Chaum-Pedersen的零知识证明
1. What is Chaum-Pedersen Zero Knowledge Proof
The Chaum-Pedersen Zero Knowledge Proof can be used to show that Peggy (the Prover) knows a secret to Victor (the Verifier).
In the Chaum-Pederson method, we initially define the values of ⟨g,A,B,C⟩ = ⟨g,ga,gb,gab⟩. The basic method is:
Peggy (the prover) defines a secret value of r.
Peggy sends Vector (the Verifier) the commitments of y1=gr and y2=Br.
Victor generate a random value (s) and sends it to Peggy.
Peggy computes z=r+as(mod q) and sends it to Victor.
Victor checks that gz=Asy1(mod q) and:
Victor checks that Bz=Csy2(mod q)
2. Python脚本示例
import random
import sys
q=10009
s=random.randint(1,1000)
r=random.randint(1,1000)
if (len(sys.argv)>1):
r=int(sys.argv[1])
g=3
a=10
b=13
A=pow(g,a,q)
B=pow(g,b, q)
C=pow(g,(a*b),q)
y1=pow(g,r,q)
y2=pow(B,r,q)
z=(r+a*s) % q
print "Victor and Peggy agree of (g,g^a, g^b and g^ab) =(",g,A,B,C,")"
print "\nPeggy generates random number (r)",r
print "Peggy sends y1 (g^r, B^r)=(",y1,y2,")"
print
print "Victor sends a challenge (s)=",s
print "Peggy computes z=r+as (mod q)=",z
print "\nVictor now checks these are the same"
print "Victor checks g^z=",pow(g,z,q)
print "Victor checks A^s y1=",(A**s * y1) % q
print "\nVictor now checks these are the same"
print "Victor checks B^z=", pow(B,z,q)
print "Victor checks C^s y2=",(C**s * y2) % q
对应的执行结果为:
Victor and Peggy agree of (g,g^a, g^b and g^ab) =( 3 9004 2892 5980 )
Peggy generates random number (r) 887
Peggy sends y1 (g^r, B^r)=( 4584 834 )
Victor sends a challenge (s)= 396
Peggy computes z=r+as (mod q)= 4847
Victor now checks these are the same
Victor checks g^z= 9541
Victor checks A^s y1= 9541
Victor now checks these are the same
Victor checks B^z= 5923
Victor checks C^s y2= 5923
参考资料:
[1] https://asecuritysite.com/encryption/chaum