You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello, I would like to implement a zk-SNARKs scenario using libsnark but I can't figure out if it is indeed possible and how to approach the implementation in practice.
This library seems too technical for me at the moment. I would really appreciate it if there was anyone able to tell me if the following is possible. I would also be very grateful for any suggestions on how to approach the implementation of this problem in practice.
I would like to implement a scenario in which a prover P wants to prove the knowledge of the decrypted version of a file to a verifier V using zk-SNARKs. (The set-up phase to produce the proving and verification keys is done by a trusted third party of course.)
In this scenario there is a file f and its encrypted version is fE = Enc(f, k). Here Enc is a strong symmetric encryption algorithm such as AES and k is the key used to encrypt the file f.
The hash of the file f is Hf = SHA256(f)
In this scenario, I want the prover to be able to prove that: SHA256(Dec(fE, k)) == Hf AND SHA256(k) == Hk
where obviously Dec( fE, k ) will produce the original file f.
The prover P will send to the verifier V the following elements, and V will be then able to verify the proof:
the proof itself just produced by P
the encrypted file fE
the hash of the file Hf
the hash of the key Hk
If the verification output is true (the proof is valid) the verifier V will be sure of the following:
Hf is the hash of a file f and the encrypted version of this file is fE (note that V doesn't have/know the original file f)
Hk is the hash of the key k used to encrypt the file f to obtain fE
Many thanks to anyone who takes the time to read and try give suggestions!
The text was updated successfully, but these errors were encountered:
The problem domain with ZKPs for SNARKs is to create two definitions: 1) the protocol and 2) the circuit. You've described the protocol and it looks good from a high level.
The remaining definition is the circuit. You have the SHA256 function and the Dec function stated. The SHA256 function is included in libsnark already (as long as you only need the compression side, and the full hash is not difficult to implement). The Dec function will require more work to define.
Depending upon things like variable sizes and recursion, the Dec function might be easy or might be impossible entirely. If you post pseudo-code then it would be easier to comment on.
Let's forget about the Dec function for now then. Let's say the prover only wants to prove the second part of the statement, in other words that he knows a key k that has an hash value Hk. Formally the prover wants to prove that: SHA256(k) == Hk
The prover P will compute the proof and then send it to the verifier V along with the hash Hk.
When V verifies the proof he can then be sure that P knows the preimage of the hash, aka the key k.
So even in this simplified scenario, I just can't understand how to proceed with libsnark. There is a gadget for SHA256 as you said, but how can I use it in practice to produce the following:
Proving and verification keys (trusted set up) in the form of separate files
Executable usable by any prover to be able to produce a proof (in form of a file) using as inputs: the proving key; the hash value Hk; the key k aka the witness
Executable usable by any verifier to be able to verify a proof (a file produced by the other executable) using as inputs the proof itself and the hash Hk
I know this is a very general question, but I can't figure out how to begin. Any suggestion or guideline would be greatly appreciated.
Hello, I would like to implement a zk-SNARKs scenario using
libsnark
but I can't figure out if it is indeed possible and how to approach the implementation in practice.This library seems too technical for me at the moment. I would really appreciate it if there was anyone able to tell me if the following is possible. I would also be very grateful for any suggestions on how to approach the implementation of this problem in practice.
I would like to implement a scenario in which a prover
P
wants to prove the knowledge of the decrypted version of a file to a verifierV
using zk-SNARKs. (The set-up phase to produce the proving and verification keys is done by a trusted third party of course.)In this scenario there is a file
f
and its encrypted version isfE = Enc(f, k)
. HereEnc
is a strong symmetric encryption algorithm such as AES andk
is the key used to encrypt the filef
.The hash of the file
f
isHf = SHA256(f)
In this scenario, I want the prover to be able to prove that:
SHA256(Dec(fE, k)) == Hf AND SHA256(k) == Hk
where obviously
Dec( fE, k )
will produce the original filef
.The prover
P
will send to the verifierV
the following elements, andV
will be then able to verify the proof:P
fE
Hf
Hk
If the verification output is true (the proof is valid) the verifier
V
will be sure of the following:Hf
is the hash of a filef
and the encrypted version of this file isfE
(note thatV
doesn't have/know the original filef
)Hk
is the hash of the keyk
used to encrypt the filef
to obtainfE
Many thanks to anyone who takes the time to read and try give suggestions!
The text was updated successfully, but these errors were encountered: