Ethereum zero knowledge
Publish: 2021-04-01 14:47:18
1. Eth is a kind of digital token of Ethereum, which is regarded as "bitcoin version 2.0". It adopts the blockchain technology "Ethereum", which is different from bitcoin. It is an open-source public blockchain platform with intelligent contract results, and a resonance network composed of tens of thousands of computers around the world. Developers need to pay eth to support the application. Like other digital currencies, ether currency can be bought and sold on the trading platform
warm tips: the above explanations are for reference only, without any suggestions. There are risks in entering the market, so investment should be cautious. Before making any investment, you should make sure that you fully understand the nature of the investment and the risks involved in the proct. After a detailed understanding and careful evaluation of the proct, you can judge whether to participate in the transaction
response time: December 2, 2020. Please refer to the official website of Ping An Bank for the latest business changes
[Ping An Bank I know] want to know more? Come and see "Ping An Bank I know" ~
https://b.pingan.com.cn/paim/iknow/index.html
warm tips: the above explanations are for reference only, without any suggestions. There are risks in entering the market, so investment should be cautious. Before making any investment, you should make sure that you fully understand the nature of the investment and the risks involved in the proct. After a detailed understanding and careful evaluation of the proct, you can judge whether to participate in the transaction
response time: December 2, 2020. Please refer to the official website of Ping An Bank for the latest business changes
[Ping An Bank I know] want to know more? Come and see "Ping An Bank I know" ~
https://b.pingan.com.cn/paim/iknow/index.html
2.
-
about the variability of blockchain
-
eth, if most people agree to modify the chain, that is, variability, then they can modify the blockchain records and contracts
-
etc, blockchain records and contracts can't be modified, that is, they can't be tampered with
-
here are the advantages and disadvantages of the two methods
The advantage of -
variability is that people can make timely changes to make the right decisions. Therefore, modifying the specification is more practical than finding loopholes
-
non modifiability means that no matter how smart people are at that time, it is impossible not to make mistakes. Therefore, when problems arise in this scheme, it is best to find and solve the loopholes through the existing legal framework
-
differences in development
-
eth, whether it is intentionally arranged or since its birth, the core decisions of blockchain are made by Ethereum foundation with the participation of the community and most of them are developed by it
-
etc, the decision-making of blockchain is mainly decided by the feedback of three loose, collaborative teams with community participation
-
in any case, anyone can put forward improvement suggestions for the two kinds of blockchains. This is the benefit of open source, and it is also very common. You will find that developers of the two chains communicate with each other through GitHub and reddit. I hope to improve the frequency of communication in order to achieve the common goal
-
about compatibility
-
at present, the two kinds of blockchains are compatible with each other. Contracts or applications written by eth can be applied on etc, and vice versa
-
eth, focusing on ewasm, is committed to providing a platform for more and more developers, while the issue of contract security is secondary, such as viper
-
etc focuses on making developers create more secure contracts, such as viper, iohk research, at the cost of consuming the number of potential developers
-
it's obvious that both chains can accept each other, regardless of whether their wishes are the same or not. My view is that the number of developers is not necessarily related to the quality of the proct
-
about the transaction speed
-
eth, the average is 25 seconds, which will be shortened after upgrading
-
etc, with an average time of 14 seconds, maintained at 10-14 seconds after upgrade, according to ecip-1010 and ecip-1036 protocols
-
about the block capacity
-
eth, with the daily trading volume of eth graally reaching 5 million, the block capacity is graally saturated. This situation is similar to the recent transaction cost of bitcoin. This problem can be solved by expanding the block capacity by increasing the default fuel limit
ETC, At present, there is still a lot of room for block capacity. As more and more people accept etc, the block capacity will also increase, just like eth
-
about community
-
eth, mainly discuss on reddit
-
etc, mainly discuss on slack
-
about monetary policy
-
eth, the planned supply is growing steadily, resulting in an average inflation of 3% in eth blockchain in its life cycle
-
etc, before 2025, inflation will reach 3%, and then the total supply will reach 200 million etc, and then there will be deflation
As for the regional distribution of trading volume, China accounts for 20%, South Korea 25% and the United States 25% In etc, China accounts for 50%, South Korea 25% and the United States 10% About securities, at present, investors do not have the option to trade securities. Recently, one of eth's ETFs, trading open-end index funds, was denied by the regulators -
etc owns etc trading trust, which allows investors to own etc instead of the asset itself
3. Blockchain is a technology, but it is not a single technology, but the result of the integration of a variety of technologies, including cryptography, mathematics, economics, network science and so on. You can think of it as a distributed shared accounting technology, or as a database, but the database is jointly maintained by all nodes in the chain, and each node has an account book. Because the account books of all nodes are consistent, different nodes can trust each other, and there is no doubt about the data, so we all say that the blockchain has realized trust technically. For detailed professional technology, you can consult some professional technology companies, such as Jinbo technology, which focuses on the development of blockchain related procts, professional R & D team and perfect after-sales service, and you can consult by telephone.
