The relationship between zero sum knowledge proof and blockchain
blockchain refers to the technical solution of collective maintenance of a reliable database through centralization and distrust in the past, and it is a technical way for the whole people to participate in bookkeeping. Previous bookkeeping methods were all centralized and needed centralized intermediary, whether it was traditional government, financial institutions, notarization institutions or emerging e-commerce platform and online payment platform
in economic hypothesis, information is sufficient. In fact, it is precisely because of insufficient information that there are very large intermediaries. The existence of intermediaries increases the transaction cost and raises the transaction threshold. In essence, blockchain technology is a large-scale collaboration tool. It makes direct value transfer possible by using pure technology for the first time, and continues the trend of Internet decentralization and disintermediation. Disintermediated blockchain technology will greatly subvert the information intermediary instry
blockchain technology is the basic technology for building bitcoin data structure and encrypted transmission of transaction information, which realizes the issue and transaction of bitcoin. The core of blockchain technology is that all the current participating nodes jointly maintain the transaction and database, so that the transaction is based on the principle of cryptography rather than trust, so that any agreed parties can directly carry out payment transactions without the participation of a third party
technically, a block is a data structure for recording transactions, reflecting the capital flow of a transaction. In the system, the transaction blocks are connected to form a main chain, and all the nodes participating in the calculation record the main chain or part of the main chain
a block contains the following three parts: transaction information, hash formed by the previous block and random number. Transaction information is the task data carried by the block, including the private keys of both parties, the number of transactions, the digital signature of electronic currency, etc; The hash hash formed by the previous block is used to connect the blocks and realize the sequence of past transactions; Random number is the core of the transaction. All nodes compete to calculate the answer of the random number. The node that gets the answer the fastest generates a new block and broadcasts it to all nodes for updating, so as to complete a transaction.
there is a core difference between blockchain and Internet: the value of underlying protocols and upper applications of blockchain and Internet are completely reversed. It mainly comes from the two core features of blockchain:
the first feature is that zero knowledge proof changes the ownership of data. In other words, the user's personal data on the blockchain belongs to the user and does not need to be provided to the application and stored on the central server. Then the core support "data" behind the market value of Internet application layer services, such as bat, will lose its original value in the field of blockchain
another feature is the economic incentive model brought by token, which gives high value to the underlying protocol. In the Internet era, no one pays for HTTP protocol, no one pays for sending and receiving email, and no one pays for Google's search service.
The way in which people keep accounts together is also known as "distributed" or "decentralized", because everyone keeps accounts, and the accuracy of the account book is determined by the program algorithm, not by an authoritative organization
this is the blockchain, the core is finished, blockchain is so simple, a common account book
six core algorithms of blockchain Technology:
blockchain core algorithm 1: Byzantine agreement
the story of Byzantine is like this: the Byzantine Empire has great wealth, and the surrounding 10 neighbors have been around for a long time, but the Byzantine walls stand tall and firm, No single neighbor has been able to successfully invade. Any single neighbor's invasion will fail, and at the same time, it may be invaded by other nine neighbors. Byzantine Empire's defense ability is so strong that at least more than half of its ten neighbors attack at the same time before it can be broken. However, if one or several of the neighbors agree to attack together, but betray in the actual process, then the invaders may be annihilated. So each side was careful and could not easily trust its neighbors. This is the question of Byzantine Generals
blockchain core algorithm 2: asymmetric encryption technology
in the above Byzantine agreement, if several of the 10 generals send messages at the same time, it is bound to cause confusion in the system, resulting in different attack time schemes and inconsistent actions. Anyone can send the message of attack, but who will send it? In fact, it only needs to add a cost, that is, only one node can spread information in a period of time. When a node sends a unified attack message, each node must sign and seal to confirm its identity when receiving the message from the initiator
