circom cookbook
Compile circom and test
circom+snarkjs测试(e.g. bn.circom):
1234567891011121314151617circom bn.circom --r1cs --wasm --sym --ccd bn_js# create input.json in bn_jssnarkjs wc bn.wasm input.json witness.w ...
Tornado Cash
Ethereum上的隐私保护协议(混币+零知识证明)
https://github.dev/tornadocash/tornado-core
Protocol description
deposit
生成随机nullifier \(k\in\{0,1\}^{248}\),randomness \(r\in\{0,1\}^{248}\),并计算\(C=H_1(k||r)\)。 ...
Some tricks about zk (1)
Range Proof
based on Sigma Protocol
[前置知识]
u-ary representation: $\sigma=\sum_j(\sigma_j u^j)$
based on Boneh-Boyen signature scheme:
to show $\sigma_j\in\{0,1,…,u-1\}$ without revealing its value
$ ...
Overview of used cryptography concepts in blockchain
Signature Scheme
Multi-Signature ( & aggregation )
Schnorr: https://zhuanlan.zhihu.com/p/145550969
签名聚合($\sum$)及安全性分析:https://www.defidaonews.com/article/6684336
$s\cdot G==R+Hash(R,X,m)\cdot X$
...
Engineering Practice of Cryptosystem(2)
Assignment在实验室算法库(部分)的基础上实现
椭圆曲线标量乘(方法选的Sliding window,但固定基点标量乘也需要用到w-NAF,就也实现了w-NAF)
上层SM2模块(数字签名+公钥加密)
Recordfp有限域模块均采用Montgomery表示,即$x\rightarrow x\cdot R\ (mod\ N)$,输出时(调用fp_wt_bin)再做Mont约简
本科毕设 ...
Research on aBFT
Overview
https://medium.com/@crytpol_25852/asynchronous-byzantine-fault-tolerance-a-time-independent-future-proof-byzantine-fault-f6f1a4d1f17a
Nonetheless, all these protocols employ at their core a s ...
Bullet Proofs
Pedersen Commitment$Com(v)=v\cdot B+\tilde{v}\cdot\tilde{B}$,其中$B,\tilde{B}$为椭圆曲线上的两个基点,$v$是需要承诺的秘密数,$\tilde{v}$为(随机)盲化因子。
具备同态加法特性,即:
$Com(v_1)+Com(v_2)=v_1\cdot B+\tilde{v_1}\cdot\tilde{B}+v_2\cdot ...
Engineering Practice of Cryptosystem
Assignment略
Record实现DES的时候发现性能一直提不上去(v1测试后≈750us/KB,距离要求的500Mbps还有亿点点距离…🤦)
在此记录尝试提升性能过程中更迭的几个版本
Combine S and P boxes123456789101112131415161718static uint32_t spbox[8][64];void gen_spbox() { ...