& its Applications
NSLab Final by 王褕立 b11902030
用密碼學保證抽獎函數的公平性
轉換為:
\(\Rightarrow\) Functional Commitment!
先假裝所有函數都可以變成 \(F_p\) 底下的算術函數
流程:
特別的,我們希望用 zk-SNARK 這個 scheme 保證:
例子:\(x = (a, b, c), f(a, b, c) = abc\)
\(a\)
\(b\)
\(c\)
\(\times\)
\(\times\)
\( = y\)
例子:\(x = (a, b, c), f(a, b, c) = abc\)
寫成 \(Ax \odot Bx = Cx\) 的型式
\(a\)
\(b\)
\(c\)
\(\times\)
\(\times\)
\( = y\)
\( = u\)
\(\begin{bmatrix}1 & 0 & 0 & 0 & 0 \end{bmatrix} x' \odot \begin{bmatrix}0 & 1 & 0 & 0 & 0 \end{bmatrix} x' = \begin{bmatrix}0 & 0 & 0 & 1 & 0 \end{bmatrix} x'\)
\(x' = \begin{bmatrix} a \\ b \\ c \\ u \\ y \end{bmatrix}\)
\(\begin{bmatrix}0 & 0 & 0 & 1 & 0 \end{bmatrix} x' \odot \begin{bmatrix}0 & 0 & 1 & 0 & 0 \end{bmatrix} x' = \begin{bmatrix}0 & 0 & 0 & 0 & 1 \end{bmatrix} x'\)
例子:\(x = (a, b, c), f(a, b, c) = abc\)
把 \(A, B, C\) 的 column 換成多項式????
\(\begin{bmatrix}1 & 0 & 0 & 0 & 0 \\ 0 & 0 & 0 & 1 & 0 \end{bmatrix} x' \odot \begin{bmatrix} 0 & 1 & 0 & 0 & 0 \\ 0 & 0 & 1 & 0 & 0 \end{bmatrix} x' = \begin{bmatrix}0 & 0 & 0 & 1 & 0 \\ 0 & 0 & 0 & 0 & 1 \end{bmatrix} x'\)
\(x' = \begin{bmatrix} a \\ b \\ c \\ u \\ y \end{bmatrix}\)
\(A_p^T(z) = \begin{bmatrix} 2 - z \\ 0 \\ 0 \\ z - 1 \\ 0 \end{bmatrix}\)
\(B_p^T(z) = \begin{bmatrix} 0 \\ 2 - z \\ z - 1 \\ 0 \\ 0 \end{bmatrix}\)
\(C_p^T(z) = \begin{bmatrix} 0 \\ 0 \\ 0 \\ 2 - z \\ z - 1 \end{bmatrix}\)
例子:\(x = (a, b, c), f(a, b, c) = abc\)
\(x' = \begin{bmatrix} a \\ b \\ c \\ u \\ y \end{bmatrix}\)
\(A_p^T(z) = \begin{bmatrix} 2 - z \\ 0 \\ 0 \\ z - 1 \\ 0 \end{bmatrix}\)
\(B_p^T(z) = \begin{bmatrix} 0 \\ 2 - z \\ z - 1 \\ 0 \\ 0 \end{bmatrix}\)
\(C_p^T(z) = \begin{bmatrix} 0 \\ 0 \\ 0 \\ 2 - z \\ z - 1 \end{bmatrix}\)
\(A_p x' \cdot B_p x' - C_p x' \equiv 0 \pmod{\prod_{i = 1}^{n} (z - i)}\)
這樣 WHP 兩邊相等 by Schwartz–Zippel lemma
\(A_p x' \cdot B_p x' - C_p x' \equiv 0 \pmod{\prod_{i = 1}^{n} (z - i)}\)
問題變成:
可以用 神祕密碼學方法 做到!
Idea:把 polynomial 移到 elliptic curve 上利用 descrete log 的難度做到 ZK,用 pairing 處理兩者相乘
Loot Box 的抽獎函數:
才沒有!
Bit operations
Code \(\rightarrow\) Arithmetic Function ?
對函數的假設
Basically see CNN as a function
與 Loot Box 不同:
(感謝仲楷分享這篇)
(感謝朗軒學長分享這篇)