Zero-knowledge proof notes - private transaction, pederson, interval proof, proof of ownership

Notes are organized from Steven Yue

pederson Commitment

Hide the data itself to prove the relationship of the data
Others can't see the real transaction volume, but can verify the input and output

Proof of Scope

In order to ensure that there are no negative numbers in the transaction (illegal money printing)
A range proof is required

SNARK (Short Non-Interactive Proof)

1. Determine the finite field F

2. Build a mathematical operation circuit, the logic gate is built from the operation gate

3. Convert to provable mathematical operation circuit

w, also known as witness, is only known to the party who proves it, and is the answer to the party who actually submitted the proof

Step 4: Non-interactive short proof system
setup: The parameters of Sp to the prover, and the parameters of Sv to the verifier
prove: The prover uses Prove(Sp,x,w) to generate pi and send it toVerifier
verify: Verify(Sv, x, pi) outputs Yes/No

Privacy Transaction Three Proofs

SNARK implements interval proofs

Prove that a number w is between 0-2^256
Divide it into binary and prove that each bit is either 1 or 0


This number is a positive integer that can be represented by a 255-bit binary number.
These 255-bit binary numbers are indeed binary numbers.(It can only take the value 0 or 1)
These 255-bit binary numbers are all put together to restore the input numbers.

SNARK implements proof of ownership

Prove the account balance of the transaction initiator in the world state
Submit a merkle commit on someone's Merkle path, but calculating the commit will reveal the balance

snark proof balance hash

youHow to know if it is actually hashed?How can you prove that you really hashed it?