Video Converter
Audio Converter
Image Converter
PDF Converter
File Compressor
zkpdl a language based system for zero knowledge proofs

ZKPDL: A Language-Based System for Zero- Knowledge Proofs and - PowerPoint PPT Presentation

Feb 10, 2024 •38 likes •1.05k views

ZKPDL: A Language-Based System for Zero- Knowledge Proofs and Electronic Cash Sarah Meiklejohn (UC San Diego) C. Chris Erway (Brown University) Alptekin Kpc (Brown University) Theodora Hinkle (UW Madison) Anna Lysyanskaya (Brown

  1. Sample usage of the interpreter public values secret Prover Verifier values PROOF / Interpreter Interpreter • At compile time, check program syntax, types, etc. • At run time, need all values to be proved 9

  2. Step 2: using the interpreter to write a library 10

  3. Step 2: using the interpreter to write a library Use simple procedure to create wrapper classes for interpreter 10

  4. Step 2: using the interpreter to write a library Use simple procedure to create wrapper classes for interpreter program Interpreter 10

  5. Step 2: using the interpreter to write a library Use simple procedure to create wrapper classes for interpreter publics secrets Interpreter 10

  6. Step 2: using the interpreter to write a library Use simple procedure to create wrapper classes for interpreter publics secrets PROOF Interpreter 10

  7. Step 2: using the interpreter to write a library Use simple procedure to create wrapper classes for interpreter Proof MyZKP::prove(group_map g, variable_map v, string program) { InterpreterProver p; p.check(program); p.compute(g,v); return p.prove(); } 10

  8. Step 2: using the interpreter to write a library Use simple procedure to create wrapper classes for interpreter Proof MyZKP::prove(group_map g, variable_map v, string program) { InterpreterProver p; p.check(program); p.compute(g,v); return p.prove(); } • Specify crypto protocol of choice in the program string 10

  9. Step 2: using the interpreter to write a library Use simple procedure to create wrapper classes for interpreter Proof MyZKP::prove(group_map g, variable_map v, string program) { InterpreterProver p; p.check(program); p.compute(g,v); return p.prove(); } • Specify crypto protocol of choice in the program string • Feed numeric values in and you’re done! 10

  10. Step 2: using the interpreter to write a library Use simple procedure to create wrapper classes for interpreter Proof MyZKP::prove(group_map g, variable_map v, string program) { InterpreterProver p; p.check(program); p.compute(g,v); return p.prove(); } • Specify crypto protocol of choice in the program string • Feed numeric values in and you’re done! Solves issues of reusability and of time 10

  11. Step 2: using the interpreter to write a library Use simple procedure to create wrapper classes for interpreter Proof MyZKP::prove(group_map g, variable_map v, string program) { InterpreterProver p; p.check(program); p.compute(g,v); return p.prove(); } • Specify crypto protocol of choice in the program string • Feed numeric values in and you’re done! Solves issues of reusability and of time Took 3-4 months to build interpreter, then one month to reconstruct library 10

  12. Optimizations: caching In addition to usability, can achieve improvements in efficiency 11

  13. Optimizations: caching In addition to usability, can achieve improvements in efficiency Have optimizations built into the interpreter 11

  14. Optimizations: caching In addition to usability, can achieve improvements in efficiency Have optimizations built into the interpreter • Cache powers of bases used for modular exponentiation Often have g^x*h^r mod N , numbers are 1000 bits long! Use common single- and multi-exponentiation techniques 11

  15. Optimizations: caching In addition to usability, can achieve improvements in efficiency Have optimizations built into the interpreter • Cache powers of bases used for modular exponentiation Often have g^x*h^r mod N , numbers are 1000 bits long! Use common single- and multi-exponentiation techniques • Save copy of interpreter state after compilation 11

  16. Did caching help? On the prover side, saw about a 50% speed-up using all optimizations On the verifier side, about 30% (less computation) 12

