├── .gitignore ├── .gitmodules ├── commit.png ├── complain2.png ├── de.tex ├── isovdf.bib ├── isovdf.tex ├── llncs.cls ├── reveal.png ├── slide.tex ├── splncs04.bst ├── talks ├── jeff-siam-2019.tex ├── jeff_rumpsession_talk_eurocrypt2019.tex ├── logos │ └── web3logo.jpg └── pics │ └── mix │ ├── blending.svg │ ├── epistemic.svg │ ├── initial.svg │ ├── intersection.svg │ ├── mix_instant.png │ ├── mix_time.svg │ ├── noun_1014400_cc.svg │ ├── providers.svg │ ├── sphinx-kex.pdf_tex │ ├── sphinx-kex.sh │ ├── sphinx-kex.svg │ ├── sphinx.pdf_tex │ ├── sphinx.sh │ ├── sphinx.svg │ ├── surb.pdf_tex │ ├── surb.sh │ ├── surb.svg │ ├── tagging.pdf_tex │ ├── tagging.sh │ └── tagging.svg ├── unicode.sty ├── video ├── __init__.py ├── clock.png ├── de.mlt ├── doge.png ├── dogetizer-2021-10-12-2-38-14.jpg ├── ibe.py ├── imply.py ├── movie.kdenlive ├── sign.py ├── slide.tex └── walk.py └── zkp.bib /.gitignore: -------------------------------------------------------------------------------- 1 | *.pdf 2 | *.aux 3 | *.log 4 | *.blg 5 | *.out 6 | *.synctex.gz 7 | 8 | *~ 9 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "isogenies_bib"] 2 | path = isogenies_bib 3 | url = git://github.com/defeo/isogenies.bib.git 4 | -------------------------------------------------------------------------------- /commit.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/burdges/isogenies_vdf_uses/da25a05f43881ee4e1138238cdb1970b244d459c/commit.png -------------------------------------------------------------------------------- /complain2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/burdges/isogenies_vdf_uses/da25a05f43881ee4e1138238cdb1970b244d459c/complain2.png -------------------------------------------------------------------------------- /isovdf.bib: -------------------------------------------------------------------------------- 1 | @INPROCEEDINGS{Stadler96publiclyverifiable, 2 | author = {Markus Stadler}, 3 | title = {Publicly Verifiable Secret Sharing}, 4 | booktitle = {}, 5 | year = {1996}, 6 | pages = {190--199}, 7 | publisher = {Springer-Verlag} 8 | } 9 | 10 | @INPROCEEDINGS{Schoenmakers99asimple, 11 | author = {Berry Schoenmakers}, 12 | title = {A simple publicly verifiable secret sharing scheme and its application to electronic voting}, 13 | booktitle = {In CRYPTO}, 14 | year = {1999}, 15 | pages = {148--164}, 16 | publisher = {Springer-Verlag} 17 | } 18 | 19 | @techreport{TLP, 20 | author = {Rivest, R. L. and Shamir, A. and Wagner, D. A.}, 21 | title = {Time-lock Puzzles and Timed-release Crypto}, 22 | year = {1996}, 23 | source = {http://www.ncstrl.org:8900/ncstrl/servlet/search?formname=detail\&id=oai%3Ancstrlh%3Amitai%3AMIT-LCS%2F%2FMIT%2FLCS%2FTR-684}, 24 | publisher = {Massachusetts Institute of Technology}, 25 | address = {Cambridge, MA, USA}, 26 | url = {https://people.csail.mit.edu/rivest/pubs/RSW96.pdf}, 27 | } 28 | 29 | @book{Parhami, 30 | author = {Parhami, B}, 31 | year = {2000}, 32 | month = {01}, 33 | pages = {}, 34 | title = {Computer Arithmetic: Algorithms and Hardware Designs}, 35 | isbn = {978-0-19-512583-2} 36 | } 37 | 38 | @article{RNS14, 39 | author = {Antao, Samuel and Sousa, Leonel}, 40 | year = {2014}, 41 | month = {09}, 42 | pages = {249-259}, 43 | title = {A Flexible Architecture for Modular Arithmetic Hardware Accelerators based on RNS}, 44 | volume = {76}, 45 | journal = {Journal of Signal Processing Systems}, 46 | doi = {10.1007/s11265-014-0879-y} 47 | } 48 | 49 | @inproceedings{RNS13, 50 | author = {Antao, Samuel and Sousa, Leonel}, 51 | year = {2013}, 52 | month = {10}, 53 | pages = {2572-2576}, 54 | title = {An RNS-based architecture targeting hardware accelerators for modular arithmetic}, 55 | journal = {Acoustics, Speech, and Signal Processing, 1988. ICASSP-88., 1988 International Conference on}, 56 | doi = {10.1109/ICASSP.2013.6638120} 57 | } 58 | 59 | @article{SchinianakisStouraitis2014, 60 | author = {Schinianakis, Dr. Dimitrios and Stouraitis, Thanos}, 61 | year = {2014}, 62 | month = {04}, 63 | pages = {1156-1169}, 64 | title = {Multifunction Residue Architectures for Cryptography}, 65 | volume = {61}, 66 | journal = {Circuits and Systems I: Regular Papers, IEEE Transactions on}, 67 | doi = {10.1109/TCSI.2013.2283674} 68 | } 69 | 70 | @article{RNSonGPU07, 71 | author = {Moss, Andrew and Page, Dan and P. Smart, Nigel}, 72 | year = {2007}, 73 | month = {01}, 74 | pages = {187}, 75 | title = {Executing Modular Exponentiation on a Graphics Accelerator}, 76 | volume = {2007}, 77 | journal = {IACR Cryptology ePrint Archive}, 78 | url = {https://eprint.iacr.org/2007/187.pdf} 79 | } 80 | 81 | 82 | @article{Araujo12, 83 | author = {Juvenal Araujo}, 84 | title = {Hardware Based Asymmetrical Cryptography Supported on Residue Number System}, 85 | url = {https://fenix.tecnico.ulisboa.pt/downloadFile/281870113702203/Hardware%20Based%20Asymmetrical%20Cryptography%20on%20RNS%20-%20DATE%20workshop%20paper.pdf}, 86 | } 87 | 88 | @misc{Moss07, 89 | author = {A. Moss and D. Page and N. Smart}, 90 | title = {Executing Modular Exponentiation on a Graphics Accelerator}, 91 | year = {2007}, 92 | url ={https://eprint.iacr.org/2007/187} 93 | } 94 | 95 | 96 | @article{BernsteinSorenson07, 97 | author = {Daniel J. Bernstein and Jonathan Sorenson}, 98 | year = {2007}, 99 | pages = {443--454}, 100 | title = {Modular exponentiation via the explicit {C}hinese remainder theorem}, 101 | volume = {76}, 102 | journal = {Mathematics of Computation}, 103 | doi = {10.1090/S0025-5718-06-01849-7}, 104 | } 105 | 106 | 107 | @article{Fantomette, 108 | title={Betting on Blockchain Consensus with Fantomette}, 109 | author={Sarah Azouvi and Patrick McCorry and Sarah Meiklejohn}, 110 | journal={CoRR}, 111 | year={2018}, 112 | volume={abs/1805.06786}, 113 | url = {https://arxiv.org/abs/1805.06786} 114 | } 115 | 116 | @article{ordinary_cocks_pinch, 117 | author = {Boneh, Dan and Rubin, Karl and Silverberg, Alice}, 118 | year = {2009}, 119 | month = {01}, 120 | pages = {533}, 121 | title = {Finding composite order ordinary elliptic curves using the Cocks–Pinch method}, 122 | volume = {2009}, 123 | journal = {IACR Cryptology ePrint Archive}, 124 | doi = {10.1016/j.jnt.2010.05.001}, 125 | url = {https://eprint.iacr.org/2009/533.pdf} 126 | } 127 | 128 | @InProceedings{Pietrzak, 129 | author = {Krzysztof Pietrzak}, 130 | title = {{Simple Verifiable Delay Functions}}, 131 | booktitle = {10th Innovations in Theoretical Computer Science Conference (ITCS 2019)}, 132 | pages = {60:1--60:15}, 133 | series = {Leibniz International Proceedings in Informatics (LIPIcs)}, 134 | ISBN = {978-3-95977-095-8}, 135 | ISSN = {1868-8969}, 136 | year = {2018}, 137 | volume = {124}, 138 | editor = {Avrim Blum}, 139 | publisher = {Schloss Dagstuhl--Leibniz-Zentrum fuer Informatik}, 140 | address = {Dagstuhl, Germany}, 141 | URN = {urn:nbn:de:0030-drops-101537}, 142 | doi = {10.4230/LIPIcs.ITCS.2019.60}, 143 | annote = {Keywords: Verifiable delay functions, Time-lock puzzles} 144 | } 145 | 146 | @InProceedings{Wesolowski, 147 | author = "Benjamin Wesolowski", 148 | title = "Efficient Verifiable Delay Functions", 149 | pages = "379--407", 150 | editor = eurocrypt19ed, 151 | booktitle = "EUROCRYPT~2019, Part~III", 152 | volume = "11478", 153 | address = "", 154 | month = may, 155 | publisher = "Springer, Heidelberg", 156 | series = "{LNCS}", 157 | year = 2019, 158 | doi = "10.1007/978-3-030-17659-4_13", 159 | } 160 | 161 | @misc{survey, 162 | author = {Dan Boneh and Benedikt B\"unz and Ben Fisch}, 163 | title = {A Survey of Two Verifiable Delay Functions}, 164 | howpublished = {Cryptology ePrint Archive, Report 2018/712}, 165 | year = {2018}, 166 | url = {https://eprint.iacr.org/2018/712}, 167 | } 168 | 169 | @Article{boneh+lynn+shacham04, 170 | author = {Boneh, Dan and Lynn, Ben and Shacham, Hovav}, 171 | title = {Short Signatures from the {W}eil Pairing}, 172 | journal = {Journal of Cryptology}, 173 | year = {2004}, 174 | volume = {17}, 175 | number = {4}, 176 | pages = {297-319}, 177 | month = sep, 178 | issn = {0933-2790}, 179 | day = {28}, 180 | doi = {10.1007/s00145-004-0314-9}, 181 | keywords = {cryptography, elliptic\_curve, pairing}, 182 | posted-at = {2010-07-26 13:57:43}, 183 | publisher = {Springer} 184 | } 185 | 186 | @InProceedings{Boneh, 187 | author = {Boneh, Dan and Bonneau, Joseph and B{\"u}nz, Benedikt and Fisch, Ben}, 188 | title = {Verifiable Delay Functions}, 189 | booktitle = {Advances in Cryptology -- CRYPTO 2018}, 190 | year = {2018}, 191 | editor = {Shacham, Hovav and Boldyreva, Alexandra}, 192 | pages = {757--788}, 193 | address = {Cham}, 194 | publisher = {Springer International Publishing}, 195 | abstract = {We study the problem of building a verifiable delay function (VDF). A {\$}{\$}{\backslash}text {\{}VDF{\}}{\$}{\$}VDFrequires a specified number of sequential steps to evaluate, yet produces a unique output that can be efficiently and publicly verified. {\$}{\$}{\backslash}text {\{}VDF{\}}{\$}{\$}VDFs have many applications in decentralized systems, including public randomness beacons, leader election in consensus protocols, and proofs of replication. We formalize the requirements for {\$}{\$}{\backslash}text {\{}VDF{\}}{\$}{\$}VDFs and present new candidate constructions that are the first to achieve an exponential gap between evaluation and verification time.