layerxcom / zero-chain Goto Github PK
View Code? Open in Web Editor NEWA privacy-preserving blockchain on Substrate
Home Page: https://layerxcom.github.io/zerochain-book/
License: GNU General Public License v3.0
A privacy-preserving blockchain on Substrate
Home Page: https://layerxcom.github.io/zerochain-book/
License: GNU General Public License v3.0
zero-chain/pairing/src/tests/repr.rs
Lines 38 to 54 in 49eb9d1
got the following error.
thread 'bls12_381::fq::fq_repr_tests' panicked at 'assertion failed: `(left == right)`
left: `FqRepr([5457830654796382876, 14052294085650741142, 9037930377914938456, 17127803672399921366, 8651480755814397574, 10649476550251866400])`,
right: `FqRepr([10649476550251866400, 8651480755814397574, 17127803672399921366, 9037930377914938456, 14052294085650741142, 5457830654796382876])`', pairing/src/tests/repr.rs:53:13
note: Run with `RUST_BACKTRACE=1` environment variable to display a backtrace.
test bls12_381::fq::fq_repr_tests ... FAILED
Add low order checks to primitives at the time of reading from bytes to types.
Implement MiMC circuit in bellman.
Ensure the correct Subgroup for edwards::Point
The integration test that is reading proving_key and preapred_vk binary files, then proving and verifying is in core/proofs/src/prover.rs
.
zero-chain/proofs/src/prover.rs
Line 173 in 90ebbfe
zero-chain/bellman-verifier/src/lib.rs
Lines 68 to 96 in 9d712d9
Each of read
function should consume the reader data.
For simplicity, we should add the homomorphic encryption like ElGamal or lifted-ElGamal, paillier instead of pedersen commitment.
In order to decrypt the lifted-Elgamal encryption, it is needed to solve the discrete logarithm.
That is why the decryption is inefficiency. Needed to consider the bit length depending on computational times.
zero-chain/crypto/src/elgamal.rs
Lines 61 to 66 in 8cdf89f
OsRng
and ThereadRng
can not be used in wasm.We will use ChachaRng
for the entropy.
commitment root (anchor)
A treestate consists of a note commitment tree and a nullifier set. The nullifier set is always updated together with the note commitment tree.
The input treestate of each subsequent transaction in a block is the output treestate of the immediately preceding transaction.
Namely, an anchor is the output treestate of either a previous block, or a previous JoinSplit transfer in this transaction
nullifier
nullifier for the input note.
Note commitment:
note commitment for the output note.
public key
a key agreement public key, used to derive the key for encryption of the transmitted notes ciphertext.
random
a seed that must be chosen independently at random for each transactions.
tag
a tag that bind h_sig to each private key of the input notes
where h_sig = hash(random, nullifier, pubkey)
In order to avoid malleability.
zk proof
a zero knowledge proof
encrypted Note
ciphertext components for the encrypted output note.
primary input (public)
auxiliary inputs (private)
The test fails because the dummy_engine
is not implemented the from_affine()
for the test.
error logs
---- proof::tests::test_proof_into_from stdout ----
thread 'proof::tests::test_proof_into_from' panicked at 'not yet implemented', bellman-verifier/src/tests/dummy_engine.rs:400:9
note: Run with `RUST_BACKTRACE=1` for a backtrace.
zero-chain/primitives/src/proof.rs
Lines 94 to 106 in da32bd7
Temporary removed because the prepared_verification_key
can not read in bellman(std).
zero-chain/core/proofs/src/prover.rs
Lines 147 to 148 in 541f307
bellman = { git = "https://github.com/osuketh/bellman", branch = "wasm" }
pairing = { git = "https://github.com/sorpaas/pairing", default-features = false }
Ensure if it is needed to change public
to public(crate)
.
zero-chain/pairing/src/bls12_381/ec.rs
Lines 15 to 17 in 9d712d9
zero-chain/pairing/src/bls12_381/fq.rs
Line 701 in 9d712d9
But if these are changed, the test of bellman-verifier
would be failed because the proof is hard-coded, it cannot access as these fields are private out of the pairing
crate.
zero-chain/bellman-verifier/src/lib.rs
Lines 272 to 294 in 9d712d9
Add tests of primitives
https://github.com/LayerXcom/zero-chain/blob/master/proofs/src/primitives/mod.rs
Add the pending transfer.