blockchain core algorithm 3: fault tolerance problem
we assume that in this network, messages may be lost, damaged, delayed and sent repeatedly, and the order of receiving is inconsistent with the order of sending. In addition, the behavior of nodes can be arbitrary: they can join or exit the network at any time, they can discard messages, forge messages, stop working and so on, and they may also have all kinds of human or non-human failures. Our algorithm provides fault tolerance for consensus system composed of consensus nodes, which includes both security and availability, and is suitable for any network environment
blockchain core algorithm 4: Paxos algorithm (consistency algorithm)
the problem solved by Paxos algorithm is how a distributed system can reach an agreement on a certain value (decision). A typical scenario is that in a distributed database system, if the initial state of each node is consistent, and each node performs the same operation sequence, then they can finally get a consistent state. In order to ensure that each node executes the same command sequence, it is necessary to execute a "consistency algorithm" on each instruction to ensure that the instructions seen by each node are consistent. A general consistency algorithm can be applied in many scenarios, which is an important problem in distributed computing. There are two models of node communication: shared memory and message passing. Paxos algorithm is a consistency algorithm based on message passing model
blockchain core algorithm 5: consensus mechanism
blockchain consensus algorithm is mainly workload proof and equity proof. Take bitcoin as an example. In fact, from a technical point of view, POW can be regarded as a reusable hashcash, and the generation workload proves to be a random process in probability. When mining a new secret currency and generating a block, the consent of all participants must be obtained, and the miner must obtain the pow work proof of all data in the block. At the same time, miners have to constantly observe and adjust the difficulty of this work, because the requirement for the network is to generate a block every 10 minutes on average
blockchain core algorithm 6: distributed storage is a kind of data storage technology, which uses the disk space of each machine through the network, and forms a virtual storage device with these scattered storage resources, and the data is stored in every corner of the network. Therefore, distributed storage technology does not store complete data in each computer, but stores the data in different computers after cutting. It's like storing 100 eggs, not in the same basket, but separately in different places. The total number is 100. Want to learn more, you can make more use of network search, network search results - small knowledge
1. League of heroes
League of heroes, also known as lol, China's LPL has won the championship of the world finals for two consecutive years, which makes the players who love League of heroes start a new journey again, which makes the popularity of lol in China set off a wave of upsurge. Although lol has been 10 years, the popularity is not as good as before, but it is not comparable to the popularity of other networks
2, ngeons and warriors
the game of ngeons and warriors is called DNF for short. DNF has been tested for 11 years since 2008. The unique abyss mode in the game is not found in other online games. It is also a time when the public players are excited to brush the abyss, but now DNF graates have many activities and awards, So many players have abandoned DNF one by one, but there are still a lot of civilian players, the heat is also leverage drop
3, fortress night
fortress night is a third person shooting game, which has landed on the host platform, PC platform, mobile game platform and NS platform. So the platform has this game, the heat is incomparable to other design games. Chicken eating mode in the game is also very popular
4, crossing the line of fire
crossing the line of fire is also known as cf. in 2007, the game was tested internally in China, but the popularity was very hot when it was just launched. At that time, no game known as 300 million mouse could catch up with CF, but CF has experienced more than ten years. Since the introction of heroic weapons, the popularity has slowly started to decline, It takes 888 yuan to get a hero weapon, which makes many civilian players stop. Moreover, the performance difference between civilian weapons and hero weapons is too big, which makes many players retreat
5. World of Warcraft (including nostalgic clothes)
world of Warcraft is the oldest game. Warcraft also launched the nostalgic clothes in August of 19. The popularity of the nostalgic clothes just launched in this game has exceeded its own popularity several times. All servers of the nostalgic clothes need to queue up to enter the game on weekends, That is to say, how many new players and old players come back to experience the past
6, survival of the Jedi
