CN113794567A - Synthesis acceleration method and device of SHA256 Hash algorithm zero-knowledge proof circuit - Google Patents
Synthesis acceleration method and device of SHA256 Hash algorithm zero-knowledge proof circuit Download PDFInfo
- Publication number
- CN113794567A CN113794567A CN202111070702.3A CN202111070702A CN113794567A CN 113794567 A CN113794567 A CN 113794567A CN 202111070702 A CN202111070702 A CN 202111070702A CN 113794567 A CN113794567 A CN 113794567A
- Authority
- CN
- China
- Prior art keywords
- sha256
- circuit
- variable
- constraint
- synthesis
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000015572 biosynthetic process Effects 0.000 title claims abstract description 47
- 238000003786 synthesis reaction Methods 0.000 title claims abstract description 47
- 238000000034 method Methods 0.000 title claims abstract description 46
- 230000001133 acceleration Effects 0.000 title claims abstract description 39
- 239000013598 vector Substances 0.000 claims abstract description 40
- 238000004364 calculation method Methods 0.000 claims abstract description 39
- 238000013507 mapping Methods 0.000 claims description 26
- 230000008569 process Effects 0.000 claims description 15
- 238000003491 array Methods 0.000 claims description 6
- 230000002194 synthesizing effect Effects 0.000 claims 1
- 230000008901 benefit Effects 0.000 abstract description 4
- 238000012795 verification Methods 0.000 abstract description 3
- 238000010276 construction Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000013524 data verification Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000002441 reversible effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/12—Details relating to cryptographic hardware or logic circuitry
- H04L2209/125—Parallelization or pipelining, e.g. for accelerating processing of cryptographic operations
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Design And Manufacture Of Integrated Circuits (AREA)
- Complex Calculations (AREA)
Abstract
The embodiment of the invention discloses a synthesis acceleration method and a synthesis acceleration device for a SHA256 Hash algorithm zero knowledge proof circuit, wherein a circuit variable constraint relation table is pre-generated, and the synthesis acceleration of the proof circuit is completed by utilizing a 32-bit unsigned integer arithmetic operation output variable array and a constraint vector value according to the circuit variable constraint relation table. By utilizing the speed advantage of 32-bit unsigned integer arithmetic, the synthesis time of the SHA256 proof circuit can be reduced to about 1/3 of the original time, and effective verification on data safety and data consistency can be further realized by zero knowledge proof acceleration of hash calculation.
Description
Technical Field
The embodiment of the invention relates to the technical field of data security, in particular to a synthesis acceleration method and device of a SHA256 Hash algorithm zero knowledge proof circuit.
Background
The SHA256 hash algorithm is a classical hash algorithm that can convert data of an arbitrary length into data of a fixed length. The SHA256 hash algorithm is very collision resistant and is not reversible. The SHA hash algorithm is widely applied in the aspects of data signature, data consistency, privacy protection, user password protection and the like. Zero knowledge proof is a cryptographic technique that proves that data satisfies certain properties without revealing the data itself. In some scenarios, in addition to SHA256 hash computation results, a proof of SHA256 hash computation may be generated by a zero knowledge proof. For example, in a privacy-preserving scenario, the result of SHA256 hash calculation can be proved to be correct without revealing the original data. In addition, the SHA256 hash calculation has been proved to be well applied in the block chain industry. Such as the firchoice project, by providing proof of SHA256 calculations, the existence of data can be proved without providing the original data.
The calculation process of SHA256 can be divided into two parts: 1. input data expansion, and 2 and 64 rounds of iterative calculation of data. The output of each iteration is the input of the next iteration, and the iterative algorithm is fixed. The conventional SHA256 proves that the circuit configuration is a corresponding constraint that is generated step by step according to the calculation process of SHA 256. The input expansion can increase some variables, the constraint relation of the variables meets the input expansion algorithm, and then, aiming at 64 rounds of iterative operation, each iteration is formed by sequentially constructing individual constraints according to the iterative algorithm, so that the time consumption is long, and the effective verification of data safety and data consistency is not facilitated.
Disclosure of Invention
Therefore, the embodiment of the invention provides a synthesis acceleration method and a synthesis acceleration device for a SHA256 hash algorithm zero knowledge proof circuit, which can further realize effective verification on data safety and data consistency by accelerating zero knowledge proof of hash calculation.
