range proof in zk-snark - cryptography

The task is something like this. Alice must send Bob the money, but so that the amount remains hidden.
How can this be done if only "hiding" balances are stored in the blockchain? How can I prove to someone that my balance is positive after the transfer?
In other words, how can I prove to someone that the number x >0, if the person only knows the "hiding" of this number, say, g^x, where g is the generator of some elliptic curve. Prove without revealing x.
I know how snarks are constructed: R1 CS-> AP -> weil pairing, I know how this problem would be solved if x were known and not hidden.
For example, we represent x = sum(u_i*2^i) write in R1 CS another u_i u_i = u_i and thus prove that all u_i = 0 or 1
what's next? some very simple dumb guy. if x was known, we would have written it just in r1 cs as a public input and would have quietly checked something like
v2 = u11+u22
v3 = v2+u32^2
...
vn = u_(n-1) + u_n2^(n-1)
and would add public input vn = x
and so what to do?

Related

Restrain variable to a bounded region (interval) formulation in Mixed Integer Linear Programming

I have 4 non negative real variable that are A, B, C and X. Based on the current problem that I have, I notice that the variable X must belong to the interval of [B,C] and the relation will be a bunch of if-else conditions like this:
If A < B:
x = B
elseif A > C:
x = C
elseif B<=A<=C:
x = A
As you can see, it quite difficult to reformulate as a Mixed Integer Programming problem with corresponding decision variable (d1, d2 and d3). I have try reading some instructions regarding if-then formulation using big M method at this site:
https://www.math.cuhk.edu.hk/course_builder/1415/math3220/L2%20(without%20solution).pdf but it seem that this problem is more challenging than their tutorial.
Could you kindly provide me with a formulation for this situation ?
Thank you very much !

Single Value Decomposition algorithm not working

I wrote the following function to perform SVD according to page 45 of 'the deep learning book' by Ian Goodfellow and co.
def SVD(A):
#A^T
AT = np.transpose(A)
#AA^T
AAT = A.dot(AT)
#A^TA
ATA = AT.dot(A)
#Left single values
LSV = np.linalg.eig(AAT)[1]
U = LSV #some values of U have the wrong sign
#Right single values
RSV = np.linalg.eig(ATA)[1]
V = RSV
V[:,0] = V[:,0] #V isnt arranged properly
values = np.sqrt(np.linalg.eig(ata)[0])
#descending order
values = np.sort(values)[::-1]
rows = A.shape[0]
columns = A.shape[1]
D = np.zeros((rows,columns))
np.fill_diagonal(D,values)
return U, D, V
However for any given matrix the results are not the same as using
np.linalg.svd(A)
and I have no idea why.
I tested my algorithm by saying
abs(UDV^T - A) < 0.0001
to check if it decomposed properly and it hasn't. The problem seems to lie with the V and U components but I can't see what's going wrong. D seems to be correct.
If anyone can see the problem it would be much appreciated.
I think you have a problem with the order of the eigenpairs that eig(ATA) and eig(AAT) return. The documentation of np.linalg.eig tells that no order is guaranteed. Replacing eig by eigh, which returns the eigenpairs in ascending order, should help. Also don't rearrange the values.
By the way, eigh is specific for symmetric matrices, such as the ones that you are passing, and will not return complex numbers if the original matrix is real.

