Zero Knowledge Proof: Difference between revisions

From MNOwatch
Jump to navigationJump to search
Demo (talk | contribs)
Created page with "To prove a character set belongs to a string without revealing the set, you use *Zero-Knowledge Proofs* (ZKPs), specifically techniques like zk-SNARKs/STARKs or specialized commitment schemes (e.g., Merkle Trees, Pedersen Commitments) to generate a short proof that a commitment to the string and the set satisfies the "all characters in set" condition, verifiable with a public key/verifier, all without disclosing the actual characters of the string or set, only proving th..."
 
Demo (talk | contribs)
No edit summary
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
To prove a character set belongs to a string without revealing the set, you use *Zero-Knowledge Proofs* (ZKPs), specifically techniques like zk-SNARKs/STARKs or specialized commitment schemes (e.g., Merkle Trees, Pedersen Commitments) to generate a short proof that a commitment to the string and the set satisfies the "all characters in set" condition, verifiable with a public key/verifier, all without disclosing the actual characters of the string or set, only proving their relationship.  
To prove a character set belongs to a string without revealing the set, you use '''Zero-Knowledge Proofs''' (ZKPs), specifically techniques like zk-SNARKs/STARKs or specialized commitment schemes (e.g., Merkle Trees, Pedersen Commitments) to generate a short proof that a commitment to the string and the set satisfies the "all characters in set" condition, verifiable with a public key/verifier, all without disclosing the actual characters of the string or set, only proving their relationship.  


Core Idea: Commitment and Proof
==Core Idea: Commitment and Proof==


Commitment Phase (Prover):
===Commitment Phase (Prover):===


The Prover creates a cryptographic commitment (a one-way hash-like value) for the secret string and another for the secret character set.
The Prover creates a cryptographic commitment (a one-way hash-like value) for the secret string and another for the secret character set.
They then compute a ZKP that mathematically links these commitments, proving: "If you hash these (revealed) values, they match my secret commitments, AND all characters from my secret set are indeed present in my secret string."
They then compute a ZKP that mathematically links these commitments, proving: "If you hash these (revealed) values, they match my secret commitments, AND all characters from my secret set are indeed present in my secret string."


Verification Phase (Verifier):
===Verification Phase (Verifier):===


The Verifier receives the commitments and the ZKP.
The Verifier receives the commitments and the ZKP.
Line 14: Line 14:
They run a verification algorithm using public parameters. If the proof is valid, they are convinced the condition holds, without ever seeing the string or set itself.  
They run a verification algorithm using public parameters. If the proof is valid, they are convinced the condition holds, without ever seeing the string or set itself.  


Example with Merkle Trees (Conceptual)
==Example with Merkle Trees (Conceptual)==


Prover: Has string S ("banana") and set C ({'a', 'b', 'n'}).
Prover: Has string S ("banana") and set C ({'a', 'b', 'n'}).
Line 28: Line 28:
Verifier: Checks the ZKP against the roots.  
Verifier: Checks the ZKP against the roots.  


Key Technologies
==Key Technologies==


zk-SNARKs/STARKs: Succinct Non-Interactive Arguments of Knowledge (or Scalable TAs). These generate very small proofs and have efficient verification, ideal for proving complex properties about data without revealing it.
zk-SNARKs/STARKs: Succinct Non-Interactive Arguments of Knowledge (or Scalable TAs). These generate very small proofs and have efficient verification, ideal for proving complex properties about data without revealing it.

Latest revision as of 08:53, 12 December 2025

To prove a character set belongs to a string without revealing the set, you use Zero-Knowledge Proofs (ZKPs), specifically techniques like zk-SNARKs/STARKs or specialized commitment schemes (e.g., Merkle Trees, Pedersen Commitments) to generate a short proof that a commitment to the string and the set satisfies the "all characters in set" condition, verifiable with a public key/verifier, all without disclosing the actual characters of the string or set, only proving their relationship.

Core Idea: Commitment and Proof

Commitment Phase (Prover):

The Prover creates a cryptographic commitment (a one-way hash-like value) for the secret string and another for the secret character set. They then compute a ZKP that mathematically links these commitments, proving: "If you hash these (revealed) values, they match my secret commitments, AND all characters from my secret set are indeed present in my secret string."

Verification Phase (Verifier):

The Verifier receives the commitments and the ZKP.

They run a verification algorithm using public parameters. If the proof is valid, they are convinced the condition holds, without ever seeing the string or set itself.

Example with Merkle Trees (Conceptual)

Prover: Has string S ("banana") and set C ({'a', 'b', 'n'}).

Commit to String: Build a Merkle Tree for S, get its root MerkleRoot(S).

Commit to Set: Represent C as a sorted string/structure, build its Merkle Tree, get MerkleRoot(C).

Generate Proof: Create a proof (e.g., using a polynomial commitment like KZG or PLONK) that shows MerkleRoot(S) and MerkleRoot(C) are related such that every element in C is in S. This involves creating a polynomial that evaluates to zero if the condition holds.

Send to Verifier: Send MerkleRoot(S), MerkleRoot(C), and the ZKP.

Verifier: Checks the ZKP against the roots.

Key Technologies

zk-SNARKs/STARKs: Succinct Non-Interactive Arguments of Knowledge (or Scalable TAs). These generate very small proofs and have efficient verification, ideal for proving complex properties about data without revealing it.

Pedersen Commitments: A basic commitment scheme where you commit to values, allowing proofs that committed values sum up correctly. This approach transforms "proving inclusion" into a mathematical problem solved by advanced cryptography, ensuring privacy while verifying correctness.