-
2 | {{ range .Page.Pages }}
3 |
- 4 | {{ partial "docs/title" . }} 5 | 6 |
- 7 | {{ default .Summary .Description }} 8 | 9 | {{ end }} 10 |
2 | {{- $summary := cond .IsNamedParams (.Get "title") (.Get 0) -}}
3 |
8 |
--------------------------------------------------------------------------------
/themes/book/i18n/bn.yaml:
--------------------------------------------------------------------------------
1 | - id: Search
2 | translation: অনুসন্ধান
3 |
4 | - id: Edit this page
5 | translation: এই পৃষ্ঠাটি সম্পাদনা করুন
6 |
7 | - id: Last modified by
8 | translation: সর্বশেষ সম্পাদনা করেছেন
9 |
10 | - id: Expand
11 | translation: বিস্তৃত করা
12 |
13 | - id: bookSearchConfig
14 | translation: '{ cache: true }'
15 |
--------------------------------------------------------------------------------
/themes/book/i18n/uk.yaml:
--------------------------------------------------------------------------------
1 | - id: Search
2 | translation: Пошук
3 |
4 | - id: Edit this page
5 | translation: Редагувати цю сторінку
6 |
7 | - id: Last modified by
8 | translation: Остання зміна від
9 |
10 | - id: Expand
11 | translation: Розгорнути
12 |
13 | - id: bookSearchConfig
14 | translation: '{ split: /[^a-zа-яё0-9\w]/gi }'
15 |
--------------------------------------------------------------------------------
/themes/book/i18n/ru.yaml:
--------------------------------------------------------------------------------
1 | - id: Search
2 | translation: Поиск
3 |
4 | - id: Edit this page
5 | translation: Редактировать эту страницу
6 |
7 | - id: Last modified by
8 | translation: Последнее изменение от
9 |
10 | - id: Expand
11 | translation: Развернуть
12 |
13 | - id: bookSearchConfig
14 | translation: '{ split: /[^a-zа-яё0-9\w]/gi }'
15 |
--------------------------------------------------------------------------------
/themes/book/layouts/posts/single.html:
--------------------------------------------------------------------------------
1 | {{ define "main" }}
2 | {{ $summary | .Page.RenderString }}
4 |
5 | {{ .Inner | .Page.RenderString }}
6 |
7 | -
4 |
- {{if $details.tag}}[{{$details.tag}}]{{end}} {{$details.apa}}{{if $details.year }} ({{$details.year}}){{ end }}. 5 |
3 |
4 |
5 |
7 | {{ end }}
8 |
--------------------------------------------------------------------------------
/content/docs/zkdocs/zero-knowledge-protocols/_index.md:
--------------------------------------------------------------------------------
1 | ---
2 | weight: 1
3 | bookFlatSection: true
4 | title: "Zero-knowledge protocols"
5 | ---
6 |
7 | # Zero-knowledge protocols
8 |
9 | Here, we provide uniform, detailed descriptions to several zero-knowledge protocols. We include: necessary setup, security pitfalls and associated severity, safe parameter choices, and original references.
