8 research outputs found
Casting out Primes: Bignum Arithmetic for Zero-Knowledge Proofs
We describe a nondeterministic method for bignum arithmetic. It is inspired by the casting out nines technique, where some identity is checked modulo 9, providing a probabilistic result.
More generally, we might check that some identity holds under a set of moduli, i.e. for each . Then \DeclareMathOperator{\lcm}{lcm} f(\vec{x}) = 0 \mod \lcm(M), and if we know |f(\vec{x})| < \lcm(M), it follows that .
We show how to perform such small-modulus checks efficiently, for certain such as bignum multiplication. We focus on the cost model of zero-knowledge proof systems, which support field arithmetic and range checks as native operations
eSTARK: Extending STARKs with Arguments
STARK is a widely used transparent proof system that uses low-degree
tests for proving the correctness of a computer program. STARK consumes an
intermediate representation known as AIR that is more appropriate for programs
with a relatively short and structured description. However, an AIR is not able to
succinctly express non-equality constraints, leading to the incorporation of unwanted
polynomials.
We present the eSTARK protocol, a new probabilistic proof that generalizes the
STARK family through the introduction of a more generic intermediate representa-
tion called eAIR. We describe eSTARK in the polynomial IOP model, which com-
bines the optimized version of the STARK protocol with the incorporation of three
arguments into the protocol. We also explain various techniques that enhance the
vanilla STARK complexity, including optimizations applied to polynomial computa-
tions, and analyze the tradeoffs between controlling the constraint degree either at
the representation of the AIR or inside the eSTARK itself
Twisted Edwards elliptic curves for zero-knowledge circuits
Circuit-based zero-knowledge proofs have arose as a solution to the implementation
of privacy in blockchain applications, and to current scalability problems that blockchains suffer
from. The most efficient circuit-based zero-knowledge proofs use a pairing-friendly elliptic curve to
generate and validate proofs. In particular, the circuits are built connecting wires that carry elements
from a large prime field, whose order is determined by the number of elements of the pairing-friendly
elliptic curve. In this context, it is important to generate an inner curve using this field, because it
allows to create circuits that can verify public-key cryptography primitives, such as digital signatures
and encryption schemes. To this purpose, in this article, we present a deterministic algorithm for
generating twisted Edwards elliptic curves defined over a given prime field. We also provide an
algorithm for checking the resilience of this type of curve against most common security attacks.
Additionally, we use our algorithms to generate Baby Jubjub, a curve that can be used to implement
elliptic-curve cryptography in circuits that can be validated in the Ethereum blockchain.This research has been partially funded by the projects Project RTI2018-102112-B-100
(AEI/FEDER, UE), i3Market (H2020-ICT-2019-2 grant number 871754) and TCO-RISEBLOCK (PID2019-
110224RB-I00)
New privacy practices for blockchain software
© 2021 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes,creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.The benefits of blockchain technologies for industrial applications are unquestionable. However, it is a considerable challenge to use a transparent system like blockchain and at the same time provide privacy to sensitive data. Privacy technologies permit conducting private transactions about sensitive data over transparent networks, but their inherent complexity has been overwhelming for many developers. Closing the gap between developers and privacy-preserving technologies would help to the full adoption of the privacy by design framework for blockchain software. To this end, in this paper we present the software tools we have implemented to bring complex privacy technologies closer to developers and facilitate the job of implementing privacy-enabled blockchain applications.This research is supported by the Ethereum Foundation Ecosystem Support [9], TCO-RISEBLOCK
(PID2019-110224RB-I00), H2020-i3-MARKET,
ARPASAT (TEC2015-70197-R), 2014-SGR-1504,
RTI2018-102112-B-I00 (AEI/FEDER,UE) and H2020
PRESENT (856879).Peer ReviewedPostprint (published version
Systematic review: third-line susceptibility-guided treatment for infection
Background: Susceptibility-guided therapies (SGTs) have been proposed as preferable to empirical rescue treatments after two treatment failures. The aim of this study was to perform a systematic review and meta-analysis evaluating the effectiveness and efficacy of SGT as third-line therapy. Methods: A systematic search was performed in multiple databases. Studies reporting cure rates of Helicobacter pylori with SGT in third-line therapy were selected. A qualitative analysis describing the current evidence and a pooled mean analysis summarizing the cure rates of SGT in third-line therapy was performed. Results: No randomized controlled trials or comparative studies were found. Four observational studies reported cure rates with SGT in third-line treatment, and three studies which mixed patients with second- and third-line treatment also reported cure rates with SGT. The majority of the studies included the patients when culture had been already obtained, and so the effectiveness of SGT and empirical therapy has never been compared. A pooled mean analysis including four observational studies (283 patients) showed intention-to-treat and per-protocol eradication rates with SGT of 72% (95% confidence interval 56â87%; I 2 : 92%) and 80% (95% confidence interval 71â90%; I 2 : 80%), respectively. Conclusions: SGT may be an acceptable option as rescue treatment. However, cure rates are, at best, moderate and this approach has never been compared with a well-devised empirical therapy. The evidence in favor of SGT as rescue therapy is currently insufficient to recommend its use