Lakoonilise nullteadmusargumendisüsteemi optimiseeritud implementatsioon
Date
2013
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Tartu Ülikool
Abstract
Käesolevas töös üritame konstrueerida lakoonilise mitteinteraktiivse
nullteadmustõestuste süsteemi implementatsiooni. Mitteinteraktiivne
nullteadmustõestuste süsteem on protokoll, milles üks osapool, keda
kutsutakse tõestajaks, tõestab teistele osapooltele, keda kutsutakse
verifitseerijateks, et mingi verifitseerijale esitatud väide on tõene.
Nullteadmusprotokoll peab muuhulgas garanteerima, et vastav tõestus ei
lekita väite kohta muud informatsiooni peale väite kehvituse. Antud
töös käsitleme tõeväärtusskeemide kehtestatavuse probleemi.
Tõeväärtusskeemi kehtestatavuse probleem on küsimus selle kohta, kas
leidub sisend, millel antud tõeväärtusskeem saab väljundiks väärtuse
tõene. Implementeeritud tõestusskeem põhineb Helger Lipmaa tööl
\cite{eprint2013:Lipmaa:NIZKSPECC}, mis kasutab tõestuse
konstrueerimiseks lineaarkatte programme \emph{(span program)} ja
lineaarseid veaparanduskoode. Töös anname ka kerge ülevaate
nullteadmustõestuste üldisest olemusest, et ülejäänud töö olemust
paremini selgitada.
Me konstrueerime mitteadaptiivse versiooni tõestussüsteemist. Lisaks
nullteadmustõestusele iseloomulikele omadustele on see versioon
kasulik ka verifitseeritava arvutamise saavutamiseks, nagu käsitletud
näiteks artiklis \cite{Pinnochio2013:Parno}. Töö algab ülevaatega
mitteinteraktiivsest nullteadmusest ning lineaarkatte programmidest.
Edasises kirjeldame, kuidas esitada tõeväärtusskeemi kehtestatavuse
probleemi kasutades mainitud lineaarkatte programme. Lõpuks kirjeldame
oma implementatsiooni, keskendudes olulistele detailidele ning
kasutatud teekidele. Töö kokkuvõtteks on jõudlustulemused ning suunad
edasisteks täiendusteks.
In this thesis, we construct an implementation of succinct non-interactive zero knowledge argument system. A non-interactive zero knowledge argument system is a protocol for a party (usually known as Prover) to provide a proof of knowledge to the solution of a statement to other parties (usually known as Verifier). The argument system will be able to provide such proof without leaking any other information regarding the solution. The non-interactivity allows such argument system to be done without requiring interaction between the parties involved. The statement that is proven in this work is the circuit satisfiability problem. The circuit satisfiability problem is a problem of deciding whether there exists an input that can make the final output of a circuit to be true. The argument system is based on Lipmaa's work \cite{eprint2013:Lipmaa:NIZKSPECC} which uses span programs and linear error-correcting codes in its construction. We also try to give a very general explanation on zero knowledge argument system along the way in order to provide a simple concept to people encountering the notion for the first time. The argument system we attempt to construct is the non-adaptive version of the argument system. This version is useful for verifiable computation as pointed out by \cite{Pinnochio2013:Parno} apart from its zero knowledge behavior. We begin by giving an overview on non-interactive zero knowledge, followed by span programs. We then proceed to describe on how to represent the circuit satisfiability problem using the mentioned tool. We present our implementation afterwards, listing out the libraries and implementation details that matters. We conclude by providing a speed measurement and possible future improvements of this work.
In this thesis, we construct an implementation of succinct non-interactive zero knowledge argument system. A non-interactive zero knowledge argument system is a protocol for a party (usually known as Prover) to provide a proof of knowledge to the solution of a statement to other parties (usually known as Verifier). The argument system will be able to provide such proof without leaking any other information regarding the solution. The non-interactivity allows such argument system to be done without requiring interaction between the parties involved. The statement that is proven in this work is the circuit satisfiability problem. The circuit satisfiability problem is a problem of deciding whether there exists an input that can make the final output of a circuit to be true. The argument system is based on Lipmaa's work \cite{eprint2013:Lipmaa:NIZKSPECC} which uses span programs and linear error-correcting codes in its construction. We also try to give a very general explanation on zero knowledge argument system along the way in order to provide a simple concept to people encountering the notion for the first time. The argument system we attempt to construct is the non-adaptive version of the argument system. This version is useful for verifiable computation as pointed out by \cite{Pinnochio2013:Parno} apart from its zero knowledge behavior. We begin by giving an overview on non-interactive zero knowledge, followed by span programs. We then proceed to describe on how to represent the circuit satisfiability problem using the mentioned tool. We present our implementation afterwards, listing out the libraries and implementation details that matters. We conclude by providing a speed measurement and possible future improvements of this work.