# Crypto Math Explained

# Demo- We'll do a code overview of a collaborative text editor called CryptPad that keeps your data private from 3rd parties using the power of Zero-Knowledge Proofs. I'm mostly excited to talk about ZK-Snarks. 

## What is Cryptography?

![alt text](https://cdn.guru99.com/images/EthicalHacking/cipher.png "Logo Title Text 1")

- Its a set of techniques for scrambling/disguising data. 
- This scrambled data is available only to someone who can restore the data to its original form. 
- This is so data is kept secret from unauthorized people, but easily decipherable by authorized people. 
- Cryptography deals with encryption, decryption, hashing, and digital signatures. 

### Encryption 

![alt text](https://www.ssl2buy.com/wiki/wp-content/uploads/2014/11/IC155063.gif "Logo Title Text 1")

- One of the most critical tools used in cryptography. 
- It means converting intelligble plaintext into ciphertext, which is not intelligible. 
- 3 forms of encryption that are widely used, symmetric cryptography, asymmetric cryptography, and hashing.

#### Symmetric 

![alt text](https://blockgeeks.com/wp-content/uploads/2017/09/image1.png "Logo Title Text 1")

- Symmetric cryptography is the earliest known cryptographic method known to man
- The concept is very simple and if we were to break it down to steps, this is what it will look like:

1. You have a message M that you want to send over to your friend.
2. You encrypt the message with a Key and get a cipher text C.
3. Your friend gets your cipher text C.
4. She then decrypts the cipher text using the same Key to retrieve message M.


##### Asymmetric 

![alt text](https://blockgeeks.com/wp-content/uploads/2017/09/image6.png "Logo Title Text 1")

- Asymmetric cryptography utilizes two keys, a public key and a private to encrypt and decrypt a particular data. 
- The use of one key cancels out the use of the other.

##### Hashing 

![alt text](https://upload.wikimedia.org/wikipedia/commons/thumb/5/58/Hash_table_4_1_1_0_0_1_0_LL.svg/1200px-Hash_table_4_1_1_0_0_1_0_LL.svg.png "Logo Title Text 1")

- Hashing involves using a one-way calculation to condense a long message into a compact bit string, or message digest.
- i.e take an input string of any length and giving out an output of a fixed length. 
- In the context of Bitcoin, the transactions are taken as an input and run through a hashing algorithm (Bitcoin uses SHA-256) which gives an output of a fixed length
- A cryptographic hash function is a special class of hash functions which has various properties making it ideal for cryptography. Let's talk about them.

###### Property 1: Deterministic

- No matter how many times you parse through a particular input through a hash function you will always get the same result. 
- This is critical because if you get different hashes every single time it will be impossible to keep track of the input.

###### Property 2: Quick Computation

- The hash function should be capable of returning the hash of an input quickly. 
- If the process isn’t fast enough then the system simply won’t be efficient.

###### Property 3: Pre-Image Resistance

- Means that given H(A) it is infeasible to determine A, where A is the input and H(A) is the output hash. 
- Notice the use of the word “infeasible” instead of “impossible”. 
- We already know that it is not impossible to determine the original input from its hash value.

###### Property 4: Small Changes In The Input Changes the Hash.

- Even if you make a small change in your input, the changes that will be reflected in the hash will be huge. 

###### Property 5: Collision Resistant

- Given two different inputs A and B where H(A) and H(B) are their respective hashes, it is infeasible for H(A) to be equal to H(B). 
- For the most part, each input will have its own unique hash.

###### Property 6: Puzzle Friendly

- Meaning even given part of the input and the output, it is very difficult for us to find the rest of the input.
- Central to Bitcoin mining, which is essentially a race to solve a cryptographic puzzle by essentially trying out solutions uniformly randomly.

### Digital signatures 

![alt text](https://comodosslstore.com/blog/wp-content/uploads/2017/05/digital-signature.jpg "Logo Title Text 1")

- Imagine a paper that you have signed with your signature, what should a good signature do?
- It should provide verification. The signature should be able to verify that it is you who actually signed the paper.
- It should be non-forgeable. No one else should be able to forge and copy your signature.
- Non-repudiation. If you have signed something with your signature, then you should not be able to take it back or claim that someone else has done it instead of you.
- In the real world, however, no matter how intricate the signature, there are always chances of forgery, and you cannot really verify signatures using simple visual aids, it is very inefficient and non-reliable.
- Cryptography gives us a solution to this by means of “digital signatures” which is done via the use of “keys”.
- Generating and verifying digital signatures involves encrypting a message digest with a private key to create the electronic equivalent of a handwritten signature.
- Both a handwritten signature and a digital signature verify the identity of the signer and cannot be forged.
- They Serve to ensure that nothing has altered the signed document since it was signed

![alt text](https://www.cryptocompare.com/media/1284/digital_signature.png "Logo Title Text 1")

- In Bitcoin, a digital signature of a transaction is an encryption of the transaction hash calculated with a secret key. 
- This secret key is called the private key. 
- The signature of the transaction can be verified with an associated public key. 
- The digital signature proves that the transaction has not been altered, and that transaction has been issued by the owner of the private key.

## Examples of Crypto? 

![alt text](https://image.slidesharecdn.com/cryptography-120221205610-phpapp01/95/cryptography-16-728.jpg?cb=1329858122 "Logo Title Text 1")

- Cryptography is present in everyday life, from paying with a credit card to using the telephone.
- More distributed and decentralized systems means more of a need for data security.
- Cryptography keeps data confidential and helps verify data integrity. 

#### HTTPS

![alt text](https://www.x-cart.com/wp-content/uploads/2017/02/http_to_https-1.jpg "Logo Title Text 1")

- HTTP is The protocol responsible for communicating on the Internet, fundamental to everything. 
- Its a stateless protocol since the server forgets the client once the transaction is over.
-  Most of our day to day transactions like shopping or bill payments are done online. This crucial data cannot fall into the wrong hands which might be used for malicious purposes.
- This creates an absolute necessity that the communication between the server and client be secure.
- HTTPS is HTTP running on top of SSL (Secure Sockets Layer)
- SSL ensures this secure channel of communication using cryptography. Most users are assured of the SSL guarantee by seeing the “padlock” on the left part of the address bar along with the “https” instead of “http.”
- SSL is one practical application of cryptography that makes use of both symmetric and asymmetric encryption.
- SSL makes use of asymmetric public-private key pair and ‘symmetric session keys.’
- A ‘session key’ is a one- time use symmetric key which is used for encryption and decryption. 
- They are randomly chosen and are used only for any particular session. 

![alt text](http://www.infosectoday.com/Articles/Intro_to_Cryptography/CryptoFig07.jpg "Logo Title Text 1")

#### Whatsapp 

![alt text](https://www.wired.com/wp-content/uploads/2016/04/Whatsapp_Encryption_Proxima-1024x600.jpg "Logo Title Text 1")

- ‘Whatsapp’ is currently one of the most popular mobile messaging software
- Conversations and calls are “end-to-end” encrypted.
- In end-to-end encryption, only the data is encrypted. The headers, trailers, and routing information are not encrypted.
- End-to-end encryption makes sure that a message that is sent is received only by the intended recipient and none other. W
- hatsapp has ensured, that even “it” cannot read the messages bolstering a very strong messaging platform. 
- It also means that outsiders or third party individuals cannot snoop on conversations between intended recipients as well.

#### Artificial Intelligence

![alt text](https://github.com/OpenMined/OpenMined/blob/master/images/architecture.png?raw=true "Logo Title Text 1")

- With OpenMined, AI can be trained on data that it never has access to.
- The mission of the OpenMined community is to make privacy-preserving deep learning technology accessible to consumers, who supply data, and machine learning practitioners, who train models on that data. 
- Given recent developments in cryptography, AI-based products and services do not need a copy of a dataset in order to create value from it.
- This will democratize data, which will accelerate AI immensely. (also needed are education, algorithms, & compute)
- The beginning of DAOs (AI From the edges, to the center, to the swarm)

![alt text](https://cdn-images-1.medium.com/max/1600/1*zERfz_f3sPCn5UOm6NSDKA.png "Logo Title Text 1")
![alt text](https://cdn-images-1.medium.com/max/1600/1*3Ht9GR9Api7fdJBAxAkujQ.png "Logo Title Text 1")
![alt text](https://cdn-images-1.medium.com/max/1600/1*9uLcgQqNMUY9Ghcq8Er1gA.png "Logo Title Text 1")

## What Math does this require?

- Notation
- Abstract Algebra
- Discrete Math
- Calculus 

See KhanAcademy

## Zero Knowledge Proofs

- ZK-Snarks stands for Zero-Knowledge Succinct Non-Interactive Argument of Knowledge” 
- It runs on the idea of zero knowledge proofs.

### History

![alt text](https://www.justcryptonews.com/sites/default/files/2017-11/zkp-justcryptonews.jpg "Logo Title Text 1")

-  Zero Knowledge proofs came about in 1980’s thanks to the work of MIT researchers
- They were working on problems related to interactive proof systems, where a Prover exchanges messages with a Verifier (more on provers and verifiers later) to convince them that they have a knowledge of a certain proof without declaring what that knowledge is.
- Before they made their landmark discovery, most proof systems were based on the “soundness” properties of the proof system. It was always assumed that the “prover” could be the malicious one in any scenario wherein they will try to fool the verifier. 
- They flipped the idea on its head by questioning the morality of the verifier instead of the prover. 
- The question they asked was, how can anyone know for sure that the verifier won’t leak the knowledge? 
- Suppose you want to login to a website using a password. The standard protocol is that the client (you) will write in their password and send it to the server, the server will then hash the password and equate it to the hash that they have stored in their system. If the values match up, then you can enter the system.
- The flaw here is that The server has the plaintext version of your password, and your privacy is at the mercy of the server (the verifier in this scenario). 
- In order to counter these scenarios, zero knowledge proofs are absolutely essential 
- There are two parties when it comes to a zero knowledge proof, the prover and the verifier. 
- Zero knowledge states that a prover can prove to the verifier that they possess a certain knowledge without telling them what that knowledge actually is.

### Properties of a zero knowledge proof
![alt text](https://disruptionhub.com/wp-content/uploads/2018/01/Zero-knowldge-sum.jpg "Logo Title Text 1")

- Completeness: If the statement is true then an honest verifier can be convinced of it by an honest prover.
- Soundness: If the prover is dishonest, they can’t convince the verifier of the soundness of the statement by lying.
- Zero-Knowledge: If the statement is true, the verifier will have no idea what the statement actually is.

Lets look at some examples

#### Case #1 Alibaba’s Cave

- In this example, the prover (P) is saying to the verifier(V) that they know the password of the secret door at the back of the cave and they want to prove it to the verifier without actually telling them the password.

![alt text](https://blockgeeks.com/wp-content/uploads/2017/08/image1-3.png "Logo Title Text 1")

- The Prover goes down any of the paths A and B, suppose they initially decide to go through path A and reach the secret door at the back. 
- When they do so, the verifier V comes in at the entrance, with no knowledge of which path the prover actually took and declares that they want to see the prover appear from path B.
- The prover does indeed appear in path B. 
- But what if this was dumb luck? What if the prover didn’t know the pass code, and took the path B, was stuck at the door and by sheer fortune, the verifier told him to appear from path B, the one they were originally on anyway?
- To test the validity, the experiment is done multiple times. 
- If the prover can appear at the correct path every single time, it proves to the verifier that the prover indeed knows the password even though the verifier doesn’t know what the password actually is.

Satisfied Zero knowledge properties

- Completeness: Since the statement was true, the honest prover convinced the honest verifier.
- Soundness: If the prover was dishonest, they couldn’t have fooled the verifier because the test was done multiple times. Eventually, the prover’s luck had to run out.
- Zero-Knowledge: The verifier never knew what the password was, but was convinced that the prover had possession of it.

#### Case #2 Finding Waldo

- Finding Waldo is a game where you have to find “Waldo” among a sea of people. 

![alt text](https://blockgeeks.com/wp-content/uploads/2017/08/image3.jpg "Logo Title Text 1")

- Imagine there are two people Anna and Carl. Anna tells Carl that she knows where Waldo is but she doesn’t want to show him where exactly he is. How can she prove to him that she has found Waldo without showing his exact position?
- Problem : You and a friend play “Where’s Waldo?”. You solve the puzzle before your friend, and you want to prove to your friend you solved the puzzle, without giving him any hints. How do you do this?
- Solution:  Take a sheet of paper of identical dimensions to the picture, and mark a spot on it in the position where Waldo would have been on that sheet of paper. Fold that sheet of paper to some kind of origami animal, and give it to your friend. Once he solves the puzzle, he can open the folding, and see for himself that the point was marked correctly.

## Proof vs Proof Of Statements

![alt text](http://slideplayer.com/slide/7897446/25/images/5/Two+Kinds+of+Zero-Knowledge+Proofs.jpg "Logo Title Text 1")

- What exactly are we proving by using ZKP? In a broad spectrum, there are two statements that you can prove by using ZKP. Proofs aka facts and proof of knowledge.
- Proofs: These are the intrinsic truths about the universe that you may want to prove via ZKP. Eg. “number X belongs to a group Y”.
- Proof of knowledge: You may also want to prove that you have knowledge of a particular idea without revealing what that particular knowledge is. As can be seen in the examples of Waldo and Alibaba’s cave given above.
- It is important to note the difference between these two because they are completely different. 
- The cryptocurrency world is mostly focused around “proof of knowledge”. 
- One of the most important breakthroughs in proving proof of knowledge via zero knowledge proof came when Claus-Peter Schnorr in the 1980s came up with the Schnorr identification protocol. 
- This protocol lays the basics of modern key signature cryptography and displays how Zero-knowledge can be seamlessly integrated into modern cryptographical practices.

## ZK-Snarks

![alt text](https://image.slidesharecdn.com/slides-161228124722/95/zksnarks-in-ethereum-and-baby-zoe-16-638.jpg?cb=1482929690 "Logo Title Text 1")

- ZK-Snarks stands for Zero-Knowledge Succinct Non-Interactive Argument of Knowledge” 
- Its use in modern blockchain technology is immense. 
- To understand its application, it is important to know how a smart contract works. 
- A smart contract is basically an escrow of funds which gets activated once a particular function is done.
- Eg. Anna puts 100 ETH in a smart contract that she gets into with Carl. Carl has to do a particular task, on the completion of which, Carl will get the 100 ETH from the smart contract.
- Suppose you have entered a smart contract with Anna. Now, you will only get the payment if you do A, B and C. What if you don’t want to reveal the details of A, B, and C because they are confidential to your company and you don’t want any competitors to know what you have to do?
- What Zk-Snarks does is that it proves that those steps have been taken in the smart contract without revealing what those steps actually are. It is very useful is protecting you and your company’s privacy. 
- It can just reveal part of the process without showing the whole process itself and prove that you are being honest about your claims.

How do ZkSnarks work?

- A Zk-Snark consists of 3 algorithms: G, P and V.
- G is a key generator takes an input “lambda” (which must be kept confidential and shouldn’t be revealed under any circumstances) and a program C. It then proceeds to generate two publicly available keys, a proving key pk, and a verification key vk. These keys are both public and available to any of the concerned parties.
- P is the prover who is going to use 3 items as input. The proving key pk, the random input x, which is publicly available, and the private statement that they want to prove the knowledge of without revealing what it actually is. Let’s call that private statement “w”. The P algorithm generates a proof prf such that: prf = P(pk, x,w).
- The verifier algorithm V has basically returned a boolean variable. A Boolean variable has only two choices, it can be TRUE or it can be FALSE. So, the verifier takes in the verifying key, public input x and proof prf as input such as:
 
```python
V(vk,x,prf)
```
..and returns TRUE if the prover is correct and false otherwise.

- The value of the “Lambda” must be kept confidential because then anyone can use it to generate fake proofs.
- These fake proofs will return a value of TRUE regardless of whether the prover actually has knowledge of private statement “w” or not.
- This is what the example program looks like:

```python
function C(x, w)
{
return ( sha256(w) == x );
}
```

- The function C takes in 2 values as input, a public hash value “x” and the secret statement that needs to be verified “w”. 
- If the SHA-256 hash value of w equals “x” then the function returns TRUE otherwise it returns FALSE. (SHA-256 is the hash function that is used in Bitcoin).

- Taking it back to Carl and Anna,
- The first thing that Carl, as the verifier, has to do is to generate the proving and verifying key using the generator G. 
- For this, Carl needs to generate the random value “lambda”. As stated above, however, he needs to be super careful with Lambda because he can’t let Anna know its value to stop her from creating fake proofs.
 
It will look like this

```python
G(C, lambda) = (pk , vk)
```

- Now that the two keys are generated, Anna needs to prove the validity of the statement by generating the proof. 
- She is going to generate the proof using the proving algorithm P. 
- She is going to prove that she knows the secret value “w” which hashes (on parsing through SHA-256) to give the output x. 

The proving algorithm for proof generation looks like this:

```python
prf = P( pk, x, w)
```

- Now that she has generated the proof “prf”, she is going to give the value to Carl who is finally going to run the verification algorithm of Zk-Snarks.

It will look like this
 
```python
V( vk, x, prf)
```
 
- Here, vk is the verifying key and x is the known hash value and prf is the proof that he has gotten from Anna. 
- If this algorithm returns TRUE then this means that Anna was honest and she indeed had the secret value “w”. 
- If it returns FALSE then this means that Anna was lying about knowing what “w” is.

Side notes, 
- Zcash is the first example a cryptocurrency marrying the concepts of blockchain technology with ZkSnarks. It aims to provide completely safe and shielded transaction spaces for its users without revealing details (such as their addresses) to anyone.
- Ethereum wants to integrate ZkSnarks as it enters its Metropolis phase 

## Cryptpad code walkthrough

https://github.com/xwiki-labs/cryptpad/wiki/Understanding-the-database
    

In [None]:
https://github.com/xwiki-labs/cryptpad/blob/cfc9ce33d6c7034a13cb0e6d606de6fba38697e0/www/common/common-hash.js
https://github.com/xwiki-labs/cryptpad/blob/7da01d08629ec443a533f5db5723172404a54723/www/examples/pin/main.js