From 54052f98c3dd94bb4358c65806759e10bcc1b996 Mon Sep 17 00:00:00 2001 From: jackddouglas Date: Wed, 18 Sep 2024 11:26:59 +0100 Subject: [PATCH] Quartz sync: Sep 18, 2024, 11:26 AM --- content/BLS Threshold.md | 8 ++++---- content/Elliptic Curves.md | 4 ++-- content/KZG.md | 14 +++++++------- content/Lagrange interpolation formula.md | 2 +- content/Polynomial Commitments.md | 8 ++++---- content/Week 3.md | 14 +++++++------- content/bilinear pairings.md | 2 +- content/index.md | 14 +++++++------- 8 files changed, 33 insertions(+), 33 deletions(-) diff --git a/content/BLS Threshold.md b/content/BLS Threshold.md index bdca5e0..d1dfa13 100644 --- a/content/BLS Threshold.md +++ b/content/BLS Threshold.md @@ -9,7 +9,7 @@ tags: [] Threshold cryptography allows a group of parties to jointly perform cryptographic operations such that only a subset (threshold) of the parties is required to collaborate, enhancing both security and availability. The Boneh-Lynn-Shacham (BLS) signature scheme is particularly well-suited for threshold implementations due to its simplicity and the properties of pairing-based cryptography. ## Overview -A cryptographic algorithm that enables short signatures and efficient aggregation of signatures. Base on [[1726579238-bilinear-pairings|bilinear pairings]] over [[1726567251-elliptic-curves|elliptic curves]]. +A cryptographic algorithm that enables short signatures and efficient aggregation of signatures. Base on [[bilinear pairings]] over [[elliptic curves]]. Key Features: - *Short Signatures* — signatures are elements of an elliptic curve group, resulting in compact representations @@ -17,7 +17,7 @@ Key Features: - *Deterministic Signing* — signing process doesn't require randomness, simplifying implementation ### Mathematical Foundation -Rely on properties of [[1726579238-bilinear-pairings|bilinear pairings]]. +Rely on properties of [[bilinear pairings]]. ### Basic BLS Signature Scheme - Setup @@ -53,7 +53,7 @@ Combining BLS with threshold cryptography results in *threshold BLS signatures*, - *Secret Sharing* — private key is shared among parties using a secret sharing scheme ### Secret Sharing Schemes -See [[1725904360-shamirs-secret-sharing|Shamir's Secret Sharing]]. +See [[Shamir's Secret Sharing]]. ### Threshold BLS Signature Protocol - Setup @@ -66,7 +66,7 @@ See [[1725904360-shamirs-secret-sharing|Shamir's Secret Sharing]]. 2. Broadcast Partial Signatures - Parties share their $\sigma_i$ with the combiner 3. Signature Reconstruction - - Using [[1725960857-lagrange-interpolation-formula|Lagrange interpolation]], combine $t$ partial signatures to form the full signature: + - Using [[Lagrange interpolation formula|Lagrange interpolation]], combine $t$ partial signatures to form the full signature: $$\sigma=\Pi_{i\in S,j\neq1}\sigma_i^{\lambda_i}$$ where $S$ is the set of participating parties and $\lambda_i$ are Lagrange coefficients: $$\lambda_i=\Pi_{j\in S,j\neq i}\frac{j}{j-i}$$ diff --git a/content/Elliptic Curves.md b/content/Elliptic Curves.md index 08940de..789b0c0 100644 --- a/content/Elliptic Curves.md +++ b/content/Elliptic Curves.md @@ -48,7 +48,7 @@ Uses the properties of elliptic curves to create cryptographic algorithms that a - *Elliptic Curve Digital Signature Algorithm (ECDSA)* — method for creating digital signatures, ensuring message integrity and authenticity - *Elliptic Curve Integrated Encryption Scheme (ECIES)* — hybrid encryption scheme combining ECC with symmetric encryption for data confidentiality -## [[1726579238-bilinear-pairings|Pairings]] on Elliptic Curves +## [[Bilinear pairings|Pairings]] on Elliptic Curves Bilinear maps that take two points on an elliptic curve and output an element in a finite field, enabling advanced cryptographic protocols. ### Definition @@ -66,7 +66,7 @@ Each have respective applications for which they have better computational advan ### Applications in Cryptography - *Identity-Based Encryption (IBE)* — allows the use of arbitrary strings (e.g., email addresses) as public keys -- *Short Signatures* — schemes such as [[1726567320-bls-threshold|BLS]] (Boneh-Lynn-Shacham) enable very short signatures with security based on hardness of certain problems in pairing-friendly groups +- *Short Signatures* — schemes such as [[BLS Threshold|BLS]] (Boneh-Lynn-Shacham) enable very short signatures with security based on hardness of certain problems in pairing-friendly