zkpdl a language based system for zero knowledge proofs
play

ZKPDL: A Language-Based System for Zero- Knowledge Proofs and - PowerPoint PPT Presentation

Feb 10, 2024 •38 likes •1.05k views

ZKPDL: A Language-Based System for Zero- Knowledge Proofs and Electronic Cash Sarah Meiklejohn (UC San Diego) C. Chris Erway (Brown University) Alptekin Kpc (Brown University) Theodora Hinkle (UW Madison) Anna Lysyanskaya (Brown

  1. Sample usage of the interpreter public values secret Prover Verifier values PROOF / Interpreter Interpreter • At compile time, check program syntax, types, etc. • At run time, need all values to be proved 9

  2. Step 2: using the interpreter to write a library 10

  3. Step 2: using the interpreter to write a library Use simple procedure to create wrapper classes for interpreter 10

  4. Step 2: using the interpreter to write a library Use simple procedure to create wrapper classes for interpreter program Interpreter 10

  5. Step 2: using the interpreter to write a library Use simple procedure to create wrapper classes for interpreter publics secrets Interpreter 10

  6. Step 2: using the interpreter to write a library Use simple procedure to create wrapper classes for interpreter publics secrets PROOF Interpreter 10

  7. Step 2: using the interpreter to write a library Use simple procedure to create wrapper classes for interpreter Proof MyZKP::prove(group_map g, variable_map v, string program) { InterpreterProver p; p.check(program); p.compute(g,v); return p.prove(); } 10

  8. Step 2: using the interpreter to write a library Use simple procedure to create wrapper classes for interpreter Proof MyZKP::prove(group_map g, variable_map v, string program) { InterpreterProver p; p.check(program); p.compute(g,v); return p.prove(); } • Specify crypto protocol of choice in the program string 10

  9. Step 2: using the interpreter to write a library Use simple procedure to create wrapper classes for interpreter Proof MyZKP::prove(group_map g, variable_map v, string program) { InterpreterProver p; p.check(program); p.compute(g,v); return p.prove(); } • Specify crypto protocol of choice in the program string • Feed numeric values in and you’re done! 10

  10. Step 2: using the interpreter to write a library Use simple procedure to create wrapper classes for interpreter Proof MyZKP::prove(group_map g, variable_map v, string program) { InterpreterProver p; p.check(program); p.compute(g,v); return p.prove(); } • Specify crypto protocol of choice in the program string • Feed numeric values in and you’re done! Solves issues of reusability and of time 10

  11. Step 2: using the interpreter to write a library Use simple procedure to create wrapper classes for interpreter Proof MyZKP::prove(group_map g, variable_map v, string program) { InterpreterProver p; p.check(program); p.compute(g,v); return p.prove(); } • Specify crypto protocol of choice in the program string • Feed numeric values in and you’re done! Solves issues of reusability and of time Took 3-4 months to build interpreter, then one month to reconstruct library 10

  12. Optimizations: caching In addition to usability, can achieve improvements in efficiency 11

  13. Optimizations: caching In addition to usability, can achieve improvements in efficiency Have optimizations built into the interpreter 11

  14. Optimizations: caching In addition to usability, can achieve improvements in efficiency Have optimizations built into the interpreter • Cache powers of bases used for modular exponentiation Often have g^x*h^r mod N , numbers are 1000 bits long! Use common single- and multi-exponentiation techniques 11

  15. Optimizations: caching In addition to usability, can achieve improvements in efficiency Have optimizations built into the interpreter • Cache powers of bases used for modular exponentiation Often have g^x*h^r mod N , numbers are 1000 bits long! Use common single- and multi-exponentiation techniques • Save copy of interpreter state after compilation 11

  16. Did caching help? On the prover side, saw about a 50% speed-up using all optimizations On the verifier side, about 30% (less computation) 12

  17. Did caching help? On the prover side, saw about a 50% speed-up using all optimizations On the verifier side, about 30% (less computation) 12

  18. Did caching help? On the prover side, saw about a 50% speed-up using all optimizations On the verifier side, about 30% (less computation) 12

