A cryptographic method where one party (Prover) can prove to another party (Verifier) that they know a value x, without revealing any information about x itself.
Proves knowledge of discrete logarithm. Used in Bitcoin signatures.
How it works:
- Setup: Public parameters
p(prime),g(generator) - Key Generation:
- Secret key:
x(random) - Public key:
y = g^x mod p
- Secret key:
- Proof Protocol:
- Prover generates random
r, sends commitmentt = g^r mod p - Verifier sends random challenge
c - Prover responds with
s = r + c*x mod (p-1) - Verifier accepts if
g^s = t * y^c mod p
- Prover generates random
cargo run --example schnorr_example- Groth16 - Efficient zk-SNARK construction
- PLONK - Universal and updatable trusted setup
- Bulletproofs - Short non-interactive zero-knowledge proofs
- zk-STARKs - Transparent (no trusted setup) proofs
- Ring Signatures - Anonymous signatures
- Pedersen Commitments - Hiding and binding commitments
- ... and more
MIT License - see LICENSE file.