Upgrade to Pro — share decks privately, control downloads, hide ads and more …

匿名性が気になってZerocashの White Paperを追ってみた #blockchaintokyo

Masashi Salvador Mitsuzawa
January 16, 2018
Technology
2
3.9k

匿名性が気になってZerocashの White Paperを追ってみた #blockchaintokyo

匿名性通貨に関して気になったので素人がホワイトペーパーを読みながら追ってみました。Zerocashはいきなり取り掛かるにはかなりゴツいので、他の通貨から始める #blockchaintokyo

Masashi Salvador Mitsuzawa

January 16, 2018
Tweet

More Decks by Masashi Salvador Mitsuzawa

See All by Masashi Salvador Mitsuzawa
ブロックチェーン基盤比較_向き不向きの観点でユースケースを考える.pdf
masashisalvador57f
1
2.2k
実践:Ethereumを利用したアプリケーション開発 ~ 技術選択・アーキテクチャ・地雷~
masashisalvador57f
1
5.6k
イーサリアムのデータ構造
masashisalvador57f
7
5.2k
go generate と go/ast のざっくりとした話
masashisalvador57f
0
1.9k
Golang @ eureka
masashisalvador57f
2
3.8k
Talk About GopherJS (Briefly)
masashisalvador57f
0
610

Other Decks in Technology

See All in Technology
Teamsコネクタについて(チーム、チャネル)
miyakemito
2
380
replace of cart system on ZOZOTOWN
takahashikazutaro
0
400
作って理解するバックドア
ad5jp
0
330
【5分でわかる】セーフィー エンジニア向け会社紹介
safie_recruit
0
260
GitHub Actionsと"仲良くなる"ための練習方法
tsubakimoto_s
10
2.9k
他言語と比較して今こそ理解しよう! 目指せ、列挙型マスター!
soachr
0
120
Exciting WebPageTest Scripting - WebPerf Meetup Hamburg, 20230323
tbaldauf
0
220
Webアプリケーション設計の第一歩は
ディレクトリの整理から / Encraft 1
okunokentaro
23
6.7k
Win Testing Trophy Easily / テスティングトロフィーを獲得する / PHPerKaigi 2023
k1low
2
210
べ、べつにアンタのことなんて 好きなんかじゃないんだからね! ねぇS3、アンタ聞いてんの!?
kentosuzuki
0
300
大規模言語モデルで変わるMLシステム開発
hirosatogamo
13
10k
ちょっとわかるWindows Autopilot
shao1555
1
360

Featured

See All Featured
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
227
16k
Rebuilding a faster, lazier Slack
samanthasiow
70
7.6k
Reflections from 52 weeks, 52 projects
jeffersonlam
340
18k
The Pragmatic Product Professional
lauravandoore
21
3.6k
It's Worth the Effort
3n
177
26k
Designing Experiences People Love
moore
130
22k
A Modern Web Designer's Workflow
chriscoyier
689
180k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
38
3.7k
The MySQL Ecosystem @ GitHub 2015
samlambert
240
11k
The Mythical Team-Month
searls
210
40k
Robots, Beer and Maslow
schacon
154
7.4k
The Illustrated Children's Guide to Kubernetes
chrisshort
23
43k

Transcript

  1. ಗ໊ੑ͕ؾʹͳͬͯ;FSPDBTIͷ

    8IJUF1BQFSΛ௥ͬͯΈͨ
    @MasashiSalvador
    2018/01/16 blockchain.tokyo#4 @Mercari

    View Slide

  2. Who am I?
    %F/"
    ιʔγϟϧήʔϜ։ൃ
    FVSFLB
    σʔςΟϯάΞϓϦέʔγϣϯ։ൃ
    (Pݴޠ
    'PVOEFEBTUBSUVQ'SFFMBODF
    ཱྀߦऀ޲͚ͷαʔϏε্ཱͪ͛
    3FBDU3BJMT
    J04։ൃ
    (VOPTZOPX d/08
    άϊγʔͷಈըपลͷ։ൃ
    @MasashiSalvador
    (Masashi Salvador Mitsuzawa)
    ܦྺ
    झຯ
    ΧϨʔ৯͏ͨΊʹੜ͖ͯΔ!JOTUBHSBN
    ஡ಓ͓஡पΓ
    ɹɹք۾Ͱ͓஡΍ͬͯΔํ͓੠͕͚Λʜ