  19. Case study: using ZKPDL for e-cash Crypto Systems } e-cash Zero knowledge interpreter library P2P file sharing 13

  20. Case study: using ZKPDL for e-cash Crypto Systems } e-cash Zero knowledge interpreter library P2P file sharing 13

  21. Case study: using ZKPDL for e-cash Crypto Systems } e-cash Zero knowledge interpreter library P2P file sharing 13

  22. Case study: using ZKPDL for e-cash Crypto Systems } e-cash Zero knowledge interpreter library P2P file sharing 13

  23. Case study: using ZKPDL for e-cash Crypto Systems } e-cash Zero knowledge interpreter library P2P file sharing E-cash was originally developed [Ch82] as replacement for currency Now, view e-cash in context of token systems • Our usage in P2P file-sharing schemes [BCE+07] • Provides anonymous transportation ticketing (future work) 13

  24. How e-cash works [Ch82, CHL05, CLM07] 14

  25. How e-cash works [Ch82, CHL05, CLM07] Withdraw: Alice gets coins from bank 14

  26. How e-cash works [Ch82, CHL05, CLM07] Withdraw: Alice gets coins from bank 14

  27. How e-cash works [Ch82, CHL05, CLM07] Withdraw: Alice gets coins from bank Buy: Alice gives Bob coin in exchange for her purchase 14

  28. How e-cash works [Ch82, CHL05, CLM07] Withdraw: Alice gets coins from bank Buy: Alice gives Bob coin in exchange for her purchase 14

  29. How e-cash works [Ch82, CHL05, CLM07] Withdraw: Alice gets coins from bank Buy: Alice gives Bob coin in exchange for her purchase 14

  30. How e-cash works [Ch82, CHL05, CLM07] Withdraw: Alice gets coins from bank Buy: Alice gives Bob coin in exchange for her purchase Unlinkability: if Alice spends twice, Bob won’t even know it’s the same person 14

  31. How e-cash works [Ch82, CHL05, CLM07] Withdraw: Alice gets coins from bank Buy: Alice gives Bob coin in exchange for her purchase Unlinkability: if Alice spends twice, Bob won’t even know it’s the same person Deposit: Bob deposits these coins with the bank 14

  32. How e-cash works [Ch82, CHL05, CLM07] Withdraw: Alice gets coins from bank Buy: Alice gives Bob coin in exchange for her purchase Unlinkability: if Alice spends twice, Bob won’t even know it’s the same person Deposit: Bob deposits these coins with the bank 14

  33. How e-cash works [Ch82, CHL05, CLM07] Withdraw: Alice gets coins from bank Buy: Alice gives Bob coin in exchange for her purchase Unlinkability: if Alice spends twice, Bob won’t even know it’s the same person Deposit: Bob deposits these coins with the bank Untraceability: Bank cannot trace the deposited coins back to Alice 14

  34. CashLib: integrating e-cash into a P2P system 15

  35. CashLib: integrating e-cash into a P2P system 15

  36. CashLib: integrating e-cash into a P2P system Operations: Actors: How e-cash can improve P2P interactions: 15

  37. CashLib: integrating e-cash into a P2P system Operations: Actors: • Buy How e-cash can improve P2P interactions: 15

  38. CashLib: integrating e-cash into a P2P system Operations: Actors: • Buy • Buyer • Seller How e-cash can improve P2P interactions: 15

  39. CashLib: integrating e-cash into a P2P system Operations: Actors: • Buy • Buyer • Seller How e-cash can improve P2P interactions: 15

  40. CashLib: integrating e-cash into a P2P system Operations: Actors: • Buy • Buyer • Seller How e-cash can improve P2P interactions: 15

  41. CashLib: integrating e-cash into a P2P system Operations: Actors: • Buy • Buyer • Seller How e-cash can improve P2P interactions: 15

  42. CashLib: integrating e-cash into a P2P system Operations: Actors: • Buy • Buyer • Seller How e-cash can improve P2P interactions: 15

  43. CashLib: integrating e-cash into a P2P system Operations: Actors: • Buy • Buyer • Seller How e-cash can improve P2P interactions: • Guarantees fair exchange [BCE+07,KL10] between peers 15

  44. CashLib: integrating e-cash into a P2P system Operations: Actors: • Buy • Buyer • Barter • Seller How e-cash can improve P2P interactions: • Guarantees fair exchange [BCE+07,KL10] between peers 15

  45. CashLib: integrating e-cash into a P2P system Operations: Actors: • Buy • Buyer • Barter • Seller • Withdraw How e-cash can improve P2P interactions: • Guarantees fair exchange [BCE+07,KL10] between peers 15

  46. CashLib: integrating e-cash into a P2P system Operations: Actors: • Buy • Buyer • Barter • Seller • Withdraw • Bank • Peer How e-cash can improve P2P interactions: • Guarantees fair exchange [BCE+07,KL10] between peers 15