In order to achieve the above object, the embodiments of the present invention provide the following technical solutions:
according to a first aspect of the embodiments of the present invention, a synthesis acceleration method for a SHA256 hash algorithm zero knowledge proof circuit is provided, where the method includes:
pre-generating a circuit variable constraint relation table;
and according to the circuit variable constraint relation table, outputting a variable array and a constraint vector value by using 32-bit unsigned integer arithmetic operation to finish the synthesis acceleration of the proving circuit.
Further, the pre-generating of the circuit variable constraint relation table specifically includes:
the variable constraint relation table records the mapping relation between Boolean variables and SHA256 intermediate values in the SHA256 calculation process and the mapping relation between constraint vectors and variable arrays, and the types of the SHA256 intermediate values are 32-bit unsigned integers.
Further, according to the circuit variable constraint relation table, the synthesis acceleration of the proving circuit is completed by using a 32-bit unsigned integer arithmetic operation output variable array and a constraint vector value, and the method specifically comprises the following steps:
and outputting the variable array according to the mapping relation between the variable and the SHA256 intermediate value and the input SHA256 intermediate value.
Further, according to the circuit variable constraint relation table, the synthesis acceleration of the proving circuit is completed by using a 32-bit unsigned integer arithmetic operation output variable array and a constraint vector value, and the method specifically comprises the following steps:
and outputting the value of the constraint vector according to the mapping relation between the constraint vector and the variable array and the obtained variable array.
According to a second aspect of the embodiments of the present invention, there is provided a synthesis acceleration apparatus for a SHA256 hash algorithm zero-knowledge proof circuit, the apparatus including:
the pre-operation module is used for pre-generating a circuit variable constraint relation table;
and the parameter operation module is used for finishing the synthesis acceleration of the proving circuit by utilizing the 32-bit unsigned integer arithmetic operation output variable array and the constraint vector value according to the circuit variable constraint relation table.
Further, the pre-operation module is specifically configured to:
the variable constraint relation table records the mapping relation between Boolean variables and SHA256 intermediate values in the SHA256 calculation process and the mapping relation between constraint vectors and variable arrays, and the types of the SHA256 intermediate values are 32-bit unsigned integers.
Further, the parameter operation module is specifically configured to:
and outputting the variable array according to the mapping relation between the variable and the SHA256 intermediate value and the input SHA256 intermediate value.
Further, the parameter operation module is specifically further configured to:
and outputting the value of the constraint vector according to the mapping relation between the constraint vector and the variable array and the obtained variable array.
According to a third aspect of embodiments of the present invention, there is provided a computer storage medium having one or more program instructions embodied therein, the one or more program instructions being configured to be executed by a synthesis acceleration apparatus of a SHA256 hash algorithm zero knowledge proof of knowledge circuit to perform the synthesis acceleration method as described in any one of the above.
The embodiment of the invention has the following advantages:
the embodiment of the invention provides a synthesis acceleration method and a synthesis acceleration device for a SHA256 Hash algorithm zero knowledge proving circuit. By utilizing the speed advantage of 32-bit unsigned integer arithmetic, the synthesis time of the SHA256 proof circuit can be reduced to about 1/3 of the original time, and effective verification on data safety and data consistency can be further realized by zero knowledge proof acceleration of hash calculation.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below. It should be apparent that the drawings in the following description are merely exemplary, and that other embodiments can be derived from the drawings provided by those of ordinary skill in the art without inventive effort.
Fig. 1 is a schematic flowchart of a synthesis acceleration method for a SHA256 hash algorithm zero-knowledge proof circuit according to embodiment 1 of the present invention;
FIG. 2 is a schematic diagram of SHA256 Hash algorithm zero knowledge proof;
FIG. 3 is a synthesis process of a SHA256 conventional hash zero knowledge proof circuit;
fig. 4 is a synthesis process of a SHA256 hash algorithm zero knowledge proof circuit according to embodiment 1 of the present invention;
fig. 5 is an operation flowchart of a synthesis acceleration method for an SHA256 hash algorithm zero knowledge proof circuit according to embodiment 1 of the present invention.
