theory and practice of zk-snarks

[L4/"3,Tͷཧ࿦ͱԠ༻ 0TVLF4VEP-BZFS9*OD /PW

"CPVU.F 0TVLF ![PPN@[PPN[P -BZFS93FTFBDIFS&OHJOFFS ࠷ۙ͸4/"3,T45"3,T԰

"HFOEB w *OUSPEVDUJPOGPS[L4/"3,T w %JWFJOUP[L4/"3,T w 7FSJpBCMFGPSNBMWFSJpDBUJPOPGTNBSUDPOUSBDUT

*OUSPEVDUJPOGPS[L4/"3,T

;FSP,OPXMFEHF1SPPG w ͋Δ໰୊ͷղΛ஌͍ͬͯΔ͜ͱΛʮೖྗ஋ʯΛ໌Β͔ʹͤͣʹ  ʮ஌͍ͬͯΔࣄ࣮ʯ͚ͩΛূ໌͢Δɻ w ύεϫʔυࣗମ͸໌Β͔ʹ͠ͳ͍ͰɺύεϫʔυΛ஌͍ͬͯΔࣄ࣮ ͚ͩΛূ໌͢Δɻ w JOQVUYΛ໌Β͔ʹͤͣʹɹɹɹɹͱͳΔYΛ஌͍ͬͯΔ͜ͱΛূ໌ f(x)
= y

;FSP,OPXMFEHF1SPPG w $PNQMFUFOFTTɿ w 1SPWFSͷ͍࣋ͬͯΔ໰୊͕ਅͰ͋ΔͳΒ͹ɺ7FSJGZFS͸ਅͰ͋Δ͜ͱ͕ ඞͣΘ͔Δ͜ͱɻ w 4PVOEOFTTɿ w 1SPWFSͷ͍࣋ͬͯΔ໰୊ِ͕Ͱ͋ΔͳΒ͹ɺ7FSJpFS͸͔ͳΓߴ͍֬཰
ͰͦΕِ͕Ͱ͋Δͱݟൈ͚Δ͜ͱɻ w ;FSPLOPXMFEHFɿ w ͋Δ໰୊ͷղΛ஌͍ͬͯΔ͜ͱΛʮೖྗ஋ʯΛ໌Β͔ʹͤͣʮ஌͍ͬͯ Δࣄ࣮ʯ͚ͩΛূ໌͢Δɻ

[L4/"3,T w [Lɿθϩ஌ࣝ w /PO*OUFSBDUJWFɿඇର࿩త w 4VTTJODUɿNTΦʔμʔͰݕূՄೳ w 1SPPG4J[F͕ඇৗʹখ͍͞ʢ਺ඦ#ZUFʣ  ϒϩοΫνΣʔϯͱ૬ੑ͕ྑ͍
1SPWFS 7FSJpFS 1SPPG

4IJFMEFE5SBOTBDUJPO [$BTI 'SPN 5P "NPVOU 5Y ΦϯνΣʔϯͰ[L4/"3,TΛ༻͍ɺ5Y͕ਖ਼౰Ͱ͋Δࣄ࣮͚ͩΛ఻೻ 1SPWJOH
7FSJGZJOH QSPPG

[L4/"3,TPO&UIFSFVN #Z[BOUJVN6QEBUFͰCO"EE CO4DBMBS.VM CO1BJSJOHͷ௥Ճ 4/"3,Tͷݕূʹඞཁͳପԁۂઢ CO ্ͷԋࢉΛ1SFDPNQJMF $POTUBOUJOPQMF6QEBUFͰ(BT$PTUͷ࡟ݮΛ༧ఆ &7.֎Ͱԋࢉ͢Δ͜ͱͰ(BTΛݻఆͯ͠͠·͏ SFG<>IUUQTFJQTFUIFSFVNPSH&*14FJQ

