Zero knowledge proof blockchain

1. blockchain itself solves the problem of large-scale cooperation between strangers, that is, strangers can cooperate with each other without mutual trust. So how to ensure the trust between strangers to achieve mutual consensus mechanism? The centralized system uses trusted third-party endorsements, such as banks. In the eyes of the common people, banks are reliable and trustworthy institutions. The common people can trust banks to solve real disputes. But how does a decentralized blockchain guarantee trust
in fact, blockchain uses the basic principles of modern cryptography to ensure its security mechanism. The knowledge system involved in the field of cryptography and security is very complicated. Here, I only introce the basic knowledge of cryptography related to blockchain, including hash algorithm, encryption algorithm, information digest and digital signature, zero knowledge proof, quantum cryptography, etc. Through this lesson, you can learn how to ensure the confidentiality, integrity, authentication and non repudiation of the blockchain using cryptography technology
basic course lesson 7 basic knowledge of blockchain security
1. Hash algorithm (hash algorithm)
hash function (hash), also known as hash function. Hash function: hash (original information) = summary information. Hash function can map any length of binary plaintext string to a shorter (generally fixed length) binary string (hash value)
a good hash algorithm has the following four characteristics:
1. One to one correspondence: the same plaintext input and hash algorithm can always get the same summary information output
2. Input sensitivity: even if the plaintext input changes slightly, the newly generated summary information will change greatly, which is greatly different from the original output
3. Easy to verify: plaintext input and hash algorithm are public, anyone can calculate by themselves, and whether the output hash value is correct
4. Irreversibility: if there is only the output hash value, the hash algorithm can never dece the plaintext
5. Conflict avoidance: it is difficult to find two plaintexts with different contents, but their hash values are the same (collision)
for example:
hash (Zhang San lent Li Si 100000 yuan for 6 months) = 123456789012
such a record as 123456789012 is recorded in the account book
it can be seen that hash function has four functions:
simplify information
it is easy to understand, and the information after hashing becomes shorter
identification information
you can use 123456789012 to identify the original information, and summary information is also called the ID of the original information
hidden information
the account book is a record like 123456789012, and the original information is hidden
verification information
if Li Si cheated that Zhang San only lent Li Si 50000 when repaying, both parties can verify the original information with the hash value of 123456789012 recorded before
hash (Zhang San lent Li Si 50000 for 6 months) = 987654321098
987654321098 is completely different from 123456789012, which proves that Li Si lied, Then the information can't be tampered
common hash algorithms include MD4, MD5 and Sha series algorithms, and Sha series algorithms are basically used in mainstream fields. Sha (secure hash algorithm) is not an algorithm, but a group of hash algorithms. At first, it was SHA-1 series, and now the mainstream applications are sha-224, SHA-256, sha-384 and sha-512 algorithms (commonly known as SHA-2). Recently, Sha-3 related algorithms have been proposed, such as keccak-256 used by Ethereum
MD5 is a very classic hash algorithm, but unfortunately, both it and SHA-1 algorithm have been cracked. It is considered by the instry that its security is not enough to be used in business scenarios. Generally, sha2-256 or more secure algorithm is recommended
hash algorithm is widely used in blockchain. For example, in blocks, the latter block will contain the hash value of the previous block, and the content of the later block + the hash value of the previous block will jointly calculate the hash value of the later block, which ensures the continuity and non tamperability of the chain< Encryption and decryption algorithm is the core technology of cryptography, which can be divided into two basic types: symmetric encryption algorithm and asymmetric encryption algorithm. According to whether the key used in the encryption and decryption process is the same or not, the two modes are suitable for different needs, just forming a complementary relationship, and sometimes can be combined to form a hybrid encryption mechanism
symmetric cryptography (also known as common key cryptography) has the advantages of high computational efficiency and high encryption strength; Its disadvantage is that it needs to share the key in advance, which is easy to leak and lose the key. The common algorithms are des, 3DES, AES and so on
asymmetric cryptography (also known as public key cryptography) is different from the encryption and decryption key, and its advantage is that it does not need to share the key in advance; Its disadvantage is that it has low computational efficiency and can only encrypt short content. Common algorithms include RSA, SM2, ElGamal and elliptic curve series. Symmetric encryption algorithm is suitable for the encryption and decryption process of a large number of data; It can't be used in signature scenario: and it often needs to distribute the key in advance. Asymmetric encryption algorithm is generally suitable for signature scenario or key agreement, but it is not suitable for large amount of data encryption and decryption< Third, information digest and digital signature
as the name suggests, information digest is to hash the information content to obtain a unique digest value to replace the original and complete information content. Information digest is the most important use of hash algorithm. Using the anti-collision feature of hash function, information digest can solve the problem that the content has not been tampered
digital signature is similar to signing on paper contract to confirm contract content and prove identity. Digital signature is based on asymmetric encryption, which can be used to prove the integrity of a digital content and confirm the source (or non repudiation)
we have two requirements for digital signature to make it consistent with our expectation for handwritten signature. First, only you can make your own signature, but anyone who sees it can verify its validity; Second, we want the signature to be only related to a specific file and not support other files. These can be achieved by our asymmetric encryption algorithm above
in practice, we usually sign the hash value of information instead of the information itself, which is determined by the efficiency of asymmetric encryption algorithm. Corresponding to the blockchain, it is to sign the hash pointer. In this way, the front is the whole structure, not just the hash pointer itself< Zero knowledge proof means that the verifier can make the verifier believe that a certain conclusion is correct without providing any additional information to the verifier
zero knowledge proof generally meets three conditions:
1. Completeness: authentic proof can make the verifier successfully verify
2. Soundness: false proof can not make the verifier pass the verification
3. Zero knowledge: if you get proof, you can't get any information other than the proof information from the proof process< With more and more attention paid to the research of quantum computing and quantum communication, quantum cryptography will have a huge impact on the information security of cryptography in the future
the core principle of quantum computing is that qubits can be in multiple coherent superposition states at the same time. Theoretically, a large amount of information can be expressed by a small number of qubits and processed at the same time, which greatly improves the computing speed
in this way, a large number of current encryption algorithms are theoretically unreliable and can be cracked, so the encryption algorithm has to be upgraded, otherwise it will be broken by quantum computing
as we all know, quantum computing is still in the theoretical stage, which is far from large-scale commercial use. However, the new generation of encryption algorithms should consider the possibility of this situation.