Detailed Description
The present invention is described in terms of particular embodiments, other advantages and features of the invention will become apparent to those skilled in the art from the following disclosure, and it is to be understood that the described embodiments are merely exemplary of the invention and that it is not intended to limit the invention to the particular embodiments disclosed. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1
As shown in fig. 1, this embodiment proposes a synthesis acceleration method for a SHA256 hash algorithm zero-knowledge proof circuit, where the method includes:
s100, pre-generating a circuit variable constraint relation table;
s200, according to the circuit variable constraint relation table, the synthesis acceleration of the proving circuit is completed by using a 32-bit unsigned integer arithmetic operation output variable array and a constraint vector value.
The calculation process of the SHA256 algorithm is composed of a series of simpler operations, and each intermediate operation has input and output. The inputs and outputs of these intermediate operations are numbered and are said to be "variables".
Further, the pre-generating of the circuit variable constraint relation table specifically includes:
the variable constraint relation table records the mapping relation between Boolean variables and SHA256 intermediate values in the SHA256 calculation process and the mapping relation between constraint vectors and variable arrays, and the types of the SHA256 intermediate values are 32-bit unsigned integers.
Further, according to the circuit variable constraint relation table, the synthesis acceleration of the proving circuit is completed by using a 32-bit unsigned integer arithmetic operation output variable array and a constraint vector value, and the method specifically comprises the following steps:
and outputting the variable array according to the mapping relation between the variable and the SHA256 intermediate value and the input SHA256 intermediate value.
Further, according to the circuit variable constraint relation table, the synthesis acceleration of the proving circuit is completed by using a 32-bit unsigned integer arithmetic operation output variable array and a constraint vector value, and the method specifically comprises the following steps:
and outputting the value of the constraint vector according to the mapping relation between the constraint vector and the variable array and the obtained variable array.
The conventional sha256 circuit construction generates corresponding constraints step by step according to the calculation process of the sha 256. The input expansion adds variables whose constraint relationships satisfy the input expansion algorithm. Next, for 64 rounds of iterative operations, constraints of each iteration are respectively constructed in sequence according to an iterative algorithm, as shown in fig. 2 and 3. In fact, there is a fixed relationship (determined by the sha256 algorithm) between the variables and the constraints of these circuits. If these relationships are known, the construction of the circuit constraints can be constructed from the relationship table, and no longer need to be generated step by step as the computational construction. The relationship table of the circuit constraints can be generated in advance, and then the specific circuit constraints are directly used when generated, as shown in fig. 4.
In the method, SHA256 proof circuit synthesis is divided into two stages:
1. a pre-calculation stage;
2. and (5) calculating a variable vars and a vector.
In our scenario (zero knowledge proof of knowledge technique), the function of the logic circuit is represented by a set of complex quadratic equations. Such as: or (XOR), x \ XOR y ═ z, we describe by x + y-z ═ (2 x) y, x, y, z are variables, constraint values a, b, c are 2 x: a, y: b, x + y-z: c.
Specifically, the group information is obtained by pre-calculating the SHA256 function. Again using this information, as shown in fig. 5, SHA256 circuit synthesis is divided into three steps:
1. calculating SHA256 words;
2. using var _ map to assist the calculation SHA256 to prove the values of all the bootean variables vars in the circuit;
3. three sets of vectors are calculated using r1cs _ a _ map, r1cs _ b _ map, r1cs _ c _ map and vars calculated in the first step.
Wherein, the intermediate results in the SHA256 calculation process are all data with a length of 32-bit, which is referred to as SHA256 words (1word is 32-bit data); the var _ map is a pre-calculated relation table and records the relation between the variable value and the SHA256 intermediate result; r1cs _ a _ map, a pre-calculated relationship table, which records the linear combination relationship a _ i ═ sum Aij × j. Due to the particularities of the SHA256 circuit, A _ ij, xj are both Boolean values (0/1).
1. Precomputation phase
At this stage, we have to process the SHA256 function. The basic operation unit of the SHA256 function is 32bits, and the types of calculation performed can be classified into the following three types:
and (3) shifting: move to the right and left cyclically
Bit operation not, and, xor
Integer addition method
The result of the pre-calculation is to output the association between the boulean variable and the SHA256 words, so that the value of the boulean variable can be calculated by the SHA256 words.