  47. CashLib: integrating e-cash into a P2P system Operations: Actors: • Buy • Buyer • Barter • Seller • Withdraw • Bank • Deposit • Peer How e-cash can improve P2P interactions: • Guarantees fair exchange [BCE+07,KL10] between peers 15

  48. CashLib: integrating e-cash into a P2P system Operations: Actors: • Buy • Buyer • Barter • Seller • Withdraw • Bank • Deposit • Peer How e-cash can improve P2P interactions: • Guarantees fair exchange [BCE+07,KL10] between peers • Allows bank to monitor upload/download ratio without sacrificing privacy 15

  49. Related work 16

  50. Related work So what aren’t we doing? 16

  51. Related work So what aren’t we doing? • Aren’t guaranteeing anything about the quality of the proofs You give us a bad (e.g., not sound) proof, get a bad proof back Checking soundness is well studied by others [CACE] 16

  52. Related work So what aren’t we doing? • Aren’t guaranteeing anything about the quality of the proofs You give us a bad (e.g., not sound) proof, get a bad proof back Checking soundness is well studied by others [CACE] • As application of zero knowledge, provide library only for e-cash Idemix project [CH02, BBC+09] provides anonymous credentials 16

  53. In summary... • Wrote interpreter to make cryptographer’s job easier • Demonstrated efficiency and usability • Wrote library to make programmer’s job easier • All source code and documentation available freely online: • http://github.com/brownie/cashlib 17

  54. In summary... • Wrote interpreter to make cryptographer’s job easier • Demonstrated efficiency and usability • Wrote library to make programmer’s job easier • All source code and documentation available freely online: • http://github.com/brownie/cashlib Any questions? 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

References Zero Knowledge Proofs on Wikipedia, Zero Knowledge

References Zero Knowledge Proofs on Wikipedia, Zero Knowledge

References Zero Knowledge Proofs on Wikipedia, Zero Knowledge https://en.wikipedia.org/wiki/Zero-knowledge_proof Protocols Zero Knowledge Proofs: An Illustrated Primer by M. Green. Part I: https://blog.cryptographyengineering.com/2014/11/27/ Jim

389 views • 18 slides
Implementing Knowledge-based Systems To build an interpreter for a language, we need to

Implementing Knowledge-based Systems To build an interpreter for a language, we need to

Implementing Knowledge-based Systems To build an interpreter for a language, we need to distinguish Base language the language of the RRS being implemented. Metalanguage the language used to implement the system. They could even be the same

342 views • 11 slides
Zero-Knowledge Proofs Joost van Amersfoort University of Amsterdam Teacher: Christian Schaffner

Zero-Knowledge Proofs Joost van Amersfoort University of Amsterdam Teacher: Christian Schaffner

Zero-Knowledge Proofs Joost van Amersfoort University of Amsterdam Teacher: Christian Schaffner TA: Malvin Gattinger October 22, 2014 1 / 27 Introduction Zero-knowledge proofs are proofs that yield nothing beyond the validity of the

415 views • 27 slides
Knowledge-Based Agents knowledge knowledge representation, knowledge base, types of knowledge

Knowledge-Based Agents knowledge knowledge representation, knowledge base, types of knowledge

CPE/CSC 580-S06 Artificial Intelligence Intelligent Agents Knowledge-Based Agents knowledge knowledge representation, knowledge base, types of knowledge wumpus world example of knowledge-based agents knowledge representation language

325 views • 31 slides
Zero-Knowledge Proofs 1 Zero-Knowledge Proofs Lecture 15 1 Interactive Proofs 2 Interactive

Zero-Knowledge Proofs 1 Zero-Knowledge Proofs Lecture 15 1 Interactive Proofs 2 Interactive

Zero-Knowledge Proofs 1 Zero-Knowledge Proofs Lecture 15 1 Interactive Proofs 2 Interactive Proofs 2 Interactive Proofs Prover wants to convince verifier that x has some property 2 Interactive Proofs Prover wants to convince verifier

1.9k views • 174 slides
Automatic Linguistic Knowledge Acquisition for Web-based Translation and Language Learning

Automatic Linguistic Knowledge Acquisition for Web-based Translation and Language Learning

Prof. Dr. Werner Winiwarter Automatic Linguistic Knowledge Acquisition for Web-based Translation and Language Learning Outline Introduction System Architecture Alignment Rule Acquisition Translation User Interface

