layerxcom / zero-chain Goto Github PK
View Code? Open in Web Editor NEWA privacy-preserving blockchain on Substrate
Home Page: https://layerxcom.github.io/zerochain-book/
License: GNU General Public License v3.0
zero-chain's Issues
Avoid using incorrect `rng` traits in wasm
OsRng and ThereadRng can not be used in wasm.We will use ChachaRng for the entropy.
Apply to the bullet proofs
Add tests of primitives
Add tests of primitives
https://github.com/LayerXcom/zero-chain/blob/master/proofs/src/primitives/mod.rs
Add test for note.rs
Use travis CI with wasm files in gitignore
Change AES to MiMC
https://github.com/LayerXcom/zero-chain/blob/master/primitives/src/cm_encryption.rs
// Temporary use for enc/dec
use pcrypto::aes::{
encrypt_128_ctr,
decrypt_128_ctr
};
Applying the self-defined origin/AccountID
Fix key agreement
Update key agreement process for Ed25519 that is used in substrate key store.
I can not use below one because of lack of adopting Ed25519 algorithm, only X25519.
https://briansmith.org/rustdoc/ring/agreement/fn.agree_ephemeral.html
Here is the key exchange algorithm for Ed25519.
https://github.com/DaGenix/rust-crypto/blob/master/src/ed25519.rs#L132-L151
But I need to adopt for key generation of substrate.
Avoid iterative setups for zkps
Output files of the setup parameters and then read the file for snark proving at the time of tx generation.
Refs:
Apply no_std mode
Update ECIES scheme
update ECIES scheme to more efficiency and secure.
For wasm, add to zero-chain-proofs
bellman = { git = "https://github.com/osuketh/bellman", branch = "wasm" }
pairing = { git = "https://github.com/sorpaas/pairing", default-features = false }
Ensure if the public attributes are safe in pairing
Ensure if it is needed to change public to public(crate).
zero-chain/pairing/src/bls12_381/ec.rs
Lines 15 to 17 in 9d712d9
zero-chain/pairing/src/bls12_381/fq.rs
Line 701 in 9d712d9
But if these are changed, the test of bellman-verifier would be failed because the proof is hard-coded, it cannot access as these fields are private out of the pairing crate.
zero-chain/bellman-verifier/src/lib.rs
Lines 272 to 294 in 9d712d9
Integrate own constants for primitives
Add error handling for cm_encryption
Avoid using unwrap() in https://github.com/LayerXcom/zero-chain/blob/master/primitives/src/cm_encryption.rs
Consider the bit length of ElGamal-encrypted value
In order to decrypt the lifted-Elgamal encryption, it is needed to solve the discrete logarithm.
That is why the decryption is inefficiency. Needed to consider the bit length depending on computational times.
zero-chain/crypto/src/elgamal.rs
Lines 61 to 66 in 8cdf89f
Re-added proof verification in proving function
Temporary removed because the prepared_verification_key can not read in bellman(std).
zero-chain/core/proofs/src/prover.rs
Lines 147 to 148 in 541f307
Protect front running attacks
Add the pending transfer.
In the confidential transfer function, add epoch_check, roll over pendings and update last_epoch.
pub fn confTransfer() {
RollOver(sender_addr)
RollOver(recipient_addr)
・・・
balances[sender_addr] += Enc(-value)
pending_transfer[recipient_addr] += Enc(value)
・・・
}
fn RollOver(addr) {
let H = block.number
let e = H/E
if lastRollOver[addr] < e:
Set balance[addr] += pending_transfer[addr]
Set pending_transfer[addr] = (1, 1)
Set lastRollOver[addr] = e
}
In the storage, Add pending_transfer_map and last_epoch_map
storage{
pending_transfer: map address => pending_value
last_epoch: map address => block_height
・・・
}
Apply wasm for the web wallet
Implement the lifted-ElGamal decryption algorithm out of circuit
[Part 1] Define parameters of confidential transfers and inputs of zk proof
parameters of confidential transfers
-
commitment root (anchor)
A treestate consists of a note commitment tree and a nullifier set. The nullifier set is always updated together with the note commitment tree.
The input treestate of each subsequent transaction in a block is the output treestate of the immediately preceding transaction.
Namely, an anchor is the output treestate of either a previous block, or a previous JoinSplit transfer in this transaction -
nullifier
nullifier for the input note. -
Note commitment:
note commitment for the output note. -
public key
a key agreement public key, used to derive the key for encryption of the transmitted notes ciphertext. -
random
a seed that must be chosen independently at random for each transactions. -
tag
a tag that bind h_sig to each private key of the input notes
where h_sig = hash(random, nullifier, pubkey)
In order to avoid malleability. -
zk proof
a zero knowledge proof -
encrypted Note
ciphertext components for the encrypted output note.
inputs of zk proof
primary input (public)
- commitment root
- nullifier
- Note commitment
- h_sig
- tag
auxiliary inputs (private)
- merkle path
- position
- Note_old
- Note_new
- private key
- phi (for uniquness of rho)
- merkle path enforcement
Add MiMC circuit
Implement MiMC circuit in bellman.