·VAR_MAP
The type declares as int- > (int, int, boost).
If is _ not ═ true, then vars [ var _ idx ] } is! words [ word _ idx ] [ bit _ idx ];
if is _ not ═ false, vars [ var _ idx ] ═ words [ word _ idx ] [ bit _ idx ].
The method specifically comprises the following steps: traversing the mapping table of the var _ map, setting the value of the element subscripted as the var _ idx in the vars array as the bit of the second bit _ idx of the element subscripted as the word _ idx in the words array according to the quadruple (var _ idx, word _ idx, bit _ idx, is _ not) of each row in the table, and if the is _ not is true, then performing inverse assignment on the value at the position.
·R1CS_MAP
r1cs _ a _ map: cs _ idx- > vector < (sign, w, var _ idx) >, type declaration is int- > (int, int, int).
a=\sum(-1)^sign 2^w*vars[var_idx]
r1cs _ b _ map is defined similarly to r1cs _ a _ map;
r1cs _ c _ map is defined similarly to r1cs _ a _ map.
The method specifically comprises the following steps: go through r1cs _ a _ map this mapping table, according to each row in the table, consisting of an integer cs _ idx and an array containing triples (sign, w, var _ idx). Firstly, calculating an array arr, each term of which is equal to (-1) ^ sign ^ 2^ w ^ vars [ var _ idx ]; and then summing, and finally setting the value of the element with the index cs _ idx in the a array as the sum obtained by the previous calculation.
The processing of these three basic calculations is different:
shift: only one word is added, variables are not added, and constraint vectors are not added;
bit operation: adding word and adding 32 coolean variables;
the specific process for obtaining the table r1cs _ a _ map by pre-calculation is as follows:
c=and(a,b)
r1cs _ a _ map increment (cs _ idx, [ (0,0, idx _ a) ])
An increase in r1cs _ b _ map (cs _ idx, [ (0,0, idx _ b) ])
An increase in r1cs _ c _ map (cs _ idx, [ (0,0, idx _ c) ])
c=xor(a,b)
An increase in r1cs _ a _ map (cs _ idx, [ (0,1, idx _ a) ])
An increase in r1cs _ b _ map (cs _ idx, [ (0,0, idx _ b) ])
r1cs _ c _ map is incremented by (cs _ idx, [ (0,0, idx _ a), (0,0, idx _ b), (1,0, idx _ c) ]
Integer addition (ret ═ a1+ a2+. + an): adding two words and adding at least 32 borolean variables, adding at least 32 borolean constraints, a constraint of the form (\ sum a1_ bits [ i ]. times.2 ^ i + a2_ bits [ i ]. times.2 ^ i +. + an _ bits [ i ]. times.2 ^ i) } 1 ═ 2^ j.
r1cs _ a _ map is incremented by (cs _ idx, [ (0,0, a1_ bits [0]), (0,31, a1_ bits [31]), (0,0, an _ bits [0]), (0,31, an _ bits [31])
An increase in r1cs _ b _ map (cs _ idx, [ (0,0,0) ])
r1cs _ c _ map is increased by (cs _ idx, [ (0,0, res [0]), (0,31, res [31]), (0,31,) and
2. calculation phase
2.1 calculate vars
The algorithm inputs are
Int-int (int, int, bool) from the pre-computation stage
·SHA256 words
The algorithm comprises the following steps:
1. initializing an array vars [ ];
2. traversing each key-value item of the var _ map, (var _ idx, (word _ idx, bit _ idx, is _ not)) b ═ word [ word _ idx ] > (bit _ idx)) & 1;
if b is equal to 0, let bit be equal to false; otherwise, making bit equal to true;
if is _ not ═ true, let vars [ var _ idx ] ═ bit;
otherwise let vars [ var _ idx ] ═ |! And (6) bit.
3. Output array vars
2.2 calculation of a
The algorithm inputs are:
r1cs _ a _ map: int- > vector < (int, int, int) >, obtained by calculation in the pre-calculation stage
Array vars calculated in 2.1
The algorithm flow is as follows:
1. initializing an array a [ ];
2. each key-value entry of traversal r1cs _ a _ map, (cs _ idx, vector < (sign, w, var _ idx) >)
Initializing a [ cs _ idx ] ═ 0;
traversing each entry in the array (sign, w, var _ idx)
If sign is equal to 1, let coeff be (1< < w) > vars [ var _ idx ];
otherwise let coeff ═ - (1< < w) × vars [ var _ idx ];
a[cs_idx]+=coeff;
3. and outputting the array a.