}, 196 | isbn = {978-3-319-96884-1}, 197 | } 198 | 199 | @InProceedings{10.1007/3-540-44647-8_13, 200 | author = {Boneh, Dan and Franklin, Matt}, 201 | editor = {Kilian, Joe}, 202 | title = {Identity-Based Encryption from the {Weil} Pairing}, 203 | booktitle = {Advances in Cryptology --- CRYPTO 2001}, 204 | year = {2001}, 205 | publisher = {Springer Berlin Heidelberg}, 206 | address = {Berlin, Heidelberg}, 207 | pages = {213--229}, 208 | abstract = {We propose a fully functional identity-based encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational Diffie-Hellman problem. Our system is based on the Weil pairing. We give precise definitions for secure identity based encryption schemes and give several applications for such systems.}, 209 | isbn = {978-3-540-44647-7} 210 | } 211 | 212 | @article{doi:10.1137/S0097539701398521, 213 | author = {Boneh, Dan and Franklin, Matthew}, 214 | title = {Identity-Based Encryption from the {Weil} Pairing}, 215 | journal = {SIAM Journal on Computing}, 216 | volume = {32}, 217 | number = {3}, 218 | pages = {586-615}, 219 | year = {2003}, 220 | doi = {10.1137/S0097539701398521}, 221 | } 222 | 223 | @electronic{ethereum-vdf, 224 | title = {{VDF FPGA} Competition}, 225 | author = {{VDF Alliance}}, 226 | year = {2019}, 227 | url = {https://supranational.atlassian.net/wiki/spaces/VA/pages/36569208/FPGA+Competition} 228 | } 229 | 230 | @electronic{chia-vdf, 231 | title = {Chia Network Announces 2nd {VDF} Competition with \$100,000 in Total Prize Money}, 232 | author = {Matt Howard and Bram Cohen}, 233 | year = {2019}, 234 | url = {https://www.chia.net/2019/04/04/chia-network-announces-second-vdf-competition-with-in-total-prize-money.en.html} 235 | } 236 | 237 | @InProceedings{10.1007/BFb0052253, 238 | author = {Boneh, Dan and Franklin, Matthew}, 239 | editor = {Kaliski, Burton S.}, 240 | title = {Efficient generation of shared {RSA} keys}, 241 | booktitle = {Advances in Cryptology --- CRYPTO '97}, 242 | year = {1997}, 243 | publisher = {Springer Berlin Heidelberg}, 244 | address = {Berlin, Heidelberg}, 245 | pages = {425--439}, 246 | abstract = {We describe efficient techniques for three (or more) parties to jointly generate an RSA key. At the end of the protocol an RSA modulus N = pq is publicly known. None of the parties know the factorization of N. In addition a public encryption exponent is publicly known and each party holds a share of the private exponent that enables threshold decryption. Our protocols are efficient in computation and communication.}, 247 | isbn = {978-3-540-69528-8} 248 | } 249 | 250 | @InProceedings{C:MalThy19, 251 | author = "Giulio Malavolta and 252 | Sri Aravinda Krishnan Thyagarajan", 253 | title = "Homomorphic Time-Lock Puzzles and Applications", 254 | pages = "620--649", 255 | editor = "Alexandra Boldyreva and Daniele Micciancio", 256 | booktitle = "CRYPTO~2019, Part~I", 257 | volume = "11692", 258 | address = "", 259 | month = aug, 260 | publisher = "Springer, Heidelberg", 261 | series = "{LNCS}", 262 | year = 2019, 263 | doi = "10.1007/978-3-030-26948-7_22", 264 | } 265 | 266 | @InProceedings{10.1007/978-3-540-74143-5_24, 267 | author="Goyal, Vipul", 268 | editor="Menezes, Alfred", 269 | title="Reducing Trust in the {PKG} in {I}dentity {B}ased {C}ryptosystems", 270 | booktitle="Advances in Cryptology - CRYPTO 2007", 271 | year="2007", 272 | publisher="Springer Berlin Heidelberg", 273 | address="Berlin, Heidelberg", 274 | pages="430--447", 275 | abstract="One day, you suddenly find that a private key corresponding to your Identity is up for sale at e-Bay. Since you do not suspect a key compromise, perhaps it must be the PKG who is acting dishonestly and trying to make money by selling your key. How do you find out for sure and even prove it in a court of law?", 276 | isbn="978-3-540-74143-5" 277 | } 278 | 279 | 280 | @inproceedings{10.1145/2840728.2840745, 281 | author = {Bitansky, Nir and Goldwasser, Shafi and Jain, Abhishek and Paneth, Omer and Vaikuntanathan, Vinod and Waters, Brent}, 282 | title = {Time-Lock Puzzles from Randomized Encodings}, 283 | year = {2016}, 284 | isbn = {9781450340571}, 285 | publisher = {Association for Computing Machinery}, 286 | address = {New York, NY, USA}, 287 | doi = {10.1145/2840728.2840745}, 288 | abstract = {Time-lock puzzles are a mechanism for sending messages "to the future". A sender can quickly generate a puzzle with a solution s that remains hidden until a moderately large amount of time t has elapsed. The solution s should be hidden from any adversary that runs in time significantly less than t, including resourceful parallel adversaries with polynomially many processors.While the notion of time-lock puzzles has been around for 22 years, there has only been a single candidate proposed. Fifteen years ago, Rivest, Shamir and Wagner suggested a beautiful candidate time-lock puzzle based on the assumption that exponentiation modulo an RSA integer is an "inherently sequential" computation.We show that various flavors of randomized encodings give rise to time-lock puzzles of varying strengths, whose security can be shown assuming the mere existence of non-parallelizing languages, which are languages that require circuits of depth at least t to decide, in the worst-case. The existence of such languages is necessary for the existence of time-lock puzzles.We instantiate the construction with different randomized encodings from the literature, where increasingly better efficiency is obtained based on increasingly stronger cryptographic assumptions, ranging from one-way functions to indistinguishability obfuscation. We also observe that time-lock puzzles imply one-way functions, and thus the reliance on some cryptographic assumption is necessary.Finally, generalizing the above, we construct other types of puzzles such as proofs of work from randomized encodings and a suitable worst-case hardness assumption (that is necessary for such puzzles to exist).}, 289 | booktitle = {Proceedings of the 2016 ACM Conference on Innovations in Theoretical Computer Science}, 290 | pages = {345–356}, 291 | numpages = {12}, 292 | keywords = {proofs of work, time-lock puzzles, randomized encodings}, 293 | location = {Cambridge, Massachusetts, USA}, 294 | series = {ITCS '16} 295 | } 296 | 297 | @electronic{eth-octopus, 298 | author = {Omer Shlomovits}, 299 | title = {Diogenes {Octopus}: Playing Red Team for {Eth2.0 VDF}}, 300 | url = {https://medium.com/zengo/dac3f2e3cc7b}, 301 | year = {2020}, 302 | month = jun, 303 | day = {18}, 304 | } 305 | 306 | @electronic{eth-dogbyte, 307 | author = {Omer Shlomovits}, 308 | title = {DogByte Attack: Playing Red Team for {Eth2.0 VDF}}, 309 | url = {https://medium.com/zengo/ea2b9b2152af}, 310 | year = {2020}, 311 | month = aug, 312 | day = {31}, 313 | } 314 | 315 | @InProceedings{10.1007/978-3-030-36033-7_16, 316 | author="Brakerski, Zvika 317 | and D{\"o}ttling, Nico 318 | and Garg, Sanjam 319 | and Malavolta, Giulio", 320 | editor="Hofheinz, Dennis 321 | and Rosen, Alon", 322 | title="Leveraging Linear Decryption: Rate-1 Fully-Homomorphic Encryption and Time-Lock Puzzles", 323 | booktitle="Theory of Cryptography", 324 | year="2019", 325 | publisher="Springer International Publishing", 326 | address="Cham", 327 | pages="407--437", 328 | abstract="We show how to combine a fully-homomorphic encryption scheme with linear decryption and a linearly-homomorphic encryption schemes to obtain constructions with new properties. Specifically, we present the following new results.", 329 | isbn="978-3-030-36033-7" 330 | } 331 | -------------------------------------------------------------------------------- /reveal.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/burdges/isogenies_vdf_uses/da25a05f43881ee4e1138238cdb1970b244d459c/reveal.png -------------------------------------------------------------------------------- /slide.tex: -------------------------------------------------------------------------------- 1 | \documentclass[12pt,aspectratio=169]{beamer} 2 | 3 | \usepackage{tikz} 4 | \usetikzlibrary{arrows.meta} 5 | \usepackage{bm} 6 | \usefonttheme[onlymath]{serif} 7 | 8 | \mode{ 9 | \usetheme{Boadilla} 10 | } 11 | 12 | \title{Delay Encryption} 13 | 14 | \author[J. Burdges, L. De Feo]{Jeffrey Burdges\inst{1}, Luca De Feo\inst{2}} 15 | 16 | \institute[W3F, IBM]{\inst{1}Web3 Foundation, Switzerland\\ 17 | \inst{2}IBM Research Europe, Switzerland} 18 | 19 | \date[Eurocrypt 2021]{Eurocrypt, October 19, 2021, Zagreb, Croatia} 20 | 21 | \begin{document} 22 | 23 | \setbeamertemplate{navigation symbols}{} 24 | \frame[plain]{\titlepage} 25 | 26 | \begin{frame} 27 | \Huge 28 | \centering 29 | 30 | How do you run a 31 | 32 | \bigskip 33 | 34 | sealed bid auction 35 | 36 | \bigskip 37 | 38 | \alert{without a trusted party?