    View Slide

  3. - Ծ૝௨՟ʹ͓͚Δಗ໊ੑ
    - Zcashೖ໳
    - Zcashͱ͸
    - θϩ஌ࣝূ໌
    - zcashd / zcash-cli
    - Zcashͷߟ͑ํ
    - Zcash White PaperΛಡΉ

    View Slide

  4. Ծ૝௨՟ʹ͓͚Δಗ໊ੑ
    - औҾ͕νΣʔϯ্ʹશͯެ։͞Ε͍ͯΔ
    - ୭͔Β୭ʹ͍͘Βࢧ෷ΘΕ͔ͨΛtraceͰ͖Δ
    - ࢧ෷͍ܦ࿏ / ֹ͕ݟ͑ͯ͠·͏ͱ͍͏ҙຯͰඇಗ໊
    - Mixing
    - Ring Signature
    - One-Time Address
    - Zero Knowledge Proof
    - Bitcoin
    - traceabilityΛԼ͛ΔͨΊͷٕज़
    5Y
    5Y
    5Y
    5Y
    1PPM/PEF




    5Y
    5Y


    View Slide

  5. - ֤छಗ໊ੑ௨՟ͱར༻ٕज़
    - ͦͷଞʮಗ໊ੑʯΛ࣮ݱ͢ΔͨΊͷٕज़
    - Blind Signature (த਎Λ஌Δ͜ͱͳ͘ॺ໊͢Δʣ

    View Slide

  6. ;$BTIͱ͸ʁ
    - ਖ਼ࣜϦϦʔε: 2016/10/26 ~
    - ZCash Company͕؅ཧओମ
    - ZCash Foundation͕Zcash ProtocolΛ؅ཧ

    https://github.com/ZcashFoundation/ZcashFoundation/blob/master/MISSION.md
    - Protocol΍࣮૷͸Φʔϓϯιʔε
    - White PaperΛϕʔεʹProtocol Specʹ۩ମԽͷํ๏͕هࡌ
    - ൃߦ૯ྔ͸Bitcoinͱಉ͡2100ສຕ
    - ൃߦϧʔϧ͸ௐ੔͞Ε͍ͯΔ
    - Proof of Work / EquiHash
    - ιʔείʔυͷେݩ͸Bitcoin
    - ͔ͳΓScientificͳํ๏Ͱ࡞͍ͬͯΔͳ͊…ͱ͍͏ҹ৅

    View Slide

  7. θϩ஌ࣝূ໌d>
    - > ࣗ෼ͷ͍࣋ͬͯΔ໋୊͕ਅͰ͋Δ͜ͱΛ఻͑ΔͷʹɺਅͰ͋Δ͜ͱҎ֎ͷԿͷ஌ࣝ΋఻͑Δ͜ͱ
    ͳ͘ূ໌Ͱ͖ΔΑ͏ͳ΍ΓͱΓͷख๏ (https://ja.wikipedia.org/wiki/θϩ஌ࣝূ໌)
    - Πϝʔδ:ະ࢖༻τϥϯβΫγϣϯʹରԠ͢Δൿີ伴Λॴ͍࣋ͯ͠Δ͜ͱΛൿີ伴Λఏࣔͤͣʹূ໌
    - ֬཰తূ໌ (ࢼߦճ਺Λ܁Γฦ͢͜ͱͰِͷ໋୊Λਅͱࣔ֬͢཰ΛݮΒ͢
    - ಎ۸ͷྫ
    - ຤ඌʹࢀߟจݙΛ෇͠·͢
    - ର࿩ܕͱඇର࿩ܕ͕͋Δ