In the confidential transfer function, add epoch_check, roll over pendings and update last_epoch.
pub fn confTransfer() {
RollOver(sender_addr)
RollOver(recipient_addr)
・・・
balances[sender_addr] += Enc(-value)
pending_transfer[recipient_addr] += Enc(value)
・・・
}
fn RollOver(addr) {
let H = block.number
let e = H/E
if lastRollOver[addr] < e:
Set balance[addr] += pending_transfer[addr]
Set pending_transfer[addr] = (1, 1)
Set lastRollOver[addr] = e
}
In the storage, Add pending_transfer_map and last_epoch_map
storage{
pending_transfer: map address => pending_value
last_epoch: map address => block_height
・・・
}
Ensure the difference between <Bls12>
and <JubjubBls12>
as a Engine.
Currently, the part of node-template
is outdated.
Needed update in order to build and run substrate's chain.
Gav said the version of node-template
would be freezed in a couple of weeks.
Ref:
https://github.com/paritytech/substrate/tree/master/node-template
update ECIES scheme to more efficiency and secure.
Implement the byte casted types of transaction components for substrate.
In order to send the own defined struct to substrate, needed to add attributes of Encode
, Decode
, Default
.
Need to be compatible with the signed data field between signing and verifying.
In unchecked_mortal_compact_extrinsic, the signature verification is implemented here.
https://github.com/paritytech/substrate/blob/1997487ec082f436e4c3279402d4528d67c861be/core/sr-primitives/src/generic/unchecked_mortal_compact_extrinsic.rs#L85-L96
In oo7, the signing scheme is implemented here.
https://github.com/paritytech/oo7/blob/79856e56658ad2b71115af5f682ac5d71a4f9ab3/packages/oo7-substrate/src/transact.js#L27-L42
map nullifier => hash(Note)
map hash(account) => encNote
Vec<u8> root of commitment tree
https://github.com/LayerXcom/zero-chain/blob/master/primitives/src/cm_encryption.rs
// Temporary use for enc/dec
use pcrypto::aes::{
encrypt_128_ctr,
decrypt_128_ctr
};
Update key agreement process for Ed25519 that is used in substrate key store.
I can not use below one because of lack of adopting Ed25519 algorithm, only X25519.
https://briansmith.org/rustdoc/ring/agreement/fn.agree_ephemeral.html
Here is the key exchange algorithm for Ed25519.
https://github.com/DaGenix/rust-crypto/blob/master/src/ed25519.rs#L132-L151
But I need to adopt for key generation of substrate.
Currently, there are not any overflow checking for the encrypted value. Add overflow checking or some restriction for the value.
zero-chain/crypto/src/elgamal.rs
Line 30 in e9a60f6
"Zerochain" would be a our public chain using Zframe.
https://github.com/LayerXcom/zero-chain/blob/master/primitives/src/cm_encryption.rs
let mut plaintext = vec![];
// TODO: Ensure the byteorder is correct
(&mut plaintext).write_u64::<LittleEndian>(self.value).unwrap();
(&mut plaintext).write_u64::<LittleEndian>(self.randomness).unwrap();
zero-chain/primitives/src/cm_encryption.rs
Line 111 in 0cbfe71
like
init: // each account has 100 unit at the time of initialization
- address0: 0xaa
- spending_key0: 0x4ab
- address1: 0xab
- spending_key1: 0x1c8
・・・
transfer 0xab<receiver> 10<amount> 0x4ab<spending_key>
- success
balance 0xaa<addr> 0x4ab<spending_key>
- 90
all_balances
- 0xaa => 0xdaf
- 0xab => 0xfa3
・・・
Inside the transfer
would be
transfer(sender, receiver, amount, sk) {
r,v = api::get_balance(sender) // GET
proof = prove() // embedded params
enc = encrypt()
tx = gen_tx()
runtime_api::execute_block() // POST
}
For getting the balances, needed decryption.
get_balance(addr) -> r, v {
enc = get_storage(addr, from_index)
p = dec(enc)
calc(p)
}
It makes simple to use std and no_std dependencies. It means it is enable to use same pairing and jubjub crates in both std and no_std environment.
Avoid using unwrap()
in https://github.com/LayerXcom/zero-chain/blob/master/primitives/src/cm_encryption.rs
Currently, the nonces are tied with each one-time signature verification key in the executive logic, so we need to get it tied with pkd_address (aka account id).
Output files of the setup parameters and then read the file for snark proving at the time of tx generation.
Refs:
It would be implemented in Rust and the interface of POST and GET would be in CLI.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.