  17. Did caching help? On the prover side, saw about a 50% speed-up using all optimizations On the verifier side, about 30% (less computation) 12

  18. Did caching help? On the prover side, saw about a 50% speed-up using all optimizations On the verifier side, about 30% (less computation) 12

  19. Case study: using ZKPDL for e-cash Crypto Systems } e-cash Zero knowledge interpreter library P2P file sharing 13

  20. Case study: using ZKPDL for e-cash Crypto Systems } e-cash Zero knowledge interpreter library P2P file sharing 13

  21. Case study: using ZKPDL for e-cash Crypto Systems } e-cash Zero knowledge interpreter library P2P file sharing 13

  22. Case study: using ZKPDL for e-cash Crypto Systems } e-cash Zero knowledge interpreter library P2P file sharing 13

  23. Case study: using ZKPDL for e-cash Crypto Systems } e-cash Zero knowledge interpreter library P2P file sharing E-cash was originally developed [Ch82] as replacement for currency Now, view e-cash in context of token systems • Our usage in P2P file-sharing schemes [BCE+07] • Provides anonymous transportation ticketing (future work) 13

  24. How e-cash works [Ch82, CHL05, CLM07] 14

  25. How e-cash works [Ch82, CHL05, CLM07] Withdraw: Alice gets coins from bank 14

  26. How e-cash works [Ch82, CHL05, CLM07] Withdraw: Alice gets coins from bank 14

  27. How e-cash works [Ch82, CHL05, CLM07] Withdraw: Alice gets coins from bank Buy: Alice gives Bob coin in exchange for her purchase 14

  28. How e-cash works [Ch82, CHL05, CLM07] Withdraw: Alice gets coins from bank Buy: Alice gives Bob coin in exchange for her purchase 14

  29. How e-cash works [Ch82, CHL05, CLM07] Withdraw: Alice gets coins from bank Buy: Alice gives Bob coin in exchange for her purchase 14

  30. How e-cash works [Ch82, CHL05, CLM07] Withdraw: Alice gets coins from bank Buy: Alice gives Bob coin in exchange for her purchase Unlinkability: if Alice spends twice, Bob won’t even know it’s the same person 14

  31. How e-cash works [Ch82, CHL05, CLM07] Withdraw: Alice gets coins from bank Buy: Alice gives Bob coin in exchange for her purchase Unlinkability: if Alice spends twice, Bob won’t even know it’s the same person Deposit: Bob deposits these coins with the bank 14

  32. How e-cash works [Ch82, CHL05, CLM07] Withdraw: Alice gets coins from bank Buy: Alice gives Bob coin in exchange for her purchase Unlinkability: if Alice spends twice, Bob won’t even know it’s the same person Deposit: Bob deposits these coins with the bank 14

  33. How e-cash works [Ch82, CHL05, CLM07] Withdraw: Alice gets coins from bank Buy: Alice gives Bob coin in exchange for her purchase Unlinkability: if Alice spends twice, Bob won’t even know it’s the same person Deposit: Bob deposits these coins with the bank Untraceability: Bank cannot trace the deposited coins back to Alice 14

  34. CashLib: integrating e-cash into a P2P system 15

  35. CashLib: integrating e-cash into a P2P system 15

  36. CashLib: integrating e-cash into a P2P system Operations: Actors: How e-cash can improve P2P interactions: 15

  37. CashLib: integrating e-cash into a P2P system Operations: Actors: • Buy How e-cash can improve P2P interactions: 15

  38. CashLib: integrating e-cash into a P2P system Operations: Actors: • Buy • Buyer • Seller How e-cash can improve P2P interactions: 15

  39. CashLib: integrating e-cash into a P2P system Operations: Actors: • Buy • Buyer • Seller How e-cash can improve P2P interactions: 15

  40. CashLib: integrating e-cash into a P2P system Operations: Actors: • Buy • Buyer • Seller How e-cash can improve P2P interactions: 15

