📜 [專欄新文章] ZKP 與智能合約的開發入門
✍️ Johnson
📥 歡迎投稿: https://medium.com/taipei-ethereum-meetup #徵技術分享文 #使用心得 #教學文 #medium
這篇文章將以程式碼範例,說明 Zero Knowledge Proofs 與智能合約的結合,能夠為以太坊的生態系帶來什麼創新的應用。
本文為 Tornado Cash 研究系列的 Part 2,本系列以 tornado-core 為教材,學習開發 ZKP 的應用,另兩篇為:
Part 1:Merkle Tree in JavaScript
Part 3:Tornado Cash 實例解析
Special thanks to C.C. Liang for review and enlightenment.
近十年來最強大的密碼學科技可能就是零知識證明,或稱 zk-SNARKs (zero knowledge succinct arguments of knowledge)。
zk-SNARKs 可以將某個能得出特定結果 (output) 的計算過程 (computation),產出一個證明,而儘管計算過程可能非常耗時,這個證明卻可以快速的被驗證。
此外,零知識證明的額外特色是:你可以在不告訴對方輸入值 (input) 的情況下,證明你確實經過了某個計算過程並得到了結果。
上述來自 Vitalik’s An approximate introduction to how zk-SNARKs are possible 文章的首段,該文說是給具有 “medium level” 數學程度的人解釋 zk-SNARKs 的運作原理。(可惜我還是看不懂 QQ)
本文則是從零知識證明 (ZKP) 應用開發的角度,結合電路 (circuit) 與智能合約的程式碼來說明 ZKP 可以為既有的以太坊智能合約帶來什麼創新的突破。
基本上可以謹記兩點 ZKP 帶來的效果:
1. 擴容:鏈下計算的功能。
2. 隱私:隱藏秘密的功能。
WithoutZK.sol
首先,讓我們先來看一段沒有任何 ZKP 的智能合約:
這份合約的主軸在 process(),我們向它輸入一個秘密值 secret,經過一段計算過程後會與 answer 比對,如果驗證成功就會改寫變數 greeting 為 “answer to the ultimate question of life, the universe, and everything”。
Computation
而計算過程是一個簡單的函式:f(x) = x**2 + 6。
我們可以輕易推出秘密就是 42。
這個計算過程有很多可能的輸入值 (input) 與輸出值 (output):
f(2) = 10
f(3) = 15
f(4) = 22
…
但是能通過驗證的只有當輸出值和我們存放在合約的資料 answer 一樣時,才會驗證成功,並執行 process 的動作。
可以看到有一個 calculate 函式,說明這份合約在鏈上進行的計算,以及 process 需要輸入參數 _secret,而我們知道合約上所有交易都是公開的,所以這個 _secret 可以輕易在 etherscan 上被看到。
從這個簡單的合約中我們看到 ZKP 可以解決的兩個痛點:鏈下計算與隱藏秘密。
Circuits
接下來我們就改寫這份合約,加入 ZKP 的電路語言 circom,使用者就能用他的 secret 在鏈下進行計算後產生一個 proof,這 proof 就不會揭露有關 secret 的資訊,同時證明了當 secret 丟入 f(x) = x**2 + 6 的計算過程後會得出 1770 的結果 (output),把這個 proof 丟入 process 的參數中,經過 Verifier 的驗證即可執行 process 的內容。
有關電路 circuits 的環境配置,可以參考 ZKP Hello World,這裡我們就先跳過去,直接來看 circom 的程式碼:
template Square() { signal input in; signal output out; out <== in * in;}template Add() { signal input in; signal output out; out <== in + 6;}template Calculator() { signal private input secret; signal output out; component square = Square(); component add = Add(); square.in <== secret; add.in <== square.out; out <== add.out;}component main = Calculator();
這段就是 f(x) = x**2 + 6 在 circom 上的寫法,可能需要時間去感受一下。
ZK.sol
