Re: [zapps-wg] Zkproofs.org standards workshop
Lucas's post reminded me of something I wanted to post about:
If there's one thing I'd like to take up the torch for and advocate as a
standard, it's to use a conventional pseudocode for describing snark
application ideas. What I have in mind is Camenisch-Stadler proof
notation. It looks like this:
ZkPoK{ (witness): Predicate(statement, witness) }
The idea is that "witness" is the private witness, "statement" is
public information that the verifier provides, and you replace
"Predicate" with whatever pseudocode you want to check.
Here are some examples:
1. Pay-to-Sudoku:
ZkPoK{ (solution, nonce):
SHA2(nonce || solution) == H,
CheckSudokuSolution(puzzleBoard, solution) == 1 }
2. Show two hashes have related preimages:
ZkPoK{ (R1, R2): H1 = sha256(R1) and H2 = sha256(R2) and R1 = R2 ^ X }
https://github.com/ebfull/lightning_circuit/blob/master/README.md
This notation is a starting point, it can be extended to say a
Signature-of-Knowledge, like in BabyZoe (a simplified form of ZSL,
where the only shielded operation is to withdraw 1.0 coin from the
shielded pool):
3. SoK[tx]{ (secretkey, Com, merkleProof):
// Com is included in the commitment tree
MerkleVerify(coinTree, merkleProof, Com),
Com is a commitment to (secretkey, Nullifier)
}
Notes on BabyZoe:
https://github.com/zcash-hackworks/babyzoe/blob/master/talks/2016-07-27-IC3---SNARKs-for-Ethereum.pdf
To take a stab at translating the snark-based password authentication
idea into this pseudocode, I think it could look like this:
4. SoK[signedMessage]{ (derivedkey):
username = SHA256(addrContract, derivedkey)
}
The user would then use standard PBKDF2 from something like:
derivedKey := Argon2(addrContract, password)
so the snark circuit itself doesn't even have to have the expensive
hash. The smart contract would use the final password hash as the
username.
On Sat, Mar 24, 2018 at 4:47 PM, Andrew Miller wrote:
> That's awesome Lucas, thanks for this input, these are pretty cool
> application scenarios. They're all quite relevant to a standards effort
> because they seem to involve interfacing between zkSNARKs and other
> standardized primitives (password hash functions, anonymous credentials,
> extensions to ZSL).
>
> On Sat, Mar 24, 2018 at 4:42 PM, Lucas Vogelsang via zapps-wg
> wrote:
>>
>> I've put some thoughts into possible use cases, here are some that we have
>> been thinking about in the context of decentralized business applications.
>> Some of these concepts are things we are actually working on, others just
>> ideas
>>
>> - blind auctions (including double dutch auctions)
>> - page-rank style algorithms on top of anonymous credentials or
>> reputations
>> - build a password-based authentication out of any password hash
>> - give out "referral capabilities" that automatically assign a commission
>> to whoever introduced a subscriber who signs up (this would be part of a
>> privacy-preserving subscription service, that could be built on top of a
>> zcash-like (ZSL protocol) cryptocurrency)
>> - consumer credit scores: create a registry of "bad debtors". use zkproofs
>> both to "register" a bad debt/bad action and allow individuals to provide a
>> proof revealing your score without actual transaction details (not sure how
>> exactly this could work)
>>
>> Curious to hear what other people have thought of!
>>
>>
>> On Fri, Mar 23, 2018 at 11:11 AM, Andrew Miller via zapps-wg
>> wrote:
>>>
>>> Dear Zapps, I just wanted to let you know that there will be a standards
>>> workshop organized by several academics / industry participants in May.
>>> https://zkproof.org
>>> I want to make sure that the workshop includes input from all the groups
>>> involved in this open source community that are developing tools and
>>> applications and even making initial standardization efforts around
>>> portability between different libraries.
>>>
>>> I'm especially interested in collecting application ideas to include as
>>> case studies to help make the conversation more concrete. So far I don't
>>> have many ideas. So far I have:
>>> - anonymous credentials
>>> - zcash
>>> - voting
>>> - sudoku solutions / contingent payments
>>> - compressing blockchain verification
>>> - a log of photo edits
>>> - checking that a cloud compute task was done correctly (this is arguably
>>> not specific enough).