} 39 | \end{frame} 40 | 41 | { 42 | \setbeamercolor{background canvas}{bg=black} 43 | \begin{frame}[plain] 44 | \begin{tikzpicture}[remember picture,overlay] 45 | \node(pic)[at=(current page.center)] { 46 | \includegraphics[height=\paperheight]{video/dogetizer-2021-10-12-2-38-14.jpg} 47 | }; 48 | \end{tikzpicture} 49 | \end{frame} 50 | 51 | \begin{frame}[plain] 52 | \begin{tikzpicture}[remember picture,overlay] 53 | \node(pic)[at=(current page.center)] { 54 | \includegraphics[width=\paperwidth]{commit.png} 55 | }; 56 | \end{tikzpicture} 57 | \end{frame} 58 | 59 | \begin{frame}[plain] 60 | \begin{tikzpicture}[remember picture,overlay] 61 | \node(pic)[at=(current page.center)] { 62 | \includegraphics[width=\paperwidth]{reveal.png} 63 | }; 64 | \end{tikzpicture} 65 | \end{frame} 66 | 67 | \begin{frame}[plain] 68 | \begin{tikzpicture}[remember picture,overlay] 69 | \node(pic)[at=(current page.center)] { 70 | \includegraphics[width=\paperwidth]{complain2.png} 71 | }; 72 | \end{tikzpicture} 73 | \end{frame} 74 | } 75 | 76 | \begin{frame} 77 | \Huge\centering 78 | Encrypt 79 | 80 | \bigskip 81 | \alert{to the Auction} 82 | \end{frame} 83 | 84 | \begin{frame}{Identity based encryption} 85 | \centering 86 | \begin{tikzpicture} 87 | \begin{scope}[color=white,every node/.style={fill=cyan,inner sep=3mm}] 88 | \node (keygen) at (0,0) {Keygen}; 89 | \node (encrypt) at (-6,-3) {Encrypt}; 90 | \node (extract) at (6,-3) {Extract}; 91 | \node (decrypt) at (0,-6) {Decrypt}; 92 | \end{scope} 93 | 94 | \begin{scope} 95 | \node (msk) at (4,-1) {msk}; 96 | \node (pk) at (-4,-1) {pk}; 97 | \node (msg) at (-6,-1) {msg}; 98 | \node (ct) at (-4,-4.5) {ct}; 99 | \node (sk) at (4,-4.5) {sk}; 100 | \node (msg2) at (-6,-6) {msg}; 101 | \node (id) at (0,-3) {\includegraphics[height=3em]{video/doge.png}}; 102 | \node[below of=id] {id}; 103 | \end{scope} 104 | 105 | \draw[-latex] (keygen) edge (pk) edge (msk) 106 | (pk) edge (encrypt) 107 | (msg) edge (encrypt) 108 | (encrypt) edge (ct) 109 | (msk) edge (extract) 110 | (extract) edge (sk) 111 | (sk) edge (decrypt) 112 | (ct) edge (decrypt) 113 | (decrypt) edge (msg2) 114 | (id) edge (encrypt) edge (extract); 115 | \end{tikzpicture} 116 | \end{frame} 117 | 118 | \begin{frame} 119 | \Huge 120 | \begin{description} 121 | \setlength{\itemsep}{3em} 122 | \item[Solution 1:] Threshold Extraction 123 | \item[Solution 2:] \alert{Time Lock Extraction} 124 | \end{description} 125 | \end{frame} 126 | 127 | \begin{frame}{Boneh--Franklin IBE} 128 | \centering 129 | \def\doge{\raisebox{-.6em}{\includegraphics[height=2em]{video/doge.png}}} 130 | \begin{tikzpicture} 131 | \begin{scope}[color=white,every node/.style={fill=cyan,inner sep=3mm}] 132 | \node (keygen) at (0,0) {Keygen}; 133 | \node (encrypt) at (-6,-3) {$k = e(u\doge, mG_2)$}; 134 | \node (extract) at (6,-3) {Extract}; 135 | \node (decrypt) at (0,-6) {$k = e(m\doge, uG_2)$}; 136 | \end{scope} 137 | 138 | \begin{scope} 139 | \node (msk) at (4,-1) {$m$}; 140 | \node (pk) at (-4,-1) {$mG_2$}; 141 | \node (msg) at (-6,-1) {$\mathrm{msg}$}; 142 | \node (ct) at (-4,-5) {$\mathrm{Enc}_k(\mathrm{msg}), uG_2$}; 143 | \node (sk) at (4,-5) {$m\doge$}; 144 | \node (msg2) at (-6,-6) {$\mathrm{msg}$}; 145 | \node (id) at (0,-3) {\includegraphics[height=3em]{video/doge.png}}; 146 | \end{scope} 147 | 148 | \draw[-latex] (keygen) edge (pk) edge (msk) 149 | (pk) edge (encrypt) 150 | (msg) edge (encrypt) 151 | (encrypt) edge (ct) 152 | (msk) edge (extract) 153 | (extract) edge (sk) 154 | (sk) edge (decrypt) 155 | (ct) edge (decrypt) 156 | (decrypt) edge (msg2) 157 | (id) edge (encrypt) edge (extract); 158 | \end{tikzpicture} 159 | \end{frame} 160 | 161 | \begin{frame}{Isogeny Based Delay Encryption} 162 | \centering 163 | \def\doge{\raisebox{-.6em}{\includegraphics[height=2em]{video/doge.png}}} 164 | \def\iso{\textcolor{red!80!black}{\bm{\phi}}} 165 | \begin{tikzpicture} 166 | \begin{scope}[color=white,every node/.style={fill=cyan,inner sep=3mm}] 167 | \node (keygen) at (0,0) {Setup}; 168 | \node (encrypt) at (-6,-3) {$k = e(u\doge, \iso G_2)$}; 169 | \node (extract) at (6,-3) {Extract}; 170 | \node (decrypt) at (0,-6) {$k = e(\iso\doge, uG_2)$}; 171 | \end{scope} 172 | 173 | \begin{scope} 174 | \node (msk) at (4,-1) {$\iso$}; 175 | \node (pk) at (-4,-1) {$\iso G_2$}; 176 | \node (msg) at (-6,-1) {$\mathrm{msg}$}; 177 | \node (ct) at (-4,-5) {$\mathrm{Enc}_k(\mathrm{msg}), uG_2$}; 178 | \node (sk) at (4,-5) {$\iso\doge$}; 179 | \node (msg2) at (-6,-6) {$\mathrm{msg}$}; 180 | \node (id) at (0,-3) {\includegraphics[height=3em]{video/doge.png}}; 181 | \end{scope} 182 | 183 | \def\clock{\includegraphics[height=2em]{video/clock.png}} 184 | \draw[-latex] (keygen) edge node {\clock} (pk) edge (msk) 185 | (pk) edge (encrypt) 186 | (msg) edge (encrypt) 187 | (encrypt) edge (ct) 188 | (msk) edge (extract) 189 | (extract) edge node {\clock} (sk) 190 | (sk) edge (decrypt) 191 | (ct) edge (decrypt) 192 | (decrypt) edge (msg2) 193 | (id) edge (encrypt) edge (extract); 194 | \end{tikzpicture} 195 | \end{frame} 196 | 197 | \begin{frame} 198 | \centering 199 | \begin{tikzpicture} 200 | \node (IBE) at (0,0) {IBE}; 201 | \node (enc) at (7,1) {Encryption}; 202 | \node (sig) at (7,-1) {Signatures}; 203 | \node (DE) at (0,-4) {Delay Encryption}; 204 | \node (TLP) at (7,-3) {Time Lock Puzzles}; 205 | \node (VDF) at (7,-5) {Verifiable Delay Functions}; 206 | 207 | \draw[-latex] (IBE) edge (enc) edge (sig) 208 | (DE) edge (TLP) edge (VDF); 209 | \end{tikzpicture} 210 | \end{frame} 211 | 212 | { 213 | \def\bl#1{\textcolor{blue}{#1}} 214 | \begin{frame} 215 | \centering 216 | \begin{tikzpicture} 217 | \Large\tt 218 | \begin{scope}[anchor=west,x=2em] 219 | \node at (0,0) {\bl{def} extract(x):}; 220 | \node at (1,-1) {\bl{for} i \bl{from} 1 \bl{to} T:}; 221 | \node at (2,-2.5) {$\displaystyle x \leftarrow\frac{(x+1)^2}{4\alpha_i x}$}; 222 | \node at (1,-4) {\bl{return} (x, \textcolor{red}{"Thank You!"})}; 223 | \end{scope} 224 | \end{tikzpicture} 225 | \end{frame} 226 | } 227 | 228 | \end{document} 229 | -------------------------------------------------------------------------------- /talks/jeff-siam-2019.tex: -------------------------------------------------------------------------------- 1 | \documentclass[fleqn,xcolor={usenames,dvipsnames},notes,aspectratio=169]{beamer} % [notes=only] 2 | \usepackage{amsmath} % {amssymb,amsfonts} 3 | 4 | \usepackage{ulem} 5 | 6 | % \usepackage{array,adjustbox} % url 7 | % \usepackage{pifont,marvosym} % \ding 8 | 9 | % \usepackage{multimedia} 10 | % \usepackage[normalem]{ulem} 11 | % \usepackage{framed,color,ragged2e} 12 | % \usepackage[absolute,overlay]{textpos} 13 | % \definecolor{shadecolor}{rgb}{0.8,0.8,0.8} 14 | 15 | \usetheme{boxes} 16 | \setbeamertemplate{navigation symbols}{} 17 | \usepackage{xcolor} 18 | \usepackage{tikz} 19 | \usetikzlibrary{shapes,arrows} 20 | \usetikzlibrary{tikzmark,positioning} 21 | \usetikzlibrary{calc} 22 | \usepackage{tikz-cd} 23 | 24 | \newtheorem*{rawnamedtheorem}{\therawnamedtheorem} 25 | \newcommand{\therawnamedtheorem}{\error} 26 | \newenvironment{namedtheorem}[1]{\renewcommand{\therawnamedtheorem}{#1} 27 | \begin{rawnamedtheorem}} 28 | {\end{rawnamedtheorem}} 29 | 30 | 31 | \title{Cryptographic goals beyond key exchange and signatures} 32 | % \subtitle{Cryptography for decentralization} 33 | 34 | \author[Jeff Burdges]{Jeff Burdges} 35 | \institute{ 36 | \includegraphics[scale=0.25]{logos/web3logo.jpg}. % web 3 foundation 37 | \hspace*{5pt} 38 | \includegraphics[scale=0.15]{logos/gnunet-logo.pdf} 39 | } 40 | \date{27.12.2017} 41 | 42 | \begin{document} 43 | 44 | {\setbeamertemplate{footline}{} 45 | \begin{frame} 46 | \titlepage 47 | \end{frame} 48 | } 49 | % \note{Hello, happy to be here, etc.} 50 | \setcounter{framenumber}{0} 51 | 52 | % \begin{frame} 53 | % \titlepage 54 | % \end{frame} 55 | 56 | 57 | \begin{frame} 58 | Not about zero-knowledge proofs 59 | \end{frame} 60 | 61 | 62 | \begin{frame}{Part I: Mix networks} 63 | \begin{center} 64 | \includegraphics[width=0.8\textwidth]{pics/mix/initial} 65 | \end{center} 66 | \end{frame} 67 | 68 | 69 | \begin{frame} 70 | A mix network packet is a header $(\alpha,\beta,\gamma,\ldots)$ and a body $\delta$. 71 | 72 | \bigskip 73 | 74 | \def\svgwidth{\columnwidth} 75 | \input{pics/mix/sphinx.pdf_tex} 76 | 77 | \end{frame} 78 | 79 | 80 | \begin{frame}[t]{Single-use Reply Blocks (SURBs)} 81 | % We've bi-directional messaging {\it if} both parties know one another.. \\ \smallskip 82 | % \hspace*{5pt} but what if they cannot know one another? 83 | 84 | Anonymous receivers matter: \\ 85 | \hspace*{10pt} Journalistic sources \\ 86 | \hspace*{10pt} Services: CENO, money, etc. \\ 87 | \hspace*{10pt} Protocol ACKs! 88 | 89 | \bigskip 90 | 91 | \def\svgwidth{\columnwidth} 92 | \input{pics/mix/surb.pdf_tex} 93 | 94 | \end{frame} 95 | 96 | 97 | \begin{frame}{Network overhead} 98 | 99 | \begin{align*} 100 | \mathrm{SURB} &\approx 5\,\mathrm{hops} * (\mathrm{pk} + 16\,\mathrm{nodeid} + 16\,\mathrm{MAC} + 1) \\ 101 | \mathrm{packet} &\approx 2 * \mathrm{SURB} + \mathrm{body} \\ 102 | \mathrm{traffic} &\approx 2 * (5\,\mathrm{hops} + 1) * 20\,\mathrm{cover} * \mathrm{packet} \\ 103 | \mathrm{maintenance} &\approx 20\,\mathrm{usage} * (5\,\mathrm{hops} + 1) * \mathrm{SURB} \\ 104 | \mathrm{overhead} &= \mathrm{traffic} + \mathrm{maintenance} \\ 105 | &\approx 3000 * \mathrm{pk} + \cdots \quad\textrm{per real message} 106 | \end{align*} 107 | 108 | \bigskip\pause 109 | 110 | {\bf Idea:} Keep $\mathrm{pk}$ small and reuse it.. 111 | 112 | \begin{align*} 113 | \mathrm{SURB} \approx \mathrm{pk} + 5\,\mathrm{hops} * (16\, \mathrm{nodeid} + 16\,\mathrm{MAC} + 1) 114 | \end{align*} 115 | 116 | \end{frame} 117 | 118 | 119 | \begin{frame}{Sphinx packet format} 120 | A Sphinx header is a tuple $(\alpha,\beta,\gamma)$ where \\ 121 | 122 | \vspace*{-18pt} \[ 123 | \left. \begin{array}{@{}rl@{}} 124 | \alpha & \text{is an elliptic curve point,}\\ 125 | \beta & \text{is routing data onion encrypted with a stream cipher,}\\ 126 | \gamma & \text{is a MAC for $\beta$, and} \\ 127 | \end{array} \right\} \text{header} 128 | \] % https://tex.stackexchange.com/questions/240868/how-to-write-cases-with-latex 129 | 130 | \def\svgwidth{\columnwidth} 131 | \input{pics/mix/sphinx-kex.pdf_tex} 132 | 133 | \end{frame} 134 | 135 | 136 | \begin{frame}{Hybrid Key Exchange} 137 | 138 | TODO 139 | 140 | \end{frame} 141 | 142 | 143 | \begin{frame}[t]{Sphinx packet format} 144 | Aim: Post-quantum key exchanges with 145 | \begin{itemize} 146 | \item long-term keys, 147 | \item a blinding operation, 148 | \item that hybridises with ECDH, 149 | \item and not too bespoke. 150 | \end{itemize} 151 | 152 | % \\ \hspace*{10pt} the public and private keys? 153 | 154 | \bigskip 155 | \only<1>{ 156 | In LWE, a space efficient blinding operation 157 | \begin{itemize} 158 | \item requires FHE bootstrapping, 159 | \item which makes things bespoke, and 160 | \item hybridising with ECDH sounds impossible. 