0VUTPVSDJOHBDPNQVUBUJPO ܭࢉॲཧೳྗ͕ߴ͍P⒎DIBJOͷαʔόʔʹܭࢉΛҕৡ ൿಗԽٕज़Ͱ͸ͳ͘εέʔϦϯάٕज़ͱͯ͠4/"3,TΛ׆༻ ϒϩοΫνΣʔϯ 1SPPG 4UBUF4 4UBUF4A 1SPWFS

4/"3,T45"3,T#VMMFUQSPPGT 5PYJDXBTUF GSFF 1SPPGUJNF 7FSJGZUJNF 1SPPGTJ[F 4/"3,T /P T NT
d# 45"3,T :FT dT dNT d # #VMMFUQSPPGT :FT dT dNT d# SFG<>[DBTIBUEFWDPO [DBTIͷTIJFMEFEUSBOTBDUJPO

%JWFJOUP[L4/"3,T

0WFSWJFX4/"3,TTDIFNF 1SPWFS 7FSJpFS #BTFEPO1JOOPDIJP<1()3> GVODUJPO DJSDVJU HFOFSBUPS PODF LFZ HFOFSBUPS
DJSDVJU QSPWJOH LFZ WFSJpDBUJPO LFZ BOZOVNCFSPGUJNFT XJUOFTTNBQ TJNVMBUF QVCMJD JOQVU QSJWBUF JOQVU GVODUJPO BTTJHONFOU TFUVQ QSPPG SFG<>4/"3,TGPS$7FSJGZJOH1SPHSBN&YFDVUJPOT4VDDJODUMZBOEJO;FSP,OPXMFEHF QVCMJD JOQVUTJ[F εϚʔτίϯτϥΫτ

4FUVQ3$4 3BOL$POTUSBJOU4ZTUFN f(x) = x3 + x + 5 f(x)
= 35 ͱͳΔ੍ݶΛຬͨ͢DPOTUSBJOUTΛ࡞͍ͬͯ͘ x SFG<>2VBESBUJD"SJUINFUJD1SPHSBNTGSPN;FSPUP)FSP TB TCTD POF JOQVU PVUQVU D D D ֻ͚ࢉPS଍͠ࢉͷ੍໿

4FUVQ2"1T 2BESBUJD"SJUINFUJD$JSDVJUT ଟ߲ࣜʹม׵͢Δ͜ͱͰશͯͷDPOTUSBJOUTΛҰؾʹܭࢉͯ͠͠·͏ SFG<>2VBESBUJD"SJUINFUJD1SPHSBNTGSPN;FSPUP)FSP ͦΕͧΕͷDPOTUSBJOUTΛଟ্߲ࣜͷ఺ͱଊ͑ɺ ϥάϥϯδϡิؒͳͲͰ෮ݩ ͦΕͧΕ఺͔Β࣍ࣜΛ෮ݩ YΛ୅ೖ͢Ε͹લͷεϥΠυͱಉ͡ DPOTUSBJOUT਺ͷ࠷খଟ߲ࣜ; Y
Y Y Y Y ͰׂΓ੾ΕΔ ݕূ͸ɺ͜ͷଟ߲ࣜΛςΩτʔͳYU͚ͩͰධՁͯ͠ߦ͏

4FUVQ2"1T 2BESBUJD"SJUINFUJD$JSDVJUT "QPMZOPNJBMT < > <
> < > < > < > < > ࠷ऴతͳ2"1͸ଟ߲ࣜ܎਺ͷঢॱϕΫτϧ #QPMZOPNJBMT < > < > < > < > < > < > $QPMZOPNJBMT < > < > < > < > < > < > A1 (x) = 0.833x3 − 5x2 + 9.166x − 5 ࣮ࡍ͸༗ݶମԋࢉ