10 |
11 | {{{{ .Title | title }}
4 | {{ $taxonomies := index .Site.Taxonomies .Page.Type }} 5 | {{ range $taxonomies }} 6 | 7 | {{ end }} 8 |11 | {{- .Inner -}} 12 |
13 | -------------------------------------------------------------------------------- /themes/book/i18n/cn.yaml: -------------------------------------------------------------------------------- 1 | # This should be removed in future, 'cn' is moved to `zh' 2 | - id: Search 3 | translation: 搜索 4 | 5 | - id: Edit this page 6 | translation: 编辑本页 7 | 8 | - id: Last modified by 9 | translation: 最后修改者 10 | 11 | - id: Expand 12 | translation: 展开 13 | 14 | - id: bookSearchConfig 15 | translation: | 16 | { 17 | encode: false, 18 | tokenize: function(str) { 19 | return str.replace(/[\x00-\x7F]/g, '').split(''); 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /themes/book/i18n/jp.yaml: -------------------------------------------------------------------------------- 1 | # This should be removed in future, 'jp' is moved to `ja' 2 | - id: Search 3 | translation: 検索 4 | 5 | - id: Edit this page 6 | translation: このページを編集する 7 | 8 | - id: Last modified by 9 | translation: 最終更新者 10 | 11 | - id: Expand 12 | translation: 展開 13 | 14 | - id: bookSearchConfig 15 | translation: | 16 | { 17 | encode: false, 18 | tokenize: function(str) { 19 | return str.replace(/[\x00-\x7F]/g, '').split(''); 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /themes/book/i18n/fa.yaml: -------------------------------------------------------------------------------- 1 | - id: Search 2 | translation: جستجو 3 | 4 | - id: Edit this page 5 | translation: این صفحه را ویرایش کنید 6 | 7 | - id: Last modified by 8 | translation: آخرین بار ویرایش شده توسط 9 | 10 | - id: Expand 11 | translation: بسط دادن 12 | 13 | - id: Categories 14 | translation: دسته بندی ها 15 | 16 | - id: Tags 17 | translation: تگ ها 18 | 19 | - id: bookSearchConfig 20 | translation: '{ cache: true, encode: false, rtl: true, split: /\s+/, tokenize: "forward"}' 21 | -------------------------------------------------------------------------------- /themes/book/layouts/shortcodes/expand.html: -------------------------------------------------------------------------------- 1 | {{ warnf "Expand shortcode is deprecated. Use 'details' instead." }} 2 | 14 | -------------------------------------------------------------------------------- /content/docs/zkdocs/security-of-zkps/_index.md: -------------------------------------------------------------------------------- 1 | --- 2 | weight: 2 3 | bookFlatSection: true 4 | title: "Security of ZKPs" 5 | --- 6 | 7 | # Security of ZKPs and their implementations 8 | 9 | Here we present several security issues with implementations of zero-knowledge protocols, Fiat-Shamir transformations, and what can happen when interactive zero-knowledge proof systems are used in the context of malicious adversaries. 10 | 11 | {{
2 |
4 | {{- with .Site.Params.BookLogo -}}
5 | 
6 | {{- end -}}
7 |
8 | {{- with .Site.Params.BookIconLogo -}}
9 |
10 | {{- end -}}
11 | {{ .Site.Title }}
12 |
13 |
14 |
--------------------------------------------------------------------------------
/themes/book/layouts/partials/docs/taxonomy.html:
--------------------------------------------------------------------------------
1 |
20 |
--------------------------------------------------------------------------------
/config.toml:
--------------------------------------------------------------------------------
1 | googleAnalytics = "UA-215689345-1"
2 | baseURL = 'https://www.zkdocs.com'
3 | languageCode = 'en-us'
4 | title = 'ZKDocs'
5 | theme = "book"
6 | [params]
7 | BookLogo = 'TOB_Black.svg'
8 | BookIconLogo = 'logo.png'
9 |
10 | [markup]
11 | [markup.highlight]
12 | anchorLineNos = false
13 | codeFences = true
14 | guessSyntax = false
15 | hl_Lines = ''
16 | lineAnchors = ''
17 | lineNoStart = 1
18 | lineNos = true
19 | lineNumbersInTable = true
20 | noClasses = true
21 | style = 'friendly'
22 | # style = 'pastie'
23 | tabWidth = 4
24 |
--------------------------------------------------------------------------------
/themes/book/layouts/shortcodes/tabs.html:
--------------------------------------------------------------------------------
1 | {{ if .Inner }}{{ end }}
2 | {{ $id := .Get 0 }}
3 | {{ $group := printf "tabs-%s" $id }}
4 |
5 |
6 | {{- range $index, $tab := .Scratch.Get $group -}}
7 |
8 |
11 |
16 |
--------------------------------------------------------------------------------
/themes/book/.github/workflows/main.yml:
--------------------------------------------------------------------------------
1 | name: Build with Hugo
2 |
3 | on: [push, pull_request]
4 |
5 | jobs:
6 | build:
7 | runs-on: ubuntu-latest
8 | strategy:
9 | matrix:
10 | hugo-version:
11 | - 'latest'
12 | - '0.68.0'
13 | steps:
14 | - uses: actions/checkout@v2
15 |
16 | - name: Setup Hugo
17 | uses: peaceiris/actions-hugo@v2
18 | with:
19 | hugo-version: ${{ matrix.hugo-version }}
20 | extended: true
21 |
22 | - name: Run Hugo
23 | working-directory: exampleSite
24 | run: hugo --themesDir ../..
