Stories with Tag zero-knowledge proofs

• Clean, a formal verification DSL for ZK circuits in Lean4

  permalink

  Posted: 2025-03-27 18:33:00

  Verbose tl;dr

  Clean is a new domain-specific language (DSL) built in Lean 4 for formally verifying zero-knowledge circuits. It aims to bridge the gap between circuit development and formal verification by offering a high-level, functional programming style for defining circuits, along with automated proofs of correctness within Lean's powerful theorem prover. Clean compiles to the intermediate representation used by the Circom zk-SNARK toolkit, enabling practical deployment of verified circuits. This approach allows developers to write circuits in a clear, maintainable way, and rigorously prove that these circuits correctly implement the desired logic, enhancing security and trust in zero-knowledge applications. The DSL includes features like higher-order functions and algebraic data types, enabling more expressive and composable circuit design than existing tools.

  The blog post "Clean, a formal verification DSL for ZK circuits in Lean4," introduces Clean, a new domain-specific language (DSL) designed for formally verifying zero-knowledge (ZK) circuits using the Lean4 theorem prover. ZK circuits are computational structures used in cryptography to prove the validity of a statement without revealing the underlying data. Verifying these circuits is crucial for ensuring their correctness and security, but existing methods often lack the rigor of formal verification. Clean aims to address this gap by providing a framework for building and verifying ZK circuits with a high degree of assurance.

  The post emphasizes the difficulty of formally verifying ZK circuits due to their complex nature and the need to reason about both low-level details like bit manipulations and high-level cryptographic concepts. Existing approaches often rely on informal methods or specialized tools limited in their expressive power. Clean, however, leverages the power and expressiveness of Lean4, a dependently-typed programming language and proof assistant, to offer a more robust and versatile solution.

  Clean's DSL embeds within Lean4, allowing developers to define circuits using a syntax similar to functional programming. The DSL provides abstractions for common circuit components, such as arithmetic operations, boolean logic, and cryptographic primitives, enabling concise and readable circuit descriptions. Importantly, these circuit descriptions are not merely specifications but executable code that can be compiled to various ZK proof systems. This facilitates a seamless workflow from circuit design to formal verification and deployment.

  A key aspect of Clean is its integration with Lean4's powerful theorem proving capabilities. Developers can formally specify the desired properties of their circuits using Lean4's logic and then construct proofs to demonstrate that these properties hold. This enables verification of various aspects, including circuit correctness, security properties, and even the soundness of the underlying cryptographic protocols. The dependent typing features of Lean4 play a crucial role in ensuring the consistency and completeness of these proofs.

  The blog post showcases a simple example of verifying a Schnorr signature within Clean, demonstrating how to define the circuit, specify the desired properties, and construct a formal proof of its correctness. While the post acknowledges that Clean is still in its early stages of development, it highlights the potential of the approach for improving the security and reliability of ZK circuits. The authors envision Clean as a valuable tool for researchers and developers working with ZK technology, enabling them to build and deploy formally verified ZK circuits with greater confidence. The ultimate goal is to bridge the gap between the theoretical foundations of ZK cryptography and its practical applications, fostering the development of more secure and trustworthy systems.

  • Formal Verification
  • ZK Circuits
  • zero-knowledge proofs
  • Lean4
  • theorem proving
  • domain specific language
  • DSL
  • Cryptography
  • Security
  • Clean Language
  • program verification
  • Automated Reasoning

  Summary of Comments ( 2 )
  https://news.ycombinator.com/item?id=43496577

  Verbose tl;dr

  Several Hacker News commenters praise Clean's innovative approach to verifying zero-knowledge circuits, appreciating its use of Lean4 for formal proofs and its potential to improve the security and reliability of ZK systems. Some express excitement about Lean4's dependent types and metaprogramming capabilities, and how they might benefit the project. Others raise practical concerns, questioning the performance implications of using a theorem prover for this purpose, and the potential difficulty of debugging generated circuits. One commenter questions the comparison to other frameworks like Noir and Arkworks, requesting clarification on the specific advantages of Clean. Another points out the relative nascency of formal verification in the ZK space, emphasizing the need for further development and exploration. A few users also inquire about the tooling and developer experience, wondering about the availability of IDE support and debugging tools for Clean.

  The Hacker News post titled "Clean, a formal verification DSL for ZK circuits in Lean4" (https://news.ycombinator.com/item?id=43496577) has a moderate number of comments discussing various aspects of the project and its implications.