circom 寫好後,可以產生一個 Verifier.sol 的合約,這個合約會有一個函式 verifyProof,於是我們把上方的合約改寫成使用 ZKP 的樣子:
我們可以發現 ZK 合約少了 calculate 函式,顯然 f(x) = x**2 + 6 已經被我們寫到電路上了。
snarkjs
產生證明的程式碼以 javascript 寫成如下:
let { proof, publicSignals } = await groth16.fullProve(input, wasmPath, zkeyPath);
於是提交 proof 給合約,完成驗證,達到所謂鏈下計算的功能。
最後讓我們完整看一段 javascript 的單元測試,使用 snarkjs 來產生證明,對合約的 process 進行測試:
對合約來說, secret = 42 是完全不知情的,因此隱藏了秘密。
publicSignals
之前不太清楚 publicSignals 的用意,因此在這裡特別說明一下。
基本上在產生證明的同時,也會隨帶產生這個 circom 所有的 public 值,也就是 publicSignals,如下:
let { proof, publicSignals } = await groth16.fullProve(input, wasmPath, zkeyPath);
在我們的例子中 publicSignals 只有一個,就是 1770。
而 verifyProof 要輸入的參數除了 proof 之外,也要填入 public 值,簡單來說會是:
const isValid = verifyProof(proof, publicSignals);
問題來了,我們在設計應用邏輯時,當使用者要提交參數進行驗證的時候,publicSignals 會是由「使用者」填入嗎?或者是說,儘管是使用者填入,那它需不需要先經過檢查,才可以填入 verifyProof?
關鍵在於我們的合約上存有一筆資料:answer = 1770
回頭看合約上的 process 在進行 verifyProof 之前,必須要檢查 isAnswer(publicSignals[0]):
想想要是沒有檢查 isAnswer,這份合約會發生什麼事情?
我們的應用邏輯就會變得毫無意義,因為少了要驗證的答案,就只是完成計算 f(42) = 1770,那麼不論是 f(1) = 7 或 f(2) = 10,使用者都可以自己產生證明與結果,自己把 proof 和 publicSignals 填入 verifyProof 的參數中,都會通過驗證。
至此可以看出,ZKP 只有把「計算過程」抽離到鏈下的電路,計算後的結果仍需要與鏈上既有的資料進行比對與確認後,才能算是有效的應用 ZKP。
應用邏輯的開發
本文主要談到的是 zk-SNARKs 上層應用邏輯的開發,關於 ZKP 的底層邏輯如上述使用的 groth16 或其他如 plonk 是本文打算忽略掉的部分。
從上述的例子可以看到,即使我們努力用 circom 實作藏住 secret,但由於計算過程太過簡單,只有 f(x) = x**2+6,輕易就能從 answer 反推出我們的 secret 是 42,因此在應用邏輯的開發上,也必須注意 circom 的設計可能出了問題,導致私密訊息容易外洩,那儘管使用再強的 ZKP 底層邏輯,在應用邏輯上有漏洞,也沒辦法達到隱藏秘密的效果。
此外,在看 circom 的程式碼時,可以關注最後一個 template 的 private 與 public 值分別是什麼。以本文的 Calculator 為例,private 值有 secret,public 值有 out。
另外補充:
如果有個 signal input 但它不是 private input,就會被歸類為 public。
一個 circuit 至少會有一個 public,因為計算過程一定會有一個結果。
最後,在開發的過程中我會用 javascript 先實作計算過程,也可以順便產出 input.json,然後再用 circom 語言把計算過程實現,產生 proof 和 public 後,再去對照所有 public 值和 private 值,確認是不是符合電路計算後所要的結果,也就是比較 javascript 算出來的和 circom 算出來的一不一樣,如果不一樣就能確定程式碼是有 bug 的。
參考範例:https://github.com/chnejohnson/circom-playground
總結
本文的程式碼展現 ZKP 可以做到鏈下計算與隱藏秘密的功能,在真實專案中,可想而知電路的計算過程不會這麼單純。
會出現在真實專案中的計算像是 hash function,複雜一點會加入 Merkle Tree,或是電子簽章 EdDSA,於是就能產生更完整的應用如 Layer 2 擴容方案之一的 ZK Rollup,或是做到匿名交易的 Tornado Cash。
本文原始碼:https://github.com/chnejohnson/mini-zkp
下篇文章就來分享 Tornado Cash 是如何利用 ZKP 達成匿名交易的!