25 |
--------------------------------------------------------------------------------
/themes/book/layouts/posts/list.html:
--------------------------------------------------------------------------------
1 | {{ define "main" }}
2 | {{ range sort .Paginator.Pages }}
3 |
12 | {{- .Content | $.Page.RenderString -}}
13 |
14 | {{- end -}}
15 | 5 | {{ partial "docs/title.html" . }} 6 |
7 | {{ partial "docs/post-meta" . }} 8 |9 | {{- .Summary -}} 10 | {{ if .Truncated }} 11 | ... 12 | {{ end }} 13 |
14 |5 | {{ partial "docs/title.html" . }} 6 |
7 | {{ partial "docs/post-meta" . }} 8 |9 | {{- .Summary -}} 10 | {{ if .Truncated }} 11 | ... 12 | {{ end }} 13 |
14 |4 |
5 |
6 | 7 | 11 |
12 | ZKDocs content is licensed under a Creative Commons Attribution 4.0 International license.
13 |
14 | {{ partial "docs/date" (dict "Date" . "Format" $.Site.Params.BookDateFormat) }}
3 | {{ end }} 4 | 5 | {{ range $taxonomy, $_ := .Site.Taxonomies }} 6 | {{ with $terms := $.GetTerms $taxonomy }} 7 |
8 | {{ range $n, $term := $terms }}{{ if $n }}, {{ end }}
9 | {{ $term.Title }}
10 | {{- end }}
11 |
12 | {{ end }}
13 | {{ end }}
14 |
15 | {{ if .Params.image }}
16 |
17 | {{ with .Resources.GetMatch .Params.image }}
18 |
19 | {{ else }}
20 |
21 | {{ end }}
22 |
-
11 | {{ range . }}
12 |
- 13 | 14 | {{- .Pre -}} 15 | {{ with .Page }} 16 | {{ partial "docs/title" .Page }} 17 | {{ else }} 18 | {{ .Name }} 19 | {{ end }} 20 | {{- .Post -}} 21 | 22 | {{- with .Children }} 23 | {{ template "book-menu-hugo" . }} 24 | {{- end }} 25 | 26 | {{ end }} 27 |
-
14 |
-
15 |
16 |
22 |
23 |
-
24 | {{ range .Site.Languages }}{{ with index $translations .Lang }}
25 |
- 26 | 27 | {{ .Language.LanguageName }} 28 | 29 | 30 | {{ end }}{{ end }} 31 |
33 |
2 |
3 | {{ if and .GitInfo .Site.Params.BookRepo }}
4 |
24 |
25 | {{ $script := resources.Get "clipboard.js" | resources.Minify }}
26 | {{ with $script.Content }}
27 |
28 | {{ end }}
29 |
--------------------------------------------------------------------------------
/themes/book/assets/_fonts.scss:
--------------------------------------------------------------------------------
1 | /* roboto-regular - latin */
2 | @font-face {
3 | font-family: 'Roboto';
4 | font-style: normal;
5 | font-weight: 400;
6 | font-display: swap;
7 | src: local(''),
8 | url('fonts/roboto-v27-latin-regular.woff2') format('woff2'), /* Chrome 26+, Opera 23+, Firefox 39+ */
9 | url('fonts/roboto-v27-latin-regular.woff') format('woff'); /* Chrome 6+, Firefox 3.6+, IE 9+, Safari 5.1+ */
10 | }
11 | /* roboto-700 - latin */
12 | @font-face {
13 | font-family: 'Roboto';
14 | font-style: normal;
15 | font-weight: 700;
16 | font-display: swap;
17 | src: local(''),
18 | url('fonts/roboto-v27-latin-700.woff2') format('woff2'), /* Chrome 26+, Opera 23+, Firefox 39+ */
19 | url('fonts/roboto-v27-latin-700.woff') format('woff'); /* Chrome 6+, Firefox 3.6+, IE 9+, Safari 5.1+ */
20 | }
21 |
22 | /* roboto-mono-regular - latin */
23 | @font-face {
24 | font-family: 'Roboto Mono';
25 | font-style: normal;
26 | font-weight: 400;
27 | font-display: swap;
28 | src: local(''),
29 | url('fonts/roboto-mono-v13-latin-regular.woff2') format('woff2'), /* Chrome 26+, Opera 23+, Firefox 39+ */
30 | url('fonts/roboto-mono-v13-latin-regular.woff') format('woff'); /* Chrome 6+, Firefox 3.6+, IE 9+, Safari 5.1+ */
31 | }
32 |
33 | body {
34 | font-family: 'Roboto', sans-serif;
35 | }
36 |
37 | code {
38 | font-family: 'Roboto Mono', monospace;
39 | }
40 |