    View Slide

  8. [DBTIE[DBTIDMJ
    - جຊbitcoinͱಉ͡ / Debianܥʹ͸γϡοͱೖΔ
    TFFIUUQTHJUIVCDPN[DBTI[DBTIXJLJ%FCJBOCJOBSZQBDLBHFT
    - Installation
    - Download Required Parameters
    - testnet༻ͷઃఆΛॻ͍ͯΰχϣΔ

    View Slide

  9. [DBTIE[DBTIDMJ
    - جຊbitcoinͷclientͱಉ͡
    - Shield address / ී௨ͷΞυϨεͲͪΒ΋ൃߦͰ͖Δ

    View Slide

  10. τϥϯβΫγϣϯͷத਎
    - https://explorer.zcha.inɹͰݟΕΔ
    - ಗ໊ΞυϨε -> ެ։ΞυϨε
    https://explorer.zcha.in/transactions/ad01194807f9f343f46125ef703742ea91be14c72c5277880a98b4e4a5a3f450
    - ެ։ΞυϨε -> ಗ໊ΞυϨε
    https://explorer.zcha.in/transactions/757b8ec048fc76a39c12813d5861df868e9036f98c13b4464b1662b55b09609e

    View Slide

  11. ;DBTIͷߟ͑ํ
    - ҎԼ White Paper[2014] ʹଇΓ·͢
    - Լهͷ6εςοϓͰ Decentralized Anonimous PaymentΛߟ͑Δ
    1. user anonymity with fixed-value coins
    ૹ৴ऀΛൿಗ͢Δํ๏Λ؆୯ʹఏҊ
    2. compressing the list of coin commitments.
    ϚʔΫϧπϦʔΛѹॖͯ͠ޮ཰Λ্͛Δ
    3. extending coins for direct anonymous payments.
    ಗ໊ੑΛอͬͨ··ະ࢖༻τϥϯβΫγϣϯΛ࢖༻͢Δํ๏
    4. sending coins.
    ɹɹkey-private encryption schemeΛ༻͍ͨૹۚ๏
    5. public outputs.
    ɹɹඇಗ໊ͳτϥϯβΫγϣϯΞ΢τϓοτΛ࡞ΕΔΑ͏ʹमਖ਼
    6. non-malleability.
    ɹɹϚϦΞϏϦςΟʹؔ͢Δߟ࡯

    View Slide

  12. 1. user anonymity with fixed-value coins

    બ୒ͨ͠ϥϯμϜͳ஋
    ϝοηʔδ
    ίϛοτϝϯτ
    statistically-hiding non-interactive commitment schemeΛ༻͍Δͦ͏
    ༻ޠ
    ྆ऀΛ஌͍ͬͯΔ৔߹ͷΈ౳߸ͷ੒ཱΛ֬ೝͰ͖Δ
    coinͷϕʔεͱͳΔߟ͑ํ
    2ͭͷཚ਺ Λબ୒͠ Λܭࢉ͢Δ
    ͱ͢Δ
    ΛؚΊͯ
    ૹ৴
    1BTCΛpoolʹdeposit ωοτϫʔΫʹه࿥͞ΕͨίϛοτϝϯτͷҰཡ
    ίΠϯੜ੒

    View Slide

  13. ΋஌͍ͬͯΔͷͰ͕ Λ࢖͔ͬͨͲ͏͔෼͔Δɻͦ΋ͦ΋͕ෆਖ਼ʹ࢖͑Δ

    ͓Αͼ
    ྆ऀΛؚΜͩ
    ͕
    ૹ৴
    ίΠϯ࢖༻
    θϩ஌ࣝূ໌͢Δ໋୊ : ʹؚ·ΕΔΑ͏ͳ Λ஌͍ͬͯΔ
    ূ໌Ͱ͖Ε͹depositͨ͠1BTC͕෷͍ग़͞ΕΔ
    White Paperʹ͸͜ΕʹΑΓར༻ऀͷಗ໊ੑ͕ಘΒΕΔͱॻ͔Ε͍ͯΔ͕ʢϐϯͱ͖͍ͯͳ͍…)
    > the origin of the payment is anonymous.