161 | % \item long term keys are not prioritised 162 | \end{itemize} 163 | 164 | \bigskip 165 | We could adapt SIDH with a blinding operation, but highly bespoke and \\ 166 | hybridising with ECDH remains impossible, due to sending basis. 167 | } 168 | \only<2>{No Fujisaki-Okamoto transform!} 169 | \end{frame} 170 | 171 | 172 | \begin{frame}[t] 173 | CSIDH provides a provides a {\it general purpose} post-quantum key exchange \\ 174 | with {\it long-term keys} and a {\it blinding operation}. 175 | 176 | \bigskip 177 | 178 | Can CSIDH hybridise with ECDH? \pause Yes: 179 | 180 | \medskip 181 | 182 | Ward Beullens, Thorsten Kleinjung, and Frederik Vercauteren \\ 183 | {\it CSI-FiSh: Efficient Isogeny based Signatures through Class Group Computations}. \url{https://eprint.iacr.org/2019/498} 184 | 185 | \bigskip\bigskip\pause 186 | {\bf Question:} Batch key exchange perhaps? 187 | 188 | \end{frame} 189 | 190 | 191 | \begin{frame}{Mix network PKI: Too many public keys!} 192 | 193 | \sout{Identity} Index-based encryption DKG: 194 | $i$th node ``broadcasts'' 195 | \begin{itemize} 196 | \item their public key $A_i = a_i G_1$, 197 | \item a proof of possession, and 198 | \item the IBE secret keys $a_i H_2(j)$ for $j \neq i$. 199 | \end{itemize} 200 | If some magical MPC enforces this, then we have 201 | \begin{itemize} 202 | \item everyone knows a network public key $A = \sum_i A_i = (\sum_i a_i) G_1$, and 203 | \item the $j$th node knows their IBE secret key $S_j = (\sum_i a_i) H_2(j)$. 204 | \end{itemize} 205 | A key exchange with the $j$th node is given by 206 | $$ e(u A,H(j)) = e(u G_1,S_j) $$ 207 | 208 | \medskip 209 | 210 | {\bf Question:} Any ideas for isogenies based IBE + DKG? 211 | 212 | \end{frame} 213 | 214 | 215 | \begin{frame}{Part II: Consensus} 216 | 217 | Not discussing batch and aggregate verification 218 | 219 | \bigskip 220 | \hspace{20pt}Instead discuss shared randomness 221 | 222 | \end{frame} 223 | 224 | 225 | \begin{frame}[t]{Verifiable Random Functions (VRFs)} 226 | 227 | VRF is a PRF keyed by a secret key and verifiable using a public key, \\ 228 | often also signature scheme ala RSA-FDH, BLS, hash-based, etc. 229 | 230 | \begin{align*} 231 | \mathrm{VRFSign}_{\mathrm{sk}} &: x \mapsto (y,\pi) \\ 232 | \mathrm{VRFVerify}_{\mathrm{pk}} &: (x,y,\pi) \mapsto \{0,1\} 233 | \end{align*} 234 | 235 | \medskip 236 | 237 | Input $x$ must be collaborative random value generated after $\mathrm{pk}$! 238 | 239 | \medskip 240 | 241 | \hspace{30pt} But $x$ can be biased! (Ouroboros Praos) 242 | 243 | \bigskip 244 | 245 | Lottery applications require only that some $x$ work. 246 | 247 | \bigskip 248 | \bigskip 249 | 250 | {\bf Question:} Isogenies VRF? 251 | 252 | \end{frame} 253 | 254 | 255 | \def\seed{x} % {\mathtt{seed}} 256 | 257 | \begin{frame}[t]{Verifiable Delay Functions (VDFs)} 258 | \vspace{-20pt} 259 | \begin{align*} 260 | \mathrm{VRFProve} &: \seed \mapsto (y,\pi) \\ 261 | \mathrm{VRFVerify} &: (\seed,y,\pi) \mapsto \{0,1\} 262 | \end{align*} 263 | 264 | \medskip 265 | 266 | Assumes some bound on $T_O/T_S$ where 267 | \begin{itemize} 268 | \item $T_O$ is the running time of public, readily available, and inexpensive implementations of $\mathrm{VRFProve}$, and \\ 269 | \item $T_S$ is the running time of expensive secret/proprietary implementations of $x \mapsto y$. 270 | \end{itemize} 271 | 272 | \bigskip 273 | 274 | Almost all applications mirror applications of threshold cryptography. \\ \medskip 275 | 276 | If $\seed = H(\seed_1 || \ldots)$ then any $\seed_i$ released less than $T_S$ before start believes $y$ is random. 277 | 278 | \bigskip\bigskip 279 | 280 | Important part is making $\seed \mapsto y$ be ``highly sequential''. 281 | 282 | \end{frame} 283 | 284 | 285 | \begin{frame}[t] 286 | 287 | Let $e_Z : Z_1 \times Z_2 \to T$ be a pairing on elliptic curves $Z \in \{ X, Y \}$ \\ \smallskip 288 | with slooow dual isogenies $\phi : Y \to X$ and $\phi^* : X \to Y$. \\ 289 | 290 | \bigskip 291 | $$ 292 | \underbrace{ 293 | e_Y \bigl( H_1(\seed), \overbrace{\phi G_2}^{const} \bigr) 294 | = 295 | e_X \bigl( \overbrace{\phi^* H_1(\seed)}^{VDFProve}, G_2 \bigr) 296 | }_{VDFVerify} 297 | $$ 298 | 299 | \bigskip 300 | \bigskip 301 | 302 | Luca De Feo, Simon Masson, Christophe Petit, and Antonio Sanso. \\ 303 | {\it Verifiable Delay Functions from Supersingular Isogenies and Pairings}. 304 | \url{https://eprint.iacr.org/2019/166} 305 | 306 | \end{frame} 307 | 308 | 309 | \begin{frame}[t]{Parallel time-lock puzzles} 310 | \vspace{-20pt} 311 | \begin{align*} 312 | \mathrm{VDFEncrypt}_x &: \mathtt{msg} \mapsto \bigl( U,E_s(\mathtt{msg}) \bigr) 313 | \quad\textrm{after $\seed$ but before $T_S$} \\ 314 | \mathrm{VDFDecrypt}_y &: \bigl( U,E_s(\mathtt{msg}) \bigr) \mapsto \mathtt{msg} 315 | \quad\textrm{after $T_O$} 316 | \end{align*} 317 | 318 | % \medskip 319 | 320 | % Anyone computes $U = u G_2$ and sends ciphertexts $\bigl( U,E_s(\mathtt{vote}) \bigr)$, \\ 321 | % \hspace*{3pt} with $T_S$ after $\seed$ revealed. % but well before $\phi^* H_1(\seed)$. 322 | 323 | $$ 324 | e_Y \bigl( H_1(\seed), \overbrace{\phi G_2}^{const} \bigr)^u 325 | = s = 326 | e_X \bigl( \overbrace{\phi^* H_1(\seed)}^{VDFProve}, \underbrace{u G_2}_{U} \bigr) 327 | $$ 328 | 329 | \bigskip 330 | \bigskip 331 | 332 | Applications: Auctions, Voting, ... 333 | 334 | \end{frame} 335 | 336 | 337 | \end{document} 338 | \endinput 339 | 340 | 341 | 342 | % \begin{frame} 343 | % \end{frame} 344 | 345 | 346 | 347 | 348 | 349 | \begin{frame}[fragile]{Sphinx packet format} 350 | Aim: post-quantum key exchanges support with blinding operation for both the public and private keys? 351 | 352 | \begin{tikzcd} 353 | L \arrow[dd, "\forall \delta"'] \arrow[rr, "\varepsilon"] & & U(L) \arrow[lldd, "\exists ! f"] \\ 354 | & & \\ 355 | D & & 356 | \end{tikzcd} 357 | \end{frame} 358 | 359 | 360 | 361 | % {\it SeaSign: Compact isogeny signatures from class group actions} \\ 362 | % by Luca De Feo and Steven D. Galbraith. \url{https://eprint.iacr.org/2018/824} 363 | 364 | -------------------------------------------------------------------------------- /talks/jeff_rumpsession_talk_eurocrypt2019.tex: -------------------------------------------------------------------------------- 1 | 2 | \documentclass[fleqn,xcolor={usenames,dvipsnames}]{beamer} 3 | 4 | \usetheme{Warsaw} 5 | 6 | \setbeamertemplate{navigation symbols}{} 7 | 8 | \usepackage{amsmath} % {amssymb,amsfonts} 9 | \usepackage{mathtools}% Loads amsmath 10 | 11 | % \usepackage{eurosym} 12 | 13 | % \usepackage{xcolor} 14 | % \usepackage{tikz} 15 | % \usetikzlibrary{shapes,arrows} 16 | % \usetikzlibrary{positioning} 17 | % \usetikzlibrary{calc} 18 | 19 | \title[http://Web3.Foundation]{Unlimited private simultaneous time-lock puzzels from isogenies} 20 | \institute[W3F]{Web 3 Foundation} 21 | \author[Jeff Burdges]{Jeff Burdges} 22 | \date{\today} 23 | 24 | \begin{document} 25 | 26 | \begin{frame}%[t] 27 | 28 | Let $e_Z : Z_1 \times Z_2 \to T$ be a pairing on elliptic curves $Z \in \{ X, Y \}$ \\ \smallskip 29 | with slooow dual isogenies $\phi : Y \to X$ and $\phi^* : X \to Y$. \\ \smallskip 30 | \hspace*{3pt} {\small See: \url{https://eprint.iacr.org/2019/166}} 31 | 32 | \medskip 33 | 34 | \def\seed{\mathtt{seed}} 35 | 36 | $$ 37 | e_Y \bigl( H_1(\seed), u \overbrace{\phi G_2}^{const} \bigr) 38 | = s = 39 | e_X \bigl( \overbrace{\phi^* H_1(\seed)}^{VDF}, \underbrace{u G_2}_{U} \bigr) 40 | $$ 41 | 42 | \medskip 43 | 44 | Anyone sends ciphertexts $\bigl( U,E_s(\mathtt{vote}) \bigr)$, \\ 45 | \hspace*{3pt} after $\seed$ revealed but well before $\phi^* H_1(\seed)$. 46 | 47 | \bigskip 48 | \bigskip 49 | \bigskip 50 | 51 | % \pause 52 | 53 | Moral: \ ASICs for RSA are not the best use for 30 millon USD. 54 | 55 | \end{frame} 56 | 57 | 58 | \end{document} 59 | 60 | -------------------------------------------------------------------------------- /talks/logos/web3logo.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/burdges/isogenies_vdf_uses/da25a05f43881ee4e1138238cdb1970b244d459c/talks/logos/web3logo.jpg -------------------------------------------------------------------------------- /talks/pics/mix/blending.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 20 | 22 | 30 | 35 | 36 | 45 | 50 | 51 | 60 | 65 | 66 | 75 | 80 | 81 | 89 | 94 | 95 | 104 | 109 | 110 | 118 | 121 | 127 | 133 | 139 | 140 | 141 | 149 | 155 | 156 | 165 | 171 | 172 | 180 | 186 | 187 | 195 | 201 | 202 | 210 | 216 | 217 | 225 | 231 | 232 | 240 | 246 | 247 | 255 | 261 | 262 | 270 | 276 | 277 | 285 | 291 | 292 | 300 | 306 | 307 | 315 | 321 | 322 | 330 | 336 | 337 | 345 | 351 | 352 | 360 | 366 | 367 | 375 | 381 | 382 | 390 | 396 | 397 | 399 | 408 | 409 | 411 | 420 | 421 | 423 | 432 | 433 | 435 | 444 | 445 | 451 | 457 | 458 | 477 | 479 | 480 | 482 | image/svg+xml 483 | 485 | 486 | 487 | 488 | 489 | 494 | 501 | 504 | 508 | 513 | 518 | 519 | 524 | 529 | 530 | 535 | 540 | 545 | 550 | 555 | 560 | 567 | 574 | 581 | 588 | 593 | 598 | 603 | 606 | 610 | 614 | 618 | 622 | 626 | 630 | 634 | 638 | 642 | 646 | 650 | 654 | 658 | 662 | 666 | 670 | 674 | 678 | 680 | 682 | 688 | 689 | 691 | 700 | 701 | 707 | 713 | 719 | 725 | 726 | 727 | 734 | 735 | 736 | -------------------------------------------------------------------------------- /talks/pics/mix/mix_instant.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/burdges/isogenies_vdf_uses/da25a05f43881ee4e1138238cdb1970b244d459c/talks/pics/mix/mix_instant.png -------------------------------------------------------------------------------- /talks/pics/mix/mix_time.