682 views • 40 slides
CertiCrypt Language-Based Cryptographic Proofs in Coq Gilles Barthe 1 , 2 Benjamin Grgoire 1 , 3

CertiCrypt Language-Based Cryptographic Proofs in Coq Gilles Barthe 1 , 2 Benjamin Grgoire 1 , 3

CertiCrypt Language-Based Cryptographic Proofs in Coq Gilles Barthe 1 , 2 Benjamin Grgoire 1 , 3 Santiago Zanella 1 , 3 1 Microsoft Research - INRIA Joint Centre, France 2 IMDEA Software, Madrid, Spain 3 INRIA Sophia Antipolis - Mditerrane,

580 views • 35 slides
Short, Invertible Elements in Partially Splitting Cyclotomic Rings and Applications to

Short, Invertible Elements in Partially Splitting Cyclotomic Rings and Applications to

Short, Invertible Elements in Partially Splitting Cyclotomic Rings and Applications to Lattice-Based Zero-Knowledge Proofs Vadim Lyubashevsky Gregor Seiler IBM Research Zurich April 30, 2018 Motivation: Lattice-Based Zero-Knowledge Proofs

790 views • 42 slides
Zero-Knowledge Proofs I Lelantus Oct. 16, 2019 Overview Zero-Knowledge Proving a

Zero-Knowledge Proofs I Lelantus Oct. 16, 2019 Overview Zero-Knowledge Proving a

Zero-Knowledge Proofs I Lelantus Oct. 16, 2019 Overview Zero-Knowledge Proving a property about an element without revealing Lelantus ZCoins Zero-Knowledge protocol Prove that transactions are valid, without revealing

1.37k views • 72 slides
Efficient Delegation of Zero-Knowledge Proofs of Knowledge in a Pairing-Friendly Setting ebastien

Efficient Delegation of Zero-Knowledge Proofs of Knowledge in a Pairing-Friendly Setting ebastien

Efficient Delegation of Zero-Knowledge Proofs of Knowledge in a Pairing-Friendly Setting ebastien Canard (1) , David Pointcheval (2) and Olivier Sanders (1 , 2) S (1) Orange Labs, Caen, France (2) Ecole Normale Sup erieure, Paris,

556 views • 31 slides
Foundation of Cryptography (0368-4162-01), Lecture 5 Interactive Proofs and Zero Knowledge

Foundation of Cryptography (0368-4162-01), Lecture 5 Interactive Proofs and Zero Knowledge

Foundation of Cryptography (0368-4162-01), Lecture 5 Interactive Proofs and Zero Knowledge Iftach Haitner, Tel Aviv University December 4, 2011 IP for GNI Part I Interactive Proofs IP for GNI Interactive Vs. Interactive Proofs Definition 1 (

1.51k views • 110 slides
Fast Zero-Knowledge Proofs and Post-Quantum Signatures Claudio Orlandi Aarhus University

Fast Zero-Knowledge Proofs and Post-Quantum Signatures Claudio Orlandi Aarhus University

Fast Zero-Knowledge Proofs and Post-Quantum Signatures Claudio Orlandi Aarhus University @claudiorlandi Based on joint work with: Meliisa Chase (Microsoft) David Derler (TU Graz) Tore Frederiksen (BIU) Irene Giacomelli

1.21k views • 77 slides
Efficient Designated-Verifier Non- Interactive Zero-Knowledge Proofs of Knowledge Pyrros Chaidos,

Efficient Designated-Verifier Non- Interactive Zero-Knowledge Proofs of Knowledge Pyrros Chaidos,

Efficient Designated-Verifier Non- Interactive Zero-Knowledge Proofs of Knowledge Pyrros Chaidos, Geoffroy Couteau 1 /11 Zero-Knowledge Proof prover verifier Complete: if P knows a solution, V accepts Sound: if there is no solution, P

1.25k views • 27 slides
Arya: Nearly Linear-Time Zero-Knowledge Proofs for Correct Program Execution Jonathan Bootle,

Arya: Nearly Linear-Time Zero-Knowledge Proofs for Correct Program Execution Jonathan Bootle,

Arya: Nearly Linear-Time Zero-Knowledge Proofs for Correct Program Execution Jonathan Bootle, Andrea Cerulli, Jens Groth, Sune Jakobsen, Mary Maller Zero-Knowledge Proofs for Statement Correct Program Execution Witness Prover Verifier

332 views • 32 slides
Knowledge-Based Agents (Logical Agents) A knowledge-based agent needs (at least): A