  41. CashLib: integrating e-cash into a P2P system Operations: Actors: • Buy • Buyer • Seller How e-cash can improve P2P interactions: 15

  42. CashLib: integrating e-cash into a P2P system Operations: Actors: • Buy • Buyer • Seller How e-cash can improve P2P interactions: 15

  43. CashLib: integrating e-cash into a P2P system Operations: Actors: • Buy • Buyer • Seller How e-cash can improve P2P interactions: • Guarantees fair exchange [BCE+07,KL10] between peers 15

  44. CashLib: integrating e-cash into a P2P system Operations: Actors: • Buy • Buyer • Barter • Seller How e-cash can improve P2P interactions: • Guarantees fair exchange [BCE+07,KL10] between peers 15

  45. CashLib: integrating e-cash into a P2P system Operations: Actors: • Buy • Buyer • Barter • Seller • Withdraw How e-cash can improve P2P interactions: • Guarantees fair exchange [BCE+07,KL10] between peers 15

  46. CashLib: integrating e-cash into a P2P system Operations: Actors: • Buy • Buyer • Barter • Seller • Withdraw • Bank • Peer How e-cash can improve P2P interactions: • Guarantees fair exchange [BCE+07,KL10] between peers 15

  47. CashLib: integrating e-cash into a P2P system Operations: Actors: • Buy • Buyer • Barter • Seller • Withdraw • Bank • Deposit • Peer How e-cash can improve P2P interactions: • Guarantees fair exchange [BCE+07,KL10] between peers 15

  48. CashLib: integrating e-cash into a P2P system Operations: Actors: • Buy • Buyer • Barter • Seller • Withdraw • Bank • Deposit • Peer How e-cash can improve P2P interactions: • Guarantees fair exchange [BCE+07,KL10] between peers • Allows bank to monitor upload/download ratio without sacrificing privacy 15

  49. Related work 16

  50. Related work So what aren’t we doing? 16

  51. Related work So what aren’t we doing? • Aren’t guaranteeing anything about the quality of the proofs You give us a bad (e.g., not sound) proof, get a bad proof back Checking soundness is well studied by others [CACE] 16

  52. Related work So what aren’t we doing? • Aren’t guaranteeing anything about the quality of the proofs You give us a bad (e.g., not sound) proof, get a bad proof back Checking soundness is well studied by others [CACE] • As application of zero knowledge, provide library only for e-cash Idemix project [CH02, BBC+09] provides anonymous credentials 16

  53. In summary... • Wrote interpreter to make cryptographer’s job easier • Demonstrated efficiency and usability • Wrote library to make programmer’s job easier • All source code and documentation available freely online: • http://github.com/brownie/cashlib 17

  54. In summary... • Wrote interpreter to make cryptographer’s job easier • Demonstrated efficiency and usability • Wrote library to make programmer’s job easier • All source code and documentation available freely online: • http://github.com/brownie/cashlib Any questions? 17

Recommend

Zero-Knowledge Proofs 1 Zero-Knowledge Proofs Lecture 15 1 Interactive Proofs 2 Interactive

Zero-Knowledge Proofs 1 Zero-Knowledge Proofs Lecture 15 1 Interactive Proofs 2 Interactive

Zero-Knowledge Proofs 1 Zero-Knowledge Proofs Lecture 15 1 Interactive Proofs 2 Interactive Proofs 2 Interactive Proofs Prover wants to convince verifier that x has some property 2 Interactive Proofs Prover wants to convince verifier

1.9k views • 174 slides
Zero-Knowledge Proofs Lecture 15 Interactive Proofs Interactive Proofs Interactive Proofs

Zero-Knowledge Proofs Lecture 15 Interactive Proofs Interactive Proofs Interactive Proofs

Zero-Knowledge Proofs Lecture 15 Interactive Proofs Interactive Proofs Interactive Proofs Prover wants to convince verifier that x has some property Interactive Proofs Prover wants to convince verifier that x has some property i.e. x is in