Decrypt the message by factoring n or without factoring n in RSA

An RSAcryptosystem has public key n = 18721 and e = 25. Messages are encrypted crypted one letter at a time, converting letters to numbers by A = 2, B = 3 c _ 27. Oscar intercepts the message "365, 18242, 4845, 18242, 17173, 16;134:"" from Alice to Bob.
(la) Decrypt the message by factorizing n.
(lb) Decrypt the message assuming that you cannot factorize n.
can any body teach me too step by step how to decrypt message and also what is p&q
Your questions can be answered by reading the wikipedia page on RSA.
1a
When you factor n, you find integers p and q such that n = p * q. You calculate Y = (p - 1)(q - 1). Then you can find the private key exponent d, which is calculated as d = 1/e mod Y.
To decrypt one of the values c in the intercepted message, you simply calculate m = c^d mod n, where m is the decrypted message. This works because (m^e)^d mod n is equal to 1.
I'll leave the actual calculations to you. If you get stuck, the wiki page has some good examples.
1b
If you cannot factorize n, then you can't decrypt the message. If it were possible to decrypt the message using only the public key (n,e), then why would anyone use RSA?
1a. is answered correctly by the upvoted answer
1b.
Knowing that each message chunk is only 1 character Oscar can encrypt each character of the alphabet with the same e and n and compare them.
a = 2^25 mod 18721 = 6400
b = 3^25 mod 18721 = 18718
c = 4^25 mod 18721 = 17173
...
The upvoted answer is true for encryptions of more than one character but not the case when each character is individually encrypted.
For the 1b approach the phrase Rainbow Table might be revealing (though intentionally somewhat over-specific/misleading).
It was pretty fun. I'll tell you that your 2nd and 4th letters are 'E'; and that I'm pretty sure you typoed the last value (134). It's either 1375 (which makes the most sense to me) or 13444 (the closest string match, and also sort of makes sense).
#bkjvbx's answer is right in the case of RSA as used in the wild; but since this (presumably) homework assignment is using raw RSA on remarkably scoped inputs it's a whole different beast.

Linear programming and event occurrence

Suppose we have N (in this example N = 3) events that can happen depending on some variables. Each of them can generate certain profit or loses (event1 = 300, event2 = -100, event3 = 200), they are constrained by rules when they happen.
event 1 happens only when x > 5,
event 2 happens only when x = 2 and y = 3
event 3 happens only when x is odd.
The problem is to know the maximum profit.
Assume x, y are integer numbers >= 0
In the real problem there are many events and many dimensions.
(the solution should not be specific)
My question is:
Is this linear programming problem? If yes please provide solution to the example problem using this approach. If no please suggest some algorithms to optimize such problem.
This can be formulated as a mixed integer linear program. This is a linear program where some of the variables are constrained to be integer. Contrary to linear programs, solving the general integer program is NP-hard. However, there are many commercial or open source solvers that can solve efficiently large-scale problems. For up to 300 variables and constraints, you can use excel's solver.
Here is a way to formulate the above constraints:
If you go down this route, you might find this document useful.
the last constraint in an interesting one. I am assuming that x has to be integer, but if x can be either integer or continuous I will edit the answer accordingly.
I hope this helps!
Edit: L and U above should be interpreted as L1 and U1.
Edit 2: z2 needs to changed to (1-z2) on the 3rd and 4th constraint.
A specific answer:
seems more like a mathematical calculation than a programming problem, can't you just run a loop for x= 1->1000 to see what results occur?
for the example:
as x = 2 or 3 = -200 then x > 2 or 3, and if x < 5 doesn't get the 300, so all that is really happening is x > 5 and x = odd = maximum results.
x = 7 = 300 + 200 . = maximum profit for x
A general answer:
I don't see how to answer the question without seeing what the events are and how the events effect X ? Weather it's a linear or functional (mathematical) answer seems rather beside the point of finding the desired solution.