參考資料
概念介紹
Cryptography Playground
zk-SNARKs-Explainer
神奇的零知識證明!既能保守秘密,又讓別人信你!
認識零知識證明 — COSCUP 2019 | Youtube
應用零知識證明 — COSCUP 2020 | Youtube
ZK Rollup
動手實做零知識 — circom — Kimi
ZK-Rollup 开发经验分享 Part I — Fluidex
ZkRollup Tutorial
ZK Rollup & Optimistic Rollup — Kimi Wu | Medium
Circom
circom/TUTORIAL.md at master · iden3/circom · GitHub
ZKP Hello World
其他
深入瞭解 zk-SNARKs
瞭解神秘的 ZK-STARKs
zk-SNARKs和zk-STARKs解釋 | Binance Academy
[ZKP 讀書會] MACI
Semaphore
Zero-knowledge Virtual Machines, the Polaris License, and Vendor Lock-in | by Koh Wei Jie
Introduction & Evolution of ZK Ecosystem — YouTube
The Limitations of Privacy — Barry Whitehat — YouTube
Introduction to Zero Knowledge Proofs — Elena Nadolinski
ZKP 與智能合約的開發入門 was originally published in Taipei Ethereum Meetup on Medium, where people are continuing the conversation by highlighting and responding to this story.
👏 歡迎轉載分享鼓掌
同時也有21部Youtube影片,追蹤數超過39萬的網紅The Official Chris Leong,也在其Youtube影片中提到,Asalammualaikum , tonight ADMAL will be mentioned in our local news at TV-ALHIJRAH News at 8.00 pm channel 114. ? 20/1/21 Don't forget to watch tonig...
「private license」的推薦目錄:
- 關於private license 在 Taipei Ethereum Meetup Facebook 的最佳貼文
- 關於private license 在 唐家婕 - Jane Tang Facebook 的精選貼文
- 關於private license 在 Chris Leong Facebook 的最佳解答
- 關於private license 在 The Official Chris Leong Youtube 的最佳解答
- 關於private license 在 The Official Chris Leong Youtube 的精選貼文
- 關於private license 在 李根興 Edwin商舖創業及投資分享 Youtube 的最讚貼文
private license 在 唐家婕 - Jane Tang Facebook 的精選貼文
Breaking‼️
美東時間1月5日傍晚,川普以國家安全為由,用行政命令方式禁止阿里支付寶、微信支付、QQ錢包在內的8款中國應用程式(App)。
行政命令發佈後45天,禁止任何人與實體與這8款中國應用程式(App)進行交易。
按照日程,美國下任政府將在15天後,1月20日上任。
—
美國商務部長在同一時間發聲明表示,已指示商務部按行政命令執行禁令,「支持川普總統保護美國人民隱私與安全,免於受到中國共產黨的威脅。」
—
▫️8款App:
支付寶(Alipay)、掃描全能王(CamScanner)、QQ錢包(QQ Wallet)、茄子快傳(SHAREit)、騰訊QQ(Tencent QQ)、阿里巴巴旗下海外短視頻應用VMate、微信支付(WeChat Pay)和辦公型App WPS Office。
圖三:美國商務部聲明
圖四:美國國安顧問聲明
—
▫️白宮行政命令全文:
The White House
Office of the Press Secretary
FOR IMMEDIATE RELEASE
January 5, 2021
EXECUTIVE ORDER
- - - - - - -
ADDRESSING THE THREAT POSED BY APPLICATIONS AND OTHER SOFTWARE DEVELOPED OR CONTROLLED BY CHINESE COMPANIES
By the authority vested in me as President by the Constitution and the laws of the United States of America, including the International Emergency Economic Powers Act (50 U.S.C. 1701 et seq.) (IEEPA), the National Emergencies Act (50 U.S.C. 1601 et seq.), and section 301 of title 3, United States Code,
I, DONALD J. TRUMP, President of the United States of America, find that additional steps must be taken to deal with the national emergency with respect to the information and communications technology and services supply chain declared in Executive Order 13873 of May 15, 2019 (Securing the Information and Communications Technology and Services Supply Chain). Specifically, the pace and pervasiveness of the spread in the United States of certain connected mobile and desktop applications and other software developed or controlled by persons in the People's Republic of China, to include Hong Kong and Macau (China), continue to threaten the national security, foreign policy, and economy of the United States. At this time, action must be taken to address the threat posed by these Chinese connected software applications.