  Several commenters express enthusiasm for the use of Lean4, highlighting its potential for rigorous formal verification in the zero-knowledge proof space. They see the project as a positive step toward improving the security and reliability of ZK circuits. One commenter specifically praises the choice of Lean4 over other theorem provers, mentioning its speed and the active development community. This sentiment is echoed by another commenter who appreciates the metaprogramming capabilities of Lean4, suggesting it's a good fit for this kind of DSL development.

  There's a discussion around the practicality and usability of formal verification for ZK circuits. One commenter questions the scalability of this approach for larger, real-world circuits, wondering if the proof development overhead becomes too significant. Another commenter points out the inherent complexity of formally verifying cryptographic primitives and protocols, acknowledging the challenge but emphasizing the importance of this work for ensuring security.

  The conversation also touches upon the trade-offs between different formal verification approaches. One commenter contrasts the Lean4-based approach with other methods like Coq, highlighting potential benefits and drawbacks of each. They discuss the potential for integrating with existing tools and frameworks within the ZK ecosystem.

  Some commenters delve into more technical details, discussing the specific features of Lean4 that make it well-suited for this task, such as dependent types and its metaprogramming system. They also discuss the challenges of representing ZK circuits within a formal system and the potential for automated proof generation.

  Finally, there's a thread discussing the broader implications of formal verification in the context of blockchain technology and smart contracts. Commenters acknowledge the growing need for robust security guarantees in these systems and see projects like Clean as important contributions towards achieving this goal. One commenter expresses excitement about the potential for formally verified ZK circuits to enable more complex and secure smart contract applications.

• Zero-knowledge proofs, encoding Sudoku and Mario speedruns without semantic leak

  permalink

  Posted: 2025-03-18 00:56:19

  Verbose tl;dr

  This blog post explores the fascinating world of zero-knowledge proofs (ZKPs), focusing on how they can verify computational integrity without revealing any underlying information. The author uses the examples of Sudoku solutions and Super Mario speedruns to illustrate this concept. A ZKP allows someone to prove they know a valid Sudoku solution or a specific sequence of controller inputs for a speedrun without disclosing the actual solution or inputs. The post explains that this is achieved through clever cryptographic techniques that encode the "knowledge" as mathematical relationships, enabling verification of adherence to rules (Sudoku) or game mechanics (Mario) without revealing the strategy or execution. This demonstrates how ZKPs offer a powerful mechanism for trust and verification in various applications, ensuring validity while preserving privacy.

  This blog post by Václav Rožňák delves into the fascinating world of zero-knowledge proofs (ZKPs), exploring how these cryptographic marvels allow one party (the prover) to convince another party (the verifier) that a statement is true, without revealing any information beyond the validity of the statement itself. Rožňák begins by laying out the fundamental properties of ZKPs: completeness (a truthful prover can always convince an honest verifier), soundness (a dishonest prover cannot convince an honest verifier of a false statement), and zero-knowledge (the verifier learns nothing beyond the truth of the statement).

  The post then transitions into illustrating the power and versatility of ZKPs through concrete examples, starting with the classic Sudoku puzzle. It meticulously describes how a prover could convince a verifier that they possess a valid Sudoku solution without divulging any of the numbers within the grid. This is achieved by committing to the solution using cryptographic hashes, and then selectively revealing portions of the puzzle based on challenges from the verifier. These challenges might involve revealing a specific row, column, or 3x3 block, allowing the verifier to confirm consistency without gaining insight into the complete solution.

  Expanding beyond Sudoku, the post further explores the application of ZKPs to more complex scenarios, notably the verification of computations performed in video games. Using the popular game Super Mario 64 as a case study, Rožňák elucidates how ZKPs can be employed to demonstrate the completion of a specific task or achievement within the game, such as collecting a star or finishing a level, without revealing the player's strategy or the precise sequence of actions taken. This is framed within the context of speedrunning, where verifying the legitimacy of a speedrun without revealing sensitive information about optimized strategies is crucial. The post suggests that ZKPs could facilitate the verification of optimized routes or glitch exploitations in speedruns without giving away the specifics of these techniques to competitors.

