Shulou(Shulou.com)06/01 Report--

This article mainly explains "how to build Miximus mixed currency reference". Interested friends may wish to take a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn "how to build Miximus mixed currency references".

1. Overview of the application of Miximus mixed currency

Using the Miximus mixed currency application, you can deposit an ETH, and then use zkSNARK evidence to prove that you hold the consumption key of the coin. After verification, you can withdraw the coin, and the whole process ensures anonymity.

The main source code of Miximus includes:

Miximus.sol

Miximus.py

Test_miximus.py

Miximus.cpp

The zkSNARK certifier is built as a native library, so it can be packaged into your application, and when the correct parameters are provided, the library will return zkSNARK evidence in JSON format. You might think zkSNARKs is slow-the average time for Miximus's algorithm to generate evidence is 5 seconds, but we're still working on its security features.

2. Construct Miximus mixed currency reference

If you build a Miximus mixed-currency application on Linux, you need to install the following dependent software first:

Cmake 3

Gmail + or clang++

Gmp

Libcrypto

Boost

Npm / nvm

Brew and nvm are required on OSX:

Make git-submodules # Pull sub-repositoriesmake-C ethsnarks mac-dependenciesmake-C ethsnarks python-dependenciesnvm install-- ltsmake

Build on Ubuntu using the following command:

Make git-submodules # Pull sub-repositoriessudo make-C ethsnarks ubuntu-dependenciesmake-C ethsnarks python-dependenciesnvm install-- ltsmake

The build command on CentOS is as follows:

The working principle of yum install cmake3 boost-devel gmp-develnvm install-ltsmake git-submodules # Pull sub-repositoriesmake-C ethsnarks python-dependenciesmake CMAKE=cmake33 and Miximus mixed currency applications

Suppose Alice wants to transfer a currency to Bob:

1. Bob gives Alice a hash of the ciphertext that only he knows. 2. Alice uses the Deposit () method of the Miximus intelligent contract to deposit an ETH to the contract, while passing in the hash 3 given by Bob, the currency deposited by Alice is inserted into the merkle tree maintained by the contract, and all the coins on this tree are an ETH 4. Bob uses ciphertext to generate zkSNARK evidence, which can prove that he owns the corresponding currency in the Miximus contract. Unlinkable consumption tags are included in the evidence to prevent the same currency from being consumed twice (double spending). 5. Bob uses the Withdraw () method of the Miximus contract to submit evidence and consumption tags. If the corresponding currency has not been consumed, then Miximus pays Bob an ETH.

4. Implementation details of Miximus mixed currency application

If Alice wants to transfer money to Bob, she needs Bob to provide a ciphertext hash. Bob first generates a random ciphertext (random field members, modularized by zkSNARK primes):

Coin_secret = FQ.random ()

Then Bob sends the hash of the ciphertext to Alice:

Bobs_leaf = H (coin_secret) # Generated using `MakeLeafHash () `method of the smart-contract

When Alice calls the Deposit () method of the Miximus contract to save the Ethernet coin, it passes in the bobs_leaf parameter, which is also the leaf node of the stored currency on the merkle tree in the Miximus contract. Bob can listen to whether the Alice has completed the transfer by listening to the OnDeposit event of the Miximus contract. Since only Bob knows the ciphertext, only Bob can generate correct zkSNARK evidence.

Bob uses the leaf_index parameter (obtained from the OnDeposit event) to call the GetPath () method of the Miximus contract to extract the merkle tree path corresponding to the currency deposited by Alice, and uses the contract GetRoot () method to get the root node of the contract merkle tree.

Bob calls the GethExtHash () method of the Miximus contract to extract its external hash, that is, the hash of the contract address and the Bob Ethernet Square address. This means that only Bob's account can submit its generated evidence to the specified contract in order to avoid replay attacks and other malicious acts.

5. Pseudo code of zkSNARK circuit.

Only the external_hash, nullifier, and merkle_root parameters are public and can be found on the chain, and the rest of the data is private input to zkSNARK evidence:

Def circuit (secret, path_var, address_bits, nullifier, root, external_hash, pub_hash): assert H (root, nullifier, external_hash) = = pub_hash leaf_hash = H (secret) # Prove we know the secret for the leaf assert root = = merkle_authenticate (path_var, address_bits, leaf_hash) # Prove that leaf exists within the tree assert H (address_bits, secret) = = nullifier

The above circuits can be verified:

The leaf node is on the merkle tree

The verifier knows the ciphertext corresponding to the leaf node (preimage of the hash)

The consumption label is derived from the leaf node.

Because of the zkSnark evidence at this time, the above proof process will not reveal which leaf node of the merkle tree, but if Bob tries to generate two evidences for the same leaf node, then Bob's double flower attempt will not succeed because the consumption label is the same.

The Miximus contract does not use a key (or secp256k1), and its implementation only makes use of ciphertext and hash. ZkSNARK evidence can prove that you do know the ciphertext without revealing its specific content. The hash function used by the Miximus contract is MiMC, which acts on prime fields rather than byte data.

At this point, I believe you have a deeper understanding of "how to build Miximus mixed currency reference". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.