>>>
>>> Suggestions of what I'm missing?
>>
>>
>
>
>
> --
> Andrew Miller
> University of Illinois at Urbana-Champaign
--
Andrew Miller
University of Illinois at Urbana-Champaign
Re: [zapps-wg] Zkproofs.org standards workshop
That's awesome Lucas, thanks for this input, these are pretty cool application scenarios. They're all quite relevant to a standards effort because they seem to involve interfacing between zkSNARKs and other standardized primitives (password hash functions, anonymous credentials, extensions to ZSL). On Sat, Mar 24, 2018 at 4:42 PM, Lucas Vogelsang via zapps-wg < zapps...@lists.z.cash.foundation> wrote: > I've put some thoughts into possible use cases, here are some that we have > been thinking about in the context of decentralized business applications. > Some of these concepts are things we are actually working on, others just > ideas > > - blind auctions (including double dutch auctions) > - page-rank style algorithms on top of anonymous credentials or reputations > - build a password-based authentication out of any password hash > - give out "referral capabilities" that automatically assign a commission > to whoever introduced a subscriber who signs up (this would be part of a > privacy-preserving subscription service, that could be built on top of a > zcash-like (ZSL protocol) cryptocurrency) > - consumer credit scores: create a registry of "bad debtors". use zkproofs > both to "register" a bad debt/bad action and allow individuals to provide a > proof revealing your score without actual transaction details (not sure how > exactly this could work) > > Curious to hear what other people have thought of! > > > On Fri, Mar 23, 2018 at 11:11 AM, Andrew Miller via zapps-wg < > zapps...@lists.z.cash.foundation> wrote: > >> Dear Zapps, I just wanted to let you know that there will be a standards >> workshop organized by several academics / industry participants in May. >> https://zkproof.org >> I want to make sure that the workshop includes input from all the groups >> involved in this open source community that are developing tools and >> applications and even making initial standardization efforts around >> portability between different libraries. >> >> I'm especially interested in collecting application ideas to include as >> case studies to help make the conversation more concrete. So far I don't >> have many ideas. So far I have: >> - anonymous credentials >> - zcash >> - voting >> - sudoku solutions / contingent payments >> - compressing blockchain verification >> - a log of photo edits >> - checking that a cloud compute task was done correctly (this is arguably >> not specific enough). >> >> Suggestions of what I'm missing? >> > > -- Andrew Miller University of Illinois at Urbana-Champaign
Re: [zapps-wg] Zkproofs.org standards workshop
I've put some thoughts into possible use cases, here are some that we have been thinking about in the context of decentralized business applications. Some of these concepts are things we are actually working on, others just ideas - blind auctions (including double dutch auctions) - page-rank style algorithms on top of anonymous credentials or reputations - build a password-based authentication out of any password hash - give out "referral capabilities" that automatically assign a commission to whoever introduced a subscriber who signs up (this would be part of a privacy-preserving subscription service, that could be built on top of a zcash-like (ZSL protocol) cryptocurrency) - consumer credit scores: create a registry of "bad debtors". use zkproofs both to "register" a bad debt/bad action and allow individuals to provide a proof revealing your score without actual transaction details (not sure how exactly this could work) Curious to hear what other people have thought of! On Fri, Mar 23, 2018 at 11:11 AM, Andrew Miller via zapps-wg < zapps...@lists.z.cash.foundation> wrote: > Dear Zapps, I just wanted to let you know that there will be a standards > workshop organized by several academics / industry participants in May. > https://zkproof.org > I want to make sure that the workshop includes input from all the groups > involved in this open source community that are developing tools and > applications and even making initial standardization efforts around > portability between different libraries. > > I'm especially interested in collecting application ideas to include as > case studies to help make the conversation more concrete. So far I don't > have many ideas. So far I have: > - anonymous credentials > - zcash > - voting > - sudoku solutions / contingent payments > - compressing blockchain verification > - a log of photo edits > - checking that a cloud compute task was done correctly (this is arguably > not specific enough). > > Suggestions of what I'm missing? >