2.3 calculation of b
The algorithm inputs are:
r1cs _ b _ map: int- > vector < (int, int, int) >, obtained by calculation in the pre-calculation stage
Array vars calculated in 2.1
The calculation procedure is the same as in section 2.2.
2.4 calculation of c
The algorithm inputs are:
r1cs _ c _ map: int- > vector < (int, int, int) >, obtained by calculation in the pre-calculation stage
Array vars calculated in 2.1
The calculation procedure was the same as 2.2.
In the prior art, SHA256 circuit synthesis (circuit synthesis) is implemented, values of variables are obtained by calculation through addition and multiplication on a finite field, and constraint vectors are also obtained by calculation through finite field arithmetic operation.
Example 2
Corresponding to the above embodiment 1, this embodiment proposes a synthesis acceleration apparatus for a SHA256 hash algorithm zero-knowledge proof circuit, the apparatus including:
the pre-operation module is used for pre-generating a circuit variable constraint relation table;
and the parameter operation module is used for finishing the synthesis acceleration of the proving circuit by utilizing the 32-bit unsigned integer arithmetic operation output variable array and the constraint vector value according to the circuit variable constraint relation table.
Further, the pre-operation module is specifically configured to:
the variable constraint relation table records the mapping relation between Boolean variables and SHA256 intermediate values in the SHA256 calculation process and the mapping relation between constraint vectors and variable arrays, and the types of the SHA256 intermediate values are 32-bit unsigned integers.
Further, the parameter operation module is specifically configured to:
and outputting the variable array according to the mapping relation between the variable and the SHA256 intermediate value and the input SHA256 intermediate value.
Further, the parameter operation module is specifically further configured to:
and outputting the value of the constraint vector according to the mapping relation between the constraint vector and the variable array and the obtained variable array.
The functions executed by each component in the synthesis accelerator of the SHA256 hash algorithm zero knowledge proof circuit provided in the embodiment of the present invention are described in detail in the above embodiment 1, and therefore, redundant description is not repeated here.
Example 3
In correspondence with the above embodiments, the present embodiment proposes a computer storage medium containing one or more program instructions for executing the method of embodiment 1 by a synthesis acceleration apparatus of a SHA256 hash algorithm zero knowledge proof circuit.
Although the invention has been described in detail above with reference to a general description and specific examples, it will be apparent to one skilled in the art that modifications or improvements may be made thereto based on the invention. Accordingly, such modifications and improvements are intended to be within the scope of the invention as claimed.
Claims (9)
1. A synthesis acceleration method for a SHA256 hash algorithm zero-knowledge proof circuit is characterized by comprising the following steps:
pre-generating a circuit variable constraint relation table;
and according to the circuit variable constraint relation table, outputting a variable array and a constraint vector value by using 32-bit unsigned integer arithmetic operation to finish the synthesis acceleration of the proving circuit.
2. The method for accelerating synthesis of a SHA256 hash algorithm zero knowledge proof circuit according to claim 1, wherein the pre-generating of the circuit variable constraint relation table specifically includes:
the variable constraint relation table records the mapping relation between Boolean variables and SHA256 intermediate values in the SHA256 calculation process and the mapping relation between constraint vectors and variable arrays, and the types of the SHA256 intermediate values are 32-bit unsigned integers.
3. The method as claimed in claim 2, wherein the synthesizing acceleration of the SHA256 hash algorithm zero knowledge proof circuit is accomplished by using 32-bit unsigned integer arithmetic operation output variable array and constraint vector value according to the circuit variable constraint relation table, and specifically comprises:
and outputting the variable array according to the mapping relation between the variable and the SHA256 intermediate value and the input SHA256 intermediate value.
4. The method as claimed in claim 3, wherein the synthesis acceleration of the SHA256 hash algorithm zero knowledge proof circuit is performed by using 32-bit unsigned integer arithmetic operation output variable array and constraint vector value according to the circuit variable constraint relation table, and specifically comprises:
and outputting the value of the constraint vector according to the mapping relation between the constraint vector and the variable array and the obtained variable array.
