Yang Yang, Han Shangbin, Xie Ping, Zhu Yan, Ding Zhenyang, Hou Shengjie, Xu Shicheng, Zheng Haibin
School of Cyber Science and Technology, Beihang University, Beijing 100191, China.
National Innovation Institute of Defense Technology, Academy of Military Sciences, Beijing 100071, China.
Sensors (Basel). 2022 Aug 9;22(16):5951. doi: 10.3390/s22165951.
With the increasing demand for privacy protection in the blockchain, the universal zero-knowledge proof protocol has been developed and widely used. Because hash function is an important cryptographic primitive in a blockchain, the zero-knowledge proof of hash preimage has a wide range of application scenarios. However, it is hard to implement it due to the transformation of efficiency and execution complexity. Currently, there are only zero-knowledge proof circuits of some widely used hash functions that have been implemented, such as SHA256. SM3 is a Chinese hash function standard published by the Chinese Commercial Cryptography Administration Office for the use of electronic authentication service systems, and hence might be used in several cryptographic applications in China. As the national cryptographic hash function standard, the zero-knowledge proof circuit of SM3 (Chinese Commercial Cryptography) has not been implemented. Therefore, this paper analyzed the SM3 algorithm process, designed a new layered circuit structure, and implemented the SM3 hash preimage zero-knowledge proof circuit with a circuit size reduced by half compared to the automatic generator. Moreover, we proposed several extended practical protocols based on the SM3 zero-knowledge proof circuit, which is widely used in blockchain.
随着区块链中隐私保护需求的不断增加,通用零知识证明协议得到了发展并被广泛应用。由于哈希函数是区块链中的一种重要密码原语,哈希原像的零知识证明具有广泛的应用场景。然而,由于效率和执行复杂度的转变,很难实现它。目前,仅实现了一些广泛使用的哈希函数的零知识证明电路,如SHA256。SM3是中国商用密码管理办公室发布的用于电子认证服务系统的国产哈希函数标准,因此可能在中国的一些密码应用中使用。作为国家密码哈希函数标准,SM3(国密)的零知识证明电路尚未实现。因此,本文分析了SM3算法过程,设计了一种新的分层电路结构,并实现了SM3哈希原像零知识证明电路,其电路规模比自动生成器减少了一半。此外,我们基于SM3零知识证明电路提出了几种扩展的实用协议,这些协议在区块链中得到了广泛应用。