3.29k views • 145 slides
References Zero Knowledge Proofs on Wikipedia, Zero Knowledge

References Zero Knowledge Proofs on Wikipedia, Zero Knowledge

References Zero Knowledge Proofs on Wikipedia, Zero Knowledge https://en.wikipedia.org/wiki/Zero-knowledge_proof Protocols Zero Knowledge Proofs: An Illustrated Primer by M. Green. Part I: https://blog.cryptographyengineering.com/2014/11/27/ Jim

392 views • 18 slides
Welcome to PROOFS! PROOFS: Security Proofs for Embedded Systems Introduction to the fifth

Welcome to PROOFS! PROOFS: Security Proofs for Embedded Systems Introduction to the fifth

Welcome to PROOFS! PROOFS: Security Proofs for Embedded Systems Introduction to the fifth workshop Introduction to the workshop PROOFS: Security Proofs for Embedded Systems UCSB August 20, 2016 5th edition of PROOFS PROOFS 2012:

311 views • 7 slides
Zero-knowledge Arguments Proving circuit satisfaibility in zero-knowledge Zero-knowledge In

Zero-knowledge Arguments Proving circuit satisfaibility in zero-knowledge Zero-knowledge In

Short Pairing-based Non-interactive Zero-knowledge Arguments Proving circuit satisfaibility in zero-knowledge Zero-knowledge In a zero knowledge protocol a prover can convince a verifier that some statement is true without leaking any side

630 views • 14 slides
Zero-Knowledge Proofs I Lelantus Oct. 16, 2019 Overview Zero-Knowledge Proving a

Zero-Knowledge Proofs I Lelantus Oct. 16, 2019 Overview Zero-Knowledge Proving a

Zero-Knowledge Proofs I Lelantus Oct. 16, 2019 Overview Zero-Knowledge Proving a property about an element without revealing Lelantus ZCoins Zero-Knowledge protocol Prove that transactions are valid, without revealing

1.38k views • 72 slides
Interactive Proofs Lecture 18 AM 1 Interactive Proofs 2 Interactive Proofs IP[k] 2

Interactive Proofs Lecture 18 AM 1 Interactive Proofs 2 Interactive Proofs IP[k] 2

Interactive Proofs Lecture 18 AM 1 Interactive Proofs 2 Interactive Proofs IP[k] 2 Interactive Proofs IP[k] IP[poly] = PSPACE 2 Interactive Proofs IP[k] IP[poly] = PSPACE IP protocol for TQBF using arithmetization 2 Interactive

1.76k views • 136 slides
Outline 1 Zero-Knowledge MTAT.07.005 Cryptographic Protocols First Lecture: Main Notions Second

Outline 1 Zero-Knowledge MTAT.07.005 Cryptographic Protocols First Lecture: Main Notions Second

Zero-Knowledge Zero-Knowledge Two-Party Protocols Two-Party Protocols Outline 1 Zero-Knowledge MTAT.07.005 Cryptographic Protocols First Lecture: Main Notions Second Lecture: Proofs of Knowledge Introduction to Zero-Knowledge Third Lecture:

473 views • 31 slides
Zero-Knowledge Proofs Joost van Amersfoort University of Amsterdam Teacher: Christian Schaffner

Zero-Knowledge Proofs Joost van Amersfoort University of Amsterdam Teacher: Christian Schaffner

Zero-Knowledge Proofs Joost van Amersfoort University of Amsterdam Teacher: Christian Schaffner TA: Malvin Gattinger October 22, 2014 1 / 27 Introduction Zero-knowledge proofs are proofs that yield nothing beyond the validity of the

417 views • 27 slides
On the Existence of Three Round Zero-Knowledge Proofs Nils Fleischhacker, Vipul Goyal, Abhishek

On the Existence of Three Round Zero-Knowledge Proofs Nils Fleischhacker, Vipul Goyal, Abhishek

