These code snippets are used for a talk at ETH Denver
Zero knowledge addition example (not secure):
from py_ecc.bn128 import G1, multiply, add, eq
class G():
def __init__(self, dl):
if type(dl) is int:
self.Point = multiply(G1, dl)
else:
self.Point = dl
def __mul__(self, other):
return G(multiply(self.Point, other))
def __add__(self, other):
return G(add(self.Point, other.Point))
def __repr__(self):
return str(self.Point)
def __eq__(self, other):
return eq(self.Point, other)
def __call__(self, arg):
return G(multiply(self.Point, arg))
print(" G(1)", G(1))
print(" G(2)", G(2))
print(" G(3)", G(3))
print("G(7776012348051028346757)", G(7776012348051028346757))
print(G(1) + G(1) == G(2))
print(G(6) + G(7) == G(6 + 7))
print(G(3) * 2 == G(6))
H = G(5)
print(H(5) == G(25))
## -------------------
# Prover
U = G(5)
V = G(10)
proof = (U, V, 15)
## Verifier
assert proof[0] + proof[1] == G(proof[2]), "addition proof rejected"
print("accepted proof", proof)
## -------------------
for i in range(16):
if G(i) == proof[0]:
print("first term is", i)
if G(i) == proof[1]:
print("second term is", i)
Pedersen commitments:
from py_ecc.bn128 import G1, multiply, add, eq
class G():
def __init__(self, dl):
if type(dl) is int:
self.Point = multiply(G1, dl)
else:
self.Point = dl
def __mul__(self, other):
return G(multiply(self.Point, other))
def __add__(self, other):
return G(add(self.Point, other.Point))
def __repr__(self):
return str(self.Point)
def __eq__(self, other):
return eq(self.Point, other)
def __call__(self, arg):
return G(multiply(self.Point, arg))
H = G(2602082151048)
B = G(91051825082)
# commit cannot be tampered with
P = H(5) + B(130922)
P1 = H(5 + 1) + B(130922 - 1)
P2 = H(5 - 1) + B(130923 + 1)
# the commitments are not equal
print(P)
print(P1)
print(P2)
Secure zero knowledge addition:
from py_ecc.bn128 import G1, multiply, add, eq
class G():
def __init__(self, dl):
if type(dl) is int:
self.Point = multiply(G1, dl)
else:
self.Point = dl
def __mul__(self, other):
return G(multiply(self.Point, other))
def __add__(self, other):
return G(add(self.Point, other.Point))
def __repr__(self):
return str(self.Point)
def __eq__(self, other):
return eq(self.Point, other)
def __call__(self, arg):
return G(multiply(self.Point, arg))
import random
def rnd():
return random.randint(1, 2 ** 100)
# Trusted setup
H = G(10712350839210571016502)
B = G(7710572910721010219147)
# Prover
a = 10
b = 5
c = a + b
s1 = rnd()
s2 = rnd()
U = H(a) + B(s1)
V = H(b) + B(s2)
w = s1 + s2
proof = (U, V, w, 15)
# Verifier
assert U + V == H(15) + B(w), "proof not accepted"
print("proof accepted for", proof)
Resources
Our Zero Knowledge Book: rareskills.io/zk-book
Our Zero Knowledge Course: https://www.rareskills.io/zk-bootcamp