preserving units for calculations in programming

I was wondering if there are any sweet languages that offer some sort of abstraction for "feet" vs "inches" or "cm" etc. I was considering doing something like the following in Java:
u(56).feet() + u(26).inches()
and be able to get something like
17.7292 meters as the result.
One possible approach is, when making a new value, immediately convert it to a "base" unit, like meters or something, so you can add them easily.
However, I would much rather have the ability to preserve units, so that something like
u(799.95555).feet() - u(76).feet()
returns
723.95555 feet
and not
243.826452 meters - 23.1648 meters = 220.661652 meters
//220.661652 meters to feet returns 723.955551 feet
Since this problem seems like it would be really common, is there any framework or even a programming language that exists that handles this elegantly?
I suppose I can just add the units as they are in my methods, adding matching units together and only converting in order to +-*/ [add/subtract/multiply/divide] when they are requested, which is great for adding and subtracting:
//A
{
this.inches = 36.2;
this.meters = 1;
}
//total length is 1.91948 m
if I add this to an object B with values
//B
{
this.inches = 0.8;
this.meters = 2;
}
//total length is 2.02032 m
and I get a new object that is
{
this.inches = 37;
this.meters = 3;
}
//total length is 3.9398 meters
which is totally awesome, I can convert it whenever I want no problem. But operations such as multiplication would fail ...
//A * B = 3.87796383 m^2
{
this.inches = 28.96;
this.meters = 2;
}
// ...but multiplying piece-wise and then adding
// gives you 2.01868383 m^2, assuming you make 2m*1m give you 2 m^2.
So all I really wanted to show with that example was that
( A1 + A2 ) * ( Z1 + Z2 ) is not ( A1 * Z1 ) + ( A2 * Z2 )
And I'm pretty sure this means one has to convert to a common unit if they want to multiply or divide.
The example was mostly to discourage the reflexive answer, that you add or subtract them piece-wise before converting at the last moment, since * and / will fail.
tl;dr: Are there any clever ways to preserve units in programming? Are there clever ways to name methods/routines such that it's easy for me to understand what I'm adding and subtracting, etc?
I know for a fact there is such a language, although I haven't used it myself.
It's called Frink.
It not only allows you to mix different units for the same dimension but also operate on several different physical measurements. The sample calculations on its site are a fun read. I particular like the Superman bit.
F# has language support for units of measure.
EDIT: See also How do F# Units of Measure work
Many functional languages allow creating types for this sort of unit preservation. In Haskell:
-- you need GeneralizedNewtypeDeriving to derive Num
newtype Feet = Feet {unFeet :: Float} deriving (Eq, Show, Num)
newtype Meters = Meters {unMeters :: Float} deriving (Eq, Show, Num)
Now each unit is its own type, and you can only perform operations on values of the same type:
*Main> let a1 = 1 :: Feet
*Main> let a2 = 2 :: Feet
*Main> let a3 = 3 :: Meters
*Main> a1+a2
Feet 3.0
*Main> a1+a3
<interactive>:1:3:
Couldn't match expected type `Feet' against inferred type `Meters'
In the second argument of `(+)', namely `a3'
In the expression: a1 + a3
In the definition of `it': it = a1 + a3
*Main>
Now you can create a conversion type class to convert to and from any measurement types
class LengthMeasure unit where
untype :: unit -> Float
toFeet :: unit -> Feet
toFeet = Feet . (* 3.2808) . untype . toMeters
toMeters :: unit -> Meters
toMeters = Meters . (* 0.3048) . untype . toFeet
instance LengthMeasure Feet where
untype = unFeet
toFeet = id
instance LengthMeasure Meters where
untype = unMeters
toMeters = id
Now we can freely convert between types:
*Main> a1+toFeet a3
Feet {unFeet = 10.842401}
Of course, packages to do this sort of thing are available in Haskell.
Since you're using Java already, maybe Scala or Clojure would offer similar capabilities?
JSR-275 might be relevant http://code.google.com/p/unitsofmeasure/
See Which jsr-275 units implementation should be used?
I have done a lot of work with Units and there isn't anything comprehensive. You can find a lot of partial utilities (I think there are some distributed with UNIXes). NIST was developing a units markup language but it's been at least a decade cooking.
To do this properly needs an ontology in which the units are defined and the rules for conversion. You also have to deal with prefixes.
If you stick with physical science (SI units) there are 7 (possibly 8) base unit-types and 22 named derived quantities. But there are an also infinote number of ways they can be combined. For example the rate of change of acceleration is called "jerk" by some. In principle you could have an indefinite number of derivatives.
Are currencies units? etc...