,P& ,OPXMFEHFPG&YQPOFOU"TTVNQUJPO 1JOOPDIJPͰ͸҉߸ֶతͳ೿ੜԾఆΛར༻ͯ͠ূ໌Λੜ੒͢Δ ପԁۂઢ্ͷ఺ 1J 2J 3 4 ʹ͍ͭͯɺൿີ஋Lʹରͯͦ͠ΕͧΕ2JL1Jͷͱ͖
4L3ʹͳΔʢ3 4 ͸ 1J 2J ͷઢܗ࿨Ͱ͔͠ද͢͜ͱ͕Ͱ͖ͳ͍ 4L3Ͱ͋Δ͜ͱࣗମ͸LΛ஌ΒͣʹϖΞϦϯάͰݕূՄೳɻ LΛ஌͍ͬͯΔͱઢܗ࿨Ͱද͢͜ͱͳ͘ 3 L3 ͕࡞Εͯ͠·͏ʜɻ ͜ͷൿີ஋L͕UPYJDXBTUFͰ͋ΓUSVTUFETFUVQͷඞཁੑʹܨ͕Δ R = P1 i1 + P2 i2 + ⋅ ⋅ ⋅ , S = Q1 i1 + Q2 i2 + ⋅ ⋅ ⋅ e(R, Q) = e(P, S) J ʜ

7FSJpDBUJPOPGTOBSLTQSPPG ͭͷϖΞϦϯάʹΑΓݕূΛߦ͏ ྫ͑͹ɺ1SPWFS͕ଟ߲ࣜ" U ͷίϛοτϝϯτΛ஌͍ͬͯΔ͜ͱͷݕূ e(πa , VKa ) =
e(G, π′ a ) 4FUVQ  QSPWJOHLFZ  WFSJGZJOHLFZ  UPYJDXBTUF 1SPPG PKa,i = Ai (t) ⋅ G t, ka VKa = ka G PK′ a,i = Ai (t) ⋅ G ⋅ ka πa = Σ ⃗ si PKa,i π′ a = Σ ⃗ si PK′ a,i " U ͷίϛοτϝϯτ͕ਖ਼͍͠ൣғͰ ઢܗ࿨͕࡞ΒΕ͍ͯͳ͍ͱ ,P&ʹΑΓݕূ͕௨Βͳ͍ P = G, Q = VKa , R = πa , S = π′ a T͸ݕূऀʹ͸෼͔Βͳ͍ FYTdT·Ͱ͔͠༩͑ͯͳ͍

1()3XIBU`TMFGU w ಉ༷ʹɺଟ߲ࣜ#ɺ$ʹ͍ͭͯͷίϛοτϝϯτݕূ w ͦΕͧΕͷXJUOFTTൣғΛૢ࡞͢Δ͜ͱͰݕূΛෆਖ਼ʹύε͠Α͏ͱ͍ͯ͠ͳ͍͔ w ଟ߲ࣜ"ɺ#ɺ$ͷઢܗ࿨܎਺͕ͦΕͧΕಉ͔͡ w ͦΕͧΕҟͳΔXJUOFTTΛ༩͑Δ͜ͱͰݕূΛෆਖ਼ʹύε͠Α͏ͱ͍ͯ͠ͳ͍͔ w
" #$) ;Λຬ͔ͨ͢ w ͜ΕΛຬͨ͢͜ͱ͕ʮݩͷ໰୊ʯ͕ਅͰ͋Δ͜ͱΛࣔ͢ w QVCMJDJOQVUʹجͮ͘ݕূ伴ͷੜ੒ w ύϥϝʔλʔͷΑ͏ʹಇ͘ʢݕূ伴αΠζ͕૿͑ͯ͠·͏ʣ w 1SPWFSͷBTTJHONFOUͷൿಗԽ w ଞͷ"` #` $` )`͕" # $ )Ͱ͸ͳ͍৘ใͷൿಗԽ w ଟ߲ࣜ"ɺ#ɺ$ʹͦΕͧΕʹϥϯμϜ஋ΛՃ͑Δ w ඇରশϖΞϦϯάʹΑΔޮ཰ԽͳͲ<#$57>