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 19 | 21 | 29 | 35 | 36 | 45 | 51 | 52 | 60 | 66 | 67 | 75 | 81 | 82 | 90 | 96 | 97 | 105 | 111 | 112 | 120 | 126 | 127 | 135 | 141 | 142 | 150 | 156 | 157 | 165 | 171 | 172 | 180 | 186 | 187 | 195 | 201 | 202 | 210 | 216 | 217 | 225 | 231 | 232 | 233 | 252 | 254 | 255 | 257 | image/svg+xml 258 | 260 | 261 | 262 | 263 | 264 | 269 | 276 | 279 | 283 | 288 | 293 | 294 | 299 | 304 | 305 | 310 | 315 | 320 | 325 | 330 | 335 | 340 | 345 | 350 | 355 | 360 | 365 | 372 | 379 | 386 | 393 | 400 | 407 | 414 | 415 | 416 | -------------------------------------------------------------------------------- /talks/pics/mix/noun_1014400_cc.svg: -------------------------------------------------------------------------------- 1 | Created by Genius Iconsfrom the Noun Project -------------------------------------------------------------------------------- /talks/pics/mix/sphinx-kex.pdf_tex: -------------------------------------------------------------------------------- 1 | %% Creator: Inkscape inkscape 0.92.4, www.inkscape.org 2 | %% PDF/EPS/PS + LaTeX output extension by Johan Engelen, 2010 3 | %% Accompanies image file 'pics/mix/sphinx-kex.pdf' (pdf, eps, ps) 4 | %% 5 | %% To include the image in your LaTeX document, write 6 | %% \input{.pdf_tex} 7 | %% instead of 8 | %% \includegraphics{.pdf} 9 | %% To scale the image, write 10 | %% \def\svgwidth{} 11 | %% \input{.pdf_tex} 12 | %% instead of 13 | %% \includegraphics[width=]{.pdf} 14 | %% 15 | %% Images with a different path to the parent latex file can 16 | %% be accessed with the `import' package (which may need to be 17 | %% installed) using 18 | %% \usepackage{import} 19 | %% in the preamble, and then including the image with 20 | %% \import{}{.pdf_tex} 21 | %% Alternatively, one can specify 22 | %% \graphicspath{{/}} 23 | %% 24 | %% For more information, please see info/svg-inkscape on CTAN: 25 | %% http://tug.ctan.org/tex-archive/info/svg-inkscape 26 | %% 27 | \begingroup% 28 | \makeatletter% 29 | \providecommand\color[2][]{% 30 | \errmessage{(Inkscape) Color is used for the text in Inkscape, but the package 'color.sty' is not loaded}% 31 | \renewcommand\color[2][]{}% 32 | }% 33 | \providecommand\transparent[1]{% 34 | \errmessage{(Inkscape) Transparency is used (non-zero) for the text in Inkscape, but the package 'transparent.sty' is not loaded}% 35 | \renewcommand\transparent[1]{}% 36 | }% 37 | \providecommand\rotatebox[2]{#2}% 38 | \newcommand*\fsize{\dimexpr\f@size pt\relax}% 39 | \newcommand*\lineheight[1]{\fontsize{\fsize}{#1\fsize}\selectfont}% 40 | \ifx\svgwidth\undefined% 41 | \setlength{\unitlength}{355.67255456bp}% 42 | \ifx\svgscale\undefined% 43 | \relax% 44 | \else% 45 | \setlength{\unitlength}{\unitlength * \real{\svgscale}}% 46 | \fi% 47 | \else% 48 | \setlength{\unitlength}{\svgwidth}% 49 | \fi% 50 | \global\let\svgwidth\undefined% 51 | \global\let\svgscale\undefined% 52 | \makeatother% 53 | \begin{picture}(1,0.22953365)% 54 | \lineheight{1}% 55 | \setlength\tabcolsep{0pt}% 56 | \put(0,0){\includegraphics[width=\unitlength,page=1]{pics/mix/sphinx-kex.pdf}}% 57 | \put(0.2330099,0.05594203){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\lineheight{1.25}\smash{\begin{tabular}[t]{l}$(\alpha,\beta,\gamma,\delta)$\end{tabular}}}}% 58 | \put(0.58282,0.05600065){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\lineheight{1.25}\smash{\begin{tabular}[t]{l}$(\alpha',\beta',\gamma',\delta')$\end{tabular}}}}% 59 | \put(0,0){\includegraphics[width=\unitlength,page=2]{pics/mix/sphinx-kex.pdf}}% 60 | \put(0.50445527,0.07749019){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\lineheight{1.25}\smash{\begin{tabular}[t]{l}$n$\end{tabular}}}}% 61 | \put(0.88098516,0.07906553){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\lineheight{1.25}\smash{\begin{tabular}[t]{l}$n'$\end{tabular}}}}% 62 | \put(0.59401005,0.13025814){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\lineheight{1.25}\smash{\begin{tabular}[t]{l}$\alpha' = H'(s) \alpha$\end{tabular}}}}% 63 | \put(0,0){\includegraphics[width=\unitlength,page=3]{pics/mix/sphinx-kex.pdf}}% 64 | \put(0.34836991,0.14499542){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\lineheight{1.25}\smash{\begin{tabular}[t]{l}$H(x \alpha)$\end{tabular}}}}% 65 | \put(0.13477431,0.15279097){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\lineheight{1.25}\smash{\begin{tabular}[t]{l}$H(a X)$\end{tabular}}}}% 66 | \put(0.34338142,0.17955436){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\lineheight{1.25}\smash{\begin{tabular}[t]{l}$X = x G$\end{tabular}}}}% 67 | \put(0.12057668,0.19266049){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\lineheight{1.25}\smash{\begin{tabular}[t]{l}$\alpha = a G$\end{tabular}}}}% 68 | \end{picture}% 69 | \endgroup% 70 | -------------------------------------------------------------------------------- /talks/pics/mix/sphinx-kex.sh: -------------------------------------------------------------------------------- 1 | 2 | sed -i 's/sphinx/pics\/mix\/sphinx/g' sphinx-kex.pdf_tex 3 | 4 | 5 | # Upgrade inkscape for manually remove 6 | # \put(0,0){\includegraphics[width=\unitlength,page=2]{pics/mix/sphinx.pdf}}% 7 | # and replace the page=3 with page=2 8 | # https://tex.stackexchange.com/questions/243499/sharelatex-pdf-inclusion-required-page-does-not-exist-5 9 | -------------------------------------------------------------------------------- /talks/pics/mix/sphinx-kex.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 20 | 22 | 30 | 36 | 37 | 39 | 48 | 49 | 51 | 60 | 61 | 63 | 72 | 73 | 75 | 84 | 85 | 91 | 93 | 102 | 103 | 105 | 114 | 115 | 117 | 126 | 127 | 129 | 138 | 139 | 145 | 154 | 160 | 161 | 170 | 176 | 177 | 178 | 196 | 198 | 199 | 201 | image/svg+xml 202 | 204 | 205 | 206 | 207 | 208 | 213 | 217 | 220 | 226 | 227 | 230 | 236 | 237 | 240 | 245 | 246 | 251 | 256 | 261 | 262 | 265 | 267 | 271 | 275 | 279 | 280 | 281 | 284 | 286 | 290 | 294 | 298 | 299 | 300 | 305 | 308 | 310 | 314 | 318 | 322 | 323 | 324 | $(\alpha,\beta,\gamma,\delta)$ 335 | $(\alpha',\beta',\gamma',\delta')$ 346 | 351 | 356 | $n$ 367 | $n'$ 378 | $\alpha' = H'(s) \alpha$ 389 | 396 | 403 | 410 | 415 | 423 | 431 | 439 | 446 | 453 | 460 | $H(x \alpha)$ 471 | $H(a X)$ 482 | $X = x G$ 493 | $\alpha = a G$ 504 | 505 | 506 | -------------------------------------------------------------------------------- /talks/pics/mix/sphinx.pdf_tex: -------------------------------------------------------------------------------- 1 | %% Creator: Inkscape inkscape 0.92.1, www.inkscape.org 2 | %% PDF/EPS/PS + LaTeX output extension by Johan Engelen, 2010 3 | %% Accompanies image file 'pics/mix/sphinx.pdf' (pdf, eps, ps) 4 | %% 5 | %% To include the image in your LaTeX document, write 6 | %% \input{.pdf_tex} 7 | %% instead of 8 | %% \includegraphics{.pdf} 9 | %% To scale the image, write 10 | %% \def\svgwidth{} 11 | %% \input{.pdf_tex} 12 | %% instead of 13 | %% \includegraphics[width=]{.pdf} 14 | %% 15 | %% Images with a different path to the parent latex file can 16 | %% be accessed with the `import' package (which may need to be 17 | %% installed) using 18 | %% \usepackage{import} 19 | %% in the preamble, and then including the image with 20 | %% \import{}{.pdf_tex} 21 | %% Alternatively, one can specify 22 | %% \graphicspath{{/}} 23 | %% 24 | %% For more information, please see info/svg-inkscape on CTAN: 25 | %% http://tug.ctan.org/tex-archive/info/svg-inkscape 26 | %% 27 | \begingroup% 28 | \makeatletter% 29 | \providecommand\color[2][]{% 30 | \errmessage{(Inkscape) Color is used for the text in Inkscape, but the package 'color.sty' is not loaded}% 31 | \renewcommand\color[2][]{}% 32 | }% 33 | \providecommand\transparent[1]{% 34 | \errmessage{(Inkscape) Transparency is used (non-zero) for the text in Inkscape, but the package 'transparent.sty' is not loaded}% 35 | \renewcommand\transparent[1]{}% 36 | }% 37 | \providecommand\rotatebox[2]{#2}% 38 | \ifx\svgwidth\undefined% 39 | \setlength{\unitlength}{355.67253293bp}% 40 | \ifx\svgscale\undefined% 41 | \relax% 42 | \else% 43 | \setlength{\unitlength}{\unitlength * \real{\svgscale}}% 44 | \fi% 45 | \else% 46 | \setlength{\unitlength}{\svgwidth}% 47 | \fi% 48 | \global\let\svgwidth\undefined% 49 | \global\let\svgscale\undefined% 50 | \makeatother% 51 | \begin{picture}(1,0.22953367)% 52 | \put(0,0){\includegraphics[width=\unitlength,page=1]{pics/mix/sphinx.pdf}}% 53 | \put(0.23300991,0.05594204){\color[rgb]{0,0,0}\makebox(0,0)[lb]{\smash{$(\alpha,\beta,\gamma,\delta)$}}}% 54 | \put(0.58282004,0.05600065){\color[rgb]{0,0,0}\makebox(0,0)[lb]{\smash{$(\alpha',\beta',\gamma',\delta')$}}}% 55 | \put(0.5044553,0.0774902){\color[rgb]{0,0,0}\makebox(0,0)[lb]{\smash{$N$}}}% 56 | \put(0.88098522,0.07906553){\color[rgb]{0,0,0}\makebox(0,0)[lb]{\smash{$N'$}}}% 57 | \put(0.59401008,0.13025814){\color[rgb]{0,0,0}\makebox(0,0)[lb]{\smash{$N',\ldots$}}}% 58 | \put(0,0){\includegraphics[width=\unitlength,page=2]{pics/mix/sphinx.pdf}}% 59 | \put(0.34836993,0.14499542){\color[rgb]{0,0,0}\makebox(0,0)[lb]{\smash{$H(n \alpha)$}}}% 60 | \put(0.13477432,0.15279098){\color[rgb]{0,0,0}\makebox(0,0)[lb]{\smash{$H(a N)$}}}% 61 | \put(0.34338144,0.17955437){\color[rgb]{0,0,0}\makebox(0,0)[lb]{\smash{$N = n G$}}}% 62 | \put(0.12057668,0.1926605){\color[rgb]{0,0,0}\makebox(0,0)[lb]{\smash{$\alpha = a G$}}}% 63 | \end{picture}% 64 | \endgroup% 65 | -------------------------------------------------------------------------------- /talks/pics/mix/sphinx.sh: -------------------------------------------------------------------------------- 1 | 2 | sed -i 's/sphinx/pics\/mix\/sphinx/g' sphinx.pdf_tex 3 | 4 | 5 | # Upgrade inkscape for manually remove 6 | # \put(0,0){\includegraphics[width=\unitlength,page=2]{pics/mix/sphinx.pdf}}% 7 | # and replace the page=3 with page=2 8 | # https://tex.stackexchange.com/questions/243499/sharelatex-pdf-inclusion-required-page-does-not-exist-5 9 | -------------------------------------------------------------------------------- /talks/pics/mix/sphinx.