--------------------------------------------------------------------------------
/themes/book/assets/sw.js:
--------------------------------------------------------------------------------
1 | const cacheName = self.location.pathname
2 | const pages = [
3 | {{ if eq .Site.Params.BookServiceWorker "precache" }}
4 | {{ range .Site.AllPages -}}
5 | "{{ .RelPermalink }}",
6 | {{ end -}}
7 | {{ end }}
8 | ];
9 |
10 | self.addEventListener("install", function (event) {
11 | self.skipWaiting();
12 |
13 | caches.open(cacheName).then((cache) => {
14 | return cache.addAll(pages);
15 | });
16 | });
17 |
18 | self.addEventListener("fetch", (event) => {
19 | const request = event.request;
20 | if (request.method !== "GET") {
21 | return;
22 | }
23 |
24 | /**
25 | * @param {Response} response
26 | * @returns {Promise
5 | {{- $date := partial "docs/date" (dict "Date" .GitInfo.AuthorDate.Local "Format" .Site.Params.BookDateFormat) -}}
6 | {{- $commitPath := default "commit" .Site.Params.BookCommitPath -}}
7 |
8 | 
9 | {{ $date }}
10 |
11 |
12 | {{ end }}
13 |
14 | {{ if and .File .Site.Params.BookRepo .Site.Params.BookEditPath }}
15 |
21 | {{ end }}
22 |
23 | -
12 | {{ range (where .Section.Pages "Params.bookhidden" "ne" true) }}
13 | {{ if .IsSection }}
14 |
- 15 | {{ template "book-page-link" (dict "Page" . "CurrentPage" $.CurrentPage) }} 16 | {{ template "book-section-children" (dict "Section" . "CurrentPage" $.CurrentPage) }} 17 | 18 | {{ else if and .IsPage .Content }} 19 |
- 20 | {{ template "book-page-link" (dict "Page" . "CurrentPage" $.CurrentPage) }} 21 | 22 | {{ end }} 23 | {{ end }} 24 |
18 |
19 | {{ template "header" . }}
20 |
21 |
22 | {{ partial "docs/inject/content-before" . }}
23 | {{ template "main" . }}
24 | {{ partial "docs/inject/content-after" . }}
25 |
26 |
30 |
31 | {{ template "comments" . }}
32 |
33 |
34 |
35 |
36 | {{ if default true (default .Site.Params.BookToC .Params.BookToC) }}
37 |
49 | {{ end }}
50 |
77 | {{- partial "docs/comments" . -}}
78 |
79 | {{ end }}
80 | {{ end }}
81 |
82 | {{ define "main" }}
83 | References #
88 | {{range $ref := .Params.references}} 89 | {{ $details := index $.Site.Data.references $ref }} 90 |-
91 |
- {{if $details.tag}}[{{$details.tag}}]{{end}} {{$details.title}}{{if $details.year }} ({{$details.year}}){{ end }}. 92 |
171 |
174 |
175 | {{ partial "docs/title" . }}
176 |
177 |
182 |
183 |
184 |
--------------------------------------------------------------------------------
/themes/book/assets/_main.scss:
--------------------------------------------------------------------------------
1 | html {
2 | font-size: $font-size-base;
3 | scroll-behavior: smooth;
4 | touch-action: manipulation;
5 | }
6 |
7 | body {
8 | min-width: $body-min-width;
9 | color: var(--body-font-color);
10 | background: var(--body-background);
11 |
12 | letter-spacing: 0.33px;
13 | font-weight: $body-font-weight;
14 | text-rendering: optimizeLegibility;
15 | -webkit-font-smoothing: antialiased;
16 | -moz-osx-font-smoothing: grayscale;
17 |
18 | box-sizing: border-box;
19 |
20 | * {
21 | box-sizing: inherit;
22 | }
23 | }
24 |
25 | h1,
26 | h2,
27 | h3,
28 | h4,
29 | h5 {
30 | font-weight: $body-font-weight;
31 | }
32 |
33 | a {
34 | text-decoration: none;
35 | color: var(--color-link);
36 | }
37 |
38 | button {
39 | color: black;
40 | background-color: gray;
41 | }
42 |
43 | .button:hover {
44 | background-color: white;
45 | cursor: pointer
46 | }
47 |
48 |
49 | img {
50 | vertical-align: baseline;
51 | }
52 |
