HashCloak Newsletter June 2023
What the HashCloak team has been up to in June
We are delighted to bring you the latest edition of the HashCloak June Newsletter.
We went on a bit of a hiatus to focus on our ongoing client engagements. Now that those are completed, we will be back to our regular monthly schedule of delivering interesting research papers, videos and whatever the HashCloak team deems to be interesting over the past month!
Stuff We’ve been reading
Shi, Chung, Wu - What Can Cryptography Do For Decentralized Mechanism Design?
Disclosure of Security Vulnerabilities in Atomic Wallet, Audited by Least Authority
Beosin Security Researchers Discovered SnarkJS Library Vulnerability CVE-2023–33252
Flashbots Forum: Bookmarks relevant for redistribution researchers
Chialva, Dooms - Conditionals in Homomorphic Encryption, and Machine Learning Applications
Elena Fuentes Bongenaar - Multi-key fully homomorphic encryption report
Martin Gunnarsson - Efficient Security Protocols for Constrained Devices
Stuff We’ve been playing with
https://twitter.com/0xonurinanc/status/1664555051329765377
https://twitter.com/brockjelmore/status/1674869041629118471
Stuff We’ve been watching
Interesting HashCloak Research Project of the Month
In our continued collaboration with Fuel Labs, we built a WebAuthn-based burner wallet using Sway's predicates and NIST standardized curves to enhance the onboarding experience for new users on Fuel Network. This browser-based hot wallet will enable users to deposit small amounts of funds through a browser extension or web page, seamlessly transferring them onto Fuel Labs' L2. The current implementation successfully obtains the WebAuthn public key, which is configurable as a constant in a script, and verifies p256 signatures from WebAuthn through a Smart Contract dedicated to the verification process. This wallet generates keys that can be universally used across web services, thus enhancing accessibility and convenience for new users.
For those interested in exploring the technical aspects and implementation details of the burner wallet using WebAuthn, the complete project repository can be found on our GitHub.
Special Purpose Cryptography Protocol of the Month
Every month, we cover a special purpose cryptography for common problems that we encounter in our consultancy practice. This month, we will be covering Groth and Kohlweiss’ one out of many proofs protocol for showing that a commitment opens to 0 amongst a list of many commitments.
Let’s quickly motivate the need for such a protocol. Commitments are a common building block in many blockchain applications, namely for privacy-related applications. In particular, one out of many proofs can be used to construct group signatures and other forms of membership proofs. These more complex protocols can then in turn be used to construct privacy protocols for blockchains. Protocols like Firo’s Lelantus Spark leverage one out of many proofs for its next generation privacy protocol.
Let’s do a quick deep dive into the one out of many proofs protocol. First, it builds upon a simpler sigma protocol for showing that a commitment opens to either 0 or 1.
Given a commitment key ck for some homomorphic commitment scheme (e.g. Pedersen commitments), the prover is trying to show that m is either 0 or 1 without revealing m to the verifier. The prover and verifier engage in the following protocol:
The prover sends 2 commitments to the verifier that depend on randomly generated field elements and the message
The verifier sends a randomly generated challenge
The prover sends 3 linear equations as a function of this random challenge and their own randomly generated elements.
The verifier checks that the given information from the prover does open to 0 without knowing the contents of the message
The above protocol is complete, sound and special honest verifier zero-knowledge (sHVZK) which makes it a good building block for the more generalized protocol that makes up the core of the paper.
Given some commitment key ck, the prover has a list of commitments of which one of the commitments opens to 0. Equivalently, the prover wants to show to the verifier that there exist some index l such that the equality i=0N-1cil= Commit(0, r) for some randomness r. This equality works because the kronecker’s delta function will make all the terms where i ≠ l equal to 1 in the product. In the case where i = l, we will get the commitment we want. This fact is used to design the protocol above. As one may have noted, the structure of the one out of many proofs protocol is very similar to the protocol for showing that a commitment opens to 0 or 1. In fact, if one uses the binary representation of l, combined with using the previously described trick, the one out of many proofs protocol is essentially simply engaging in showing that the commitments are either 0 or 1 n times where n is the number of bits in l.
If you would like to learn more of the nitty-gritty details of this protocol, take a look at the original paper.
That’s a wrap-up for our June Newsletter, we hope you found this month’s content informative and engaging. Our team is constantly exploring new avenues in privacy innovation and we're thrilled to share our latest progress with you. As always, we appreciate your support and welcome feedback on our work.
Stay in the loop with our latest insights and research by subscribing to our newsletter. You'll be the first to know about our upcoming projects and collaborations.
Also, be sure to follow us on Twitter to stay up-to-date with any announcements related
to our engagements or internal projects. Thank you for your continued interest in HashCloak!
Schedule a call with us to engage in R&D, security auditing, or any other potential collaborations: https://calendly.com/d/hhc-dnq-wfd/hashcloak-services-inquiries.