survival of the Jedi game was only tested in March of 17. Survival of the Jedi game has experienced steam's weekly sales champion, the champion of 55 consecutive weeks. You know, there are 52 consecutive weeks in a year, that is to say, survival of the Jedi has been the champion of sales for one consecutive year, and no game of steam's weekly sales champion can be more than four consecutive weeks, And the Jedi survival game has this amazing history
7, ff14
Final Fantasy 14 this game was officially tested in China in 2014. This game has experienced the best new MMO Game Award, the most popular MMORPG award, the best picture award, the best sound effect award and the must play game award. Can be said to be a very powerful online game
8. Anti terrorism Elite: Global offensive
a first person shooting game jointly developed by valve and hidden path entertainment was officially launched in Europe and the United States on August 21, 2012, and the national service press conference was held in Beijing on April 11, 2017. The game is the fourth work of the anti terrorist Elite Series (excluding Neo, online and other derivative works)
9, legend of hearthstone
Legend of hearthstone is a set exchange card game. The game background is set to 9 different hero classes in Blizzard's Warcraft series. What the players need to do is to form a strong card group to defeat the opponent's card group
10, watch vanguard
watch vanguard is a first person shooting game developed by blizzard. Every hero in the game is his own weapon and skill, and the innovative shooting game has attracted many Blizzard players, especially the painting style in the game
in Goldwasser's zero knowledge proof, there must be interaction between the prover and the verifier, which is called "interactive zero knowledge proof". In the late 1980s, Blum and others further proposed the concept of "non interactive zero knowledge proof", using a short random string instead of the interactive process and realizing zero knowledge proof. One of the important applications of non interactive zero knowledge proof is the large-scale network which needs to execute a large number of cryptographic protocols
in zero knowledge proof, a person (or device) can prove that he knows the secret without revealing any secret.. if zero knowledge proof can be used for verification, Will be able to effectively solve many problems..
proof materials
with relevant zero knowledge proof materials:
zero knowledge proof is not proof in terms of mathematical feeling, because there is a fixed possibility P in any zero knowledge proof Peggy can provide the right response to the challenge, that is, she does not know the key. However, if the test is repeated N, timing fraud is reced, and the probability of Peggy fraud is reced to an arbitrary level by increasing the number of test winners
example strategy
Peggy's public key is a large chart, which we will call G. Peggy was organized by G some time ago, and widely then published it. Because she specifically made it for the purpose, Peggy knew about a Hamilton cycle. Peggy will prove her identity to the winner and she knows a Hamilton cycle in G. Even if G is public information, no one can do it, because no one knows a Hamiltonian cycle of G, and it is a difficult problem to find Hamiltonian cycle in graph (see NP completeness)
however, Peggy can't simply tell the winner Hamilton's cycle, because then the winner (or eavesdropper) can pretend to be Peggy. Peggy can't reveal any information in any period, because eavesdroppers may be able to collect information in several different occasions and integrate it, so that eavesdroppers have enough information to play the role of Peggy
to prove her identity, Peggy and the winner play several circles in the following competitions:
Peggy marks the G endpoint with a random number. The edges may then be represented as a pair of these numbers. She lists g edges, and encrypts each edge with an additional key. She then sends the coded edge to the winner
the winner flips the coin
* if the coin comes over the head, Peggy surrenders the key to the random number and maps from the endpoint. The winner decodes the edge and then verifies that the encrypted edge is sent in step 1 to actually do graph. G and no other graph
* if the coin comes over the tail, Peggy surrenders the key only for actually forming the edge of Hamilton's cycle. Winners decode these edges and verify that they do form the right length of cycle
the impostor; Pamela ') Be able to manage to play Peggy, and have a 50% chance of successfully bluffing the winner in any particular round. There are two possible play strategies. Pamela can send Peggy's graph. G to code. In this case, she escaped detection if the winner threw his head; She revealed that it was coded, and the winner verified that the chart was indeed G. But if the winner throws his tail, Pamela is caught. The set of keys she was asked to reveal constituted a Hamilton cycle g edge, and she could not do that because she did not know one
another strategy Pamela can follow is to prepare some other chart. She knows that the h of a Hamilton cycle is coded. She is safe in this case if the winner throws his tail; She reveals the cycle, and, because the winner never looks at the margin of the remainder, he never learns that the chart is h and not g. But if the winner throws the head, Pamela is asked to reveal the whole chart, and the winner sees that this is not g