  The overall tone of the post is one of enthusiasm for the potential of ZKPs. Rožňák emphasizes the elegance and utility of this cryptographic technique, highlighting its capacity to enable trustless verification across a wide range of applications, from simple puzzles like Sudoku to the complex world of competitive gaming and beyond. The post concludes by suggesting that the realm of ZKPs is ripe for further exploration and innovation, hinting at a future where these powerful tools play an increasingly important role in securing and verifying information in diverse contexts.

  • zero-knowledge proofs
  • ZKPs
  • Cryptography
  • privacy
  • Sudoku
  • Mario Speedruns
  • Game Verification
  • Encoding
  • Semantic Leak
  • information hiding
  • Proof Systems
  • Computational Complexity

  Summary of Comments ( 20 )
  https://news.ycombinator.com/item?id=43394591

  Verbose tl;dr

  Hacker News users generally praised the clarity and accessibility of the blog post explaining zero-knowledge proofs. Several commenters highlighted the effective use of Sudoku and Mario speedruns as relatable examples, making the complex topic easier to grasp. Some pointed out the post's concise explanation of the underlying cryptographic principles and appreciated the lack of overly technical jargon. One commenter noted the clever use of visually interactive elements within the Sudoku example. There was a brief discussion about different types of zero-knowledge proofs and their applications, with some users mentioning specific use cases like verifiable computation and blockchain technology. A few commenters also offered additional resources for readers interested in delving deeper into the subject.

  The Hacker News post discussing the blog post "Zero-knowledge proofs, encoding Sudoku and Mario speedruns without semantic leak" has several comments exploring various facets of zero-knowledge proofs (ZKPs) and their applications.

  Several commenters discuss the practical applications and implications of ZKPs. One user highlights the potential of ZKPs for verifying computations without revealing sensitive data, citing examples like proving solvency without disclosing financial details. Another user discusses the use of ZKPs in authentication systems, enabling users to prove their identity without sharing passwords or other private information. The potential for ZKPs to revolutionize privacy-preserving technologies is a recurring theme.

  A few comments delve into the technical aspects of ZKPs, explaining the underlying cryptographic principles and the different types of ZKPs. One comment mentions the distinction between interactive and non-interactive proofs, while another explains the concept of a "trusted setup" and its implications for security. There's also discussion about the computational complexity of generating and verifying ZKPs and the trade-offs between efficiency and security.

  Some commenters focus on the specific examples mentioned in the blog post, such as encoding Sudoku solutions and Mario speedruns. They discuss the challenges of representing these complex scenarios as formal mathematical statements suitable for ZKP verification. One commenter raises the question of how to prevent cheating in the context of ZKPs for gaming, highlighting the need to ensure the integrity of the input data.

  Finally, a few comments touch upon the broader implications of ZKPs for society. One user speculates about the potential for ZKPs to enable new forms of trustless collaboration and decentralized governance. Another expresses concerns about the potential for misuse of ZKPs, particularly in the context of concealing illicit activities. The ethical and societal implications of this powerful technology are clearly a topic of interest among the commenters.

• How to prove false statements? (Part 1)

  permalink

  Posted: 2025-02-04 21:47:12

  Verbose tl;dr

  This blog post explores methods for proving false statements within formal systems like logic and mathematics. It focuses on proof by contradiction, where you assume the statement is true and then demonstrate that this assumption leads to a logical inconsistency, thereby proving the original statement false. The post uses the example of proving the irrationality of √2, illustrating how assuming its rationality (expressibility as a fraction) ultimately contradicts the fundamental theorem of arithmetic. It highlights the importance of clearly defining the terms and axioms of the system within which the proof operates.

  This blog post, titled "How to Prove False Statements? (Part 1)," delves into the fascinating realm of zero-knowledge proofs, specifically focusing on how these cryptographic constructs can be cleverly manipulated to seemingly prove the veracity of demonstrably false assertions. The author begins by establishing the fundamental principle of zero-knowledge proofs: convincing a verifier that a statement is true without revealing any information beyond the truth of the statement itself. They illustrate this with the classic example of Peggy proving to Victor that she knows the secret to opening a magic door without actually revealing the secret.

  The core of the post then transitions into exploring how this seemingly ironclad system can be subverted. The author meticulously deconstructs the mechanics of a simplified Schnorr protocol, a common type of zero-knowledge proof. This protocol relies on the discrete logarithm problem, where calculating the discrete logarithm of a given value is computationally infeasible. The protocol involves a series of carefully orchestrated steps involving random numbers, cryptographic hashes, and modular arithmetic. The prover, possessing the secret, performs calculations based on these elements and sends a specific value to the verifier. The verifier then independently generates a challenge, and the prover responds with another calculated value. Through a final verification step, the verifier can be convinced of the prover's knowledge of the secret without learning the secret itself.

