This article first appeared on Medium.

Prove group membership without ring signatures

In part 1, we demonstrated that zk-SNARK turns cryptographic problems into programming problems. For example, we “program” multiplication of elliptic curve points to prove knowledge of a private key for a given public key, the equivalent of a digital signature.

Today we show how to implement another otherwise sophisticated cryptographic primitive by simply “programming” it in the zero-knowledge Circom language: ring signatures.

Ring Signatures using zk-SNARK

In a ring signature, any member of a group/ring can sign to prove their membership, without disclosing their specific identity. Based on the signature, a verifier can be sure that one of the group members signed, but cannot know which one signed. We have already implemented ring signatures. Although it is doable, it is far from trivial and requires a deep knowledge of cryptography and ingenuity to invent it.

Ring signature

Thanks to the programmability and composability of zk-SNARK, we can simply “coded” ring signature as below, based on previous dot multiplication library.

group_pubkey.circom

From line 11 to 22 we use ECDSAPrivToPub covered in part 1 to derive a public key in line 16 from the private key in line 5 (note that it is stated private)¹. We then simply compare the resulting public key with each of the public keys in the group defined in line 7 (note that it says public). We return true if and only if it matches any element of the group on line 54.

A test is available here.

Since the private key entry is private and remains hidden, a verifier cannot use it to identify which member created the evidence. We created a ZKP for group/ring membership and the equivalent of ring signatures, without knowing any underlying cryptography! This is the power of zk-SNARKs.

***

REMARK:

[1] Here we prefer ECDSAPrivToPub over Secp256k1ScalarMult because it is more efficient.

Watch: Presentation of the BSV Global Blockchain Convention, Smart Contracts and Computation on BSV

New to Bitcoin? Discover CoinGeek bitcoin for beginners section, the ultimate resource guide to learn more about Bitcoin – as originally envisioned by Satoshi Nakamoto – and blockchain.