groups - *Attribute-Based Encryption (ABE)* — enables fine-grained access control over encrypted data ## Common Curves diff --git a/content/KZG.md b/content/KZG.md index edee2bd..ed6b1b7 100644 --- a/content/KZG.md +++ b/content/KZG.md @@ -16,12 +16,12 @@ KZG commitments allow a prover to: ## Mathematical Foundations Builds on: -- [[1725898229-polynomial-arithmetic|Polynomial Arithmetic]] -- [[1726567251-elliptic-curves#elliptic-curve-cryptography-ecc|Elliptic Curve Cryptography]] -- [[1726567251-elliptic-curves#pairings-on-elliptic-curves|Pairings]] +- [[Polynomial Arithmetic]] +- [[Elliptic Curves#elliptic-curve-cryptography-ecc|Elliptic Curve Cryptography]] +- [[Elliptic Curves#pairing-friendly-curves|Pairings]] ### Bilinear Pairings -A [[1726579238-bilinear-pairings|bilinear pairing]] is a map: +A [[bilinear pairings|bilinear pairing]] is a map: $$e:G_1\times G_2 \rightarrow G_T$$ where: @@ -58,7 +58,7 @@ Alternatively, using polynomial notation: - Represent $f(\tau)$ as an element in $G_1$: - $C=G^{f(\tau)}$ -This uses the [[1726580434-homomorphism|homomorphism]] between polynomials evaluated at $\tau$ and group elements. +This uses the [[homomorphism]] between polynomials evaluated at $\tau$ and group elements. ### Open To prove that $y=f(s)$ for some $s\in \Bbb{F}_\tau$, the prover computes a proof $\pi$ as follows: @@ -95,7 +95,7 @@ $$e(\pi, H^{\tau-s})=e(G^{\frac{f(\tau)-y}{\tau-s}},H^{\tau-s})=e(G^{f(\tau)-y}, Thus, both sides are equal. ### Binding -The binding property relies on the [[1726567251-elliptic-curves#discrete-logarithm-problem-dlp|discrete logarithm problem]] and the assumption that the prover cannot find two different polynomials $f(x)$ and $f'(x)$ such that $f(\tau)=f'(\tau)$, unless $f(x)=f'(x)$. +The binding property relies on the [[elliptic curves#discrete-logarithm-problem-dlp|discrete logarithm problem]] and the assumption that the prover cannot find two different polynomials $f(x)$ and $f'(x)$ such that $f(\tau)=f'(\tau)$, unless $f(x)=f'(x)$. #### Security Assumption - *Computational Diffie-Hellman (CDH) Problem* — hardness of computing $G^{ab}$ given $G^a$ and $G^b$ @@ -124,7 +124,7 @@ Both the commitment $C$ and the proof $\pi$ are single elements in $G_1$, regard ### Prover Efficiency - The prover's work involves computing $w(x)$ and exponentiations -- Efficient algorithms like [[1725903044-fast-fourier-transform|Fast Fourier Transforms (FFT)]] can optimise polynomial operations when dealing with large degrees. +- Efficient algorithms like [[fast fourier transform|Fast Fourier Transforms (FFT)]] can optimise polynomial operations when dealing with large degrees. ## Applications of KZG Commitments ### zk-SNARKs diff --git a/content/Lagrange interpolation formula.md b/content/Lagrange interpolation formula.md index b75aff2..e1c0320 100644 --- a/content/Lagrange interpolation formula.md +++ b/content/Lagrange interpolation formula.md @@ -17,7 +17,7 @@ Where: - `yi` are the y-coordinates of the known points - `Li(x)` are the Lagrange basis polynomials -In the [[1725904360-shamirs-secret-sharing|Shamir's Secret Sharing]] code, this formula is implemented as follows: +In the [[Shamir's Secret Sharing]] code, this formula is implemented as follows: 1. The outer loop `for i in 0..threshold` corresponds to the summation in the formula. diff --git a/content/Polynomial Commitments.md b/content/Polynomial Commitments.md index 3a2ec9c..6ea7e0e 100644 --- a/content/Polynomial Commitments.md +++ b/content/Polynomial Commitments.md @@ -35,7 +35,7 @@ Essential for constructing efficient cryptographic protocols where the size of t - *Fast Verification* — verifier's work should be minimal, enabling practical development ## Types of Commitment Schemes -### Kate Commitments ([[1726567313-kzg|KZG]] Commitments) +### Kate Commitments ([[KZG]] Commitments) - *Setup* — trusted setup generates public parameters, including sequence $\{\tau^i\}$ for $i=0$ to $d$, where $\tau$ is a secret - *Commit* — given polynomial $f(x)=\sum^d_{i=0}{f_ix^i}$, the commitment is: $$C=\sum_{i=0}^d{f_iG^{\tau^i}}$$ @@ -44,7 +44,7 @@ where $G$ is a generator of an elliptic curve group. - *Verify* — verifier checks pairing equations to confirm proof's validity #### Use of Pairings -KZG commitments rely on [[bilinear pairings]] on [[1726567251-elliptic-curves|elliptic curves]], which enable efficient verification through pairing-based