53 | :focus {
54 | @include outline;
55 | }
56 |
57 | aside nav ul {
58 | padding: 0;
59 | margin: 0;
60 | list-style: none;
61 |
62 | li {
63 | margin: 1em 0;
64 | position: relative;
65 | }
66 |
67 | a {
68 | display: block;
69 | }
70 |
71 | a:hover {
72 | opacity: 0.5;
73 | }
74 |
75 | ul {
76 | padding-inline-start: $padding-16;
77 | }
78 | }
79 |
80 | ul.pagination {
81 | display: flex;
82 | justify-content: center;
83 | list-style-type: none;
84 |
85 | .page-item a {
86 | padding: $padding-16;
87 | }
88 | }
89 |
90 | .container {
91 | max-width: $container-max-width;
92 | margin: 0 auto;
93 | }
94 |
95 | .book-icon {
96 | filter: var(--icon-filter);
97 | }
98 |
99 | .book-brand {
100 | margin-top: 0;
101 | margin-bottom: $padding-16;
102 |
103 | #icon {
104 | height: 4.5em;
105 | width: 4.5em;
106 | margin-left: auto;
107 | display: block;
108 | margin-right: auto;
109 | // margin-bottom: -0.5em;
110 | margin-top: -0.7em;
111 | }
112 |
113 | #logo {
114 | height: 1.5em;
115 | width: 1.5em;
116 | margin-inline-end: $padding-8;
117 | }
118 |
119 | }
120 |
121 | .book-menu {
122 | flex: 0 0 $menu-width;
123 | font-size: $font-size-14;
124 |
125 | .book-menu-content {
126 | width: $menu-width;
127 | padding: $padding-16;
128 | background: var(--body-background);
129 |
130 | @include fixed;
131 | }
132 |
133 | a,
134 | label {
135 | color: inherit;
136 | cursor: pointer;
137 | word-wrap: break-word;
138 | }
139 |
140 | a.active {
141 | color: var(--color-link);
142 | }
143 |
144 | input.toggle+label+ul {
145 | display: none;
146 | }
147 |
148 | input.toggle:checked+label+ul {
149 | display: block;
150 | }
151 |
152 | input.toggle+label::after {
153 | content: "▸";
154 | }
155 |
156 | input.toggle:checked+label::after {
157 | content: "▾";
158 | }
159 | }
160 |
161 | // for RTL support
162 | body[dir="rtl"] .book-menu {
163 | input.toggle+label::after {
164 | content: "◂";
165 | }
166 |
167 | input.toggle:checked+label::after {
168 | content: "▾";
169 | }
170 | }
171 |
172 | .book-section-flat {
173 | margin: $padding-16 * 2 0;
174 |
175 | >a,
176 | >span,
177 | >label {
178 | font-weight: bolder;
179 | }
180 |
181 | >ul {
182 | padding-inline-start: 0;
183 | }
184 | }
185 |
186 | .book-page {
187 | min-width: $body-min-width;
188 | flex-grow: 1;
189 | padding: $padding-16;
190 | }
191 |
192 | .book-post {
193 | margin-bottom: $padding-16 * 3;
194 | }
195 |
196 | .book-header {
197 | display: none;
198 | margin-bottom: $padding-16;
199 |
200 | label {
201 | line-height: 0;
202 | }
203 |
204 | img.book-icon {
205 | height: 1.5em;
206 | width: 1.5em;
207 | }
208 | }
209 |
210 | .book-search {
211 | position: relative;
212 | margin: $padding-16 0;
213 | border-bottom: 1px solid transparent;
214 |
215 | input {
216 | width: 100%;
217 | padding: $padding-8;
218 |
219 | border: 0;
220 | border-radius: $border-radius;
221 |
222 | background: var(--gray-100);
223 | color: var(--body-font-color);
224 |
225 | &:required+.book-search-spinner {
226 | display: block;
227 | }
228 | }
229 |
230 | .book-search-spinner {
231 | position: absolute;
232 | top: 0;
233 | margin: $padding-8;
234 | margin-inline-start: calc(100% - #{$padding-16 + $padding-8});
235 |
236 | width: $padding-16;
237 | height: $padding-16;
238 |
239 | border: $padding-1 solid transparent;
240 | border-top-color: var(--body-font-color);
241 | border-radius: 50%;
242 |
243 | @include spin(1s);
244 | }
245 |
246 | small {
247 | opacity: 0.5;
248 | }
249 | }
250 |
