Skip to content

Latest commit

 

History

History
162 lines (109 loc) · 5.12 KB

README.rst

File metadata and controls

162 lines (109 loc) · 5.12 KB

zksk

Build status Documentation status Test coverage MIT License Paper on arXiv

Zero-Knowledge Swiss Knife: Python library for prototyping composable zero-knowledge proofs in the discrete-log setting.


Let's say Peggy commits to a secret bit and wants to prove to Victor in zero knowledge that she knows this bit—that is, without revealing it. In Camenisch-Stadler notation, we can write:

PK{ (r): (C = rH) ∨ (C - G = rH) }

To implement this zero-knowledge proof, Peggy will run:

from zksk import Secret, DLRep
from zksk import utils

# Setup: Peggy and Victor agree on two group generators.
G, H = utils.make_generators(num=2, seed=42)
# Setup: generate a secret randomizer.
r = Secret(utils.get_random_num(bits=128))

# This is Peggy's secret bit.
top_secret_bit = 1

# A Pedersen commitment to the secret bit.
C = top_secret_bit * G + r.value * H

# Peggy's definition of the proof statement, and proof generation.
# (The first or-clause corresponds to the secret value 0, and the second to the value 1. Because
# the real value of the bit is 1, the clause that corresponds to zero is marked as simulated.)
stmt = DLRep(C, r * H, simulated=True) | DLRep(C - G, r * H)
zk_proof = stmt.prove()

Victor will receive the commitment C and zk_proof from Peggy, and run this to verify the proof:

from zksk import Secret, DLRep

# Setup: get the agreed group generators.
G, H = utils.make_generators(num=2, seed=42)
# Setup: define a randomizer with an unknown value.
r = Secret()

stmt = DLRep(C, r * H) | DLRep(C - G, r * H)
assert stmt.verify(zk_proof)

Victor is now convinced that Peggy knows the committed bit.


Documentation and materials

Docs https://zksk.readthedocs.io
Academic paper https://arxiv.org/abs/1911.02459 — theoretical details

> Warning. Please don't use this software for anything mission-critical. It is designed for quick protyping of privacy-enhancing technologies, not production use.


Getting started

You need to have Python 3.6 or higher to use zksk. The library is tested and supported on Debian-based systems. Mac support is not guaranteed.

You can install zksk using pip:

pip install git+https://github.com/spring-epfl/zksk

To make sure everything is in order, you can run unit tests. For that, install the dev version of the package:

pip install "git+https://github.com/spring-epfl/zksk#egg=zksk[dev]"

Then, run the tests with pytest:

pytest

Contributing

See the contributing document.

Citing

If you use zksk in your research, please cite like this:

@inproceedings{LueksKFBT19,
  author    = {Wouter Lueks and
               Bogdan Kulynych and
               Jules Fasquelle and
               Simon Le Bail{-}Collet and
               Carmela Troncoso},
  title     = {zksk: {A} Library for Composable Zero-Knowledge Proofs},
  booktitle = {Proceedings of the 18th {ACM} Workshop on Privacy in the Electronic
               Society ({WPES@CCS})},
  pages     = {50--54},
  year      = {2019},
}