基于zk-SNARKs的区块链隐私保护技术
合集下载
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
Preliminaries
Zerocash[S&P’14] for UTXO
cm
(coin commitm′
������
������
(value)
hash
������′′
sn
(serial number)
Legend:
In private wallet
root
Hash
Hash
• Transaction amount • Secure commitment scheme
• Sender-recipient linkage • Two-step fund transfer procedure: send + deposit
root
Send
Hash
Hash
Hash
Hash Hash Hash Hash
• Zero-knowledge(ness): The Verifier learns no information beyond the fact that the statement is true.
Preliminaries
• zk-SNARK: zero-knowledge Succinct Non-Interactive Argument of Knowledge • Normal ZKP: Prove knowledge of x given y = gx • zk-SNARK: Prove knowledge of x given y = H(x)
• More easily scaled through sharding
• Hard to work with smart contract states
• Complete transparency of asset movements
Account Model
• Need to store all accounts states
BlockMaze: An Efficient Privacy-Preserving Account-Model Blockchain Based on zk-SNARKs
基于zk-SNARKs的区块链隐私保护技术
技术创新,变革未来
Outline
Motivation Preliminaries The BlockMaze Analysis and Evaluation
• More efficient storage usage
• Intuitively clear approach • High degree of fungibility;
harder to track assets • Inconvenient tracking of
internal transactions in a public blockchain • Every transaction must have a nonce
cm1 cm2 cm3 cm4 cm5 cm6 cm7 cm8
Deposit
BlockMaze: Data Structures
BlockMaze: Two-step fund Transfer
BlockMaze
1) Mint
• Build a Mint transaction • Covert a plaintext amount into the zero-knowledge balance
Preliminaries
• Zero-knowledge proof
• Prove somebody knows some secret without revealing it
• Does not allow the verifier to impersonate the prover
• Example: Schnorr protocol proves knowledge of x given y = gx
A zk-SNARK satisfies the following properties: - completeness - succinctness - proof of knowledge - perfect zero-knowledge
Applications of zk-SNARK: - Verifiable computation - Auction - Voting
• Completeness: If the Prover is honest, then she will eventually convince the Verifier.
• Soundness: The Prover can only convince the Verifier if the statement is true.
Motivation
• Anonymous UTXO-model blockchains
Zerocash
Dash
• Anonymous Account-model blockchains
None!
• Challenge
• account model implicitly restricts that each user has only one account. • how to protect privacy in account model?
Hash
Hash Hash Hash Hash
cm1 cm2 cm3 cm4 cm5 cm6 cm7 cm8
BlockMaze: Basic Idea
• Account balance • Dual-balance model • Zero knowledge balance + Plaintext balance
Conclusion
Motivation
Bitcoin-UTXO model (unspent tx output)
Ethereum: Account model
Motivation
UTXO Model
• Higher degree of privacy for new addresses, the coin does not have an owner