Knowledge-Based Agents (Logical Agents) A knowledge-based agent needs (at least): A

A Knowledge-Based Agent Knowledge-Based Agents (Logical Agents) A knowledge-based agent needs (at least): A knowledge base An inference system A knowledge base (KB) is a set of representations of facts about the world. Each

54 views • 4 slides
CLIPS (C Language Integrated Production System) Rule-based programming language Based on OPS-5

CLIPS (C Language Integrated Production System) Rule-based programming language Based on OPS-5

CLIPS (C Language Integrated Production System) Rule-based programming language Based on OPS-5 Not biased towards any particular data representation Uses a general representation -- no preset interpretations for any symbols Interpreter uses

683 views • 27 slides
Lattice Cryptography for the Internet Chris Peikert Georgia Institute of Technology Post-Quantum

Lattice Cryptography for the Internet Chris Peikert Georgia Institute of Technology Post-Quantum

Lattice Cryptography for the Internet Chris Peikert Georgia Institute of Technology Post-Quantum Cryptography 2 October 2014 1 / 12 Lattice-Based Cryptography p d o m x g = y N = = p m e mod N q e ( g a , g b ) (Images

873 views • 70 slides
Cry rypto: What Does His istory ry Tell ll Us? Discussion by Randall Morck University of

Cry rypto: What Does His istory ry Tell ll Us? Discussion by Randall Morck University of

Commodity Money to Fia iat Money and Now to Cry rypto: What Does His istory ry Tell ll Us? Discussion by Randall Morck University of Alberta ABFER, NBER, ECGI The University of Alberta --- For the uplifting of the whole people Commodity,

316 views • 19 slides
Single Secret Leader Election Dan Boneh Saba Eskandarian Lucjan Hanzlik Nicola Greco What is

Single Secret Leader Election Dan Boneh Saba Eskandarian Lucjan Hanzlik Nicola Greco What is

Single Secret Leader Election Dan Boneh Saba Eskandarian Lucjan Hanzlik Nicola Greco What is Single Secret Leader Election? A group of participants want to randomly choose exactly one leader, such that: 1. Identity of the leader is known only

1.48k views • 106 slides
Outline Motivation 8271 discussion of: Zerocoin: Anonymous Crypto background Distributed

Outline Motivation 8271 discussion of: Zerocoin: Anonymous Crypto background Distributed

Outline Motivation 8271 discussion of: Zerocoin: Anonymous Crypto background Distributed E-Cash from Bitcoin Zerocoin crypto Stephen McCamant (Original paper: Ian Miers, Christina Garman, Matthew Green, and Aviel D. Rubin)

311 views • 6 slides
Cryptography during the two world wars, and wrap-up of classical ciphers. Math 4440/5440. First

Cryptography during the two world wars, and wrap-up of classical ciphers. Math 4440/5440. First

Cryptography during the two world wars, and wrap-up of classical ciphers. Math 4440/5440. First World War German Cipher: ADFGVX Cipher A D F G V X 3 4 2 1 A c o 8 x f 4 D G X G D m k 3 a z 9 X G D G F n w 1 0

740 views • 55 slides
Linux Kernel Crypto API Herbert Xu Red Hat Inc. Current State Async + sync cipher interface.

Linux Kernel Crypto API Herbert Xu Red Hat Inc. Current State Async + sync cipher interface.

Linux Kernel Crypto API Herbert Xu Red Hat Inc. Current State Async + sync cipher interface. Async + sync hash interface. AEAD interface. Compress-as-you-go interface. RNG interface. Current State A handful of async PCI

970 views • 7 slides
LLVM x Blockchain A New Ecosystem of Decentralized Applications Robin Zhong About Me Co-founder

LLVM x Blockchain A New Ecosystem of Decentralized Applications Robin Zhong About Me Co-founder

LLVM x Blockchain A New Ecosystem of Decentralized Applications Robin Zhong About Me Co-founder and CTO of Nebulas Former architect of Alibaba Blockchain Department Former Senior Engineering Director of Dolphin Browser Robin Zhong

711 views • 24 slides
cryptocoding JP Aumasson @veorq / http://aumasson.jp academic background principal

cryptocoding JP Aumasson @veorq / http://aumasson.jp academic background principal

cryptocoding JP Aumasson @veorq / http://aumasson.jp academic background principal cryptographer at Kudelski Security, .ch applied crypto research and outreach BLAKE, BLAKE2, SipHash, NORX Crypto Coding Standard Password Hashing Competition

883 views • 73 slides

More recommend