4. It contains only numbers 0 ~ 9 and letters a ~ F, a total of 16 symbols
5. The anonymity of digital currency market is still there, which is also very popular. Although bitcoin has anonymity, its anonymity is not particularly good. Zcash is similar to bitcoin in many ways. First of all, it is also based on the distributed ledger (blockchain) for transactions. But there is one big difference between zcash and bitcoin: zcash is completely anonymous
according to the introction, zcash uses a technology called zero knowledge proof (known as "ZK snark") to verify the authenticity of the transaction. It uses a public blockchain to display the transaction, but it will hide the amount of the transaction. Viewing the owner of the key (i.e. the owner of the coin) allows others to view the information associated with the key
in short, this method of calculation allows users to prove that they have the currency they want without exposing information about where the currency came from or is going. It's like zero knowledge proof allows you to enter a password on a website and verify it by the website's server without actually transmitting the password
in contrast, although bitcoin and other digital currencies are famous for their concealment of transactions, in real life, they can often track transactions through the records of ordinary bitcoin blockchain, so that people can accurately know the sender and sending location of bitcoin. Nowadays, zcash has realized the transaction of original data in the form of encryption, rather than publishing the transaction data to the public like bitcoin. Snowden also said that the anonymous zcash project can solve the monitoring risk of bitcoin
therefore, zcash, an anonymous function that pursues the ultimate privacy protection, is first considered to have great value in the financial instry. Foreign media pointed out that the traditional financial instry has an extraordinary demand for information protection. Although many people think that the privacy requirements of bitcoin and other blockchain systems come from crypto anarchists and liberals, the fact is that the traditional financial instry is promoting the hiding of transaction information on the blockchain
however, the anonymity of digital currency is also a headache for the regulatory authorities, and it is very difficult to popularize it in the world. At most, it is only a niche proct. However, the platform developed by using blockchain technology has great potential. For example, the blockchain content publishing platform decent, Ethereum's intelligent contract and so on.
according to the introction, zcash uses a technology called zero knowledge proof (known as "ZK snark") to verify the authenticity of the transaction. It uses a public blockchain to display the transaction, but it will hide the amount of the transaction. Viewing the owner of the key (i.e. the owner of the coin) allows others to view the information associated with the key
in short, this method of calculation allows users to prove that they have the currency they want without exposing information about where the currency came from or is going. It's like zero knowledge proof allows you to enter a password on a website and verify it by the website's server without actually transmitting the password
in contrast, although bitcoin and other digital currencies are famous for their concealment of transactions, in real life, they can often track transactions through the records of ordinary bitcoin blockchain, so that people can accurately know the sender and sending location of bitcoin. Nowadays, zcash has realized the transaction of original data in the form of encryption, rather than publishing the transaction data to the public like bitcoin. Snowden also said that the anonymous zcash project can solve the monitoring risk of bitcoin
therefore, zcash, an anonymous function that pursues the ultimate privacy protection, is first considered to have great value in the financial instry. Foreign media pointed out that the traditional financial instry has an extraordinary demand for information protection. Although many people think that the privacy requirements of bitcoin and other blockchain systems come from crypto anarchists and liberals, the fact is that the traditional financial instry is promoting the hiding of transaction information on the blockchain
however, the anonymity of digital currency is also a headache for the regulatory authorities, and it is very difficult to popularize it in the world. At most, it is only a niche proct. However, the platform developed by using blockchain technology has great potential. For example, the blockchain content publishing platform decent, Ethereum's intelligent contract and so on.
