Merge pull request #4 from AAU-Dat/Related-work

Related work

Author: Maltesius

report/src/bib/main.bib

@@ -17,4 +17,72 @@ @article{greenwade1993
     volume  = "14",
     number  = "3",
     pages   = "342--351"
+}
+
+@article{Whisk2024,
+    title        = {Whisk: A practical shuffle-based SSLE protocol for Ethereum},
+    author       = {George Kadianakis},
+    year         = {2024},
+    note         = {Accessed: 22-10-2024},
+    url = {https://ethresear.ch/t/whisk-a-practical-shuffle-based-ssle-protocol-for-ethereum/11763}
+}
+
+@misc{cryptoeprint:2022/560,
+    author = {Kasper Green Larsen and Maciej Obremski and Mark Simkin},
+    title = {Distributed Shuffling in Adversarial Environments},
+    howpublished = {Cryptology {ePrint} Archive, Paper 2022/560},
+    year = {2022},
+    url = {https://eprint.iacr.org/2022/560}
+}
+
+@inproceedings{bunz2018bulletproofs,
+    title={Bulletproofs: Short proofs for confidential transactions and more},
+    author={B{\"u}nz, Benedikt and Bootle, Jonathan and Boneh, Dan and Poelstra, Andrew and Wuille, Pieter and Maxwell, Greg},
+    booktitle={2018 IEEE symposium on security and privacy (SP)},
+    pages={315--334},
+    year={2018},
+    organization={IEEE}
+}
+
+@article{chung2022bulletproofs+,
+    title={Bulletproofs+: Shorter proofs for a privacy-enhanced distributed ledger},
+    author={Chung, Heewon and Han, Kyoohyung and Ju, Chanyang and Kim, Myungsun and Seo, Jae Hong},
+    journal={Ieee Access},
+    volume={10},
+    pages={42081--42096},
+    year={2022},
+    publisher={IEEE}
+}
+
+@inproceedings{zhang2024springproofs,
+    title={Springproofs: Efficient inner product arguments for vectors of arbitrary length},
+    author={Zhang, Jianning and Su, Ming and Liu, Xiaoguang and Wang, Gang},
+    booktitle={2024 IEEE Symposium on Security and Privacy (SP)},
+    pages={3147--3164},
+    year={2024},
+    organization={IEEE}
+}
+
+@inproceedings{eagen2024bulletproofs++,
+    title={Bulletproofs++: Next generation confidential transactions via reciprocal set membership arguments},
+    author={Eagen, Liam and Kanjalkar, Sanket and Ruffing, Tim and Nick, Jonas},
+    booktitle={Annual International Conference on the Theory and Applications of Cryptographic Techniques},
+    pages={249--279},
+    year={2024},
+    organization={Springer}
+}
+
+@article{Curdleproofs,
+    title        = {Curdleproofs},
+    author       = {The Ethereum Foundation Cryptography Research Team},
+    note         = {Accessed: 24-04-2025},
+    url = {https://github.com/asn-d6/curdleproofs/blob/main/doc/curdleproofs.pdf}
+}
+
+@misc{cryptoeprint:2016/263,
+    author = {Jonathan Bootle and Andrea Cerulli and Pyrros Chaidos and Jens Groth and Christophe Petit},
+    title = {Efficient Zero-Knowledge Arguments for Arithmetic Circuits in the Discrete Log Setting},
+    howpublished = {Cryptology {ePrint} Archive, Paper 2016/263},
+    year = {2016},
+    url = {https://eprint.iacr.org/2016/263}
 }

report/src/main.tex

@@ -16,13 +16,15 @@
     \maketitle
     \input{sections/00-abstract}
     \input{sections/01-introduction}
-    \input{sections/02-background}
-    \input{sections/04-experimental-protocol}
-    \input{sections/05-results}
-    \input{sections/06-discussion}
-    \input{sections/07-conclusion}
-    \input{sections/08-future-works}
-    \input{sections/09-acknowledgements}
+    \input{sections/02-related-work}
+    \input{sections/03-background}
+    \input{sections/04-approach}
+    \input{sections/05-experimental-protocol}
+    \input{sections/06-results}
+    \input{sections/07-discussion}
+    \input{sections/08-conclusion}
+    \input{sections/09-future-works}
+    \input{sections/10-acknowledgements}
 
     \clearpage
     %\printglossary[type=\acronymtype]

report/src/sections/02-background.tex

@@ -0,0 +1,38 @@
+\section{Related Work}\label{sec:related-work}
+
+
+
+
+\subsection{Whisk}\label{sec:related-work-whisk}
+Ethereum currently has an improvement proposal suggesting the implementation of a protocol called Whisk~\cite{Whisk2024}.
+Whisk is a zero-knowledge Single secret leader election (SSLE) system that Through a zero-knowledge argument called curdleproofs~\cite{Curdleproofs} allows for the verification of the correctness of a shuffle without revealing the input or output.
+It is based on the concept of inner product arguments and does not require a honest setup.
+It uses elliptic curve cryptography based on the BLS12-381 curve to achieve its goals.
+
+Whisk is designed to be efficient and scalable, making it suitable for use in Ethereum and other blockchain systems.
+Whisk is one of the suggested solutions to attacks on the Ethereum network targeting block proposers.
+With the help of the zero-knowledge proofs, Whisk helps making the previous public proposer list and order into a system where only the proposer can see if it is their turn to propose a block, and they can proof that to be the case.
+
+
+
+\subsection{Shuffling algorithm}\label{sec:related-work-Shuffling-algorithm}
+The shuffling algorithm used in curdleproofs has gone though many iterations and improvements in order to increase speed and reduce the size the proof.
+This is because the proposer has a limited amount of time to propose a block in each slot, and the addition of the proof to the protocol increases the size of the block the proposers have to create.
+This is the reason why the current implementation of curdleproofs has chosen the shuffling algorithm~\cite{cryptoeprint:2022/560} proposed by Larsen et al.
+
+The way the shuffle works is by selecting 2 days' worth of proposers, and then shuffling the proposers over one day's worth of slots to create a new list of proposers for the following day.
+In each slot a subset of the proposers are shuffled, and the rest are left unchanged.
+
+Though experiments Larsen et al. has shown that after enough shuffles becomes secrue even in adversarial environments.
+They also surgests that their may be room to lower the size of the subsets chosen in each lot without losing the security of the shuffle.
+Thereby increasing the speed of the shuffle and reducing the size of the proof being added to the blockchain.
+
+\subsection{Bulletproofs}\label{sec:related-work-bulletproofs}
+A big inspiration for the curdleproofs protocol is the use of bulletproofs~\cite{bunz2018bulletproofs}.
+Bulletproofs is a type of range proof that uses inner product arguments to prove that a committed value is within a certain range without revealing the value itself.
+Bulletproofs is in itself not a zero-knowledge proof system, but with the help of Fiat Shamir~\cite{bunz2018bulletproofs} it can be used to create a zero-knowledge proof.
+Bulletproofs also has had a few iterations and improvements to increase the speed and reduce the size of the proof since it was used in curdleproofs.
+One of these is Bulletproofs+~\cite{chung2022bulletproofs+} which is a new version of bulletproof that uses a weighted inner product argument instead of the standard inner product argument to achieve a better performance.
+Bulletproofs+ is also different because it is zero-knowledge proof by itself unlike the original bulletproofs.
+A third version of the bulletproofs is Bulletproofs++~\cite{eagen2024bulletproofs++} which is a even newer version of bulletproofs that uses a new type of argument called the norm argument to achieve a better performance.
+Unlike the two other proofs Bulletproofs++ is a binary range proof, which means that even if it is the fastest proof it is not suitable for the curdleproofs protocol due to the binary nature of the bulletproofs++.

report/src/sections/02-related-work.tex

@@ -0,0 +1,25 @@
+
+\section{Background}\label{sec:background}
+
+
+\subsection{Notation}\label{sec:background-notation}
+
+
+
+
+\subsection{Zero-knowledge proofs}\label{sec:background-zkps}
+Curdleproofs is a zero-knowledge proof system, which means that it allows a prover to convince a verifier that they know a secret without revealing the secret itself.
+within the context of Ethereum it could be the ability to convince someone that a transaction is valid without revealing information about the transaction such as the value of it.
+
+
+
+
+\subsection{Springproofs}\label{sec:background-springproofs}
+Springproofs~\cite{zhang2024springproofs} is an inner product argument that aims to allow a more flexible and efficient way of creating zero-knowledge proofs by avoiding the need for papping when working with inputs that are not of the size of power of 2.
+
+Currently, the way to work with inner product arguments is to either only work with input sets that have the size of a power of 2, or to pad the input to the size of the next power of 2.
+This leads to either forcing the prover to work with regied sizes of input sets, or to pad the input with zeros slowing down the process and forcing the prover to work with larger sets than necessary.
+
+Springproofs is a new type of inner product argument that allows for the use of arbitrary sized input sets without the need for padding.
+
+

report/src/sections/03-background.tex

@@ -0,0 +1,36 @@
+\section{approach}\label{sec:approach}
+
+
+\subsection{Shuffle security}\label{sec:approach-shuffle-security}
+The shuffle method proposed by Larsen et al.~\cite{cryptoeprint:2022/560} that was used in curdleproofs is based on the idea of shuffling a list of proposers over a set of slots.
+The shuffle itself however is not too complex.
+A formal definition of the shuffle is given in~\autoref{fig:shuffle}.
+
+\begin{figure}[ht]\label{fig:shuffle}
+
+    \begin{framed}
+        \[
+            \Pi(c_1, \ldots, c_n)
+        \]
+        \rule{\linewidth}{0.4pt}
+
+        \noindent
+        \textbf{for} $t \in [T]$ \textbf{:}
+        \begin{itemize}
+            \item[$S_t$] picks random $\{i_1, \ldots, i_k\} \subset [n]$
+            \item[$S_t$] computes $(\tilde{c}_{i_1}, \ldots, \tilde{c}_{i_k}) \leftarrow \text{Shuffle}(c_{i_1}, \ldots, c_{i_k})$
+            \item[$S_t$] publishes $(\tilde{c}_{i_1}, \ldots, \tilde{c}_{i_k})$
+        \end{itemize}
+    \end{framed}
+    \caption{Distributed shuffling protocol.}
+\end{figure}
+
+Here the set $(c_1, \ldots, c_n)$ is a set of ciphertexts that are shuffled over $T$ slots.
+
+\subsection{Springproofs}\label{sec:approach-springproofs}
+
+
+
+\subsection{implementation}\label{sec:approach-implementation}
+
+