Flesh out the ZKP section

Question

Flesh out the ZKP section

Closed this issue 4 years ago · 3 comments

When I raised the question on IRC, I was wondering specifically if folks had more thoughts on the zkp part of your proposal. The usual bitcoin ZKCP example that gets thrown around is the pay-for-sudoku-solution and that was a nontrivial amount of work. I'm unclear of how much work this particular ZK proof would be. It seems like a fairly mechanical "shape" of proof, but I don't have a good sense for how much data would be involved.

Answer 1 · 2017-12-31T12:14:20.000Z

I need to do more research to figure out how to create the proof zkp[it exists s: h = HASH(s) and a = XMRAddress(s)]. My first thought is to use zkSNARK, but I need to find a way to express the NP statement.

Answer 2 · 2018-11-28T16:20:57.000Z

I've updated the protocol but zero-knowledge proofs are the same. I started looking more in depth into Bulletproofs zkp, as zkSNARK they can prove arbitrary arithmetic circuits and so pre-image + range proofs. And that what is needed.

I'm interested especially in the Rust implementation by dalek-cryptography (https://github.com/dalek-cryptography/bulletproofs).

Answer 3 · 2020-07-22T13:34:27.000Z

As a recent research funding I had the possibility to work again on the protocol and after reading and discussing with the Monero Research Lab I discovered new techniques to achieve the same result without generic zero-knowledge proof circuits, the result is now merged on master if you want to have a look!

More will be published soon about the research results