251 | .book-toc {
252 | flex: 0 0 $toc-width;
253 | font-size: $font-size-12;
254 |
255 | .book-toc-content {
256 | width: $toc-width;
257 | padding: $padding-16;
258 |
259 | @include fixed;
260 | }
261 |
262 | img {
263 | height: 1em;
264 | width: 1em;
265 | }
266 |
267 | nav>ul>li:first-child {
268 | margin-top: 0;
269 | }
270 | }
271 |
272 | .book-footer {
273 | padding-top: $padding-16;
274 | font-size: $font-size-14;
275 |
276 | img {
277 | height: 1em;
278 | width: 1em;
279 | margin-inline-end: $padding-8;
280 | }
281 | }
282 |
283 | .book-comments {
284 | margin-top: $padding-16;
285 | }
286 |
287 | .book-languages {
288 | margin-block-end: $padding-16 * 2;
289 |
290 | .book-icon {
291 | height: 1em;
292 | width: 1em;
293 | margin-inline-end: .5em;
294 | }
295 |
296 | ul {
297 | padding-inline-start: 1.5em;
298 | }
299 | }
300 |
301 | // Responsive styles
302 | .book-menu-content,
303 | .book-toc-content,
304 | .book-page,
305 | .book-header aside,
306 | .markdown {
307 | transition: 0.2s ease-in-out;
308 | transition-property: transform, margin, opacity, visibility;
309 | will-change: transform, margin, opacity;
310 | }
311 |
312 | @media screen and (max-width: $mobile-breakpoint) {
313 |
314 | #menu-control,
315 | #toc-control {
316 | display: inline;
317 | }
318 |
319 | .book-menu {
320 | visibility: hidden;
321 | margin-inline-start: -$menu-width;
322 | font-size: $font-size-base;
323 | z-index: 1;
324 | }
325 |
326 | .book-toc {
327 | display: none;
328 | }
329 |
330 | .book-header {
331 | display: block;
332 | }
333 |
334 | #menu-control:focus~main label[for="menu-control"] {
335 | @include outline;
336 | }
337 |
338 | #menu-control:checked~main {
339 | .book-menu {
340 | visibility: initial;
341 | }
342 |
343 | .book-menu .book-menu-content {
344 | transform: translateX($menu-width);
345 | box-shadow: 0 0 $padding-8 rgba(0, 0, 0, 0.1);
346 | }
347 |
348 | .book-page {
349 | opacity: 0.25;
350 | }
351 |
352 | .book-menu-overlay {
353 | display: block;
354 | position: absolute;
355 | top: 0;
356 | bottom: 0;
357 | left: 0;
358 | right: 0;
359 | }
360 | }
361 |
362 | #toc-control:focus~main label[for="toc-control"] {
363 | @include outline;
364 | }
365 |
366 | #toc-control:checked~main {
367 | .book-header aside {
368 | display: block;
369 | }
370 | }
371 |
372 | // for RTL support
373 | body[dir="rtl"] #menu-control:checked~main {
374 | .book-menu .book-menu-content {
375 | transform: translateX(-$menu-width);
376 | }
377 | }
378 | }
379 |
380 | // Extra space for big screens
381 | @media screen and (min-width: $container-max-width) {
382 |
383 | .book-page,
384 | .book-menu .book-menu-content,
385 | .book-toc .book-toc-content {
386 | padding: $padding-16 * 2 $padding-16;
387 | }
388 | }
389 |
390 |
391 | // nice preview
392 | .profile-hover {
393 | display: none;
394 | position: absolute;
395 | z-index: 99;
396 | margin-left: 10px;
397 | border: 1px solid #333;
398 | background: #eee;
399 | width: 300px;
400 | text-align: center;
401 | }
402 |
403 | a:hover+div {
404 | display: block;
405 | float: right;
406 | }
--------------------------------------------------------------------------------
/content/docs/zkdocs/protocol-primitives/shamir.md:
--------------------------------------------------------------------------------
1 | ---
2 | weight: 9
3 | bookFlatSection: true
4 | title: "Shamir's Secret Sharing Scheme"
5 | summary: "An overview of Shamir's Secret Sharing scheme and potential security pitfalls."