by playing this game for 20 rounds, the winner can rece the possibility of being fooled by Pamela to only 1 / 2. By playing more circles, the winner can rece the possibility of craving
information revealed by Peggy provides winner any information in all not g's Hamilton cycles. Look at this, notice that the winner can make transcripts of the game without talking to Peggy at all. He was able to select the sequence head and tail, and then prepare the hypothetical reply from Peggy, who had never known Hamilton's cycle, by engaging the appropriate impostor strategy in each circle. Transcripts, and it doesn't contain, cable legitimate information about Peggy's identity. Peggy proved her identity not because she could base her answer on the right one, but because she could base her answer on the right one, she didn't know what the problem would be
the so-called zero knowledge proof refers to a method that the demonstrator does not disclose any information when proving his own identity, and the verifier can not get any private information of the demonstrator, but can effectively prove the identity of the other party. It seems a bit awkward. I'll give you two examples to understand
several examples of zero knowledge proof [original]
proof examples
1) a wants to prove to B that he has the key of a room, assuming that the room can only be opened with the key, but no other method can. At this time, there are two methods:
① a shows B the key, and B uses the key to open the lock of the room, so as to prove that a has the correct key of the room
② B confirms that there is an object in the room. A opens the door of the room with his own key, and then shows the object to B, so as to prove that he really has the key of the room
the following method belongs to zero knowledge proof. The advantage is that in the whole process of proof, B can't see the appearance of the key, so as to avoid the leakage of the key
2) a owns B's public key. A has never seen B, but B has seen a picture of A. one day, two people meet and B recognizes a, but a is not sure whether the person in front of him is B. at this time, B has two ways to prove to a that he is B
① B gives its private key to a. a encrypts some data with the private key, and then decrypts it with B's public key. If it is correct, it proves that the other party is B
② a gives a random value, B encrypts it with its own private key, and then gives the encrypted data to a, a decrypts it with B's public key, and if the original random value can be obtained, it proves that the other party is B
the latter method belongs to zero knowledge proof
3) there is a ring-shaped corridor with a gap. The exit and entrance are very close (within the eye distance), but there is a door in the middle of the corridor that can only be opened with a key. A has to prove to B that he has the key to the door. Using zero knowledge proof, B watches a enter the corridor from the entrance, and then walk out of the corridor from the exit. At this time, B does not get any information about the key, but it can prove that a has the key.
in essence, zero knowledge proof is a protocol. The so-called protocol is a series of steps taken by two or more participants to complete a specific task, including the following three characteristics:
1. Protocol is an orderly process from beginning to end, and each step must be executed in turn. Before the previous step is finished, the latter step cannot be executed
2. An agreement requires at least two participants. One person can complete a task by performing a series of steps, but it does not constitute an agreement
3. A task must be completed by executing the protocol
although the reasoning based on mathematics is very complex, the idea is simple
the so-called zero knowledge proof refers to a method that the demonstrator does not disclose any information when proving his own identity, and the verifier can not get any private information of the demonstrator, but can effectively prove the identity of the other party. It seems a bit awkward, give a few examples: (from the network)
1) a wants to prove to B that he has the key of a room, assuming that the room can only be opened with the key, but no other method can. At this time, there are two methods:
(1) a shows B the key, and B uses the key to open the lock of the room, so as to prove that a has the correct key of the room
(2) B determines that there is an object in the room. A opens the door of the room with his own key, and then shows the object to B, so as to prove that he does have the key of the room
the latter method belongs to zero knowledge proof. The advantage is that in the whole process of proof, B can't see the appearance of the key, so as to avoid the leakage of the key
2) a owns B's public key. A has never seen B, but B has seen a picture of A. one day, two people meet and B recognizes a, but a can't be sure whether the person in front of him is B. at this time, B has two ways to prove to a that he is B
(1) B gives its private key to a. a encrypts a certain data with the private key, and then decrypts it with B's public key. If it is correct, it proves that the other party is B
(2) a gives a random value, B encrypts it with its own private key, and then gives the encrypted data to a, a decrypts it with B's public key, and if the original random value can be obtained, it is proved that the other party is B
the latter method belongs to zero knowledge proof
3) there is a ring-shaped corridor with a gap. The distance between the exit and the entrance is very close (within the eye distance), but there is a door that can only be opened with a key somewhere in the middle of the corridor. A has to prove to B that he has the key to the door. Using zero knowledge proof, B watches a enter the corridor from the entrance, and then walk out of the corridor from the exit. At this time, B does not get any information about the key, but it can prove that a has the key< In my understanding, zero knowledge proof is an authentication protocol. A proves to B that he has "something" (such as identity) instead of giving B the opportunity to use his own characteristics. That is to say, B can't have the ability to prove to others that he is a. in real life, for example, ID card, You can show your ID card to others to prove yourself, but you don't have to give him your ID card, otherwise he can impersonate you. This is the zero knowledge proof agreement
zero knowledge proof protocol usually consists of three protocol steps:
witness: the prover selects a random number and gives the verifier a secret number of knowledge. This number is related to a series of questions that the prover can answer<
challenge: the verifier randomly selects a question in these question sets and sends it to the verifier
reply: the verifier uses his secret number to solve this problem and sends it to the verifier
or an example of ID card:
A: I am a and tell B I have an ID card
b: can I have a look at the ID card
A: show your ID card< The zero knowledge proof should be to prove how much information a divulges to B. for example, my ID card example must be based on the premise that B can't and forge the ID card, otherwise, we still divulge the information to B. the curve model established should take these into account
let me give another example of authentication (a checks b):
method 1:
A generates a random message and sends it to B, B encrypts it with its private key and sends it to a, and a decrypts and verifies the message with B's public key
there is a problem here, B sometimes doesn't know what message he encrypts, and a can impersonate B with the encrypted message, Or decrypt (though hard). The zero knowledge of this kind of verification is not good
improvement: on the premise that Party A determines Party B's public key, Party B finds an unimportant message and sends two messages to Party A. one message first uses the message digest and then encrypts it with the private key, and the other message is not encrypted. In this way, Party a can still verify Party B, but zero knowledge is good< There are many interesting stories about zero knowledge proof on the Internet.
in Goldwasser's zero knowledge proof, there must be interaction between the prover and the verifier, which is called "interactive zero knowledge proof". In the late 1980s, Blum and others further proposed the concept of "non interactive zero knowledge proof", using a short random string instead of the interactive process and realizing zero knowledge proof. One of the important applications of non interactive zero knowledge proof is the large-scale network which needs to execute a large number of cryptographic protocols
in zero knowledge proof, a person (or device) can prove that he knows the secret without revealing any secret.. if zero knowledge proof can be used for verification, Will be able to effectively solve many problems..
proof materials
with relevant zero knowledge proof materials:
zero knowledge proof is not proof in terms of mathematical feeling, because there is a fixed possibility P in any zero knowledge proof Peggy can provide the right response to the challenge, that is, she does not know the key. However, if the test is repeated N, timing fraud is reced, and the probability of Peggy fraud is reced to an arbitrary level by increasing the number of test winners
zero knowledge proof is a technology that the verifier can make the verifier believe that a certain conclusion is true and credible without providing the verifier with the information itself. At present, the anonymous transaction of zcash, a digital asset with outstanding anonymity, is realized by "zero knowledge proof"
for example, a needs to prove to B that he has the key to a room. Suppose that the key can only be used to open the lock, but no other method can. At this time, a can choose to give the key to B, and B can use the key to open the lock of the room, so as to prove that a has the correct key of the room
or a opens the room with the key, takes an object out of the room and shows it to B. B knows that this object is only in the room. The principle of method two is zero knowledge proof
zero knowledge proof can prove that I know the secret without disclosing the content of the information itself, which can effectively solve many verification problems.