Zero Knowledge Proof: Difference between revisions

From MNOwatch
Jump to navigationJump to search
Demo (talk | contribs)
Created page with "To prove a character set belongs to a string without revealing the set, you use *Zero-Knowledge Proofs* (ZKPs), specifically techniques like zk-SNARKs/STARKs or specialized commitment schemes (e.g., Merkle Trees, Pedersen Commitments) to generate a short proof that a commitment to the string and the set satisfies the "all characters in set" condition, verifiable with a public key/verifier, all without disclosing the actual characters of the string or set, only proving th..."
 
Demo (talk | contribs)
No edit summary
Line 1: Line 1:
To prove a character set belongs to a string without revealing the set, you use *Zero-Knowledge Proofs* (ZKPs), specifically techniques like zk-SNARKs/STARKs or specialized commitment schemes (e.g., Merkle Trees, Pedersen Commitments) to generate a short proof that a commitment to the string and the set satisfies the "all characters in set" condition, verifiable with a public key/verifier, all without disclosing the actual characters of the string or set, only proving their relationship.  
To prove a character set belongs to a string without revealing the set, you use '''Zero-Knowledge Proofs''' (ZKPs), specifically techniques like zk-SNARKs/STARKs or specialized commitment schemes (e.g., Merkle Trees, Pedersen Commitments) to generate a short proof that a commitment to the string and the set satisfies the "all characters in set" condition, verifiable with a public key/verifier, all without disclosing the actual characters of the string or set, only proving their relationship.  


Core Idea: Commitment and Proof
==Core Idea: Commitment and Proof==


Commitment Phase (Prover):
===Commitment Phase (Prover):===


The Prover creates a cryptographic commitment (a one-way hash-like value) for the secret string and another for the secret character set.
The Prover creates a cryptographic commitment (a one-way hash-like value) for the secret string and another for the secret character set.
They then compute a ZKP that mathematically links these commitments, proving: "If you hash these (revealed) values, they match my secret commitments, AND all characters from my secret set are indeed present in my secret string."
They then compute a ZKP that mathematically links these commitments, proving: "If you hash these (revealed) values, they match my secret commitments, AND all characters from my secret set are indeed present in my secret string."


Verification Phase (Verifier):
===Verification Phase (Verifier):===


The Verifier receives the commitments and the ZKP.
The Verifier receives the commitments and the ZKP.
Line 14: Line 14:
They run a verification algorithm using public parameters. If the proof is valid, they are convinced the condition holds, without ever seeing the string or set itself.  
They run a verification algorithm using public parameters. If the proof is valid, they are convinced the condition holds, without ever seeing the string or set itself.  


Example with Merkle Trees (Conceptual)
==Example with Merkle Trees (Conceptual)==


Prover: Has string S ("banana") and set C ({'a', 'b', 'n'}).
Prover: Has string S ("banana") and set C ({'a', 'b', 'n'}).

Revision as of 08:53, 12 December 2025

To prove a character set belongs to a string without revealing the set, you use Zero-Knowledge Proofs (ZKPs), specifically techniques like zk-SNARKs/STARKs or specialized commitment schemes (e.g., Merkle Trees, Pedersen Commitments) to generate a short proof that a commitment to the string and the set satisfies the "all characters in set" condition, verifiable with a public key/verifier, all without disclosing the actual characters of the string or set, only proving their relationship.

Core Idea: Commitment and Proof

Commitment Phase (Prover):

The Prover creates a cryptographic commitment (a one-way hash-like value) for the secret string and another for the secret character set. They then compute a ZKP that mathematically links these commitments, proving: "If you hash these (revealed) values, they match my secret commitments, AND all characters from my secret set are indeed present in my secret string."

Verification Phase (Verifier):

The Verifier receives the commitments and the ZKP.

They run a verification algorithm using public parameters. If the proof is valid, they are convinced the condition holds, without ever seeing the string or set itself.

Example with Merkle Trees (Conceptual)

Prover: Has string S ("banana") and set C ({'a', 'b', 'n'}).

Commit to String: Build a Merkle Tree for S, get its root MerkleRoot(S).

Commit to Set: Represent C as a sorted string/structure, build its Merkle Tree, get MerkleRoot(C).

Generate Proof: Create a proof (e.g., using a polynomial commitment like KZG or PLONK) that shows MerkleRoot(S) and MerkleRoot(C) are related such that every element in C is in S. This involves creating a polynomial that evaluates to zero if the condition holds.

Send to Verifier: Send MerkleRoot(S), MerkleRoot(C), and the ZKP.

Verifier: Checks the ZKP against the roots.

Key Technologies

zk-SNARKs/STARKs: Succinct Non-Interactive Arguments of Knowledge (or Scalable TAs). These generate very small proofs and have efficient verification, ideal for proving complex properties about data without revealing it.

Pedersen Commitments: A basic commitment scheme where you commit to values, allowing proofs that committed values sum up correctly. This approach transforms "proving inclusion" into a mathematical problem solved by advanced cryptography, ensuring privacy while verifying correctness.