5. An apparatus for accelerating synthesis of SHA256 hash algorithm zero knowledge proof of knowledge circuit, the apparatus comprising:
the pre-operation module is used for pre-generating a circuit variable constraint relation table;
and the parameter operation module is used for finishing the synthesis acceleration of the proving circuit by utilizing the 32-bit unsigned integer arithmetic operation output variable array and the constraint vector value according to the circuit variable constraint relation table.
6. The synthesis acceleration device for the SHA256 hash algorithm zero knowledge proof circuit of claim 5, wherein the pre-operation module is specifically configured to:
the variable constraint relation table records the mapping relation between Boolean variables and SHA256 intermediate values in the SHA256 calculation process and the mapping relation between constraint vectors and variable arrays, and the types of the SHA256 intermediate values are 32-bit unsigned integers.
7. The synthesis acceleration device for the SHA256 hash algorithm zero knowledge proof circuit of claim 5, wherein the parameter operation module is specifically configured to:
and outputting the variable array according to the mapping relation between the variable and the SHA256 intermediate value and the input SHA256 intermediate value.
8. The synthesis acceleration device for the SHA256 hash algorithm zero knowledge proof circuit of claim 5, wherein the parameter operation module is further configured to:
and outputting the value of the constraint vector according to the mapping relation between the constraint vector and the variable array and the obtained variable array.
9. A computer storage medium comprising one or more program instructions for executing the synthesis acceleration method of any one of claims 1 to 4 by a synthesis acceleration apparatus of a SHA256 hash algorithm zero knowledge proof circuit.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111070702.3A CN113794567B (en) | 2021-09-13 | 2021-09-13 | Synthetic acceleration method and device for SHA256 hash algorithm zero knowledge proof circuit |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111070702.3A CN113794567B (en) | 2021-09-13 | 2021-09-13 | Synthetic acceleration method and device for SHA256 hash algorithm zero knowledge proof circuit |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113794567A true CN113794567A (en) | 2021-12-14 |
CN113794567B CN113794567B (en) | 2024-04-05 |
Family
ID=79183071
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111070702.3A Active CN113794567B (en) | 2021-09-13 | 2021-09-13 | Synthetic acceleration method and device for SHA256 hash algorithm zero knowledge proof circuit |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113794567B (en) |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100581662B1 (en) * | 2005-08-31 | 2006-05-22 | 주식회사 칩스앤미디어 | Common engine for plural hash functions having different algorithms |
CN101399667A (en) * | 2007-09-29 | 2009-04-01 | 索尼(中国)有限公司 | Step function device and message spreading method for generating fast safe Hash function |
WO2010067820A1 (en) * | 2008-12-11 | 2010-06-17 | 日本電気株式会社 | Zero-knowledge proof system, zero-knowledge proof device, zero-knowledge verification device, zero-knowledge proof method and program therefor |
CN109614820A (en) * | 2018-12-06 | 2019-04-12 | 山东大学 | Intelligent contract authentication data method for secret protection based on zero-knowledge proof |
CN109905228A (en) * | 2017-12-07 | 2019-06-18 | 北京智云芯科技有限公司 | A kind of dedicated computing circuit for realizing Hash operation |
WO2019180588A1 (en) * | 2018-03-23 | 2019-09-26 | nChain Holdings Limited | Computer-implemented system and method for enabling zero-knowledge proof |
CN110489370A (en) * | 2019-07-15 | 2019-11-22 | 广东工业大学 | A kind of pretreated hardware fill method of hash algorithm SHA256 message |
CN112434269A (en) * | 2020-10-23 | 2021-03-02 | 上海点融信息科技有限责任公司 | Zero knowledge proof method, verification method, computing device and storage medium of file |
CN112632888A (en) * | 2020-08-18 | 2021-04-09 | 上海致居信息科技有限公司 | Circuit synthesis method, apparatus, medium, and data storage proving system |
CN113177225A (en) * | 2021-03-16 | 2021-07-27 | 深圳市名竹科技有限公司 | Block chain-based data storage certification method, device, equipment and storage medium |
