jude/Riskless
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

...

Browse Source
This commit is contained in:
jude 2023-04-24 21:39:37 +01:00
parent 29e7e2c11a
commit f479fd0b29
3 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
static/js/modules/interface/proofs.js
View File

@ -503,7 +503,6 @@ export function verifyFortify(obj, key) {
let p = c.verifyNI(verification.zeroProofs[r]); let p = c.verifyNI(verification.zeroProofs[r]);
if (p !== 0n) { if (p !== 0n) {
console.log(p);
return false; return false;
} }
} }

BIN
whitepaper/Dissertation.pdf
View File

Binary file not shown.

17
whitepaper/Dissertation.tex
View File

@ -65,6 +65,8 @@
% %
%\clearpage %\clearpage
\section{Disambiguation}
\begin{table}[htp] \begin{table}[htp]
\begin{tabularx}{\textwidth}{c X} \begin{tabularx}{\textwidth}{c X}
\toprule \toprule
@ -72,14 +74,15 @@
\\ \\
\midrule \midrule
$|a|$ & Bit length of value $a$ \\ $|a|$ & Bit length of value $a$ \\
$\left(\frac{a}{b}\right)$ & Jacobi symbol for $a, b$ \\ $\left(\frac{a}{b}\right)$ & Jacobi symbol for $a, b$ or division (context dependent) \\
$\frac{a}{b}$ & Regular division \\ $\frac{a}{b}$ & Division \\
$\mathbb{Z}_k$ & Additive group of integers modulo $k$ \\ $\mathbb{Z}_k$ & Additive group of integers modulo $k$ \\
$\mathbb{Z}^*_k$ & Multiplicative group of units modulo $k$ \\ $\mathbb{Z}^*_k$ & Multiplicative group of units modulo $k$ \\
$\gcd(a, b)$ & Greatest common divisor of $a, b$ \\ $\gcd(a, b)$ & Greatest common divisor of $a, b$ \\
$\lcm(a, b)$ & Least common multiple of $a, b$ \\ $\lcm(a, b)$ & Least common multiple of $a, b$ \\
$\phi$ & Euler's totient function \\ $\phi$ & Euler's totient function \\
$\lambda$ & Carmichael's totient function \\ $\lambda$ & Carmichael's totient function \\
$H(\dots)$ & Ideal cryptographic hash function \\
\bottomrule \bottomrule
\end{tabularx} \end{tabularx}
\end{table} \end{table}
@ -736,7 +739,7 @@ Instead of proving a value is within a range, the prover will demonstrate that a
\item Prover transmits $\{ (\psi(R_i), E(n_i, r_i^*)) \mid 0 < i \leq N \}$ where $\psi$ is a random bijection on the regions. \item Prover transmits $\{ (\psi(R_i), E(n_i, r_i^*)) \mid 0 < i \leq N \}$ where $\psi$ is a random bijection on the regions.
\item Verifier chooses a random $c \in \{0, 1\}$. \begin{enumerate} \item Verifier chooses a random $c \in \{0, 1\}$. \begin{enumerate}
\item If $c = 0$, the verifier requests the definition of $\psi$. They then compute the product of the $E(x, r_i) \cdot E(x, r_i^*)$ and verify proofs that each of these is zero. \item If $c = 0$, the verifier requests the definition of $\psi$. They then compute the product of the $E(x, r_i) \cdot E(x, r_i^*)$ and request proofs that each of these is zero.
\item If $c = 1$, the verifier requests a proof that each $E(n_i, r_i^*)$ is as claimed. \item If $c = 1$, the verifier requests a proof that each $E(n_i, r_i^*)$ is as claimed.
\end{enumerate} \end{enumerate}
@ -776,7 +779,7 @@ In practice, as we are using Jurik's form of Paillier, the best we can hope for
\subsection{Proving fortifications} \subsection{Proving fortifications}
More work is needed on point (5). The range proof alone only works to prevent negative values from appearing in a fortify action. Fortify actions need to be of form $\{ k, -k, 0, \dots, 0 \}$) and the regions corresponding to $k, -k$ amounts must be adjacent. Point (5) still remains, as the range proof alone only works to prevent negative values from appearing in a fortify action. Fortify actions need to be of form $\{ k, -k, 0, \dots, 0 \}$) and the regions corresponding to $k, -k$ amounts must be adjacent.
\begin{figure}[htp] \begin{figure}[htp]
\centering \centering
@ -878,12 +881,12 @@ We combine some ideas from the graph isomorphism proofs with ideas from before t
Run $t$ times in parallel: Run $t$ times in parallel:
\begin{enumerate} \begin{enumerate}
\item Prover transmits $\{ (\psi(R_i), E(n_i, r_i^*)) \mid 0 < i \leq N \}$ where $\psi$ is a random bijection on the regions. \item Prover transmits $\{ (\psi(R_i), E(-n_i, r_i^*)) \mid 0 < i \leq N \}$ where $\psi$ is a random bijection on the regions, and $\{ H(R_i, R_j, s_{ij}) \mid R_i \text{ neighbours } R_j \}$ where $s_{ij}$ is a random salt.
\item Verifier chooses a random $c \in \{0, 1\}$. \begin{enumerate} \item Verifier chooses a random $c \in \{0, 1\}$. \begin{enumerate}
\item If $c = 0$, the verifier requests the definition of $\psi$. They then compute the product of the $E(x, r_i) \cdot E(x, r_i^*)$ and verify proofs that each of these is zero. \item If $c = 0$, the verifier requests the definition of $\psi$ and each salt. They check that the resulting graph is isomorphic to the original graph. They then compute $E(n_i, r_i) \cdot E(-n_i, r_i^*)$ for each $i$ and request a proof that each is zero. Finally, they compute each edge hash and check that there are precisely the correct number of hashes.
\item If $c = 1$, the verifier requests a proof that each $E(n_i, r_i^*)$ is as claimed. \item If $c = 1$, the verifier requests proofs that $|S| - 2$ are zero and that the remaining pair add to zero. They then request the salt used to produce the hash along the edge joining the two non-zero elements, and test that this hash is correct.
\end{enumerate} \end{enumerate}
\end{enumerate} \end{enumerate}
\end{protocol} \end{protocol}