2. The first category is currency projects, which are also the earliest blockchain projects. Currency projects mainly include bitcoin and lightcoin
in addition, there is another kind of asset with the characteristics of anonymity. Its main functions include protecting the privacy of both sides of payment while realizing payment. The more famous ones are dash, monero and zcash
currency is mainly used as the "exchange medium" in the field of blockchain assets. The exchange medium is the general equivalent you use to exchange goods. For example, gold, silver and silver bills can be used as the exchange medium in the past
at present, there are more than 1000 types of digital assets in the world, and the number of currency blockchain projects is not growing fast. As of January 2018, bitcoin is still the largest market value. We are already familiar with bitcoin. In the next few episodes, we will give a detailed introction to Leyte coin, Xinjing coin, Dasch coin, Monroe coin and zcash.

3. In essence, blockchain is a decentralized ledger system, which has the characteristics of decentralization, openness, non tampering information and programmability. It can be used as the underlying storage and transmission protocol of value Internet. Blockchain is expected to lead us from personal trust and institutional trust to the era of machine trust. Consensus mechanism is the core of regional chain construction. Digital currency is just the beginning. Blockchain can change more, reshape the world's trust system, and solve many problems of high trust cost in the past
there is a core difference between blockchain and Internet: the value of underlying protocols and upper applications of blockchain and Internet are completely reversed. It mainly comes from the two core features of blockchain:

the first feature is that zero knowledge proof changes the ownership of data. In other words, the user's personal data on the blockchain belongs to the user and does not need to be provided to the application and stored on the central server. Then the core support "data" behind the market value of Internet application layer services, such as bat, will lose its original value in the field of blockchain
another feature is the economic incentive model brought by token, which gives high value to the underlying protocol. In the Internet era, no one pays for HTTP protocol, no one pays for sending and receiving email, and no one pays for Google's search service.

5.

1. League of heroes

League of heroes, also known as lol, China's LPL has won the championship of the world finals for two consecutive years, which makes the players who love League of heroes start a new journey again, which makes the popularity of lol in China set off a wave of upsurge. Although lol has been 10 years, the popularity is not as good as before, but it is not comparable to the popularity of other networks

2, ngeons and warriors

the game of ngeons and warriors is called DNF for short. DNF has been tested for 11 years since 2008. The unique abyss mode in the game is not found in other online games. It is also a time when the public players are excited to brush the abyss, but now DNF graates have many activities and awards, So many players have abandoned DNF one by one, but there are still a lot of civilian players, the heat is also leverage drop

3, fortress night

fortress night is a third person shooting game, which has landed on the host platform, PC platform, mobile game platform and NS platform. So the platform has this game, the heat is incomparable to other design games. Chicken eating mode in the game is also very popular

4, crossing the line of fire

crossing the line of fire is also known as cf. in 2007, the game was tested internally in China, but the popularity was very hot when it was just launched. At that time, no game known as 300 million mouse could catch up with CF, but CF has experienced more than ten years. Since the introction of heroic weapons, the popularity has slowly started to decline, It takes 888 yuan to get a hero weapon, which makes many civilian players stop. Moreover, the performance difference between civilian weapons and hero weapons is too big, which makes many players retreat

5. World of Warcraft (including nostalgic clothes)

world of Warcraft is the oldest game. Warcraft also launched the nostalgic clothes in August of 19. The popularity of the nostalgic clothes just launched in this game has exceeded its own popularity several times. All servers of the nostalgic clothes need to queue up to enter the game on weekends, That is to say, how many new players and old players come back to experience the past

6, survival of the Jedi

survival of the Jedi game was only tested in March of 17. Survival of the Jedi game has experienced steam's weekly sales champion, the champion of 55 consecutive weeks. You know, there are 52 consecutive weeks in a year, that is to say, survival of the Jedi has been the champion of sales for one consecutive year, and no game of steam's weekly sales champion can be more than four consecutive weeks, And the Jedi survival game has this amazing history

7, ff14

Final Fantasy 14 this game was officially tested in China in 2014. This game has experienced the best new MMO Game Award, the most popular MMORPG award, the best picture award, the best sound effect award and the must play game award. Can be said to be a very powerful online game

8. Anti terrorism Elite: Global offensive

a first person shooting game jointly developed by valve and hidden path entertainment was officially launched in Europe and the United States on August 21, 2012, and the national service press conference was held in Beijing on April 11, 2017. The game is the fourth work of the anti terrorist Elite Series (excluding Neo, online and other derivative works)

9, legend of hearthstone

Legend of hearthstone is a set exchange card game. The game background is set to 9 different hero classes in Blizzard's Warcraft series. What the players need to do is to form a strong card group to defeat the opponent's card group

10, watch vanguard

watch vanguard is a first person shooting game developed by blizzard. Every hero in the game is his own weapon and skill, and the innovative shooting game has attracted many Blizzard players, especially the painting style in the game

6. In the early 1980s, Goldwasser and others proposed the concept of zero knowledge proof. Essentially, zero knowledge proof is a protocol. The so-called protocol is a series of steps taken by two or more participants to complete a specific task, including the following three characteristics: 1. Protocol is an orderly process from beginning to end, and each step must be executed in turn, 2. The protocol needs at least two participants. One person can complete a task by executing a series of steps, but it does not constitute an agreement. 3. A task must be completed by executing the protocol. Zero knowledge proof must include two aspects, one is the prover, the other is the prover, The other party is the verifier. The verifier tries to prove to the verifier that an assertion is correct, or the verifier has some knowledge, but does not disclose any useful information to the verifier. Zero knowledge proof has been widely used in cryptography, especially in authentication protocol and digital signature, People use digital signature to design a large number of excellent algorithms. A story about the cave is used to explain zero knowledge. There is a secret in the cave. People who know the spell can open the secret door between C and D. for others, both channels are dead ends. Peggy knows the secret of the cave. She wants to prove this to victor, Here's how she got Victor to believe it: (1) Victor stood at point A. (2) Peggy walked all the way into the cave to point C or D. (3) after Peggy disappeared in the cave, Victor walked to point B. (4) Victor called to Peggy to come out from the left passage or from the right passage. (5) Peggy agreed, Peggy and Victor repeat steps (1) to (5) n times. Suppose Victor has a camera that can record what he sees. He records Peggy disappearing in the cave and the time when he shouts Peggy to come out of his chosen place, Record Peggy coming out. He records all n experiments. If he shows these records to Carol, will she believe that Peggy knows the spell to open the secret door? Without knowing the spell, what if Peggy and Victor agreed in advance what Victor would shout? Peggy will be sure to go into the path where Victor told her to come out, and then she can come out on the path where Victor asked her to come out without knowing the spell. Maybe they don't do that. Peggy goes into one of the channels, and Victor sends out a random request. If Victor guesses right, great. If he guesses wrong, they will delete the experiment from the video, Victor can get a record, which accurately shows the same sequence of events as the actual proof that Peggy knows the spell. This shows two things. One is that Victor can't make the third party believe the validity of the proof; Second, it proves that the protocol is zero knowledge. In the case that Peggy doesn't know the mantra, Victor obviously can't get any information from the record. However, because he can't distinguish between a real record and a forged record, Victor can't get any information from the actual proof - it must be zero knowledge, Peggy does not reveal any secret knowledge in the process of proving to victor, which is called zero knowledge

