In a Blockchain World, How Can We Tell If Bob is older than Alice, without revealing their ages?
In a Blockchain World, How Can We Tell If Bob is older than Alice, without revealing their ages?
Since the start of computation we have processed real values, so if we needed to determine if Bob is older than Alice, we need to ask both Bob and Alice to tell us their age, and then for us to compare.
But what if Bob doesn’t want to reveal his age, and Alice doesn’t want to either. The answer to the problem has been ZPF (Zero Knowledge Proof). In a blockchain world, we turn to fully homomorphic encryption and circuits for our logic to reveal the answer. In this way Bob and Alice can generate some random values and give a ciphered version of their age to a processing function, and where the answer will be revealed back only to those with the correct key.
The homomorphic method that we’ll use is DGHV ( Dijk, Gentry, Halevi and Vaikuntanathan [paper]). This converts bits into cipher bits, and which are then fed into the main logic of the age comparison.
Let’s say there are four age bands which are represented by 2 bits: 00 (0–10 years), 01 (10–20 years), 10 (20–30 years), and 11 (over 30 years). We can then define a K-map for the result:
In this case if Bob is 20–30 years old (10) and Alice is 10–20 years old (01), then the input will be 01 for a1a0, and 10 for b1b0. In this case 01 10 will output a 1 value (which identifies that Bob is older).
The logic function then becomes:
The cipher we use for the bits is:
and where r is a random number, and q is a large random number. p is then the private key, and m is the bit to cipher. We decipher the bit with:
Now we will cipher the bits for Bob and Alice’s age, and then feed the cipher bits into the logic function and get a cipher value as a result.
import sys
from random import randint
a_0 = 0
a_1 = 0
b_0 = 1
b_1 = 0
def inv(val):
return(val ^ 1)
r1 =randint(1, 5)
r2= randint(1, 5)
r3 =randint(1, 5)
r4 =randint(1, 5)
q1 =randint(50000, 60000)
q2 =randint(50000, 60000)
q3 =randint(50000, 60000)
q4 =randint(50000, 60000)
p =randint(10000, 20000)
c_bit_a_0 = q1 * p + 2*r1 +a_0
c_bit_a_1 = q2 * p + 2*r2 +a_1
c_bit_b_0 = q3 * p + 2*r3 +b_0
c_bit_b_1= q4 * p + 2*r4 +b_1
# Truth table
cipher_older = inv(c_bit_a_1)*c_bit_b_1 + inv(c_bit_a_1)*inv(c_bit_a_0)*c_bit_b_0 + inv(c_bit_a_0)*c_bit_b_1*c_bit_b_0
print "r values:\t",r1,r2,r3,r4
print "q values:\t",q1,q2,q3,q4
print "p value:\t",p
print "\nInput bits"
print "---------------"
print "a_1:\t",a_1, "a_0:\t",a_0
print "b_1:\t",b_1, "b_0:\t",b_0
print "\nCipherbits"
print "---------------"
print "a:\t",c_bit_a_0, "b:\t",c_bit_a_1
print "c:\t",c_bit_b_1, "d:\t",c_bit_b_1
print "\nCipher result"
print "---------------"
print "Result:\t",cipher_older
#decrypt
result = (cipher_older % p) % 2
print "\nResults"
print result
if (result==1):
print "Bob is older than Alice"
else:
print "Bob is not older than Alice"
You can try is here. A sample run is shown here for random values of r and q, and a random value of p. The input bits are converted to cipher bits, where it is not possible to determine the input values for the processing circuit. The result is then ciphered, and can only be deciphered through a knowledge of the p value:
r values: 5 1 3 5
q values: 50949 58555 53710 55080
p value: 12989
Input bits
---------------
a_1: 0 a_0: 1
b_1: 1 b_0: 0
Cipher bits
---------------
c_a_1: 760570897 c_a_0: 661776572
c_b_1: 715434131 c_b_0: 697639196
Cipher result
---------------
Result: 681443885263282870050784692
Results
1
Bob is older than Alice
Conclusions
What a strange computing world we live in, and where we reveal too many details of our identity. If I want to login, why do I have to provide my password? Surely it is better for me just to show that I know my password?