Skip to content

Latest commit

 

History

History
97 lines (75 loc) · 6.5 KB

README.md

File metadata and controls

97 lines (75 loc) · 6.5 KB

Scriptless-ZKP

Cryptographic Protocols & Blockchain-Agnostic Protocols R&D

Adaptor & multi-party signatures, zero-knowledge proofs (ZKPs) & "scriptless" scripts

This Git repo has been constructed for organizing research and development (R&D) into cryptographic protocols, including multi-party signatures, adaptor signatures, zero-knowledge proofs, and "scriptless" scripts.

An additional research focus is on applications to cross-blockchain operations, including blockchain-agnostic (universal) atomic swaps and zero-knowledge contingent payment (zkCP) protocols.

DISCLAIMER: This codebase is presently in an early pre-Alpha version status focused on R&D, has not yet undergone any in-depth security audits, and as such should not be used in any Production system.

  • Please refer to the attached Mozilla Public License v2.0 (LICENSE) for an associated disclaimer of any and all liability or warrantability related to its use.

Functional Existing Modules

NOTE: R&D-only Status (see above disclaimer)

Digital Signatures (single-party) [scriptless_zkp.ecc.signatures]

  • Schnorr Signatures on Elliptic Curves (ECC Schnorr) [scriptless_zkp.ecc.signatures.schnorr]
    • Supported elliptic curves: NIST P-256 (secp256r1), NIST P-384 (secp384r1), NIST P-521 (secp521r1)
  • Adaptor Signatures for ECC Schnorr (a.k.a. Verifiable Encrypted Signatures) [scriptless_zkp.ecc.signatures.adaptor_schnorr]
    • Supported elliptic curves: NIST P-256 (secp256r1), NIST P-384 (secp384r1), NIST P-521 (secp521r1)

Two-Party Digital Signatures [scriptless_zkp.ecc.signatures]

  • Two-Party ECC Schnorr Signatures [scriptless_zkp.ecc.signatures.two_party_schnorr]
    • Features verification via a joint public key & indistinguishability from single-party ECC Schnorr signatures.

Elliptic Curve Cryptography (ECC) [scriptless_zkp.ecc]

  • Support for prime-order elliptic curves (Weierstrass form) [scriptless_zkp.ecc.weierstrass_curves]
    • NIST P-256 (secp256r1), NIST P-384 (secp384r1), NIST P-521 (secp521r1)
  • Support derivation of effectively-independent ECC generator points [scriptless_zkp.ecc.generators]
    • Generation of elliptic curve generator points for which nobody knows the discrete logarithm w.r.t. the base point G.

Cryptographic Commitments (Elliptic Curve-based) [scriptless_zkp.ecc.commitments]

  • Pedersen Commitments (over Elliptic Curves) [scriptless_zkp.ecc.commitments.pedersen]

Cryptographic Commitments [scriptless_zkp.commitments]

  • HMAC-based & Blake2b-based Keyed-Hash Commitments [scriptless_zkp.commitments.hmac_commitments]

Homomorphic Encryption (HE) [scriptless_zkp.he]

  • Paillier (Additively) Homomorphic Encryption [scriptless_zkp.he.paillier]
    • Support for Paillier encryption, decryption, and homomorphic operations (addition, multiplication by a scalar).

Non-Interactive Zero-Knowledge (NIZK) Proofs (over Elliptic Curves) [scriptless_zkp.ecc.zkp]

  • NIZK Proofs of Knowledge (PoKs) of a Discrete Logarithm [scriptless_zkp.ecc.zkp.nizk_dlog_proof]
  • NIZK Proofs of Knowledge (PoKs) of Equal Discrete Logarithms [scriptless_zkp.ecc.zkp.nizk_equal_dlogs_proof]
  • ZK Proof-Commitments for NIZK Proofs of Knowledge (PoKs) of a Discrete Logarithm [scriptless_zkp.ecc.zkp.nizk_dlog_proof_commitments]
    • Combines an NIZK proof and a cryptographic commitment to the proof & its public parameters, which is useful in multi-party protocols involving ZK proofs (e.g., for ensuring correct protocol execution by each party).

Planned Future Work:

Cryptographic Commitments (ECC)

  • Pedersen Commitments (over Elliptic Curves)
  • Vector Pedersen Commitments (over Elliptic Curves)

Adaptor Signatures - ECC Schnorr

  • Adaptor Signatures for ECC Schnorr (single-party)
  • Two-Party Adaptor Signatures for ECC Schnorr

BIP-340 Compatible ECC Schnorr Signatures

  • Support BIP-340 (Bitcoin standard) compatible ECC Schnorr Signatures
    • Using the secp256k1 elliptic curve used by the Bitcoin & Ethereum blockchains, and incorporating specific Bitcoin BIP-340 standard domain separation tags into the various cryptographic hash operations.
  • Support BIP-340 compatible Two-Party ECC Schnorr Signatures

Adaptor Signatures - ECDSA

  • Prerequisites:
    • Paillier (Additively) Homomorphic Encryption
    • Zero-Knowledge Range Proofs (based on Y. Lindell's Paillier-based ZKP protocol (see: Appendix A))
  • Two-Party ECDSA Signatures (based on Y. Lindell's protocol)
  • Two-Party Adaptor Signatures for ECDSA

Two-Party Digital Signatures & Non-Interactive Zero-Knowledge (NIZK) Proofs

  • Revise Two-Party ECC Schnorr and NIZK PoKs of Discrete Log modules:
    • To support additional prime-order elliptic curves:
      • NIST P-384 (secp384r1)
      • NIST P-521 (secp521r1)

Blockchain-Agnostic Protocols

  • Prerequisites:
    • Verifiable Delay Functions (VDFs) and Verifiable Timed Discrete Logs (VTDs)
  • Universal Atomic Swaps (UAS) protocol (based on S.A. Thyagarajan, et al)

Secure Multi-Party Computation (MCP) protocols

  • Oblivious Transfer (OT)
  • Private Information Retrieval (PIR)