On the Existence of Three Round Zero-Knowledge Proofs Nils Fleischhacker, Vipul Goyal, Abhishek Jain Tel Aviv, May 2, 2018 Round-Complexity of ZK-Proofs for NP 2 Round-Complexity of ZK-Proofs for NP 2 Round-Complexity of ZK-Proofs for NP

841 views • 56 slides
Interactive proof and zero knowledge protocols Zero-knowledge: definition Probabilistic

Interactive proof and zero knowledge protocols Zero-knowledge: definition Probabilistic

Interactive proof and zero knowledge protocols Zero-knowledge: definition Probabilistic complexity classes and Interactive proofs Graph isomorphism and PCP Some zero knowledge protocols: Feige-Fiat-Shamir authentication protocol

175 views • 16 slides
One-Shot Verifiable Encryption from Lattices Vadim Lyubashevsky and Gregory Neven IBM Research

One-Shot Verifiable Encryption from Lattices Vadim Lyubashevsky and Gregory Neven IBM Research

One-Shot Verifiable Encryption from Lattices Vadim Lyubashevsky and Gregory Neven IBM Research -- Zurich Zero-Knowledge Proofs Zero-Knowledge Proofs Relation f(s)=t, and want to prove knowledge of s Zero-Knowledge Proofs Relation f(s)=t, and

1.05k views • 72 slides
Efficient Designated-Verifier Non- Interactive Zero-Knowledge Proofs of Knowledge Pyrros Chaidos,

Efficient Designated-Verifier Non- Interactive Zero-Knowledge Proofs of Knowledge Pyrros Chaidos,

Efficient Designated-Verifier Non- Interactive Zero-Knowledge Proofs of Knowledge Pyrros Chaidos, Geoffroy Couteau 1 /11 Zero-Knowledge Proof prover verifier Complete: if P knows a solution, V accepts Sound: if there is no solution, P

1.25k views • 27 slides
Lecture 18: Zero-Knowledge Proofs Instructor: Omkant Pandey Spring 2017 (CSE 594) Instructor:

Lecture 18: Zero-Knowledge Proofs Instructor: Omkant Pandey Spring 2017 (CSE 594) Instructor:

Lecture 18: Zero-Knowledge Proofs Instructor: Omkant Pandey Spring 2017 (CSE 594) Instructor: Omkant Pandey Lecture 18: Zero-Knowledge Proofs Spring 2017 (CSE 594) 1 / 23 What is a Proof? An argument (or sufficient evidence) that can

388 views • 23 slides
Zero-Knowledge Proofs II zk-SNARKs Oct. 21, 2019 Overview Recap Lelantus One e ffi cient

Zero-Knowledge Proofs II zk-SNARKs Oct. 21, 2019 Overview Recap Lelantus One e ffi cient

Zero-Knowledge Proofs II zk-SNARKs Oct. 21, 2019 Overview Recap Lelantus One e ffi cient way to do 1-in-N proofs zk-SNARKs A general way to prove anything in Zero-Knowledge (if you dont know how to do it any other way, use

3.26k views • 68 slides
Arya: Nearly Linear-Time Zero-Knowledge Proofs for Correct Program Execution Jonathan Bootle,

Arya: Nearly Linear-Time Zero-Knowledge Proofs for Correct Program Execution Jonathan Bootle,

Arya: Nearly Linear-Time Zero-Knowledge Proofs for Correct Program Execution Jonathan Bootle, Andrea Cerulli, Jens Groth, Sune Jakobsen, Mary Maller Zero-Knowledge Proofs for Statement Correct Program Execution Witness Prover Verifier

334 views • 32 slides
Lattice Cryptography for the Internet Chris Peikert Georgia Institute of Technology Post-Quantum

Lattice Cryptography for the Internet Chris Peikert Georgia Institute of Technology Post-Quantum

Lattice Cryptography for the Internet Chris Peikert Georgia Institute of Technology Post-Quantum Cryptography 2 October 2014 1 / 12 Lattice-Based Cryptography p d o m x g = y N = = p m e mod N q e ( g a , g b ) (Images