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 20 | 22 | 30 | 36 | 37 | 39 | 48 | 49 | 51 | 60 | 61 | 63 | 72 | 73 | 75 | 84 | 85 | 91 | 93 | 102 | 103 | 105 | 114 | 115 | 117 | 126 | 127 | 129 | 138 | 139 | 145 | 154 | 160 | 161 | 170 | 176 | 177 | 178 | 196 | 198 | 199 | 201 | image/svg+xml 202 | 204 | 205 | 206 | 207 | 208 | 213 | 217 | 220 | 226 | 227 | 230 | 236 | 237 | 240 | 245 | 246 | 251 | 256 | 261 | 262 | 265 | 267 | 271 | 275 | 279 | 280 | 281 | 284 | 286 | 290 | 294 | 298 | 299 | 300 | 305 | 308 | 310 | 314 | 318 | 322 | 323 | 324 | $(\alpha,\beta,\gamma,\delta)$ 335 | $(\alpha',\beta',\gamma',\delta')$ 346 | 351 | 356 | $n$ 367 | $n'$ 378 | $n'$ 389 | 396 | 403 | 410 | 415 | 423 | 431 | 439 | 446 | 453 | 460 | $H(x \alpha)$ 471 | $H(a X)$ 482 | $X = x G$ 493 | $\alpha = a G$ 504 | 505 | 506 | -------------------------------------------------------------------------------- /talks/pics/mix/surb.pdf_tex: -------------------------------------------------------------------------------- 1 | %% Creator: Inkscape inkscape 0.92.1, www.inkscape.org 2 | %% PDF/EPS/PS + LaTeX output extension by Johan Engelen, 2010 3 | %% Accompanies image file 'pics/mix/surb.pdf' (pdf, eps, ps) 4 | %% 5 | %% To include the image in your LaTeX document, write 6 | %% \input{.pdf_tex} 7 | %% instead of 8 | %% \includegraphics{.pdf} 9 | %% To scale the image, write 10 | %% \def\svgwidth{} 11 | %% \input{.pdf_tex} 12 | %% instead of 13 | %% \includegraphics[width=]{.pdf} 14 | %% 15 | %% Images with a different path to the parent latex file can 16 | %% be accessed with the `import' package (which may need to be 17 | %% installed) using 18 | %% \usepackage{import} 19 | %% in the preamble, and then including the image with 20 | %% \import{}{.pdf_tex} 21 | %% Alternatively, one can specify 22 | %% \graphicspath{{/}} 23 | %% 24 | %% For more information, please see info/svg-inkscape on CTAN: 25 | %% http://tug.ctan.org/tex-archive/info/svg-inkscape 26 | %% 27 | \begingroup% 28 | \makeatletter% 29 | \providecommand\color[2][]{% 30 | \errmessage{(Inkscape) Color is used for the text in Inkscape, but the package 'color.sty' is not loaded}% 31 | \renewcommand\color[2][]{}% 32 | }% 33 | \providecommand\transparent[1]{% 34 | \errmessage{(Inkscape) Transparency is used (non-zero) for the text in Inkscape, but the package 'transparent.sty' is not loaded}% 35 | \renewcommand\transparent[1]{}% 36 | }% 37 | \providecommand\rotatebox[2]{#2}% 38 | \ifx\svgwidth\undefined% 39 | \setlength{\unitlength}{328.24501338bp}% 40 | \ifx\svgscale\undefined% 41 | \relax% 42 | \else% 43 | \setlength{\unitlength}{\unitlength * \real{\svgscale}}% 44 | \fi% 45 | \else% 46 | \setlength{\unitlength}{\svgwidth}% 47 | \fi% 48 | \global\let\svgwidth\undefined% 49 | \global\let\svgscale\undefined% 50 | \makeatother% 51 | \begin{picture}(1,0.42218146)% 52 | \put(0,0){\includegraphics[width=\unitlength,page=1]{pics/mix/surb.pdf}}% 53 | \put(0.06951584,0.23549032){\color[rgb]{0,0,0}\makebox(0,0)[lb]{\smash{$(\alpha,\beta,\gamma,\delta)$}}}% 54 | \put(0.14358512,0.04442067){\color[rgb]{0,0,0}\makebox(0,0)[lb]{\smash{$\delta = \text{"... My SURB is } (n,\text{date},\alpha,\beta,\gamma) \text{..."}$}}}% 55 | \put(0.36364267,0.258839){\color[rgb]{0,0,0}\makebox(0,0)[lb]{\smash{$n$}}}% 56 | \put(0,0){\includegraphics[width=\unitlength,page=2]{pics/mix/surb.pdf}}% 57 | \put(0.20294742,0.32636334){\color[rgb]{0,0,0}\makebox(0,0)[lb]{\smash{$H(x \alpha)$}}}% 58 | \put(0.8330102,0.3390263){\color[rgb]{0,0,0}\makebox(0,0)[lb]{\smash{$H(a X)$}}}% 59 | \put(0.19754216,0.36380984){\color[rgb]{0,0,0}\makebox(0,0)[lb]{\smash{$X = x G$}}}% 60 | \put(0.8176263,0.38222724){\color[rgb]{0,0,0}\makebox(0,0)[lb]{\smash{$\alpha = a G$}}}% 61 | \put(0,0){\includegraphics[width=\unitlength,page=3]{pics/mix/surb.pdf}}% 62 | \put(0.0682787,0.3246457){\color[rgb]{0,0,0}\makebox(0,0)[lb]{\smash{$\delta$}}}% 63 | \end{picture}% 64 | \endgroup% 65 | -------------------------------------------------------------------------------- /talks/pics/mix/surb.sh: -------------------------------------------------------------------------------- 1 | 2 | sed -i 's/surb/pics\/mix\/surb/g' surb.pdf_tex 3 | 4 | -------------------------------------------------------------------------------- /talks/pics/mix/surb.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 20 | 22 | 30 | 36 | 37 | 39 | 48 | 49 | 51 | 60 | 61 | 63 | 72 | 73 | 75 | 84 | 85 | 91 | 93 | 102 | 103 | 105 | 114 | 115 | 117 | 126 | 127 | 129 | 138 | 139 | 145 | 154 | 160 | 161 | 170 | 176 | 177 | 178 | 196 | 198 | 199 | 201 | image/svg+xml 202 | 204 | 205 | 206 | 207 | 208 | 213 | 216 | 218 | 222 | 226 | 230 | 231 | 232 | 237 | 240 | 242 | 246 | 250 | 254 | 255 | 256 | $(\alpha,\beta,\gamma,\delta)$ 267 | $\delta = \text{"... My SURB is } (n,\text{date},\alpha,\beta,\gamma) \text{..."}$ 278 | 283 | $n$ 294 | 302 | 310 | 318 | 325 | 332 | 339 | $H(x \alpha)$ 350 | $H(a X)$ 361 | $X = x G$ 372 | $\alpha = a G$ 383 | 386 | 390 | 395 | 400 | 405 | 410 | 411 | 416 | 417 | 421 | 427 | 428 | 433 | 438 | 445 | 452 | 459 | $\delta$ 472 | 473 | 474 | -------------------------------------------------------------------------------- /talks/pics/mix/tagging.pdf_tex: -------------------------------------------------------------------------------- 1 | %% Creator: Inkscape inkscape 0.92.1, www.inkscape.org 2 | %% PDF/EPS/PS + LaTeX output extension by Johan Engelen, 2010 3 | %% Accompanies image file 'pics/mix/tagging.pdf' (pdf, eps, ps) 4 | %% 5 | %% To include the image in your LaTeX document, write 6 | %% \input{.pdf_tex} 7 | %% instead of 8 | %% \includegraphics{.pdf} 9 | %% To scale the image, write 10 | %% \def\svgwidth{} 11 | %% \input{.pdf_tex} 12 | %% instead of 13 | %% \includegraphics[width=]{.pdf} 14 | %% 15 | %% Images with a different path to the parent latex file can 16 | %% be accessed with the `import' package (which may need to be 17 | %% installed) using 18 | %% \usepackage{import} 19 | %% in the preamble, and then including the image with 20 | %% \import{}{.pdf_tex} 21 | %% Alternatively, one can specify 22 | %% \graphicspath{{/}} 23 | %% 24 | %% For more information, please see info/svg-inkscape on CTAN: 25 | %% http://tug.ctan.org/tex-archive/info/svg-inkscape 26 | %% 27 | \begingroup% 28 | \makeatletter% 29 | \providecommand\color[2][]{% 30 | \errmessage{(Inkscape) Color is used for the text in Inkscape, but the package 'color.sty' is not loaded}% 31 | \renewcommand\color[2][]{}% 32 | }% 33 | \providecommand\transparent[1]{% 34 | \errmessage{(Inkscape) Transparency is used (non-zero) for the text in Inkscape, but the package 'transparent.sty' is not loaded}% 35 | \renewcommand\transparent[1]{}% 36 | }% 37 | \providecommand\rotatebox[2]{#2}% 38 | \ifx\svgwidth\undefined% 39 | \setlength{\unitlength}{427.53974975bp}% 40 | \ifx\svgscale\undefined% 41 | \relax% 42 | \else% 43 | \setlength{\unitlength}{\unitlength * \real{\svgscale}}% 44 | \fi% 45 | \else% 46 | \setlength{\unitlength}{\svgwidth}% 47 | \fi% 48 | \global\let\svgwidth\undefined% 49 | \global\let\svgscale\undefined% 50 | \makeatother% 51 | \begin{picture}(1,0.13011152)% 52 | \put(0,0){\includegraphics[width=\unitlength,page=1]{pics/mix/tagging.pdf}}% 53 | \put(0.0841824,0.05346408){\color[rgb]{0,0,0}\makebox(0,0)[lb]{\smash{$(\alpha,\beta,\gamma,\delta)$}}}% 54 | \put(0.37519125,0.05351285){\color[rgb]{0,0,0}\makebox(0,0)[lb]{\smash{$(\alpha',\beta',\gamma',\baddelta)$}}}% 55 | \put(0,0){\includegraphics[width=\unitlength,page=2]{pics/mix/tagging.pdf}}% 56 | \end{picture}% 57 | \endgroup% 58 | -------------------------------------------------------------------------------- /talks/pics/mix/tagging.sh: -------------------------------------------------------------------------------- 1 | 2 | sed -i 's/tagging/pics\/mix\/tagging/g' tagging.pdf_tex 3 | 4 | -------------------------------------------------------------------------------- /video/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/burdges/isogenies_vdf_uses/da25a05f43881ee4e1138238cdb1970b244d459c/video/__init__.py -------------------------------------------------------------------------------- /video/clock.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/burdges/isogenies_vdf_uses/da25a05f43881ee4e1138238cdb1970b244d459c/video/clock.png -------------------------------------------------------------------------------- /video/doge.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/burdges/isogenies_vdf_uses/da25a05f43881ee4e1138238cdb1970b244d459c/video/doge.png -------------------------------------------------------------------------------- /video/dogetizer-2021-10-12-2-38-14.