Non-Interactive Zero-Knowledge Proofs (NIZKPoK) are a type of cryptography that enables a prover to convince a verifier that they know a secret value without revealing the value itself. In this article, we will delve into the concept of NIZKPoK, its applications, and how it works.
NIZKPoK originated from the concept of Fiat-Shamir transform, which is a non-interactive proof system. This transform was first introduced by Amos Fiat and Adi Shamir in 1986. The Fiat-Shamir transform involves a sequence of steps that enable a prover to generate a proof, which can be verified by a verifier without any interaction between the two parties.
The proof consists of a commitment value (t) and a challenge value (c) generated by the prover. The commitment value (t) is calculated as g^r, where g is a public parameter, r is a random value, and ^ represents exponentiation. The challenge value (c) is generated by hashing the commitment value (t) using a suitable hash function.
The prover then computes a response value (z) as r + c * x, where x is the secret value that the prover wants to prove knowledge of. The response value (z) is then sent to the verifier.
The verifier checks the proof by calculating g^z and verifying that it is equal to t * h^c, where h is the public parameter and ^ represents exponentiation. If the verification succeeds, the verifier is convinced that the prover knows the secret value without revealing it.
In the following sections, we will provide a code example that demonstrates how to implement NIZKPoK using elliptic curves. We will use the ecdsa library to generate and verify the proof.