on discrete log. problem • Perfect special honest verifier zero-knowledge

  16. Efficiency – using Pedersen commitments 256-bit subgroup modulo 1536-bit prime on MacBook, 2.54 GHz

More Related