What is the plan for zero-knowledge proofs?

tuneinsight / lattigo

A library for lattice-based multiparty homomorphic encryption in Go

Apache License 2.0

1.23k stars 182 forks source link

What is the plan for zero-knowledge proofs? #28

Closed jon-chuang closed 4 years ago

jon-chuang commented 4 years ago

Is this to ensure that the computation has been performed correctly before decryption occurs? Since if it is not performed correctly, couldn't this leak secrets like a model's parameters?

I may be interested in implementing this if I know where to start.

ChristianMct commented 4 years ago

Some form of zero-knowledge proofs primitives would indeed be required when considering stronger adversarial models.

We have no plan or ongoing project in that direction for Lattigo. Its ring package could be used for that purpose, but we have not investigated that aspect yet.

jon-chuang commented 4 years ago

Just some resources: Succinct Non-Interactive Zero Knowledge for a von Neumann Architecture

ChristianMct commented 4 years ago

Closing: discussion about the ZK layer with use-cases as described in #30 #32 will be taken offline.