[Back] With the Blind evaluation problem Bob doesn't want Alice to known the values that he is using and Alice doesn't want Bob to know the method she is using to compute a result. For this we use zkSNARK. In this case the equation is \(P(x)=ax + bx^2\):
zkSNARK (Blind evaluation problem)
In the blind evaluation problem, we do not want Bob to determine the method we are using to implement a given function, but we want him to know the result with a value of s. Then although we get Alice to compute the result, she will not know s.
For this we use polynomials, and where we have an equation such as:
\(P(x)= a_0 + a_1 x + a_2 x^2\)
Bob sends all the elements - known as hidings - of the computation for a value of s:
\(E(a_0)\), \(E(a_1 \times s)\) and \(E(a_2 \times s^2)\)
Alice will not know the value of s used, but she knows the "wiring" of the function. In this case she knows that it is a simple adding operation, so she can compute using Homomorphic encryption:
\(E(P(s)) = E(a_0) + E(a_1 \times s) + E(a_2 \times s^2)\)
She can do this because:
So Alice, who knows a and b, can simply raise the values received to the polynomial factors and multiply and return to Bob. Bob then knows the answer, but Alice doesn't know the value of s used.
Here is some sample code for an equation of \(ax + b x^2\):
import sys import random n=101 g= 3 x=5 a = 3 b = 4 # eqn = ax + b x^2 E1= g**( a *x ) % n E2= g**(b*x*x) % n E3 = (E1 * E2) % n E4 = g**(a*x + b*x*x) % n print '======Agreed parameters============' print 'P=',n,'\t(Prime number)' print 'G=',g,'\t(Generator)' print 'a=',a print 'b=',b print 'x=',x,'\t(Eqn= ax + bx^2)' print '======zkSnark====================' print 'E3=',E3 print 'E4=',E4 if (E3==E4): print 'Alice has computed the result' else: print 'Alice has proven she does not know result'
Alice gets sent E1 and E2 and then she adds then (which is a multiplication with discrete logarithms), and sends E3 back. This is the result of E(3x + 4x^2) for a value of x = 5. Alice does not know the value of x, and Bob doesn't know how Alice did the computation. Here is an example.
With Blockchain we cannot hide the identities involved in a transaction and the code the implement, thus we can tell how many bitcoins that Bob has in his account and all the transaction values. With zkSNARK we can hide the values used within computations on the blockchain.