7FSJpBCMF'PSNBM7FSJpDBUJPOPG4NBSU$POUSBDUT

4/"3,TPWFS'PSNBM7FSJpDBUJPO w ໰୊ఆٛ w εϚʔτίϯτϥΫτͷηΩϡϦςΟ͕େ͖ͳ՝୊ w ܗࣜతݕূʹΑΔεϚʔτίϯτϥΫτͷ࢓༷ఆٛʹΑΔղܾࡦ w PODIBJOͰ͸ͦͷεϚʔτίϯτϥΫτ͕ܗࣜతݕূ͞Ε͔ͨ൑அ͢Δ͢΂͕ ͳ͍
w ղܾࡦ w ܗࣜతݕূΛ4/"3,TΛ༻͍ͯP⒎DIBJOʹΞ΢τιʔε͠ɺͦͷίϯτϥΫτ ͕͔֬ʹܗࣜతݕূ͞Εͨࣄ࣮ΛPODIBJOʹه࿥͢Δ w ͭͷϓϩτίϧྫ w ίϯτϥΫτ͕ݺͼग़͢ίϯτϥΫτͷܗࣜతݕূνΣοΫ w Ϣʔβʔ͕ݺͼग़͢ίϯτϥΫτͷܗࣜతݕূνΣοΫ

1SPUPDPMFYNBQMFT w ίϯτϥΫτࢀরͷηΩϡϦςΟ޲্ w PODIBJOͷίϯτϥΫτ͕$"--͢ΔίϯτϥΫτ͕ܗࣜతݕূ͞ΕͯΔࣄ࣮Λূ໌ ͢Δ w 4UBCMF$PJO΍EFSJWBUJWFTTZTUFNʹ୲อ͞Ε͍ͯΔ&3$τʔΫϯʹPWFSqPX΍ SFFOUSBODZ͕ͳ͍ͱܗࣜతݕূ͞ΕͨίϯτϥΫτͷΈ୲อՄೳʹ͢Δϓϩτίϧ w
΢ΥϨοτϒϥ΢βࢀরͷηΩϡϦςΟ޲্ w ΢ΥϨοτ΍%BQQϒϥ΢β͕ίϯτϥΫτΛݺͼग़͢ͱ͖ʹɺܗࣜతݕূ͞Ε͍ͯ Δ͔νΣοΫ w ੬ऑੑ͚ͩͰͳ͘ɺ1MBTNB΍4UBUF$IBOOFMίϯτϥΫτ͕ʮඪ४ن֨ʯʹԊͬͯ ͍Δ͔ܗࣜతݕূΛߦ͏ w ϒϩοΫνΣʔϯʹ͓͚ΔIUUQTͷΑ͏ʹಈ࡞͢Δ w ʮ8BSOJOHΞΫηε͍ͯ͠Δ1MBTNBίϯτϥΫτ͸ඪ४ن֨ʹ४ڌ͍ͯ͠·ͤ Μɻʯ

0WFSWJFXPGTOBSLTPWFS'7 'PSNBM 7FSJpDBUJPO 1SPHSBN 3". $JSDVJU 7FSJpFS $POUSBDU 4FUVQ 1SPWFS
0UIFS $POUSBDUT EBQQ CSPXTFST 'SPOUFOE #BDLFOE 0ODIBJO 0⒎DIBJO

5JOZ3". 3". 3BOEPN"DDFTT.BDIJOF ϨδελͱϝϞϦ͕͋ΔܭࢉϞσϧ SFGIUUQTXXXTDJQSMBCPSHEPD5JOZ3".TQFDQEG ϓϩάϥϜʹରͯ͠ɺਖ਼͘͠$16ͷঢ়ଶભҠͤ͞Δ͜ͱͷz੍ݶz͕DJSDVJUͱͳΔ VOCPVOEFEͳλΠϜεςοϓ΍࠶ؼΛؚΉϓϩάϥϜ΋DJSDVJUʹͰ͖Δ൓໘ɺ DJSDVJUͷαΠζ͕ͱͯ΋େ͖͘ͳͬͯ͠·͏ɻ શͯͷPQDPEFʹରͯ͠DJSDVJU͕ධՁ͞ΕΔͨΊɺ 5JOZ3".Ͱ͸PQDPEFΛݸʹ5JOZʹʢͦΕͰ΋΍͹͍ʣɻ