6. Take a look at the game control
there should be key settings over there
but one of the chain mining presets I know seems to press v
there should be key settings over there
but one of the chain mining presets I know seems to press v
7. Rec is a computer term. Its full name is regional echomail coordinator
it is not a digital currency. If it is a digital currency, it is not very reliable. Now more than 80% of the newly born digital currencies are pyramid schemes. In fact, there is no practical value. These coins can not be compared with the old bitcoin, Ruitai coin and Laite coin.
it is not a digital currency. If it is a digital currency, it is not very reliable. Now more than 80% of the newly born digital currencies are pyramid schemes. In fact, there is no practical value. These coins can not be compared with the old bitcoin, Ruitai coin and Laite coin.
8. In the early 1980s, Goldwasser and others proposed the concept of zero knowledge proof. Essentially, zero knowledge proof is a protocol. The so-called protocol is a series of steps taken by two or more participants to complete a specific task, including the following three characteristics: 1. Protocol is an orderly process from beginning to end, and each step must be executed in turn, 2. The protocol needs at least two participants. One person can complete a task by executing a series of steps, but it does not constitute an agreement. 3. A task must be completed by executing the protocol. Zero knowledge proof must include two aspects, one is the prover, the other is the prover, The other party is the verifier. The verifier tries to prove to the verifier that an assertion is correct, or the verifier has some knowledge, but does not disclose any useful information to the verifier. Zero knowledge proof has been widely used in cryptography, especially in authentication protocol and digital signature, People use digital signature to design a large number of excellent algorithms. A story about the cave is used to explain zero knowledge. There is a secret in the cave. People who know the spell can open the secret door between C and D. for others, both channels are dead ends. Peggy knows the secret of the cave. She wants to prove this to victor, Here's how she got Victor to believe it: (1) Victor stood at point A. (2) Peggy walked all the way into the cave to point C or D. (3) after Peggy disappeared in the cave, Victor walked to point B. (4) Victor called to Peggy to come out from the left passage or from the right passage. (5) Peggy agreed, Peggy and Victor repeat steps (1) to (5) n times. Suppose Victor has a camera that can record what he sees. He records Peggy disappearing in the cave and the time when he shouts Peggy to come out of his chosen place, Record Peggy coming out. He records all n experiments. If he shows these records to Carol, will she believe that Peggy knows the spell to open the secret door? Without knowing the spell, what if Peggy and Victor agreed in advance what Victor would shout? Peggy will be sure to go into the path where Victor told her to come out, and then she can come out on the path where Victor asked her to come out without knowing the spell. Maybe they don't do that. Peggy goes into one of the channels, and Victor sends out a random request. If Victor guesses right, great. If he guesses wrong, they will delete the experiment from the video, Victor can get a record, which accurately shows the same sequence of events as the actual proof that Peggy knows the spell. This shows two things. One is that Victor can't make the third party believe the validity of the proof; Second, it proves that the protocol is zero knowledge. In the case that Peggy doesn't know the mantra, Victor obviously can't get any information from the record. However, because he can't distinguish between a real record and a forged record, Victor can't get any information from the actual proof - it must be zero knowledge, Peggy does not reveal any secret knowledge in the process of proving to victor, which is called zero knowledge
9. In the absence of sufficient (or even no) basis, the calculation method of guessing an event (password reverse translation) is a guess without any basis, but the calculation method of guessing is proved to be correct, which is zero knowledge proof
in Goldwasser's zero knowledge proof, there must be interaction between the prover and the verifier, which is called "interactive zero knowledge proof". In the late 1980s, Blum and others further proposed the concept of "non interactive zero knowledge proof", using a short random string instead of the interactive process and realizing zero knowledge proof. One of the important applications of non interactive zero knowledge proof is the large-scale network which needs to execute a large number of cryptographic protocols
in zero knowledge proof, a person (or device) can prove that he knows the secret without revealing any secret.. if zero knowledge proof can be used for verification, Will be able to effectively solve many problems..
