I’m new to ZKPs, is it possible to have public keys that are linked to users, yet the data being sent from one user to another maintains privacy?
And it’s for my cryptocurrency specifically, I’m sending money, can I have both the amount being sent and the link between sender and receiver be private, yet be sure no one is cheating by double spending funds?
I know just enough to think that double spending isn’t an issue since when money is spent, you simultaneously invalidate the previous transaction. Though I don’t yet fully understand the math behind it. Not sure about the rest.
First of all, depending on what kind of system you have in mind, the solutions may vary, are you looking for at UTXO- or balance-based?
Second, how would you “invalidate” the transaction, if you do not know the amount? This is very much the problem you try to solve, and it is not “obvious” or trivial how one invalidate those.
Let us say that you want to use a balance-based system (as Ethereum), then I believe you should look into Zether https://crypto.stanford.edu/~buenz/#publications.
The paper introduces methods through which one can transfer funds to another user, in a manner that is both anonymous and confidential, e.g., hiding both the amount and the participants.
However, if you are not very experienced in crypto, I would suggest that you first try to solve one of the problems, in this case, the confidentiality problem.
To do so you could look into ZK-SNARKS or take a look at range proofs. I found it more intuitive to go look at range proofs, e.g., proofs that show that some value v is in an interval.
The author of the Zether paper, Benedikt Büenz, have also proposed Bulletproofs (same link as before). A paper that looks into efficient range-proofs. The paper will be tough to get through but is the basis of Zether as well.
If you are more interested in just coding away, I have an implementation of a coin on in Solidity using bulletproofs at https://github.com/LHerskind/ConfidentialTransactions.
Hope this is to some use for you
Thank you very much!!
Yes, I have a lot of experience in cryptocurrency. Zero-Knowledge Proofs are my weak point.
In fact, I’m building my own. You can see a sneek peek at: www.fractal.global
You would be interested in helping us implement ZKP for our coin? Think you’d be up to the challenge?