theory and practice of zk-snarks

theory and practice of zk-snarks

Osuke

More Decks by Osuke

Other Decks in Technology

Featured

Transcript

[L4/"3,Tͷཧ࿦ͱԠ༻ 0TVLF4VEP-BZFS9*OD /PW

"CPVU.F 0TVLF ![PPN@[PPN[P -BZFS93FTFBDIFS&OHJOFFS ࠷ۙ͸4/"3,T45"3,T԰

"HFOEB w *OUSPEVDUJPOGPS[L4/"3,T w %JWFJOUP[L4/"3,T w 7FSJpBCMFGPSNBMWFSJpDBUJPOPGTNBSUDPOUSBDUT

*OUSPEVDUJPOGPS[L4/"3,T

;FSP,OPXMFEHF1SPPG w ͋Δ໰୊ͷղΛ஌͍ͬͯΔ͜ͱΛʮೖྗ஋ʯΛ໌Β͔ʹͤͣʹ  ʮ஌͍ͬͯΔࣄ࣮ʯ͚ͩΛূ໌͢Δɻ w ύεϫʔυࣗମ͸໌Β͔ʹ͠ͳ͍ͰɺύεϫʔυΛ஌͍ͬͯΔࣄ࣮ ͚ͩΛূ໌͢Δɻ w JOQVUYΛ໌Β͔ʹͤͣʹɹɹɹɹͱͳΔYΛ஌͍ͬͯΔ͜ͱΛূ໌ f(x)

;FSP,OPXMFEHF1SPPG w $PNQMFUFOFTTɿ w 1SPWFSͷ͍࣋ͬͯΔ໰୊͕ਅͰ͋ΔͳΒ͹ɺ7FSJGZFS͸ਅͰ͋Δ͜ͱ͕ ඞͣΘ͔Δ͜ͱɻ w 4PVOEOFTTɿ w 1SPWFSͷ͍࣋ͬͯΔ໰୊ِ͕Ͱ͋ΔͳΒ͹ɺ7FSJpFS͸͔ͳΓߴ͍֬཰

[L4/"3,T w [Lɿθϩ஌ࣝ w /PO*OUFSBDUJWFɿඇର࿩త w 4VTTJODUɿNTΦʔμʔͰݕূՄೳ w 1SPPG4J[F͕ඇৗʹখ͍͞ʢ਺ඦ#ZUFʣ  ϒϩοΫνΣʔϯͱ૬ੑ͕ྑ͍

4IJFMEFE5SBOTBDUJPO [$BTI 'SPN 5P "NPVOU 5Y ΦϯνΣʔϯͰ[L4/"3,TΛ༻͍ɺ5Y͕ਖ਼౰Ͱ͋Δࣄ࣮͚ͩΛ఻೻ 1SPWJOH

[L4/"3,TPO&UIFSFVN #Z[BOUJVN6QEBUFͰCO"EE CO4DBMBS.VM CO1BJSJOHͷ௥Ճ 4/"3,Tͷݕূʹඞཁͳପԁۂઢ CO ্ͷԋࢉΛ1SFDPNQJMF $POTUBOUJOPQMF6QEBUFͰ(BT$PTUͷ࡟ݮΛ༧ఆ &7.֎Ͱԋࢉ͢Δ͜ͱͰ(BTΛݻఆͯ͠͠·͏ SFG<>IUUQTFJQTFUIFSFVNPSH&*14FJQ

0VUTPVSDJOHBDPNQVUBUJPO ܭࢉॲཧೳྗ͕ߴ͍P⒎DIBJOͷαʔόʔʹܭࢉΛҕৡ ൿಗԽٕज़Ͱ͸ͳ͘εέʔϦϯάٕज़ͱͯ͠4/"3,TΛ׆༻ ϒϩοΫνΣʔϯ 1SPPG 4UBUF4 4UBUF4A 1SPWFS