-
2021
- 2021-09-13 CN CN202111070702.3A patent/CN113794567B/en active Active
Patent Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100581662B1 (en) * | 2005-08-31 | 2006-05-22 | 주식회사 칩스앤미디어 | Common engine for plural hash functions having different algorithms |
CN101399667A (en) * | 2007-09-29 | 2009-04-01 | 索尼(中国)有限公司 | Step function device and message spreading method for generating fast safe Hash function |
WO2010067820A1 (en) * | 2008-12-11 | 2010-06-17 | 日本電気株式会社 | Zero-knowledge proof system, zero-knowledge proof device, zero-knowledge verification device, zero-knowledge proof method and program therefor |
CN109905228A (en) * | 2017-12-07 | 2019-06-18 | 北京智云芯科技有限公司 | A kind of dedicated computing circuit for realizing Hash operation |
WO2019180588A1 (en) * | 2018-03-23 | 2019-09-26 | nChain Holdings Limited | Computer-implemented system and method for enabling zero-knowledge proof |
CN109614820A (en) * | 2018-12-06 | 2019-04-12 | 山东大学 | Intelligent contract authentication data method for secret protection based on zero-knowledge proof |
WO2020114240A1 (en) * | 2018-12-06 | 2020-06-11 | 山东大学 | Zero-knowledge proof-based smart contract authentication data privacy protection method and system |
CN110489370A (en) * | 2019-07-15 | 2019-11-22 | 广东工业大学 | A kind of pretreated hardware fill method of hash algorithm SHA256 message |
CN112632888A (en) * | 2020-08-18 | 2021-04-09 | 上海致居信息科技有限公司 | Circuit synthesis method, apparatus, medium, and data storage proving system |
CN112434269A (en) * | 2020-10-23 | 2021-03-02 | 上海点融信息科技有限责任公司 | Zero knowledge proof method, verification method, computing device and storage medium of file |
CN113177225A (en) * | 2021-03-16 | 2021-07-27 | 深圳市名竹科技有限公司 | Block chain-based data storage certification method, device, equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN113794567B (en) | 2024-04-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Ben-Or et al. | A deterministic algorithm for sparse multivariate polynomial interpolation | |
Sasao | AND-EXOR expressions and their optimization | |
Buss et al. | Proof complexity in algebraic systems and bounded depth Frege systems with modular counting | |
Hernández et al. | A uniparametric family of iterative processes for solving nondifferentiable equations | |
EP0984357B1 (en) | Apparatus and method for elliptic-curve multiplication and recording medium having recorded thereon a program for implementing the method | |
Lunglmayr et al. | Design and analysis of efficient maximum/minimum circuits for stochastic computing | |
US11922133B2 (en) | Processor and method for processing mask data | |
JPH07182406A (en) | Method for inspection of validity of finite-state sequential machine and information support obtained as result of it as well as validity inspection tool | |
Boldo et al. | Round-off error analysis of explicit one-step numerical integration methods | |
Reif | Optimal size integer division circuits | |
US11546161B2 (en) | Zero knowledge proof hardware accelerator and the method thereof | |
CN113794567A (en) | Synthesis acceleration method and device of SHA256 Hash algorithm zero-knowledge proof circuit | |
Miller et al. | Highly efficient exhaustive search algorithm for optimizing canonical Reed-Muller expansions of boolean functions | |
Lopez et al. | Sum-of-products Evaluation Schemes with Fixed-Point arithmetic, and their application to IIR filter implementation | |
Ostrin et al. | Elementary arithmetic | |
Kryvyi et al. | Partitioning a set of vectors with nonnegative integer coordinates using logical hardware | |
CN113222747B (en) | Block chain privacy transaction method | |
Bini et al. | Fundamental Computations with Polynomials | |
US20180006817A1 (en) | Lossy arithmetic | |
Adams | Verifying adder circuits using powerlists | |
Bohn et al. | Minmax and least squares multivariable transfer function curve fitting: Error criteria, algorithms and comparisons | |
Linh et al. | Approximation of spectral intervals and leading directions for differential-algebraic equation via smooth singular value decompositions | |
US20230093203A1 (en) | Arithmetic device and method | |
Tamisier | Computing the observable equivalence relation of a finite state machine | |
Häner | Computing all monomials of degree $ n-1$ using $2 n-3$ AND gates |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |