Zero-Knowledge Puzzles

  • paying to a public key on an elliptic curve different from the curve secp256k1 used in Bitcoin today
  • paying to a group of public keys, which can be spent if one knows any of the private key, without revealing which one.

∑ Protocols

Figure 1: ∑ Protocol
  1. Peggy computes a commitment A using a random number a. She shares A with Victor, but doesn’t reveal a.
  2. Victor generates a random number e as challenge and shares it with Peggy.
  3. Peggy uses a and e to compute an answer z and sends back to Victor.
Figure 2: ∑ protocol to prove knowledge of x under 𝜑

The Fiat-Shamir Heuristic

Figure 3: Non-interactive ∑ protocol to prove knowledge of x under 𝜑

Examples of ZK Puzzles

Pay to a Generic Public Key (P2GPK)

Contract P2GPK
  • It can use curve with higher security, such as secp521r1, than the hardcoded curve secp256k1. This can be desirable if a large amount of bitcoins is controlled by a single key for decades. This also means Bitcoin can upgrade to more secure signature scheme without breaking changes, by implementing it using existing opcodes³.
  • It can reuse compatible keys from elsewhere. For example, PGP supports elliptic curve keys and bitcoins can be sent to PGP keys, even if they are based other curves.

Composition

  • Pay to Group Privately (P2GP): anyone of a group of key owners can spend the funds, without disclosing which one redeemed, using proof from OR composition. This is a generalization of 1-of-n multisig, but more private. For example, Peggy proves she knows the private key of public key Y or Z, i.e., she knows x such that
  • Pay to Threshold Group Privately (P2TGP): any m of n members in a group can collectively redeem the UTXO without revealing which m members, using proof from AND and OR composition. This generalizes P2GP and m-of-n multisig. For example, a 2-of-3 ZK puzzle requires

Acknowledgements

--

--

--

sCrypt Inc (https://scrypt.io) is a company with a mission to provide integrated on-chain smart contracting solutions using the original BitCoin Protocol on BSV

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Polkamarkets Partners with Moonbeam Network to Accelerate Migration To Polkadot

Polkamarkets Partners with Moonbeam Network to Accelerate Migration To Polkadot

NFTs — Utility beyond PFPs

ProBit Exchange Lists Fiducia Network (FDO)

Crypto-Keynesian Lunacy

Bitcoin On-chain Analytics | BTC, ETH, XRP, MATIC, AAVE Ideas

$HAKU Token Sale Rescheduled for February 7th 5 PM UTC

EOS analysis

GoC available on PancakeSwap

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
sCrypt

sCrypt

sCrypt Inc (https://scrypt.io) is a company with a mission to provide integrated on-chain smart contracting solutions using the original BitCoin Protocol on BSV

More from Medium

Decentralized Digital Identity

Algorand State Proofs

Dissecting Algorand

Introducing Hiveroad — Your Highway to IOTA