Add overflow checking for the encrypted value
Currently, there are not any overflow checking for the encrypted value. Add overflow checking or some restriction for the value.
zero-chain/crypto/src/elgamal.rs
Line 30 in e9a60f6
Implement CLI
like
init: // each account has 100 unit at the time of initialization
- address0: 0xaa
- spending_key0: 0x4ab
- address1: 0xab
- spending_key1: 0x1c8
・・・
transfer 0xab<receiver> 10<amount> 0x4ab<spending_key>
- success
balance 0xaa<addr> 0x4ab<spending_key>
- 90
all_balances
- 0xaa => 0xdaf
- 0xab => 0xfa3
・・・
Inside the transfer would be
transfer(sender, receiver, amount, sk) {
r,v = api::get_balance(sender) // GET
proof = prove() // embedded params
enc = encrypt()
tx = gen_tx()
runtime_api::execute_block() // POST
}
For getting the balances, needed decryption.
get_balance(addr) -> r, v {
enc = get_storage(addr, from_index)
p = dec(enc)
calc(p)
}
Add attributes for structs
In order to send the own defined struct to substrate, needed to add attributes of Encode, Decode, Default.
Implement the homomorphic encryption in circuit
For simplicity, we should add the homomorphic encryption like ElGamal or lifted-ElGamal, paillier instead of pedersen commitment.
`<Bls12>` and `<JubjubBls12>`
Ensure the difference between <Bls12> and <JubjubBls12> as a Engine.
To be compatible with the ethereum smart contracts
Add ECIES for encryption and decryption Note
Fix the test of zk_proof byte-cast.
The test fails because the dummy_engine is not implemented the from_affine() for the test.
error logs
---- proof::tests::test_proof_into_from stdout ----
thread 'proof::tests::test_proof_into_from' panicked at 'not yet implemented', bellman-verifier/src/tests/dummy_engine.rs:400:9
note: Run with `RUST_BACKTRACE=1` for a backtrace.
zero-chain/primitives/src/proof.rs
Lines 94 to 106 in da32bd7
Fix the variable name of `ExpandedSpendingKey` to `ExtendedSpendingKey`
Ensure preventing from small subgroup attacks
Add low order checks to primitives
Add low order checks to primitives at the time of reading from bytes to types.
Add jubjbubls12 params as aglobal variable into UI
Ensure the byteorder is correct
https://github.com/LayerXcom/zero-chain/blob/master/primitives/src/cm_encryption.rs
let mut plaintext = vec![];
// TODO: Ensure the byteorder is correct
(&mut plaintext).write_u64::<LittleEndian>(self.value).unwrap();
(&mut plaintext).write_u64::<LittleEndian>(self.randomness).unwrap();
`<,Unknown>` and `<,PrimeOrder>
Ensure the correct Subgroup for edwards::Point
Make correct sig hash for the compatibility with substrate
Need to be compatible with the signed data field between signing and verifying.
In unchecked_mortal_compact_extrinsic, the signature verification is implemented here.
https://github.com/paritytech/substrate/blob/1997487ec082f436e4c3279402d4528d67c861be/core/sr-primitives/src/generic/unchecked_mortal_compact_extrinsic.rs#L85-L96
In oo7, the signing scheme is implemented here.
https://github.com/paritytech/oo7/blob/79856e56658ad2b71115af5f682ac5d71a4f9ab3/packages/oo7-substrate/src/transact.js#L27-L42
Implement decryption for `Ciphertext`
zero-chain/primitives/src/cm_encryption.rs
Line 111 in 0cbfe71
Fix something wrong with the pairing test for a swap of the endian
zero-chain/pairing/src/tests/repr.rs
Lines 38 to 54 in 49eb9d1
got the following error.
thread 'bls12_381::fq::fq_repr_tests' panicked at 'assertion failed: `(left == right)`
left: `FqRepr([5457830654796382876, 14052294085650741142, 9037930377914938456, 17127803672399921366, 8651480755814397574, 10649476550251866400])`,
right: `FqRepr([10649476550251866400, 8651480755814397574, 17127803672399921366, 9037930377914938456, 14052294085650741142, 5457830654796382876])`', pairing/src/tests/repr.rs:53:13
note: Run with `RUST_BACKTRACE=1` environment variable to display a backtrace.
test bls12_381::fq::fq_repr_tests ... FAILED
"Zframe" as a privacy oriented blockchain framework
"Zerochain" would be a our public chain using Zframe.
Add appropriate storage in SRML
map nullifier => hash(Note)
map hash(account) => encNote
Vec<u8> root of commitment tree
Add byte casts for transaction components
Implement the byte casted types of transaction components for substrate.
Move nonce_increment logic from `executive` to `conf_transfer`
Currently, the nonces are tied with each one-time signature verification key in the executive logic, so we need to get it tied with pkd_address (aka account id).
Replace bellman dependencies from original crates to no_std crates
It makes simple to use std and no_std dependencies. It means it is enable to use same pairing and jubjub crates in both std and no_std environment.
Ensure if `reader` is consumed in no_std
zero-chain/bellman-verifier/src/lib.rs
Lines 68 to 96 in 9d712d9
Each of read function should consume the reader data.
Update the substrate `runtime` and `src`
Currently, the part of node-template is outdated.
Needed update in order to build and run substrate's chain.
Gav said the version of node-template would be freezed in a couple of weeks.
Ref:
https://github.com/paritytech/substrate/tree/master/node-template
Move the integration test for zk proof to appropriate path
The integration test that is reading proving_key and preapred_vk binary files, then proving and verifying is in core/proofs/src/prover.rs.
zero-chain/proofs/src/prover.rs
Line 173 in 90ebbfe
Implement the client of sending a transaction to substrate
It would be implemented in Rust and the interface of POST and GET would be in CLI.
Add module logic, storage and event on substrate
Implement `sighash`
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.