6 | references: ["shamir"]
7 | ---
8 | # Shamir’s Secret Sharing Scheme
9 | [Shamir's Secret Sharing Scheme](https://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing) is a way of splitting a secret value $S$ into $n$ "pieces" (or "shares") in such a way that any combination of $k$ pieces can be used to recover $S$, but any $k-1$ or fewer pieces provide _no_ information about $S$.
10 |
11 | ## Overview of Secret Sharing
12 |
13 | Shamir's Secret Sharing Scheme relies on a very useful property of polynomials: any degree-$k$ polynomial can be uniquely identified by _any_ set of $k+1$ distinct points. Two points define a line; three points define a parabola. However, with fewer than $k+1$ distinct points, no further information can be gained about the polynomial.
14 |
15 | This leads directly to Shamir's approach: encode a secret $S$ into a polynomial over a finite field, and distribute points on the polynomial as shares.
16 |
17 | ### Splitting $S$
18 |
19 | Given a secret $S$, a number of desired shares $n$, and a threshold $k$, splitting $S$ comes down to two steps:
20 | - encode $S$ into a secret polynomial $f\left(x\right)$ of degree $k-1$ over a finite field $\field{p}$
21 | - generate distinct shares $\left(x_{i}, f(x_i)\right)$
22 |
23 | #### Encoding $S$ in a Polynomial
24 |
25 | Shamir proposed a straightforward method for encoding secrets into polynomials: set the constant term of a random polynomial to the secret $S$, and select all other coefficients uniformly at random. For a degree-$(k-1)$ polynomial, there would be $k-1$ random coefficients $r_i$, and the constant coefficient of $S$:
26 | $$f(x) = S + r_1 x + \ldots + r_{k-1} x^{k-1} \enspace.$$
27 |
28 | {{< hint info>}}
29 | **Example:** We want to share our secret number 42 with three players so that any two of them can recover it. We define the degree-1 polynomial over $\field{73}$ as
30 | $$f(x) = 42 + 13 \cdot x \enspace,$$
31 | where 13 was randomly sampled over $\field{73}$. We evaluate the polynomial at different points obtaining the shares $(x_i, f(x_i))$. Then, we can share 1 point of the coefficient to the three players, each getting one of $(1, 55), (2, 68), (3, 8)$. Since the polynomial is a line, any two of them could meet and recover the secret value 42!
32 | {{< /hint >}}
33 |
34 | This choice has the advantage of relative simplicity; there is no need to use oddball sampling techniques to select the coefficients of $f\left(x\right)$.
35 |
36 | ##### A Note on Selecting $p$
37 | In the _general_ case, the specific prime $p$ does not matter much. Shamir's original paper proposed using 16-bit primes (the largest of which would be $p=2^{16}-15=65521$) for performance reasons. By limiting intermediate results to 32 bits, multi-precision arithmetic routines could be avoided on any 32-bit processor. Large secrets could be broken into blocks of 16 bits or less and shared with distinct polynomials. One limitation imposed by such a small $p$ is that only about 65000 distinct shares can be generated.
38 |
39 | In practice, $p$ should be reasonably large. Breaking $S$ into multiple parts introduces complexity and opportunities for malicious actors. Also, in some verifiable secret sharing schemes, a large $p$ is needed to prevent discrete log attacks.
40 |
41 | #### Generating the Shares
42 |
43 | Shares $s_{1},s_{2},\ldots,s_{n}$ of $S$ are ordered pairs $\left(x_{i}, f\left(x_{i}\right)\right)$. The $x_{i}$ values can be picked in several ways, but a counter starting in 1 is the most common method.
44 |
45 | ### Recovering $S$
46 |
47 | The most common and direct method of recovering $S$ from the shares $s_{1},\ldots,s_{k}$ is to evaluate $f\left(0\right)=S$ using Lagrange interpolation. It allows computing $f\left(t\right)$ for any $t\in\field{p}$ using the formula below:
48 |
49 | $$f\left(t\right) = \displaystyle\sum_{j=1}^{k}{y_{j}\left(\displaystyle\prod_{\begin{smallmatrix}1\leq m\leq k\\\\ m\neq j\end{smallmatrix}}{\frac{t-x_m}{x_j - x_m}}\right)}$$
50 |
51 | The $t=0$ case slightly simplifies the product. Each product term can also be precomputed since it only depends on the $x$-coordinate of the shares that can be publicly known.
