Zero Knowledge Proofs and Zero Knowledge Proofs of Knowledge

A zero-knowledge proof or a zero-knowledge protocol is a method by which one party (the prover) can prove to another party (the verifier) that a given statement is true, without conveying any additional information apart from the fact that the statement is indeed true. A zero-knowledge proof of knowledge (ZKPOK) is a sub case of zero knowledge proofs, in which the prover proves to the verifier that he knows how to prove a statement, without actually proving it.

Zero Knowledge Interfaces

ZKProver

The ZKProver interface declares the prove() function that accepts an input and runs the ZK proof. The input type is ZKProverInput, which is a marker interface. Every concrete protocol should have a dedicated input class that implements it.

public interface ZKProver

A zero-knowledge proof or zero-knowledge protocol is a method by which one party (the prover) can prove to another party (the verifier) that a given statement is true, without conveying any additional information apart from the fact that the statement is indeed true.

This interface is a general interface that simulates the prover side of the Zero Knowledge proof. Every class that implements it is signed as Zero Knowledge prover.

public void prove(ZKProverInput input)

Runs the prover side of the Zero Knowledge proof.

Parameters:
  • input – holds necessary values to the proof calculations.
Throws:
  • CheatAttemptException – if the prover suspects the verifier is trying to cheat.
  • IOException – if there was a problem during the communication.
  • ClassNotFoundException – if there was a problem during the serialization mechanism.
  • CommitValueException – can occur when using ElGamal commitment scheme.

ZKVerifier

The ZKVerifier interface declares the verify() function that accepts an input and runs the ZK proof verification. The input type is ZKCommonInput, which is a marker interface of inputs that are common for the prover and the verifier. Every concrete protocol should have a dedicated input class that implements it.

public interface ZKVerifier

A zero-knowledge proof or zero-knowledge protocol is a method by which one party (the prover) can prove to another party (the verifier) that a given statement is true, without conveying any additional information apart from the fact that the statement is indeed true.

This interface is a general interface that simulates the verifier side of the Zero Knowledge proof. Every class that implements it is signed as Zero Knowledge verifier.

public boolean verify(ZKCommonInput input)

Runs the verifier side of the Zero Knowledge proof.

Parameters:
  • input – holds necessary values to the varification calculations.
Throws:
  • CheatAttemptException – if the prover suspects the verifier is trying to cheat.
  • IOException – if there was a problem during the communication.
  • ClassNotFoundException – if there was a problem during the serialization mechanism.
  • CommitValueException – can occur when using ElGamal commitment scheme.
Returns:

true if the proof was verified; false, otherwise.

ZKProverInput

public interface ZKProverInput

Marker interface. Each concrete ZK prover’s input class should implement this interface.

ZKCommonInput

public interface ZKCommonInput

This interface is a marker interface for Zero Knowledge input, where there is an implementing class for each concrete Zero Knowledge protocol.

Zero Knowledge Proof of Knowledge Interfaces

ZKPOKProver and ZKPOKVerifier are marker interfaces that extend the ZKProver and ZKVerifier interfaces. ZKPOK concrete protocol should implement these marker interfaces instead of the general ZK interfaces.

public interface ZKPOKProver extends ZKProver

This interface is a general interface that simulates the prover side of the Zero Knowledge proof of knowledge. Every class that implements it is signed as ZKPOK prover.

public interface ZKPOKVerifier extends ZKVerifier

This interface is a general interface that simulates the verifier side of the Zero Knowledge proof of knowledge. Every class that implements it is signed as ZKPOK verifier.

Implemented Protocols

Concrete Zero Knowledge protocols implemented so far are:

  • Zero Knowledge from any sigma protocol
  • Zero Knowledge Proof of Knowledge from any sigma protocol (currently implemented using Pedersen Commitment scheme)
  • Zero Knowledge Proof of Knowledge from any sigma protocol Fiat Shamir (Random Oracle Model)

Example of Usage

Steps in prover creation:

  • Given a Channel object channel and input for the underlying SigmaProverComputation (in the following case, h and x) do:
    • Create a SigmaProverComputation (for example, SigmaDlogProverComputation).
    • Create a ZKProver with channel and the proverComputation (ForExample, ZKFromSigmaProver).
    • Create input object for the prover.
    • Call the prove function of the prover with the input.

Prover code example:

try {
    //create the ZK prover
    DlogGroup dlog = new MiraclDlogECF2m("K-233");
    ZKProver prover = new ZKFromSigmaProver(channel, new SigmaDlogProverComputation(dlog, 40, new SecureRandom()));

    //create the input for the prover
    SigmaDlogProverInput input = new SigmaDlogProverInput(h, x);

    //Call prove function
    prover.prove(input);

} catch (IllegalArgumentException e) {
    // TODO Auto-generated catch block
    e.printStackTrace();
} catch (IOException e) {
    // TODO Auto-generated catch block
    e.printStackTrace();
} catch (CheatAttemptException e) {
    // TODO Auto-generated catch block
    e.printStackTrace();
} catch (ClassNotFoundException e) {
    // TODO Auto-generated catch block
    e.printStackTrace();
} catch (CommitValueException e) {
    // TODO Auto-generated catch block
    e.printStackTrace();
}

Steps in verifier creation:

  • Given a Channel object channel and input for the underlying SigmaVerifierComputation (In the example below, h) do:
    • Create a SigmaVerifierComputation (for example, SigmaDlogVerifierComputation).
    • Create a ZKVerifier with channel and verifierComputation (For example, ZKFromSigmaVerifier).
    • Create input object for the verifier.
    • Call the verify function of the verifier with the input.

Verifier code example:

try {
    //create the ZK verifier
    DlogGroup dlog = new MiraclDlogECF2m("K-233");
    ZKVerifier verifier = new ZKFromSigmaVerifier(channel, new SigmaDlogVerifierComputation(dlog, 40, new SecureRandom()), new SecureRandom());

    //create the input for the verifier
    SigmaDlogCommonInput input = new SigmaDlogCommonInput(h);
    //Call verify function
    System.out.println(verifier.verify(input));

} catch (IllegalArgumentException e) {
    // TODO Auto-generated catch block
    e.printStackTrace();
} catch (IOException e) {
    // TODO Auto-generated catch block
    e.printStackTrace();
} catch (CheatAttemptException e) {
    // TODO Auto-generated catch block
    e.printStackTrace();
} catch (ClassNotFoundException e) {
    // TODO Auto-generated catch block
    e.printStackTrace();
} catch (CommitValueException e) {
    // TODO Auto-generated catch block
    e.printStackTrace();
} catch (InvalidDlogGroupException e) {
    // TODO Auto-generated catch block
    e.printStackTrace();
}