4/"3,T45"3,T#VMMFUQSPPGT 5PYJDXBTUF GSFF 1SPPGUJNF 7FSJGZUJNF 1SPPGTJ[F 4/"3,T /P T NT

%JWFJOUP[L4/"3,T

0WFSWJFX4/"3,TTDIFNF 1SPWFS 7FSJpFS #BTFEPO1JOOPDIJP<1()3> GVODUJPO DJSDVJU HFOFSBUPS PODF LFZ HFOFSBUPS

4FUVQ3$4 3BOL$POTUSBJOU4ZTUFN f(x) = x3 + x + 5 f(x)

4FUVQ2"1T 2BESBUJD"SJUINFUJD$JSDVJUT "QPMZOPNJBMT < > <

,P& ,OPXMFEHFPG&YQPOFOU"TTVNQUJPO 1JOOPDIJPͰ͸҉߸ֶతͳ೿ੜԾఆΛར༻ͯ͠ূ໌Λੜ੒͢Δ ପԁۂઢ্ͷ఺ 1J 2J 3 4 ʹ͍ͭͯɺൿີ஋Lʹରͯͦ͠ΕͧΕ2JL1Jͷͱ͖

7FSJpDBUJPOPGTOBSLTQSPPG ͭͷϖΞϦϯάʹΑΓݕূΛߦ͏ ྫ͑͹ɺ1SPWFS͕ଟ߲ࣜ" U ͷίϛοτϝϯτΛ஌͍ͬͯΔ͜ͱͷݕূ e(πa , VKa ) =

1()3XIBU`TMFGU w ಉ༷ʹɺଟ߲ࣜ#ɺ$ʹ͍ͭͯͷίϛοτϝϯτݕূ w ͦΕͧΕͷXJUOFTTൣғΛૢ࡞͢Δ͜ͱͰݕূΛෆਖ਼ʹύε͠Α͏ͱ͍ͯ͠ͳ͍͔ w ଟ߲ࣜ"ɺ#ɺ$ͷઢܗ࿨܎਺͕ͦΕͧΕಉ͔͡ w ͦΕͧΕҟͳΔXJUOFTTΛ༩͑Δ͜ͱͰݕূΛෆਖ਼ʹύε͠Α͏ͱ͍ͯ͠ͳ͍͔ w

7FSJpBCMF'PSNBM7FSJpDBUJPOPG4NBSU$POUSBDUT

4/"3,TPWFS'PSNBM7FSJpDBUJPO w ໰୊ఆٛ w εϚʔτίϯτϥΫτͷηΩϡϦςΟ͕େ͖ͳ՝୊ w ܗࣜతݕূʹΑΔεϚʔτίϯτϥΫτͷ࢓༷ఆٛʹΑΔղܾࡦ w PODIBJOͰ͸ͦͷεϚʔτίϯτϥΫτ͕ܗࣜతݕূ͞Ε͔ͨ൑அ͢Δ͢΂͕ ͳ͍

1SPUPDPMFYNBQMFT w ίϯτϥΫτࢀরͷηΩϡϦςΟ޲্ w PODIBJOͷίϯτϥΫτ͕$"--͢ΔίϯτϥΫτ͕ܗࣜతݕূ͞ΕͯΔࣄ࣮Λূ໌ ͢Δ w 4UBCMF$PJO΍EFSJWBUJWFTTZTUFNʹ୲อ͞Ε͍ͯΔ&3$τʔΫϯʹPWFSqPX΍ SFFOUSBODZ͕ͳ͍ͱܗࣜతݕূ͞ΕͨίϯτϥΫτͷΈ୲อՄೳʹ͢Δϓϩτίϧ w

0WFSWJFXPGTOBSLTPWFS'7 'PSNBM 7FSJpDBUJPO 1SPHSBN 3". $JSDVJU 7FSJpFS $POUSBDU 4FUVQ 1SPWFS