By accessing personal electronic devices such as smartphones, tablets, and computers, Chinese connected software applications can access and capture vast swaths of information from users, including sensitive personally identifiable information and private information. This data collection threatens to provide the Government of the People's Republic of China (PRC) and the Chinese Communist Party (CCP) with access to Americans' personal and proprietary information -- which would permit China to track the locations of Federal employees and contractors, and build dossiers of personal information.
The continuing activity of the PRC and the CCP to steal or otherwise obtain United States persons' data makes clear that there is an intent to use bulk data collection to advance China's economic and national security agenda. For example, the 2014 cyber intrusions of the Office of Personnel Management of security clearance records of more than 21 million people were orchestrated by Chinese agents. In 2015, a Chinese hacking group breached the United States health insurance company Anthem, affecting more than 78 million Americans. And the Department of Justice indicted members of the Chinese military for the 2017 Equifax cyber intrusion that compromised the personal information of almost half of all Americans.
In light of these risks, many executive departments and agencies (agencies) have prohibited the use of Chinese connected software applications and other dangerous software on Federal Government computers and mobile phones. These prohibitions, however, are not enough given the nature of the threat from Chinese connected software applications. In fact, the Government of India has banned the use of more than 200 Chinese connected software applications throughout the country; in a statement, India's Ministry of Electronics and Information Technology asserted that the applications were "stealing and surreptitiously transmitting users' data in an unauthorized manner to servers which have locations outside India."
The United States has assessed that a number of Chinese connected software applications automatically capture vast swaths of information from millions of users in the United States, including sensitive personally identifiable information and private information, which would allow the PRC and CCP access to Americans' personal and proprietary information.
The United States must take aggressive action against those who develop or control Chinese connected software applications to protect our national security.
Accordingly, I hereby order:
Section 1. (a) The following actions shall be prohibited beginning 45 days after the date of this order, to the extent permitted under applicable law: any transaction by any person, or with respect to any property, subject to the jurisdiction of the United States, with persons that develop or control the following Chinese connected software applications, or with their subsidiaries, as those transactions and persons are identified by the Secretary of Commerce (Secretary) under subsection (e) of this section: Alipay, CamScanner, QQ Wallet, SHAREit, Tencent QQ, VMate, WeChat Pay, and WPS Office.
(b) The Secretary is directed to continue to evaluate Chinese connected software applications that may pose an unacceptable risk to the national security, foreign policy, or economy of the United States, and to take appropriate action in accordance with Executive Order 13873.
(c) Not later than 45 days after the date of this order, the Secretary, in consultation with the Attorney General and the Director of National Intelligence, shall provide a report to the Assistant to the President for National Security Affairs with recommendations to prevent the sale or transfer of United States user data to, or access of such data by, foreign adversaries, including through the establishment of regulations and policies to identify, control, and license the export of such data.
(d) The prohibitions in subsection (a) of this section apply except to the extent provided by statutes, or in regulations, orders, directives, or licenses that may be issued pursuant to this order, and notwithstanding any contract entered into or any license or permit granted before the date of this order.
(e) Not earlier than 45 days after the date of this order, the Secretary shall identify the transactions and persons that develop or control the Chinese connected software applications subject to subsection (a) of this section.