proof materials
with relevant zero knowledge proof materials:
zero knowledge proof is not proof in terms of mathematical feeling, because there is a fixed possibility P in any zero knowledge proof Peggy can provide the right response to the challenge, that is, she does not know the key. However, if the test is repeated N, timing fraud is reced, and the probability of Peggy fraud is reced to an arbitrary level by increasing the number of test winners
example strategy
Peggy's public key is a large chart, which we will call G. Peggy was organized by G some time ago, and widely then published it. Because she specifically made it for the purpose, Peggy knew about a Hamilton cycle. Peggy will prove her identity to the winner and she knows a Hamilton cycle in G. Even if G is public information, no one can do it, because no one knows a Hamiltonian cycle of G, and it is a difficult problem to find Hamiltonian cycle in graph (see NP completeness)
however, Peggy can't simply tell the winner Hamilton's cycle, because then the winner (or eavesdropper) can pretend to be Peggy. Peggy can't reveal any information in any period, because eavesdroppers may be able to collect information in several different occasions and integrate it, so that eavesdroppers have enough information to play the role of Peggy
to prove her identity, Peggy and the winner play several circles in the following competitions:
Peggy marks the G endpoint with a random number. The edges may then be represented as a pair of these numbers. She lists g edges, and encrypts each edge with an additional key. She then sends the coded edge to the winner
the winner flips the coin
* if the coin comes over the head, Peggy surrenders the key to the random number and maps from the endpoint. The winner decodes the edge and then verifies that the encrypted edge is sent in step 1 to actually do graph. G and no other graph
* if the coin comes over the tail, Peggy surrenders the key only for actually forming the edge of Hamilton's cycle. Winners decode these edges and verify that they do form the right length of cycle
the impostor; Pamela ') Be able to manage to play Peggy, and have a 50% chance of successfully bluffing the winner in any particular round. There are two possible play strategies. Pamela can send Peggy's graph. G to code. In this case, she escaped detection if the winner threw his head; She revealed that it was coded, and the winner verified that the chart was indeed G. But if the winner throws his tail, Pamela is caught. The set of keys she was asked to reveal constituted a Hamilton cycle g edge, and she could not do that because she did not know one
another strategy Pamela can follow is to prepare some other chart. She knows that the h of a Hamilton cycle is coded. She is safe in this case if the winner throws his tail; She reveals the cycle, and, because the winner never looks at the margin of the remainder, he never learns that the chart is h and not g. But if the winner throws the head, Pamela is asked to reveal the whole chart, and the winner sees that this is not g
by playing this game for 20 rounds, the winner can rece the possibility of being fooled by Pamela to only 1 / 2. By playing more circles, the winner can rece the possibility of craving
information revealed by Peggy provides winner any information in all not g's Hamilton cycles. Look at this, notice that the winner can make transcripts of the game without talking to Peggy at all. He was able to select the sequence head and tail, and then prepare the hypothetical reply from Peggy, who had never known Hamilton's cycle, by engaging the appropriate impostor strategy in each circle. Transcripts, and it doesn't contain, cable legitimate information about Peggy's identity. Peggy proved her identity not because she could base her answer on the right one, but because she could base her answer on the right one, she didn't know what the problem would be
the so-called zero knowledge proof refers to a method that the demonstrator does not disclose any information when proving his own identity, and the verifier can not get any private information of the demonstrator, but can effectively prove the identity of the other party. It seems a bit awkward. I'll give you two examples to understand
several examples of zero knowledge proof [original]
proof examples
1) a wants to prove to B that he has the key of a room, assuming that the room can only be opened with the key, but no other method can. At this time, there are two methods:
① a shows B the key, and B uses the key to open the lock of the room, so as to prove that a has the correct key of the room
② B confirms that there is an object in the room. A opens the door of the room with his own key, and then shows the object to B, so as to prove that he really has the key of the room
the following method belongs to zero knowledge proof. The advantage is that in the whole process of proof, B can't see the appearance of the key, so as to avoid the leakage of the key
2) a owns B's public key. A has never seen B, but B has seen a picture of A. one day, two people meet and B recognizes a, but a is not sure whether the person in front of him is B. at this time, B has two ways to prove to a that he is B
① B gives its private key to a. a encrypts some data with the private key, and then decrypts it with B's public key. If it is correct, it proves that the other party is B
② a gives a random value, B encrypts it with its own private key, and then gives the encrypted data to a, a decrypts it with B's public key, and if the original random value can be obtained, it proves that the other party is B
the latter method belongs to zero knowledge proof
3) there is a ring-shaped corridor with a gap. The exit and entrance are very close (within the eye distance), but there is a door in the middle of the corridor that can only be opened with a key. A has to prove to B that he has the key to the door. Using zero knowledge proof, B watches a enter the corridor from the entrance, and then walk out of the corridor from the exit. At this time, B does not get any information about the key, but it can prove that a has the key.