  However, the author reveals a crucial vulnerability. By subtly altering the calculations, specifically by pre-computing certain values based on a desired outcome before receiving the verifier's challenge, a dishonest prover can effectively force the verification process to succeed even without possessing the secret. They demonstrate this with a detailed, step-by-step example, showcasing how manipulating the initial calculations allows the prover to fabricate a "proof" that satisfies the verification equation, thereby deceiving the verifier into believing a false statement. This effectively simulates possession of the secret when, in reality, no such knowledge exists.

  The post concludes by emphasizing that this demonstration is not intended to expose a flaw in Schnorr protocols themselves, which remain secure when implemented correctly. Instead, it serves as a cautionary tale, highlighting the importance of meticulous protocol design and the potential for exploitation if specific steps are not rigorously adhered to. The author hints at further explorations of this theme in subsequent parts of the series, promising to delve into more sophisticated techniques and real-world implications of proving false statements. The current post serves as a foundational introduction to the concept, leaving the reader intrigued by the possibilities and potential dangers of manipulating zero-knowledge proofs.

  • Cryptography
  • proofs
  • zero-knowledge proofs
  • zk-SNARKs
  • Security
  • mathematics
  • Computer Science
  • false statements
  • proof of falsehood
  • Tutorial
  • blog series
  • part 1

  Summary of Comments ( 0 )
  https://news.ycombinator.com/item?id=42939312

  Verbose tl;dr

  Hacker News users discuss the potential misuse of zero-knowledge proofs (ZKPs), expressing concern that they could be used to convincingly lie or create fraudulent attestations. Some commenters highlight the importance of distinguishing between a ZKP verifying a computation versus verifying a real-world fact. They argue that while ZKPs can prove the correct execution of a program on given inputs, they cannot inherently prove the veracity of those inputs. Others discuss the "garbage in, garbage out" principle in this context, suggesting the need for robust, real-world verification methods alongside ZKPs to prevent their misuse. The trustworthiness of the prover remains crucial, and ZKPs alone cannot bridge the gap between computation and reality. A few comments also touch upon the complexity of understanding and implementing ZKPs correctly, potentially leading to vulnerabilities.

  The Hacker News post titled "How to prove false statements? (Part 1)" linking to a blog post about cryptography and zero-knowledge proofs generated several comments discussing the technical details and implications of the presented concepts.

  One commenter highlights the importance of distinguishing between provably false statements within a formal system and statements that are false in the "real world". They emphasize that a formal system can only work with what's defined within its axioms and rules, and thus "false" refers to inconsistency within that system, not necessarily a reflection of external reality. This commenter also points out the challenge of bridging the gap between a formal system and the real world, especially when dealing with real-world data and measurements that might be inherently imprecise or subject to error.

  Another commenter delves into the specifics of zero-knowledge proofs, particularly the concept of a "simulation trapdoor". They explain how this trapdoor allows a simulator to create convincing "proofs" even for false statements, which is crucial for demonstrating the soundness of the zero-knowledge system. This comment also mentions the use of non-interactive zero-knowledge proofs and how they enhance the efficiency and practicality of the system.

  Several commenters discuss the practical applications and limitations of zero-knowledge proofs. One user raises the issue of computational complexity and the potential for proof generation or verification to be computationally expensive. Another commenter mentions the importance of trusting the setup phase of the zero-knowledge system, as a compromised setup could undermine the entire system's security.

  The topic of using zero-knowledge proofs for authentication and authorization also receives attention. One commenter points out the benefits of using these proofs to selectively disclose information without revealing unnecessary details, enhancing privacy and security. However, another commenter counters that this approach relies on having agreed-upon facts in the first place, which might be challenging to establish in certain scenarios.

  Finally, there's a brief discussion on the relation between these cryptographic concepts and philosophical ideas about truth and provability, with one commenter drawing parallels to Gödel's incompleteness theorems.

  Overall, the comments on the Hacker News post delve into the technical intricacies of zero-knowledge proofs, their practical implications, and even their philosophical connections. They provide valuable insights and perspectives beyond the original blog post, highlighting both the potential and the limitations of this fascinating area of cryptography.