Sec. 2. (a) Any transaction by a United States person or within the United States that evades or avoids, has the purpose of evading or avoiding, causes a violation of, or attempts to violate the prohibition set forth in this order is prohibited.
(b) Any conspiracy formed to violate any of the prohibitions set forth in this order is prohibited.
Sec. 3. For the purposes of this order:
(a) the term "connected software application" means software, a software program, or group of software programs, designed to be used by an end user on an end-point computing device and designed to collect, process, or transmit data via the Internet as an integral part of its functionality.
(b) the term "entity" means a government or instrumentality of such government, partnership, association, trust, joint venture, corporation, group, subgroup, or other organization, including an international organization;
(c) the term "person" means an individual or entity;
(d) the term "personally identifiable information" (PII) is information that, when used alone or with other relevant data, can identify an individual. PII may contain direct identifiers (e.g., passport information) that can identify a person uniquely, or quasi-identifiers (e.g., race) that can be combined with other quasi-identifiers (e.g., date of birth) to successfully recognize an individual.
(e) the term "United States person" means any United States citizen, permanent resident alien, entity organized under the laws of the United States or any jurisdiction within the United States (including foreign branches), or any person in the United States.
Sec. 4. (a) The Secretary, in consultation with the Secretary of the Treasury and the Attorney General, is hereby authorized to take such actions, including adopting rules and regulations, and to employ all powers granted to me by IEEPA, as may be necessary to implement this order. All agencies shall take all appropriate measures within their authority to implement this order.
(b) The heads of agencies shall provide, in their discretion and to the extent permitted by law, such resources, information, and assistance to the Department of Commerce as required to implement this order, including the assignment of staff to the Department of Commerce to perform the duties described in this order.
Sec. 5. Severability. If any provision of this order, or the application of any provision to any person or circumstance, is held to be invalid, the remainder of this order and the application of its other provisions to any other persons or circumstances shall not be affected thereby.
Sec. 6. General Provisions. (a) Nothing in this order shall be construed to impair or otherwise affect:
(i) the authority granted by law to an executive department, agency, or the head thereof; or
(ii) the functions of the Director of the Office of Management and Budget relating to budgetary, administrative, or legislative proposals.
(b) This order shall be implemented consistent with applicable law and subject to the availability of appropriations.
(c) This order is not intended to, and does not, create any right or benefit, substantive or procedural, enforceable at law or in equity by any party against the United States, its departments, agencies, or entities, its officers, employees, or agents, or any other person.
DONALD J. TRUMP
THE WHITE HOUSE,
January 5, 2021.
private license 在 Chris Leong Facebook 的最佳解答
My first lesson ... in Private Pilot’s License...
private license 在 The Official Chris Leong Youtube 的最佳解答
Asalammualaikum , tonight ADMAL will be mentioned in our local news at TV-ALHIJRAH News at 8.00 pm channel 114. ? 20/1/21
Don't forget to watch tonights ?????
AVIATOR’S CAMP IS BACK! ??✈️??✈️ .
Grab this one in a life-time opportunity to be apart of our #ADviators family . Come and join us to experience a extravagant and magnificent world of aviation . ? . ✈️ AVIATOR's CAMP is custom-made for SPM 2020 to all Aviation enthusiasts and whoever interested to know about aviation, the aim is to expose the students to Aviation industry, career paths, industry hangar and airports, interactions with real aircrafts even a flight simulator experience and the chance to fly with our very OWN aircraft !!! ✈️ .
Registration is now open!! redirect to our website www.admal.edu.my/admissions and click AVC CAMP 2021 or contact one of our staff .
Your horizon to aviation !!! ✈️
Call our team for further details :
011-1144 9786 (Mr.Adam)
017-697 7026 (Mr. Badrun)
012-928 7334 (Mr. Nabil)
010-655 2341 (Mr. Saiful)
018-312 3044 (Miss Effa)
#ADviators #aviationlife #privatepilotlicense #aircraftengineer #aviationbusiness #groundoperationservices #admalaviationcollege #camping #familiarization #nilai #sepang #engineer #pilot #cabincrew
private license 在 The Official Chris Leong Youtube 的精選貼文
Interview at ADMAL Aviation College 20/01/2021
?❤??????❤??
For Private/ Corporate Event, Exchange Program Event or Ambassador Health Seminar, kindly WhatsApp CLM Holding: https://wa.me/60163491368
CLM Tit Tar in Malaysia Kuala Lumpur
Careline number:
+603-2935 9983
CLM International
?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??
#masterchrisleong #chrisleong #datoserichrisleong #bonesetting #tittar #tabibtulang #clm #clmethod #midvalley #sunwaydamasara #setiaalam #sripetaling #ampang #bone #tulang #梁润江 #跌打 #师父 #鐵打 #师傅
private license 在 李根興 Edwin商舖創業及投資分享 Youtube 的最讚貼文
第2053成交,感覺7分。觀塘康寧道56號地下及入則閣 (storage, 偷雞坐人),建築面積地舖800呎,加閣樓700呎,譚仔雲南米線,租金98000,成交約3600萬,賣公司,3.3%回報。簽約日期2020年11月12日。
原業主於2008年6月用1378萬買入。 2004年也成交過一次是980萬。
這條康寧道是斜路,此舖已經屬於較高的位置,近輔仁街,但這個舖形四正,有入則閣,門面好闊, 前面又可以停車 ,3600萬買公司,可以慳返厘印費8.3%,回報又高,感覺唔錯。 這間舖在坊間已經放盤了好耐。
觀塘冇平舖,如果這間舖放了落物華街,差約15個舖位,貴一倍。放在對面通明街,全部車房,平一半。感覺7分位。
【買公司要小心「空中釘」】當上一堂行內知識 ?
這間康寧道56號舖,原業主於2009年6月曾經向財務公司加按, 代表業主於金融海嘯期間 ,曾經有財務問題。
買公司的話,你要留意,如果公司已經成立了十幾年,好多時稅務或帳目會唔清楚。 也有好大的隱藏負債風險。
如果原業主有心玩嘢,佢在坊間的財務公司或過澳門賭場借錢,用物業作抵押。 但要求財仔唔好註上土地註冊處, 財仔往往為了競爭,都願意答應人客唔註上去, 最緊要利息夠高。 唔還錢,出事的時候,才馬上「釘」上去 Land Search, claim first right。 這個叫做「空中釘」??
這些隱藏負債, 話到明是隱藏 ,下手買家是 check 唔到的。萬一錢買家就過了數給賣家,買入公司股份,才發現公司的物業資產按了給財仔的話,買家想追討上一手還錢,可能上手業主已經人間消失。 因此如果你見到跳樓貨,平賣公司的話,你要好小心。
因此買入公司的話,you have to full pay。銀行是不會願意 承擔按揭的, 因為銀行都唔知道公司的帳目有什麼隱藏負債, 問新的買家也唔清楚,銀行最怕這些風險。
當然我不是指這間康寧道舖有問題, 我只想和你分享買入一間有限公司有十多年歷史的話, 我不清楚背後的故事,我就會比較避忌。 除非原業主是有「朵」,唔會走數,否則我會打個折。
點都好, 只睇表面證供,這間舖 is a good shop. 恭喜買家! 李根興 Edwin
P.S. 我清楚,因為我屋企人做全世界最好的財務公司,叫做「康業信貸快遞」, 全香港物業按揭 (Money Lender License 按宗數)市佔率,they are No. 1 ?? Proud of my family. 我有個好哥哥,叻過我十倍 ??
。。。。。
如果你想收到我即時最貼市或唔方便公開講的舖市資訊,可whatsapp 我 (+852)90361143 。我可加你入 《李根興「堅堅流流」商舖資訊》 private message list。
我無心造謠言,只是每日我聽到的「八八卦卦」商舖資訊。?
李根興 Edwin