An ECDSA Nullifier Scheme and a Proof of Identity Application

Author(s)

Gupta, Aayush

Advisor

Vaikuntanathan, Vinod

Abstract

ZK-SNARKs (Zero Knowledge Succinct Noninteractive ARguments of Knowledge) are one of the most promising new applied cryptography tools: proofs allow anyone to prove a property about some data, without revealing that data. Largely spurred by the adoption of cryptographic primitives in blockchain systems, ZK-SNARKs are rapidly becoming computationally practical in real-world settings, shown by i.e. tornado.cash and rollups. These have enabled ideation for new identity applications based on anonymous proof-of-ownership. One of the primary technologies that would enable the jump from existing apps to such systems is the development of deterministic nullifiers. Nullifiers are used as a public commitment to a specific anonymous account, to forbid actions like double spending, or allow a consistent identity between anonymous actions. We identify a new deterministic algorithm that both uniquely identifies the keypair and keeps the account identity secret. In this work, we will define the full construction, and prove uniqueness, secrecy, and existential unforgeability. We will then demonstrate a proof of concept of the nullifier. To help further zero knowledge identity systems, we additionally explore a construction for zero knowledge proof of email ownership. We show how relying on existing mail server infrastructure can allow us to bootstrap new anonymity sets and prove subsets of emails in zero knowledge.

Date issued

2022-09

URI

https://hdl.handle.net/1721.1/147434

Department

Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science

Publisher

Massachusetts Institute of Technology