equations. +KZG commitments rely on [[bilinear pairings]] on [[elliptic curves]], which enable efficient verification through pairing-based equations. - *Bilinear Pairing* — a map $e:G_1\times G_2\rightarrow G_T$ satisfying bilinearity, non-degeneracy, and computability - *Verification Equation* — $e(C-y\cdot G, H)=e(\pi, G-s\cdot H)$, here, $H$ is another generator, and $s$ is the evaluation point @@ -54,7 +54,7 @@ KZG commitments rely on [[bilinear pairings]] on [[1726567251-elliptic-curves|el #### Drawbacks - *Trusted setup* — requires a secure generation of secret $\tau$ -- *Security assumptions* — relies on hardness of [[1726567251-elliptic-curves#discrete-logarithm-problem-dlp|Discrete Logarithm Problem]] and *Computational Diffie-Hellman Problem* in pairing groups. +- *Security assumptions* — relies on hardness of [[Elliptic Curves#discrete-logarithm-problem-dlp|Discrete Logarithm Problem]] and *Computational Diffie-Hellman Problem* in pairing groups. ### Other Schemes #### Pedersen Commitments @@ -90,7 +90,7 @@ Drawbacks - *Ethereum 2.0* uses KZG commitments in *danksharding* proposal for scalable data availability proofs - *Plonk Protocol* is a universal SNARK protocol that uses polynomial commitments for efficient proof generation and verification -## Connection to [[1725960857-lagrange-interpolation-formula|Lagrange Interpolation]] +## Connection to [[Lagrange interpolation formula|Lagrange Interpolation]] Any polynomial $f(x)$ of degree $d$ can be uniquely distributed by $d+1$ evaluations at distinct points, which is fundamental in constructing and verifying polynomial commitments. ## Implementation Considerations diff --git a/content/Week 3.md b/content/Week 3.md index 097709b..b0ff561 100644 --- a/content/Week 3.md +++ b/content/Week 3.md @@ -6,15 +6,15 @@ tags: [] --- # Key Ideas -- [[1726567251-elliptic-curves|Elliptic Curves]] - - [[1726567251-elliptic-curves#pairings-on-elliptic-curves|Pairings]] - - [[1726567251-elliptic-curves#common-curves|Common Curves]] -- [[1726567296-polynomial-commitments|Polynomial Commitments]] -- [[1726567313-kzg|KZG]] -- [[1726567320-bls-threshold|BLS Threshold]] +- [[Elliptic Curves]] + - [[Elliptic Curves#pairing-friendly-curves|Pairings]] + - [[Elliptic Curves#common-curves|Common Curves]] +- [[Polynomial Commitments]] +- [[KZG]] +- [[BLS Threshold]] # Exercises -- Implement [[1726567313-kzg|KZG]] commitment, proof +- Implement [[KZG]] commitment, proof # References - https://github.com/pluto/ronkathon/blob/main/src/curve/README.md diff --git a/content/bilinear pairings.md b/content/bilinear pairings.md index ee9ded0..3b2cdcf 100644 --- a/content/bilinear pairings.md +++ b/content/bilinear pairings.md @@ -23,5 +23,5 @@ Each have respective applications for which they have better computational advan ### Applications in Cryptography - *Identity-Based Encryption (IBE)* — allows the use of arbitrary strings (e.g., email addresses) as public keys -- *Short Signatures* — schemes such as [[1726567320-bls-threshold|BLS]] (Boneh-Lynn-Shacham) enable very short signatures with security based on hardness of certain problems in pairing-friendly groups +- *Short Signatures* — schemes such as [[BLS Threshold|BLS]] (Boneh-Lynn-Shacham) enable very short signatures with security based on hardness of certain problems in pairing-friendly groups - *Attribute-Based Encryption (ABE)* — enables fine-grained access control over encrypted data diff --git a/content/index.md b/content/index.md index 5cc12bb..862818f 100644 --- a/content/index.md +++ b/content/index.md @@ -55,15 +55,15 @@ If you'd like to follow along, you may navigate to [this Notion page](https://ww - Moonmath Manual Polynomial Arithmetic ### [[Week 3]] -- [[1726567251-elliptic-curves|Elliptic Curves]] - - [[1726567251-elliptic-curves#pairings-on-elliptic-curves|Pairings]] - - [[1726567251-elliptic-curves#common-curves|Common Curves]] -- [[1726567296-polynomial-commitments|Polynomial Commitments]] -- [[1726567313-kzg|KZG]] -- [[1726567320-bls-threshold|BLS Threshold]] +- [[Elliptic Curves]] + - [[Elliptic Curves#pairing-friendly-curves|Pairings]] + - [[Elliptic Curves#common-curves|Common Curves]] +- [[Polynomial Commitments]] +- [[KZG]] +- [[BLS Threshold]] #### EXERCISES -- Implement [[1726567313-kzg|KZG]] commitment, proof +- Implement [[KZG]] commitment, proof #### REFERENCES - https://github.com/pluto/ronkathon/blob/main/src/curve/README.md