52 | $$f\left(0\right) = \displaystyle\sum_{j=1}^{k}{y_{j}\left(\displaystyle\prod_{\begin{smallmatrix}1\leq m\leq k\\\\ m\neq j\end{smallmatrix}}{\frac{x_m}{x_m - x_j}}\right)}$$
53 |
54 | The Lagrange interpolating polynomial is popular because it's fast enough for several use cases and relatively simple to implement.
55 |
56 | ## The Zero Share Problem
57 |
58 | ### How Shares are Generated
59 |
60 | As mentioned above, there are several ways to select the $x_{i}$ values during the share-generation phase of the algorithm.
61 |
62 | The most common approach, and the one we recommend, is to use a counter, setting $x_{i}=i$ for $i=1,2,\ldots,n$. This has the advantage of simplicity and speed. No user-generated inputs are necessary, and evaluating $f\left(x\right)$ when $x$ is small can be faster than for arbitrary-selected values in the field.
63 |
64 | Another approach is to use unique values associated with shareholders, such as userid values from a database, or users' provided values.
65 |
66 | Finally, some implementations select $x_{i}$ by selecting them randomly from $\field{p}$.
67 |
68 | ### What Can Go Wrong?
69 |
70 | * **Zero share problem:** If it is possible to wind up with $x_{i}=0$ for some $i$, the corresponding share is $\left(0, S\right)$, revealing $S$ directly to the $i$-th shareholder. This is not a hypothetical attack; several instances of this problem have been spotted in the wild. Implementations must guarantee that all $x_i$ are modularly nonzero.
71 | * **Non-unique shares:** The $x_i$ for each value must be modularly unique; when users reconstruct the secret from a share, they need to compute $\frac{x_m}{x_m-x_j}$. If the polynomial is evaluated modulo $q$ and if $x_m\equiv x_j \pmod{q}$, the modular inverse of $(x_m-x_j)$ does not exist and the protocol does not work. Some applications do not check if this modular inverse exists and usually do not handle this gracefully.
72 |
73 | ### How Things Go Wrong
74 |
75 | - **Counter-based shares:** One of the most common control structures in programming is a loop with a starting index of `i = 0`. The line `for(int i = 0; i < n; i++)` is near-idiomatic in C; `for i in range(n):` is an idiom in Python. It's easy to fall into an old pattern and fail to update these to the correct `for(int i = 1; i <= n; i++)` and `for i in range(1, n + 1):`, respectively. An initial draft of this page _included this very error_ in the "correct" C loop! This common error is enough to destroy the security of the system entirely.
76 |
77 | - **Userid-based shares:** Trusting unique user identifiers is problematic, too. A user can have a userid of 0 in plenty of systems. Trusting user-supplied values in security-critical contexts is never a good idea. Even if you compare the userid with 0, you might fail to do it correctly: since the polynomial evaluates over the finite field $\field{p}$, you need to check if it is 0 in $\field{p}$. In the case of the integers modulo a prime number, you must check that the userid is *modularly* different from zero.
78 | Even transforming user inputs can be problematic if you're not careful. For instance, given a user input $n$, a program may try to avoid this issue by taking the $x$-coordinate of $n\cdot G$, where $G$ is a generator of an elliptic curve group. However, if $n$ is 0, the resulting point is the "point at infinity". With some curve parameterizations, the point at infinity is represented as $\left(0,1\right)$.
79 |
80 | - **Random shares:** Selecting random values seems safe– in theory, the probability of selecting 0 from $\field{p}$ is $\frac{1}{p}$. But winding up with a zero share is significantly more likely than that. Consider the case where a program generates random numbers by reading from `/dev/random`. For Linux kernels before version 5.6, it is possible for `/dev/random` to block when the "entropy runs out". Since Linux 5.6, `/dev/random` can still block if the PRNG has not been initialized. If a programmer does not check the return value of the `read` function, then depending on how the destination buffer is allocated, the destination buffer can be left in a zeroed state, leading to a zero share.
81 |
82 |
--------------------------------------------------------------------------------