in Goldwasser's zero knowledge proof, there must be interaction between the prover and the verifier, which is called "interactive zero knowledge proof". In the late 1980s, Blum and others further proposed the concept of "non interactive zero knowledge proof", using a short random string instead of the interactive process and realizing zero knowledge proof. One of the important applications of non interactive zero knowledge proof is the large-scale network which needs to execute a large number of cryptographic protocols
in zero knowledge proof, a person (or device) can prove that he knows the secret without revealing any secret.. if zero knowledge proof can be used for verification, Will be able to effectively solve many problems..
proof materials
with relevant zero knowledge proof materials:
zero knowledge proof is not proof in terms of mathematical feeling, because there is a fixed possibility P in any zero knowledge proof Peggy can provide the right response to the challenge, that is, she does not know the key. However, if the test is repeated N, timing fraud is reced, and the probability of Peggy fraud is reced to an arbitrary level by increasing the number of test winners
example strategy
Peggy's public key is a large chart, which we will call G. Peggy was organized by G some time ago, and widely then published it. Because she specifically made it for the purpose, Peggy knew about a Hamilton cycle. Peggy will prove her identity to the winner and she knows a Hamilton cycle in G. Even if G is public information, no one can do it, because no one knows a Hamiltonian cycle of G, and it is a difficult problem to find Hamiltonian cycle in graph (see NP completeness)
however, Peggy can't simply tell the winner Hamilton's cycle, because then the winner (or eavesdropper) can pretend to be Peggy. Peggy can't reveal any information in any period, because eavesdroppers may be able to collect information in several different occasions and integrate it, so that eavesdroppers have enough information to play the role of Peggy
to prove her identity, Peggy and the winner play several circles in the following competitions:
Peggy marks the G endpoint with a random number. The edges may then be represented as a pair of these numbers. She lists g edges, and encrypts each edge with an additional key. She then sends the coded edge to the winner
the winner flips the coin
* if the coin comes over the head, Peggy surrenders the key to the random number and maps from the endpoint. The winner decodes the edge and then verifies that the encrypted edge is sent in step 1 to actually do graph. G and no other graph
* if the coin comes over the tail, Peggy surrenders the key only for actually forming the edge of Hamilton's cycle. Winners decode these edges and verify that they do form the right length of cycle
the impostor; Pamela ') Be able to manage to play Peggy, and have a 50% chance of successfully bluffing the winner in any particular round. There are two possible play strategies. Pamela can send Peggy's graph. G to code. In this case, she escaped detection if the winner threw his head; She revealed that it was coded, and the winner verified that the chart was indeed G. But if the winner throws his tail, Pamela is caught. The set of keys she was asked to reveal constituted a Hamilton cycle g edge, and she could not do that because she did not know one
another strategy Pamela can follow is to prepare some other chart. She knows that the h of a Hamilton cycle is coded. She is safe in this case if the winner throws his tail; She reveals the cycle, and, because the winner never looks at the margin of the remainder, he never learns that the chart is h and not g. But if the winner throws the head, Pamela is asked to reveal the whole chart, and the winner sees that this is not g
by playing this game for 20 rounds, the winner can rece the possibility of being fooled by Pamela to only 1 / 2. By playing more circles, the winner can rece the possibility of craving
information revealed by Peggy provides winner any information in all not g's Hamilton cycles. Look at this, notice that the winner can make transcripts of the game without talking to Peggy at all. He was able to select the sequence head and tail, and then prepare the hypothetical reply from Peggy, who had never known Hamilton's cycle, by engaging the appropriate impostor strategy in each circle. Transcripts, and it doesn't contain, cable legitimate information about Peggy's identity. Peggy proved her identity not because she could base her answer on the right one, but because she could base her answer on the right one, she didn't know what the problem would be
the so-called zero knowledge proof refers to a method that the demonstrator does not disclose any information when proving his own identity, and the verifier can not get any private information of the demonstrator, but can effectively prove the identity of the other party. It seems a bit awkward. I'll give you two examples to understand
several examples of zero knowledge proof [original]
proof examples
1) a wants to prove to B that he has the key of a room, assuming that the room can only be opened with the key, but no other method can. At this time, there are two methods:
① a shows B the key, and B uses the key to open the lock of the room, so as to prove that a has the correct key of the room
② B confirms that there is an object in the room. A opens the door of the room with his own key, and then shows the object to B, so as to prove that he really has the key of the room
the following method belongs to zero knowledge proof. The advantage is that in the whole process of proof, B can't see the appearance of the key, so as to avoid the leakage of the key
2) a owns B's public key. A has never seen B, but B has seen a picture of A. one day, two people meet and B recognizes a, but a is not sure whether the person in front of him is B. at this time, B has two ways to prove to a that he is B
① B gives its private key to a. a encrypts some data with the private key, and then decrypts it with B's public key. If it is correct, it proves that the other party is B
② a gives a random value, B encrypts it with its own private key, and then gives the encrypted data to a, a decrypts it with B's public key, and if the original random value can be obtained, it proves that the other party is B
the latter method belongs to zero knowledge proof
3) there is a ring-shaped corridor with a gap. The exit and entrance are very close (within the eye distance), but there is a door in the middle of the corridor that can only be opened with a key. A has to prove to B that he has the key to the door. Using zero knowledge proof, B watches a enter the corridor from the entrance, and then walk out of the corridor from the exit. At this time, B does not get any information about the key, but it can prove that a has the key.
10. Zero knowledge proof means that the verifier can make the verifier believe that a certain conclusion is correct without providing any useful information to the verifier
in essence, zero knowledge proof is a protocol. The so-called protocol is a series of steps taken by two or more participants to complete a specific task, including the following three characteristics:
1. Protocol is an orderly process from beginning to end, and each step must be executed in turn. Before the previous step is finished, the latter step cannot be executed
2. An agreement requires at least two participants. One person can complete a task by performing a series of steps, but it does not constitute an agreement
3. A task must be completed by executing the protocol
although the reasoning based on mathematics is very complex, the idea is simple
the so-called zero knowledge proof refers to a method that the demonstrator does not disclose any information when proving his own identity, and the verifier can not get any private information of the demonstrator, but can effectively prove the identity of the other party. It seems a bit awkward, give a few examples: (from the network)
1) a wants to prove to B that he has the key of a room, assuming that the room can only be opened with the key, but no other method can. At this time, there are two methods:
(1) a shows B the key, and B uses the key to open the lock of the room, so as to prove that a has the correct key of the room
(2) B determines that there is an object in the room. A opens the door of the room with his own key, and then shows the object to B, so as to prove that he does have the key of the room
the latter method belongs to zero knowledge proof. The advantage is that in the whole process of proof, B can't see the appearance of the key, so as to avoid the leakage of the key
2) a owns B's public key. A has never seen B, but B has seen a picture of A. one day, two people meet and B recognizes a, but a can't be sure whether the person in front of him is B. at this time, B has two ways to prove to a that he is B
(1) B gives its private key to a. a encrypts a certain data with the private key, and then decrypts it with B's public key. If it is correct, it proves that the other party is B
(2) a gives a random value, B encrypts it with its own private key, and then gives the encrypted data to a, a decrypts it with B's public key, and if the original random value can be obtained, it is proved that the other party is B
the latter method belongs to zero knowledge proof
3) there is a ring-shaped corridor with a gap. The distance between the exit and the entrance is very close (within the eye distance), but there is a door that can only be opened with a key somewhere in the middle of the corridor. A has to prove to B that he has the key to the door. Using zero knowledge proof, B watches a enter the corridor from the entrance, and then walk out of the corridor from the exit. At this time, B does not get any information about the key, but it can prove that a has the key< In my understanding, zero knowledge proof is an authentication protocol. A proves to B that he has "something" (such as identity) instead of giving B the opportunity to use his own characteristics. That is to say, B can't have the ability to prove to others that he is a. in real life, for example, ID card, You can show your ID card to others to prove yourself, but you don't have to give him your ID card, otherwise he can impersonate you. This is the zero knowledge proof agreement
zero knowledge proof protocol usually consists of three protocol steps:
witness: the prover selects a random number and gives the verifier a secret number of knowledge. This number is related to a series of questions that the prover can answer<
challenge: the verifier randomly selects a question in these question sets and sends it to the verifier
reply: the verifier uses his secret number to solve this problem and sends it to the verifier
or an example of ID card:
A: I am a and tell B I have an ID card
b: can I have a look at the ID card
A: show your ID card< The zero knowledge proof should be to prove how much information a divulges to B. for example, my ID card example must be based on the premise that B can't and forge the ID card, otherwise, we still divulge the information to B. the curve model established should take these into account
let me give another example of authentication (a checks b):
method 1:
A generates a random message and sends it to B, B encrypts it with its private key and sends it to a, and a decrypts and verifies the message with B's public key
there is a problem here, B sometimes doesn't know what message he encrypts, and a can impersonate B with the encrypted message, Or decrypt (though hard). The zero knowledge of this kind of verification is not good
improvement: on the premise that Party A determines Party B's public key, Party B finds an unimportant message and sends two messages to Party A. one message first uses the message digest and then encrypts it with the private key, and the other message is not encrypted. In this way, Party a can still verify Party B, but zero knowledge is good< There are many interesting stories about zero knowledge proof on the Internet.