7. In the absence of sufficient (or even no) basis, the calculation method of guessing an event (password reverse translation) is a guess without any basis, but the calculation method of guessing is proved to be correct, which is zero knowledge proof
in Goldwasser's zero knowledge proof, there must be interaction between the prover and the verifier, which is called "interactive zero knowledge proof". In the late 1980s, Blum and others further proposed the concept of "non interactive zero knowledge proof", using a short random string instead of the interactive process and realizing zero knowledge proof. One of the important applications of non interactive zero knowledge proof is the large-scale network which needs to execute a large number of cryptographic protocols
in zero knowledge proof, a person (or device) can prove that he knows the secret without revealing any secret.. if zero knowledge proof can be used for verification, Will be able to effectively solve many problems..

proof materials
with relevant zero knowledge proof materials:
zero knowledge proof is not proof in terms of mathematical feeling, because there is a fixed possibility P in any zero knowledge proof Peggy can provide the right response to the challenge, that is, she does not know the key. However, if the test is repeated N, timing fraud is reced, and the probability of Peggy fraud is reced to an arbitrary level by increasing the number of test winners

example strategy
Peggy's public key is a large chart, which we will call G. Peggy was organized by G some time ago, and widely then published it. Because she specifically made it for the purpose, Peggy knew about a Hamilton cycle. Peggy will prove her identity to the winner and she knows a Hamilton cycle in G. Even if G is public information, no one can do it, because no one knows a Hamiltonian cycle of G, and it is a difficult problem to find Hamiltonian cycle in graph (see NP completeness)
however, Peggy can't simply tell the winner Hamilton's cycle, because then the winner (or eavesdropper) can pretend to be Peggy. Peggy can't reveal any information in any period, because eavesdroppers may be able to collect information in several different occasions and integrate it, so that eavesdroppers have enough information to play the role of Peggy
to prove her identity, Peggy and the winner play several circles in the following competitions:
Peggy marks the G endpoint with a random number. The edges may then be represented as a pair of these numbers. She lists g edges, and encrypts each edge with an additional key. She then sends the coded edge to the winner
the winner flips the coin
* if the coin comes over the head, Peggy surrenders the key to the random number and maps from the endpoint. The winner decodes the edge and then verifies that the encrypted edge is sent in step 1 to actually do graph. G and no other graph
* if the coin comes over the tail, Peggy surrenders the key only for actually forming the edge of Hamilton's cycle. Winners decode these edges and verify that they do form the right length of cycle
the impostor; Pamela ') Be able to manage to play Peggy, and have a 50% chance of successfully bluffing the winner in any particular round. There are two possible play strategies. Pamela can send Peggy's graph. G to code. In this case, she escaped detection if the winner threw his head; She revealed that it was coded, and the winner verified that the chart was indeed G. But if the winner throws his tail, Pamela is caught. The set of keys she was asked to reveal constituted a Hamilton cycle g edge, and she could not do that because she did not know one
another strategy Pamela can follow is to prepare some other chart. She knows that the h of a Hamilton cycle is coded. She is safe in this case if the winner throws his tail; She reveals the cycle, and, because the winner never looks at the margin of the remainder, he never learns that the chart is h and not g. But if the winner throws the head, Pamela is asked to reveal the whole chart, and the winner sees that this is not g
by playing this game for 20 rounds, the winner can rece the possibility of being fooled by Pamela to only 1 / 2. By playing more circles, the winner can rece the possibility of craving
information revealed by Peggy provides winner any information in all not g's Hamilton cycles. Look at this, notice that the winner can make transcripts of the game without talking to Peggy at all. He was able to select the sequence head and tail, and then prepare the hypothetical reply from Peggy, who had never known Hamilton's cycle, by engaging the appropriate impostor strategy in each circle. Transcripts, and it doesn't contain, cable legitimate information about Peggy's identity. Peggy proved her identity not because she could base her answer on the right one, but because she could base her answer on the right one, she didn't know what the problem would be
the so-called zero knowledge proof refers to a method that the demonstrator does not disclose any information when proving his own identity, and the verifier can not get any private information of the demonstrator, but can effectively prove the identity of the other party. It seems a bit awkward. I'll give you two examples to understand
several examples of zero knowledge proof [original]