    ໰୊఺:ૹۚͰ͖ͳ͍

    ΋

    View Slide

  14. 3. extending coins for direct anonymous payments
    ಗ໊Ͱૹۚ͠߹͑ΔΑ͏ʹಓ۩Λಋೖ
    pseudorandom function (moreover collision-resistant)
    address public key / address private key

    Լ४උ
    Λੜ੒
    γʔυ ੜ੒͞Εͨaddress private key
    ίΠϯͷੜ੒

    ͷྔͷcoinΛੜ੒
    Λ1ͭબͼcoinͷγϦΞϧφϯόʔ ΛఆΊΔ
    ཚ਺ ʹରͯ͠ Λܭࢉ͢Δ
    ʹରͯ͠ Λܭࢉ͢Δ
    Λcoinͱ͠
    ͸ ΛؚΉ
    Λdepositͨ͠৔߹ͷΈωοτϫʔΫʹτϥϯβΫγϣϯ͕औΓࠐ·ΕΔ
    ཚ਺

    View Slide

  15. 3. extending coins for direct anonymous payments
    ίΠϯͷ࢖༻

    address:
    address:
    ίΠϯੜ੒ͱಉ༷ʹ Λܭࢉ
    Լهͷθϩ஌ࣝূ໌͢΂໋͖୊ΛίΠϯར༻ͷτϥϯβΫγϣϯʹؚΊΔ
    ʁʁ

    View Slide

  16. Λղऍ͢Δͱ
    - ൿಗ͢΂͖৘ใΛ໌͔ͣ͞ʹɺίΠϯ͕ϧʔϧʹଇͬͯੜ੒͞Ε͍ͯΔ͜ͱ
    - ૹۚݩͷެ։伴Λੜ੒͢Δൿີ伴஌͍ͬͯΔ͜ͱ
    - ίΠϯͷ࢖༻৚݅Ͱ͋ΔγϦΞϧφϯόʔΛੜ੒͢Δൿີ伴Λ஌͍ͬͯΔ͜ͱ
    - ࢖༻͢ΔίΠϯʹରԠ͢Δੜ੒τϥϯβΫγϣϯ͕ଘࡏ͢Δ
    - ૹۚ͢ΔίΠϯͷֹ໘͕͍͘Β͔͸໌͔͞ͳ͍͕ɺ߹ܭ஋ͰӕΛ͍͍ͭͯͳ͍
    ͱ͍͏͜ͱʹͳΔ

    View Slide

  17. - ݁ՌɺτϥϯβΫγϣϯʹૹۚઌΞυϨε΋ૹۚ͢Δ஋΋ؚΊ͍ͯͳ͍
    - ಗ໊ੑ͕੒Γཱ͍ͬͯΔ
    - ίΠϯΛ࢖༻͢ΔͨΊͷ஋Λ҆શʹૹۚ૬खʹ఻͑Δඞཁ͕͋Δ…

    View Slide

  18. ௥͍͖Ε͍ͯͳ͍͜ͱ
    - εέʔϥϏϦςΟ
    - Zk-SNARKͱݺ͹ΕΔθϩ஌ࣝূ໌ͷৄࡉ
    - ඇର࿩ܕͰͲ͏࣮૷͍ͯ͠Δ͔
    - τϥϯβΫγϣϯͷৄࡉ
    - JoinSplit Transaction
    - ͲΜͳ෩ʹ࣮૷͞Ε͍ͯΔͷ͔…
    - पลٕज़..
    - ੬ऑੑपΓ

    https://z.cash/blog/fixing-zcash-vulns.html

    View Slide

  19. ॴײ
    - ։ൃ͸ͦΕͳΓʹਐΜͰ͍ͦ͏
    - BlogͰͷ৘ใൃ৴΋׆ൃ
    - ΰπ͔ͬͨ…

    View Slide