878 views • 70 slides
Cry rypto: What Does His istory ry Tell ll Us? Discussion by Randall Morck University of

Cry rypto: What Does His istory ry Tell ll Us? Discussion by Randall Morck University of

Commodity Money to Fia iat Money and Now to Cry rypto: What Does His istory ry Tell ll Us? Discussion by Randall Morck University of Alberta ABFER, NBER, ECGI The University of Alberta --- For the uplifting of the whole people Commodity,

319 views • 19 slides
Single Secret Leader Election Dan Boneh Saba Eskandarian Lucjan Hanzlik Nicola Greco What is

Single Secret Leader Election Dan Boneh Saba Eskandarian Lucjan Hanzlik Nicola Greco What is

Single Secret Leader Election Dan Boneh Saba Eskandarian Lucjan Hanzlik Nicola Greco What is Single Secret Leader Election? A group of participants want to randomly choose exactly one leader, such that: 1. Identity of the leader is known only

1.48k views • 106 slides
Outline Motivation 8271 discussion of: Zerocoin: Anonymous Crypto background Distributed

Outline Motivation 8271 discussion of: Zerocoin: Anonymous Crypto background Distributed

Outline Motivation 8271 discussion of: Zerocoin: Anonymous Crypto background Distributed E-Cash from Bitcoin Zerocoin crypto Stephen McCamant (Original paper: Ian Miers, Christina Garman, Matthew Green, and Aviel D. Rubin)

312 views • 6 slides
Cryptography during the two world wars, and wrap-up of classical ciphers. Math 4440/5440. First

Cryptography during the two world wars, and wrap-up of classical ciphers. Math 4440/5440. First

Cryptography during the two world wars, and wrap-up of classical ciphers. Math 4440/5440. First World War German Cipher: ADFGVX Cipher A D F G V X 3 4 2 1 A c o 8 x f 4 D G X G D m k 3 a z 9 X G D G F n w 1 0

743 views • 55 slides
Linux Kernel Crypto API Herbert Xu Red Hat Inc. Current State Async + sync cipher interface.

Linux Kernel Crypto API Herbert Xu Red Hat Inc. Current State Async + sync cipher interface.

Linux Kernel Crypto API Herbert Xu Red Hat Inc. Current State Async + sync cipher interface. Async + sync hash interface. AEAD interface. Compress-as-you-go interface. RNG interface. Current State A handful of async PCI

971 views • 7 slides
LLVM x Blockchain A New Ecosystem of Decentralized Applications Robin Zhong About Me Co-founder

LLVM x Blockchain A New Ecosystem of Decentralized Applications Robin Zhong About Me Co-founder

LLVM x Blockchain A New Ecosystem of Decentralized Applications Robin Zhong About Me Co-founder and CTO of Nebulas Former architect of Alibaba Blockchain Department Former Senior Engineering Director of Dolphin Browser Robin Zhong

719 views • 24 slides
cryptocoding JP Aumasson @veorq / http://aumasson.jp academic background principal

cryptocoding JP Aumasson @veorq / http://aumasson.jp academic background principal

cryptocoding JP Aumasson @veorq / http://aumasson.jp academic background principal cryptographer at Kudelski Security, .ch applied crypto research and outreach BLAKE, BLAKE2, SipHash, NORX Crypto Coding Standard Password Hashing Competition

888 views • 73 slides

More recommend

Explore More Topics

Stay informed with curated content and fresh updates.

animals pets art culture automotive transportation business finance computer internet construction architecture education-career electronics communication

Logo Sambuz

Unleash a World of Digital Possibilities—Browse, Share, and Explore Content Without Boundaries

Useful Links

About Us Privacy Services FAQ's Contact

Newsletter

Stay Informed & Inspired—Subscribe for the Latest Updates, Tips, and Exclusive Content Directly to Your Inbox.

Mail Us

mail@sambuz.com

2026 SAMBUZ, All right reserved.