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/burdges/isogenies_vdf_uses/da25a05f43881ee4e1138238cdb1970b244d459c/video/dogetizer-2021-10-12-2-38-14.jpg -------------------------------------------------------------------------------- /video/ibe.py: -------------------------------------------------------------------------------- 1 | from manim import * 2 | 3 | BCOLOR = '#546953' 4 | config.background_color = BCOLOR 5 | config.frame_width = 30 6 | 7 | Text.set_default( 8 | font='Linux Libertine Display', 9 | ) 10 | 11 | class IBE(MovingCameraScene): 12 | def construct(self): 13 | boxkg = Rectangle(height=1, width=3, fill_opacity=1).move_to((-10,4,0)) 14 | keygen = Text('KeyGen', color=BCOLOR).move_to(boxkg) 15 | self.play( 16 | FadeIn(boxkg), 17 | Write(keygen), 18 | ) 19 | msk = Text('msk').next_to(boxkg, 3*UP + 7*RIGHT).scale(.8) 20 | mpk = Text('pk').next_to(boxkg, 3*DOWN + 7*RIGHT).scale(.8) 21 | arrows = Arrow(boxkg, msk) 22 | arrowp = Arrow(boxkg, mpk) 23 | self.play( 24 | Create(arrows), 25 | Create(arrowp), 26 | Write(msk), 27 | Write(mpk), 28 | ) 29 | self.wait() 30 | 31 | boxenc = Rectangle(height=1.4, width=5, fill_opacity=1).move_to((0,1,0)) 32 | encrypt = Text('Encrypt', color=BCOLOR).move_to(boxenc) 33 | self.play( 34 | FadeIn(boxenc), 35 | Write(encrypt), 36 | ) 37 | id = ImageMobject('doge.png').scale(.2).next_to(boxenc, 7*UP) 38 | idt = Text('id').next_to(id, RIGHT).scale(.8) 39 | self.play( 40 | FadeIn(id), 41 | Write(idt), 42 | ) 43 | msg = VGroup( 44 | Rectangle(height=0.5, width=1), 45 | Line((-0.5, 0.2, 0), ORIGIN), 46 | Line((0.5, 0.2, 0), ORIGIN), 47 | ).next_to(boxenc, 14*LEFT) 48 | msgt = Text('msg').next_to(msg, DOWN).scale(.8) 49 | self.play( 50 | Create(msg), 51 | Write(msgt), 52 | ) 53 | arrowm = Arrow(msg.get_right(), boxenc.get_left()) 54 | arrowp = Arrow(mpk.get_right(), boxenc) 55 | arrowi = Arrow(id.get_bottom(), boxenc.get_top()) 56 | self.play( 57 | Create(arrowm), 58 | Create(arrowp), 59 | Create(arrowi), 60 | ) 61 | ct = Text('ct').next_to(boxenc, 4*RIGHT).scale(.8) 62 | arrowct = Arrow(boxenc.get_right(), ct.get_left()) 63 | self.play( 64 | Create(arrowct), 65 | Write(ct), 66 | ) 67 | self.wait() 68 | 69 | boxext = Rectangle(height=1, width=3, fill_opacity=1).move_to((0,7,0)) 70 | extract = Text('Extract', color=BCOLOR).move_to(boxext) 71 | self.play( 72 | FadeIn(boxext), 73 | Write(extract), 74 | ) 75 | arrows = Arrow(msk.get_right(), boxext.get_left()) 76 | arrowi = Arrow(id.get_top(), boxext.get_bottom()) 77 | self.play( 78 | Create(arrows), 79 | Create(arrowi), 80 | ) 81 | sk = Text('sk').next_to(boxext, 8*RIGHT).scale(.8) 82 | arrows = Arrow(boxext.get_right(), sk.get_left()) 83 | self.play( 84 | Create(arrows), 85 | Create(sk), 86 | ) 87 | self.wait() 88 | 89 | boxdec = Rectangle(height=1.4, width=5, fill_opacity=1).move_to((11,4,0)) 90 | decrypt = Text('Decrypt', color=BCOLOR).move_to(boxdec) 91 | self.play( 92 | FadeIn(boxdec), 93 | Write(decrypt), 94 | ) 95 | arrowct2 = Arrow(ct.get_right(), boxdec) 96 | arrowis = Arrow(sk.get_right(), boxdec) 97 | self.play( 98 | Create(arrowct2), 99 | Create(arrowis), 100 | ) 101 | msg = msg.copy().next_to(boxdec, 7*DOWN) 102 | msgt = msgt.copy().next_to(msg, DOWN) 103 | arrowm = Arrow(boxdec.get_bottom(), msg.get_top()) 104 | self.play( 105 | Create(arrowm), 106 | Create(msg), 107 | Write(msgt), 108 | ) 109 | self.wait() 110 | 111 | self.play( 112 | self.camera.frame.animate.scale(0.5).move_to(boxext).shift(DOWN), 113 | boxext.animate.set_fill(RED), 114 | ) 115 | self.wait() 116 | 117 | self.play( 118 | self.camera.frame.animate.move_to(boxkg).shift(RIGHT), 119 | boxext.animate.set_fill(WHITE), 120 | ) 121 | self.wait() 122 | 123 | self.remove(idt) 124 | bfmsk = MathTex('m').move_to(msk) 125 | bfmpk = MathTex(r'mG_2').move_to(mpk).shift(0.1*LEFT) 126 | self.play( 127 | Transform(msk, bfmsk), 128 | Transform(mpk, bfmpk), 129 | ) 130 | self.wait() 131 | 132 | self.play( 133 | self.camera.frame.animate.move_to(boxenc).shift(UP), 134 | ) 135 | self.wait() 136 | 137 | weil = MathTex('k = e(uDoge, mG_2)', color=BCOLOR, 138 | tex_to_color_map={'u': WHITE, 'Doge': WHITE, 'mG_2': WHITE} 139 | ).move_to(encrypt) 140 | self.play( 141 | Transform(encrypt, weil), 142 | ) 143 | self.wait() 144 | 145 | mG2 = MathTex('mG_2', color=BCOLOR).move_to(weil[4]) 146 | self.play( 147 | Write(mG2), 148 | ) 149 | self.wait() 150 | 151 | id2 = id.copy() 152 | self.add(id2) 153 | self.play( 154 | id2.animate.move_to(weil[2]), 155 | ) 156 | u = MathTex('u', color=BCOLOR).move_to(weil[1]) 157 | self.play( 158 | Write(u), 159 | ) 160 | self.wait() 161 | 162 | bfct = MathTex(r'&\mathrm{Enc}_k(\mathrm{msg})\\', '&uG_2').move_to(ct).shift(RIGHT) 163 | bfact = Arrow(boxenc.get_right(), bfct.get_left()) 164 | bfact2 = Arrow(bfct.get_right(), boxdec) 165 | self.play( 166 | Transform(ct, bfct), 167 | Transform(arrowct, bfact), 168 | Transform(arrowct2, bfact2), 169 | ) 170 | self.wait() 171 | 172 | 173 | self.play( 174 | self.camera.frame.animate.move_to(boxdec).shift(LEFT), 175 | ) 176 | self.wait() 177 | 178 | weil2 = MathTex('k = e(mDoge, uG_2)', color=BCOLOR, 179 | tex_to_color_map={'m': WHITE, 'Doge': WHITE, 'uG_2': WHITE} 180 | ).move_to(decrypt) 181 | self.play( 182 | Transform(decrypt, weil2), 183 | ) 184 | self.wait() 185 | 186 | uG2 = bfct[1].copy() 187 | self.add(uG2) 188 | self.play( 189 | uG2.animate.move_to(weil2[4]).set_fill(BCOLOR), 190 | ) 191 | self.wait() 192 | 193 | id3 = id.copy().move_to(weil2[2]) 194 | mdec = MathTex('m', color=BCOLOR).move_to(weil2[1]) 195 | self.play( 196 | FadeIn(id3), 197 | FadeIn(mdec), 198 | ) 199 | self.wait() 200 | 201 | self.play( 202 | self.camera.frame.animate.move_to(boxext).shift(DOWN), 203 | ) 204 | self.wait() 205 | 206 | id4 = id.copy() 207 | self.add(id4) 208 | self.play( 209 | id4.animate.move_to(boxext), 210 | ) 211 | mext = MathTex('m').move_to(sk) 212 | arrowis2 = Arrow(id4.copy().move_to(sk).shift(RIGHT).get_right(), boxdec) 213 | self.play( 214 | id4.animate.move_to(sk).shift(RIGHT), 215 | FadeOut(sk), 216 | FadeIn(mext), 217 | Transform(arrowis, arrowis2), 218 | ) 219 | self.wait() 220 | 221 | self.play( 222 | self.camera.frame.animate.scale(2).move_to(ORIGIN) 223 | ) 224 | self.wait() 225 | 226 | phi = Text('φ', weight='BOLD', color='#ff6666').move_to(msk).scale(1.2) 227 | self.play( 228 | FadeOut(msk), 229 | FadeIn(phi), 230 | Circumscribe(phi), 231 | ) 232 | self.wait() 233 | 234 | phiG2 = Text('φG₂', weight='BOLD', color='#ff6666').move_to(mpk).scale(1.2) 235 | clock1 = ImageMobject('clock.png').scale(.1).move_to(phiG2).shift(2*LEFT + UP) 236 | self.play( 237 | Transform(mpk, phiG2), 238 | Circumscribe(phiG2), 239 | FadeIn(clock1), 240 | ) 241 | self.wait() 242 | 243 | phisk = phi.copy().move_to(mext) 244 | clock2 = clock1.copy().move_to(phisk).shift(2*LEFT) 245 | self.play( 246 | Transform(mext, phisk), 247 | Circumscribe(phisk), 248 | FadeIn(clock2), 249 | ) 250 | self.wait() 251 | 252 | phiG22 = phiG2.copy().set_fill(color='#ff0000').move_to(mG2) 253 | self.play( 254 | Transform(mG2, phiG22), 255 | Circumscribe(phiG22, color=ORANGE), 256 | ) 257 | self.wait() 258 | 259 | phisk2 = phisk.copy().set_fill(color='#ff0000').move_to(mdec) 260 | self.play( 261 | Transform(mdec, phisk2), 262 | Circumscribe(phisk2, color=ORANGE), 263 | ) 264 | self.wait() 265 | 266 | incog = ImageMobject('doge-glasses.png').scale(.2).move_to(id) 267 | incog2 = incog.copy().move_to(id2) 268 | incog3 = incog.copy().move_to(id3) 269 | incog4 = incog.copy().move_to(id4) 270 | self.play( 271 | Transform(id, incog), 272 | Transform(id2, incog2), 273 | Transform(id3, incog3), 274 | Transform(id4, incog4), 275 | ) 276 | self.wait() 277 | -------------------------------------------------------------------------------- /video/imply.py: -------------------------------------------------------------------------------- 1 | from manim import * 2 | 3 | config.transparent = True 4 | config.frame_width = 20 5 | 6 | Mobject.set_default( 7 | color='#bbb', 8 | ) 9 | Text.set_default( 10 | font='Linux Libertine Display', 11 | weight='BOLD', 12 | color='#bbb', 13 | ) 14 | 15 | class ImplyIBE(Scene): 16 | def construct(self): 17 | ibe = Text('IBE').to_corner(UP) 18 | self.play(Write(ibe)) 19 | 20 | enc = Text('Encryption').next_to(ibe, 4*DOWN+LEFT) 21 | enca = Arrow(ibe, enc.get_top()) 22 | self.play( 23 | Create(enca), 24 | Write(enc), 25 | ) 26 | self.wait() 27 | 28 | sig = Text('Signature').next_to(ibe, 4*DOWN+RIGHT) 29 | siga = Arrow(ibe, sig.get_top()) 30 | self.play( 31 | Create(siga), 32 | Write(sig), 33 | ) 34 | self.wait(10) 35 | 36 | class ImplyDE(Scene): 37 | def construct(self): 38 | de = Text('Delay Encryption').to_corner(UP).shift(LEFT) 39 | self.play(Write(de)) 40 | 41 | tlp = Text('Time lock puzzle').next_to(de, 4*DOWN).shift(3*LEFT) 42 | tlpa = Arrow(de, tlp.get_top()) 43 | self.play( 44 | Create(tlpa), 45 | Write(tlp), 46 | ) 47 | self.wait() 48 | 49 | pow = Text('Proof of Work').next_to(de, 4*DOWN).shift(3*RIGHT) 50 | powa = Arrow(de, pow.get_top()) 51 | self.play( 52 | Create(powa), 53 | Write(pow), 54 | ) 55 | self.wait() 56 | 57 | vdf = Text('/ VDF').next_to(pow, DOWN) 58 | self.play( 59 | Write(vdf), 60 | ) 61 | self.wait(10) 62 | -------------------------------------------------------------------------------- /video/sign.py: -------------------------------------------------------------------------------- 1 | from manim import * 2 | 3 | BCOLOR = '#416fa9' 4 | config.transparent = True 5 | config.frame_width = 30 6 | 7 | Mobject.set_default( 8 | color='#bbb', 9 | ) 10 | Rectangle.set_default( 11 | color='#bbb', 12 | ) 13 | Text.set_default( 14 | font='Linux Libertine Display', 15 | weight='BOLD', 16 | color='#bbb', 17 | ) 18 | 19 | class Sign(Scene): 20 | def construct(self): 21 | ibe = Group() 22 | boxkg = Rectangle(height=1, width=3, fill_opacity=1).move_to((-10,4,0)) 23 | keygen = Text('KeyGen', color=BCOLOR).move_to(boxkg) 24 | ibe.add(boxkg, keygen) 25 | msk = Text('msk').next_to(boxkg, 3*UP + 7*RIGHT).scale(.8) 26 | mpk = Text('pk').next_to(boxkg, 3*DOWN + 7*RIGHT).scale(.8) 27 | arrows = Arrow(boxkg, msk) 28 | arrowp = Arrow(boxkg, mpk) 29 | ibe.add(arrows, arrowp, msk, mpk) 30 | 31 | boxenc = Rectangle(height=1.4, width=5, fill_opacity=1).move_to((0,1,0)) 32 | encrypt = Text('Encrypt', color=BCOLOR).move_to(boxenc) 33 | ibe.add(boxenc, encrypt) 34 | id = ImageMobject('doge.png').scale(.2).next_to(boxenc, 7*UP) 35 | ibe.add(id) 36 | msg = VGroup( 37 | Rectangle(height=0.5, width=1), 38 | Line((-0.5, 0.2, 0), ORIGIN), 39 | Line((0.5, 0.2, 0), ORIGIN), 40 | ).next_to(boxenc, 14*LEFT) 41 | msgt = Text('msg').next_to(msg, DOWN).scale(.8) 42 | msgg = VGroup(msg, msgt) 43 | ibe.add(msgg) 44 | arrowm = Arrow(msg.get_right(), boxenc.get_left()) 45 | arrowp = Arrow(mpk.get_right(), boxenc) 46 | arrowi = Arrow(id.get_bottom(), boxenc.get_top()) 47 | ibe.add(arrowm, arrowp, arrowi) 48 | ct = Text('ct').next_to(boxenc, 4*RIGHT).scale(.8) 49 | arrowct = Arrow(boxenc.get_right(), ct.get_left()) 50 | ibe.add(arrowct, ct) 51 | 52 | boxext = Rectangle(height=1, width=3, fill_opacity=1).move_to((0,7,0)) 53 | extract = Text('Extract', color=BCOLOR).move_to(boxext) 54 | ibe.add(boxext, extract) 55 | arrows = Arrow(msk.get_right(), boxext.get_left()) 56 | arrowi = Arrow(id.get_top(), boxext.get_bottom()) 57 | ibe.add(arrows, arrowi) 58 | sk = Text('sk').next_to(boxext, 8*RIGHT).scale(.8) 59 | arrows = Arrow(boxext.get_right(), sk.get_left()) 60 | ibe.add(arrows, sk) 61 | 62 | boxdec = Rectangle(height=1.4, width=5, fill_opacity=1).move_to((11,4,0)) 63 | decrypt = Text('Decrypt', color=BCOLOR).move_to(boxdec) 64 | ibe.add(boxdec, decrypt) 65 | arrowct2 = Arrow(ct.get_right(), boxdec) 66 | arrowis = Arrow(sk.get_right(), boxdec) 67 | ibe.add(arrowct2, arrowis) 68 | msgg2 = msgg.copy().next_to(boxdec, 7*DOWN) 69 | arrowm = Arrow(boxdec.get_bottom(), msgg2.get_top()) 70 | ibe.add(arrowm, msgg2) 71 | 72 | self.play(FadeIn(ibe)) 73 | self.wait() 74 | 75 | ###### 76 | 77 | rnd = Text('rnd').move_to(msg) 78 | 79 | self.play( 80 | msgg.animate.move_to(id), 81 | FadeOut(id), 82 | FadeOut(msgg2), 83 | ) 84 | 85 | sig = Text('sig').move_to(sk) 86 | sign = Text('Sign', color=BCOLOR).move_to(extract) 87 | self.play( 88 | Transform(sk, sig), 89 | Transform(extract, sign), 90 | Circumscribe(sig), 91 | Circumscribe(boxext), 92 | ) 93 | self.wait() 94 | 95 | self.play( 96 | Write(rnd), 97 | Circumscribe(rnd), 98 | ) 99 | ver1 = Text('Verify.0', color=BCOLOR).move_to(encrypt) 100 | self.play( 101 | Transform(encrypt, ver1), 102 | Circumscribe(boxenc), 103 | ) 104 | ver2 = Text('Verify.1', color=BCOLOR).move_to(decrypt) 105 | self.play( 106 | Transform(decrypt, ver2), 107 | Circumscribe(boxdec), 108 | ) 109 | check = Text("rnd' == rnd ?").move_to(msgg2) 110 | self.play( 111 | Write(check), 112 | Circumscribe(check), 113 | ) 114 | self.wait(10) 115 | -------------------------------------------------------------------------------- /video/slide.tex: -------------------------------------------------------------------------------- 1 | \documentclass[12pt,aspectratio=169]{beamer} 2 | 3 | \mode{ 4 | \usetheme{AnnArbor} 5 | } 6 | 7 | \title{Delay Encryption} 8 | 9 | \author{Jeffrey Burdges\inst{1}, Luca De Feo\inst{2}} 10 | 11 | \institute{\inst{1}Web3 Foundation, Switzerland\\ 12 | \inst{2}IBM Research Europe, Switzerland} 13 | 14 | \date{Eurocrypt, October 2021, Zagreb, Croatia} 15 | 16 | \begin{document} 17 | 18 | \setbeamertemplate{navigation symbols}{} 19 | \frame[plain]{\titlepage} 20 | 21 | \end{document} 22 | -------------------------------------------------------------------------------- /video/walk.py: -------------------------------------------------------------------------------- 1 | from manim import * 2 | import random, math 3 | 4 | config.transparent = True 5 | config.frame_width = 30 6 | 7 | Mobject.set_default( 8 | color='#bbb', 9 | ) 10 | Dot.set_default( 11 | color='#bbb', 12 | ) 13 | Line.set_default( 14 | color='#bbb', 15 | ) 16 | Text.set_default( 17 | font='Linux Libertine Display', 18 | weight='BOLD', 19 | color='#bbb', 20 | ) 21 | 22 | class Walk(Scene): 23 | def construct(self): 24 | j0 = Dot(radius=.2) 25 | j0t = Text('1728').next_to(j0, DOWN) 26 | self.play( 27 | Create(j0), 28 | Write(j0t) 29 | ) 30 | self.wait() 31 | 32 | random.seed(0) 33 | 34 | pp = PolarPlane() 35 | 36 | for n in range(3): 37 | js = VGroup(j0) 38 | for i in range(100): 39 | p = (30,0,0) 40 | while (abs(p[0]) > 8 or abs(p[1]) > 5): 41 | p = js[-1].get_center() + pp.pr2pt(2, random.random()*2*math.pi) 42 | j = Dot().move_to(p) 43 | l = Line(js[-1], j) 44 | js.add(l, j) 45 | 46 | self.play(Create(js)) 47 | 48 | j0 = Dot(radius=.2).move_to(js[-1]) 49 | j0t = Text('E' + chr(ord('₀')+n)).next_to(j0, 50 | pp.pr2pt(-1, pp.pt2pr(j0.get_center())[1])) 51 | self.play( 52 | Create(j0), 53 | Write(j0t), 54 | ) 55 | self.wait() 56 | 57 | self.play( 58 | FadeOut(js[1:]), 59 | ) 60 | self.wait() 61 | 62 | self.play(Create(Dot(radius=.2).move_to([-3,2,0]))) 63 | self.play(Create(Dot(radius=.2).move_to([-1,4,0]))) 64 | self.play(Create(Dot(radius=.2).move_to([3,-1.5,0]))) 65 | 66 | jend = Dot(radius=.2).move_to([-3.3,-1.7,0]) 67 | jendt = MarkupText('En').next_to(jend, DOWN) 68 | self.play( 69 | Create(jend), 70 | Write(jendt), 71 | ) 72 | self.play( 73 | VGroup(jend, jendt).animate.scale(2).set_fill(RED), 74 | ) 75 | 76 | self.wait(20) 77 | -------------------------------------------------------------------------------- /zkp.bib: -------------------------------------------------------------------------------- 1 | 2 | @InProceedings{GK2015, 3 | author = {Jens Groth and Markulf Kohlweiss}, 4 | editor = {Elisabeth Oswald and Marc Fischlin}, 5 | title = {One-out-of-Many Proofs: Or How to Leak a Secret and Spend a Coin}, 6 | booktitle = {Advances in Cryptology - EUROCRYPT 2015}, 7 | year = {2015}, 8 | publisher = {Springer Berlin Heidelberg}, 9 | pages = {253--280}, 10 | abstract = {We construct a 3-move public coin special honest verifier zero-knowledge proof, a so-called Sigma-protocol, for a list of commitments having at least one commitment that opens to 0. It is not required for the prover to know openings of the other commitments. The proof system is efficient, in particular in terms of communication requiring only the transmission of a logarithmic number of commitments.}, 11 | isbn = {978-3-662-46803-6}, 12 | url = {https://eprint.iacr.org/2014/764}, 13 | note = {IACR ePrint Archive 2014/764}, 14 | } 15 | 16 | 17 | @InProceedings{ Groth16, 18 | author = {Groth, Jens}, 19 | editor = {Fischlin, Marc and Coron, Jean-S{\'e}bastien}, 20 | title = {On the Size of Pairing-Based Non-interactive Arguments}, 21 | booktitle = {Advances in Cryptology -- EUROCRYPT 2016}, 22 | year = {2016}, 23 | publisher = {Springer Berlin Heidelberg}, 24 | address = {Berlin, Heidelberg}, 25 | pages = {305--326}, 26 | isbn = {978-3-662-49896-5}, 27 | url = {https://eprint.iacr.org/2016/260}, 28 | note = {IACR ePrint Archive 2016/260}, 29 | } 30 | 31 | 32 | @InProceedings{ bccgp2016, 33 | author = {Bootle, Jonathan and Cerulli, Andrea and Chaidos, Pyrros 34 | and Groth, Jens and Petit, Christophe}, 35 | editor = {Fischlin, Marc and Coron, Jean-S{\'e}bastien}, 36 | title = {Efficient Zero-Knowledge Arguments for Arithmetic Circuits 37 | in the Discrete Log Setting}, 38 | booktitle = {Advances in Cryptology -- EUROCRYPT 2016}, 39 | year = {2016}, 40 | publisher = {Springer Berlin Heidelberg}, 41 | address = {Berlin, Heidelberg}, 42 | pages = {327--357}, 43 | isbn = {978-3-662-49896-5}, 44 | url = {https://eprint.iacr.org/2016/263}, 45 | note = {IACR ePrint Archive 2016/263}, 46 | } 47 | 48 | @InProceedings{ bulletproofs, 49 | author = {Bünz, Benedikt and Bootle, Jonathan and Boneh, Dan and 50 | Poelstra, Andrew and Wuille, Pieter and Maxwell, Greg}, 51 | booktitle = {2018 IEEE Symposium on Security and Privacy (SP)}, 52 | title = {Bulletproofs: Short Proofs for Confidential Transactions 53 | and More}, 54 | year = {2018}, 55 | month = {May}, 56 | pages = {319--338}, 57 | doi = {10.1109/SP.2018.00020}, 58 | issn = {2375-1207}, 59 | url = {https://eprint.iacr.org/2017/1066}, 60 | note = {IACR ePrint Archive 2017/1066}, 61 | } 62 | 63 | 64 | @phdthesis{ RyanHenryPhD, 65 | author = {Ryan Henry}, 66 | title = {Efficient Zero-Knowledge Proofs and Applications}, 67 | school = {University of Waterloo}, 68 | year = {2014}, 69 | month = {August}, 70 | note = {http://hdl.handle.net/10012/8621}, 71 | url = {https://uwspace.uwaterloo.ca/bitstream/handle/10012/8621/Henry_Ryan.pdf}, 72 | } 73 | 74 | 75 | @inproceedings{HenryGoldberg13, 76 | author = {Henry, Ryan and Goldberg, Ian}, 77 | year = {2013}, 78 | month = {06}, 79 | pages = {502-517}, 80 | title = {Batch Proofs of Partial Knowledge}, 81 | doi = {10.1007/978-3-642-38980-1_32} 82 | } 83 | 84 | 85 | @article{PrivacyPass, 86 | author = {Davidson, Alex and Goldberg, Ian and Sullivan, Nick and Tankersley, George and Valsorda, Filippo}, 87 | year = {2018}, 88 | month = {06}, 89 | pages = {164-180}, 90 | title = {Privacy Pass: Bypassing Internet Challenges Anonymously}, 91 | volume = {2018}, 92 | journal = {Proceedings on Privacy Enhancing Technologies}, 93 | doi = {10.1515/popets-2018-0026} 94 | } 95 | 96 | 97 | @inproceedings{ZEXE, 98 | booktitle={2020 IEEE Symposium on Security and Privacy (SP)}, title={ZEXE: Enabling Decentralized Private Computation}, 99 | year={2020}, 100 | volume={}, 101 | number={}, 102 | pages={947--964}, 103 | doi={10.1109/SP40000.2020.00050}, 104 | author = {Sean Bowe and Alessandro Chiesa and Matthew Green and Ian Miers and Pratyush Mishra and Howard Wu}, 105 | title = {Zexe: Enabling Decentralized Private Computation}, 106 | } 107 | 108 | 109 | @misc{plookup, 110 | author = {Ariel Gabizon and Zachary J. Williamson}, 111 | title = {plookup: A simplified polynomial protocol for lookup tables}, 112 | howpublished = {Cryptology ePrint Archive, Report 2020/315}, 113 | year = {2020}, 114 | url = {https://eprint.iacr.org/2020/315}, 115 | } 116 | 117 | 118 | 119 | --------------------------------------------------------------------------------