in essence, zero knowledge proof is a protocol. The so-called protocol is a series of steps taken by two or more participants to complete a specific task, including the following three characteristics:
1. Protocol is an orderly process from beginning to end, and each step must be executed in turn. Before the previous step is finished, the latter step cannot be executed
2. An agreement requires at least two participants. One person can complete a task by performing a series of steps, but it does not constitute an agreement
3. A task must be completed by executing the protocol
although the reasoning based on mathematics is very complex, the idea is simple
the so-called zero knowledge proof refers to a method that the demonstrator does not disclose any information when proving his own identity, and the verifier can not get any private information of the demonstrator, but can effectively prove the identity of the other party. It seems a bit awkward, give a few examples: (from the network)
1) a wants to prove to B that he has the key of a room, assuming that the room can only be opened with the key, but no other method can. At this time, there are two methods:
(1) a shows B the key, and B uses the key to open the lock of the room, so as to prove that a has the correct key of the room
(2) B determines that there is an object in the room. A opens the door of the room with his own key, and then shows the object to B, so as to prove that he does have the key of the room
the latter method belongs to zero knowledge proof. The advantage is that in the whole process of proof, B can't see the appearance of the key, so as to avoid the leakage of the key
2) a owns B's public key. A has never seen B, but B has seen a picture of A. one day, two people meet and B recognizes a, but a can't be sure whether the person in front of him is B. at this time, B has two ways to prove to a that he is B
(1) B gives its private key to a. a encrypts a certain data with the private key, and then decrypts it with B's public key. If it is correct, it proves that the other party is B
(2) a gives a random value, B encrypts it with its own private key, and then gives the encrypted data to a, a decrypts it with B's public key, and if the original random value can be obtained, it is proved that the other party is B
the latter method belongs to zero knowledge proof
3) there is a ring-shaped corridor with a gap. The distance between the exit and the entrance is very close (within the eye distance), but there is a door that can only be opened with a key somewhere in the middle of the corridor. A has to prove to B that he has the key to the door. Using zero knowledge proof, B watches a enter the corridor from the entrance, and then walk out of the corridor from the exit. At this time, B does not get any information about the key, but it can prove that a has the key< In my understanding, zero knowledge proof is an authentication protocol. A proves to B that he has "something" (such as identity) instead of giving B the opportunity to use his own characteristics. That is to say, B can't have the ability to prove to others that he is a. in real life, for example, ID card, You can show your ID card to others to prove yourself, but you don't have to give him your ID card, otherwise he can impersonate you. This is the zero knowledge proof agreement
zero knowledge proof protocol usually consists of three protocol steps:
witness: the prover selects a random number and gives the verifier a secret number of knowledge. This number is related to a series of questions that the prover can answer<
challenge: the verifier randomly selects a question in these question sets and sends it to the verifier
reply: the verifier uses his secret number to solve this problem and sends it to the verifier
or an example of ID card:
A: I am a and tell B I have an ID card
b: can I have a look at the ID card
A: show your ID card< The zero knowledge proof should be to prove how much information a divulges to B. for example, my ID card example must be based on the premise that B can't and forge the ID card, otherwise, we still divulge the information to B. the curve model established should take these into account
let me give another example of authentication (a checks b):
method 1:
A generates a random message and sends it to B, B encrypts it with its private key and sends it to a, and a decrypts and verifies the message with B's public key
there is a problem here, B sometimes doesn't know what message he encrypts, and a can impersonate B with the encrypted message, Or decrypt (though hard). The zero knowledge of this kind of verification is not good
improvement: on the premise that Party A determines Party B's public key, Party B finds an unimportant message and sends two messages to Party A. one message first uses the message digest and then encrypts it with the private key, and the other message is not encrypted. In this way, Party a can still verify Party B, but zero knowledge is good< There are many interesting stories about zero knowledge proof on the Internet.
Hot content