proof examples
1) a wants to prove to B that he has the key of a room, assuming that the room can only be opened with the key, but no other method can. At this time, there are two methods:
① a shows B the key, and B uses the key to open the lock of the room, so as to prove that a has the correct key of the room
② B confirms that there is an object in the room. A opens the door of the room with his own key, and then shows the object to B, so as to prove that he really has the key of the room
the following method belongs to zero knowledge proof. The advantage is that in the whole process of proof, B can't see the appearance of the key, so as to avoid the leakage of the key
2) a owns B's public key. A has never seen B, but B has seen a picture of A. one day, two people meet and B recognizes a, but a is not sure whether the person in front of him is B. at this time, B has two ways to prove to a that he is B
① B gives its private key to a. a encrypts some data with the private key, and then decrypts it with B's public key. If it is correct, it proves that the other party is B
② a gives a random value, B encrypts it with its own private key, and then gives the encrypted data to a, a decrypts it with B's public key, and if the original random value can be obtained, it proves that the other party is B
the latter method belongs to zero knowledge proof
3) there is a ring-shaped corridor with a gap. The exit and entrance are very close (within the eye distance), but there is a door in the middle of the corridor that can only be opened with a key. A has to prove to B that he has the key to the door. Using zero knowledge proof, B watches a enter the corridor from the entrance, and then walk out of the corridor from the exit. At this time, B does not get any information about the key, but it can prove that a has the key.

8. It seems that there are still many
introctions from AOS official website:
AOS creates and leads the era of privacy blockchain 3.0. Compared with monero, zcash, dash and other privacy currencies, AOS supports users to issue privacy assets independently, realizing Turing perfection at the level of privacy asset issuance
compared with other common privacy smart contract platforms, AOS supports zero knowledge proof programming for the first time, and realizes Turing completeness in the level of privacy application programming, that is, it supports users to develop privacy applications easily and conveniently
AOS is the most powerful privacy public chain supporting smart contract in the world. It supports users to issue private tokens and is known as "private EOS"
AOS is also the world's first privacy public chain supporting zero knowledge proof programming, also known as the "private version of small program development platform".

9.

Yes

blockchain can solve the problem of mutual trust in transactions

< H2 > smart contract solves the problem of mutual trust in transactions

since the beginning of bitcoin, blockchain technology has been developing continuously. In 2014, Ethereum further developed a variety of new functions of smart contract technology. Smart contract is linked in the form of digital, & quot; Once generated, the information recorded in the blockchain will be permanently recorded and cannot be tampered with; It can solve the trust problem of "strange trust"

ulord has the property of smart contract, which introces the design concept of gas, but different from Ethernet gas, every operation consumes gas. Compared with the gas concept of ether, ulord adopts a more simplified and abstract method. The resources and sites that users publish on the ulord consume the resources on the ulord network. Therefore, when users publish resources or sites, they need to bind a certain amount of ulordtoken. With the growth of block height, the ulordtoken will be consumed graally. Users need to fill in a new ulordtoken at the address corresponding to the consumed site to ensure the ownership of the domain name. At the same time, through the side chain technology, it can be compatible with the Ethernet virtual machine, publish smart contracts, and allow users to publish their own tokens. There is a certain proportion of exchange relationship between tokens and ulordtoken. Ulord allows users to customize the release of their own site services, and by issuing their own tokens, they can operate their own site

< H2 > ZK snark technology to protect transaction privacy

ulord will adopt the most mainstream privacy protection ZK snark technology to protect transaction privacy. In the ulord blockchain, creating an effective transaction includes the following three things:

1

2. The sender proves that he is the "holder" of the currency by means of authorized signature

The input of transaction is equal to its output

the work of proving that money has not been spent before is done by the ledger itself, which does not require the sender to do any work. The sender only needs to prove that he is the holder of these currencies, and he wants to send these currencies by means of electronic signature through the private key corresponding to the address. In order for the signature to be verified, the sender's address must be public. Correspondingly, the receiver must disclose the receiving address to complete the transaction process. In the use of ulord, it is simple to verify that the input and output of the transaction are equal, because the number of transmissions is fully revealed