top of page
  • Writer's pictureJeffrey Scholz
    • Feb 25
    • 2 min read

Zero Knowledge Addition

These code snippets are used for a talk at ETH Denver


Zero knowledge addition example (not secure):

from py_ecc.bn128 import G1, multiply, add, eq

class G():
    def __init__(self, dl):
        if type(dl) is int:
            self.Point = multiply(G1, dl)
        else:
            self.Point = dl

    def __mul__(self, other):
        return G(multiply(self.Point, other))

    def __add__(self, other):
        return G(add(self.Point, other.Point))

    def __repr__(self):
        return str(self.Point)

    def __eq__(self, other):
        return eq(self.Point, other) 

    def __call__(self, arg):
        return G(multiply(self.Point, arg))

print("                     G(1)", G(1))
print("                     G(2)", G(2))
print("                     G(3)", G(3))
print("G(7776012348051028346757)", G(7776012348051028346757))

print(G(1) + G(1) == G(2))
print(G(6) + G(7) == G(6 + 7))
print(G(3) * 2 == G(6))

H = G(5)
print(H(5) == G(25))

## -------------------

# Prover
U = G(5)
V = G(10)

proof = (U, V, 15)

## Verifier
assert proof[0] + proof[1] == G(proof[2]), "addition proof rejected"

print("accepted proof", proof)

## -------------------

for i in range(16):
    if G(i) == proof[0]:
        print("first term is", i)

    if G(i) == proof[1]:
        print("second term is", i)

Pedersen commitments:

from py_ecc.bn128 import G1, multiply, add, eq

class G():
    def __init__(self, dl):
        if type(dl) is int:
            self.Point = multiply(G1, dl)
        else:
            self.Point = dl

    def __mul__(self, other):
        return G(multiply(self.Point, other))

    def __add__(self, other):
        return G(add(self.Point, other.Point))

    def __repr__(self):
        return str(self.Point)

    def __eq__(self, other):
        return eq(self.Point, other) 

    def __call__(self, arg):
        return G(multiply(self.Point, arg))

H = G(2602082151048)
B = G(91051825082)

# commit cannot be tampered with
P = H(5) + B(130922)
P1 = H(5 + 1) + B(130922 - 1)
P2 = H(5 - 1) + B(130923 + 1)

# the commitments are not equal
print(P)
print(P1)
print(P2)

Secure zero knowledge addition:

from py_ecc.bn128 import G1, multiply, add, eq

class G():
    def __init__(self, dl):
        if type(dl) is int:
            self.Point = multiply(G1, dl)
        else:
            self.Point = dl

    def __mul__(self, other):
        return G(multiply(self.Point, other))

    def __add__(self, other):
        return G(add(self.Point, other.Point))

    def __repr__(self):
        return str(self.Point)

    def __eq__(self, other):
        return eq(self.Point, other) 

    def __call__(self, arg):
        return G(multiply(self.Point, arg))

import random

def rnd():
    return random.randint(1, 2 ** 100)

# Trusted setup
H = G(10712350839210571016502)
B = G(7710572910721010219147)

# Prover
a = 10
b = 5
c = a + b

s1 = rnd()
s2 = rnd()

U = H(a) + B(s1)
V = H(b) + B(s2)
w = s1 + s2

proof = (U, V, w, 15)

# Verifier
assert U + V == H(15) + B(w), "proof not accepted"
print("proof accepted for", proof)

Resources

Our Zero Knowledge Book: rareskills.io/zk-book

Our Zero Knowledge Course: https://www.rareskills.io/zk-bootcamp

137 views0 comments

Recent Posts

See All
bottom of page