Scaling Ethereum using Zero-Knowledge ProofsHyojun Kim
Introduces the way how ZKPs can be used to scale Ethereum blockchains.
— What is Zero-Knowledge Proof?
— zk-SNARKs and Succinctness
— Layer-2 Scalability using zk-SNARKs
— Using SNARK on Ethereum
— Going Future: zk-STARKs
We're hiring! abr.ge/ueaerh
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare NelsonSSIMeetup
This talk will introduce Zero-Knowledge Proofs (ZKPs) and explain why they are a key element in a growing number of privacy-preserving, digital-identity platforms. Clare will provide basic illustrations of ZKPs and leave the necessary mathematics foundations to the readers.
After this talk you will understand that there is a variety of ZKPs, it’s still early days, and why ZKP is such a perfect tool for digital identity platforms. This talk includes significant updates from the newly-organized ZKProof Standardization organization plus a signal of maturity: one of the first known ZKP vulnerabilities.
Clare will explain why ZKPs are so powerful, and why they are building blocks for a range of applications including privacy-preserving cryptocurrency such as Zcash, Ethereum, Artificial Intelligence, and older versions of Trusted Platform Modules (TPMs). The presentation includes many backup slides for future learning and researching, including four slides of references.
Zero Knowledge Proofs: What they are and how they workAll Things Open
Title: Zero Knowledge Proofs: What they are and how they work
Presented at All Things Open 2022
Presented by Jim Zhang
Abstract: Have you ever wanted to convince the security guard at the bar that you are over the legal drinking age, but didn’t want to tell them how old you are? Use a zero knowledge proof! Zero knowledge proofs (or ZKPs) are a powerful cryptographic technology that are being used to build privacy-preserving blockchains, next-generation digital identities, and many other things. Come and learn more about what Zero Knowledge Proofs are and how they work.
In the near future, privacy-preserving authentication methods will flood the market, and they will be based on Zero-Knowledge Proofs. IBM and Microsoft invested in these solutions many years ago.
This talk will introduce Zero-Knowledge Proofs (ZKPs) and explain why they are a key element in a growing number of privacy-preserving, digital-identity platforms. Clare will provide basic illustrations of ZKPs and leave the necessary mathematics foundations to the readers.
After this talk you will understand that there is a variety of ZKPs, it’s still early days, and why ZKP is such a perfect tool for digital identity platforms. This talk includes significant updates from the newly-organized ZKProof Standardization organization plus a signal of maturity: one of the first known ZKP vulnerabilities.
Clare will explain why ZKPs are so powerful, and why they are building blocks for a range of applications including privacy-preserving cryptocurrency such as Zcash, Ethereum, Artificial Intelligence, and older versions of Trusted Platform Modules (TPMs). The presentation includes many backup slides for future learning and researching, including four slides of references.
Smart contracts are the next version of automated contracts where the user won't have to rely on trust. Smart contracts are automated algorithmic digital forms of contracts where parties can exchange assets without any intermediaries based on specified rules. Here, the program within the smart contract will self-execute based on the conditions previously defined by the parties.
There are certain benefits to using smart contracts such as autonomous, secured, interruption-free, trustless, cost-effective, fast performance, and accurate and error-free. But here, we will analyze the examples of smart contracts, such as how it can be useful in digital identity, supply chain management, insurance, etc.
To help you understand how smart contracts work or how you can utilize this new form of technology for your personal gain, or company 101 Blockchains offers an array of courses. You can use these courses to learn more about smart contracts and its role in various sectors.
Learn more about smart contracts from here ->
Ethereum Development Fundamentals course
https://academy.101blockchains.com/courses/ethereum-development-fundamentals
The Complete Ethereum Technology Course
https://academy.101blockchains.com/courses/ethereum-technology-course
Learn more about the certification courses from here ->
Certified Enterprise Blockchain Professional (CEBP) course
https://academy.101blockchains.com/courses/blockchain-expert-certification
Certified Enterprise Blockchain Architect (CEBA) course
https://academy.101blockchains.com/courses/certified-enterprise-blockchain-architect
Certified Blockchain Security Expert (CBSE) course
https://academy.101blockchains.com/courses/certified-blockchain-security-expert
Learn more from our guide ->
https://101blockchains.com/smart-contracts/
https://101blockchains.com/ethereum-smart-contracts/
https://101blockchains.com/blockchain-smart-contract-examples/
https://101blockchains.com/smart-contract-use-cases/
https://101blockchains.com/what-is-a-smart-contract/
Scaling Ethereum using Zero-Knowledge ProofsHyojun Kim
Introduces the way how ZKPs can be used to scale Ethereum blockchains.
— What is Zero-Knowledge Proof?
— zk-SNARKs and Succinctness
— Layer-2 Scalability using zk-SNARKs
— Using SNARK on Ethereum
— Going Future: zk-STARKs
We're hiring! abr.ge/ueaerh
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare NelsonSSIMeetup
This talk will introduce Zero-Knowledge Proofs (ZKPs) and explain why they are a key element in a growing number of privacy-preserving, digital-identity platforms. Clare will provide basic illustrations of ZKPs and leave the necessary mathematics foundations to the readers.
After this talk you will understand that there is a variety of ZKPs, it’s still early days, and why ZKP is such a perfect tool for digital identity platforms. This talk includes significant updates from the newly-organized ZKProof Standardization organization plus a signal of maturity: one of the first known ZKP vulnerabilities.
Clare will explain why ZKPs are so powerful, and why they are building blocks for a range of applications including privacy-preserving cryptocurrency such as Zcash, Ethereum, Artificial Intelligence, and older versions of Trusted Platform Modules (TPMs). The presentation includes many backup slides for future learning and researching, including four slides of references.
Zero Knowledge Proofs: What they are and how they workAll Things Open
Title: Zero Knowledge Proofs: What they are and how they work
Presented at All Things Open 2022
Presented by Jim Zhang
Abstract: Have you ever wanted to convince the security guard at the bar that you are over the legal drinking age, but didn’t want to tell them how old you are? Use a zero knowledge proof! Zero knowledge proofs (or ZKPs) are a powerful cryptographic technology that are being used to build privacy-preserving blockchains, next-generation digital identities, and many other things. Come and learn more about what Zero Knowledge Proofs are and how they work.
In the near future, privacy-preserving authentication methods will flood the market, and they will be based on Zero-Knowledge Proofs. IBM and Microsoft invested in these solutions many years ago.
This talk will introduce Zero-Knowledge Proofs (ZKPs) and explain why they are a key element in a growing number of privacy-preserving, digital-identity platforms. Clare will provide basic illustrations of ZKPs and leave the necessary mathematics foundations to the readers.
After this talk you will understand that there is a variety of ZKPs, it’s still early days, and why ZKP is such a perfect tool for digital identity platforms. This talk includes significant updates from the newly-organized ZKProof Standardization organization plus a signal of maturity: one of the first known ZKP vulnerabilities.
Clare will explain why ZKPs are so powerful, and why they are building blocks for a range of applications including privacy-preserving cryptocurrency such as Zcash, Ethereum, Artificial Intelligence, and older versions of Trusted Platform Modules (TPMs). The presentation includes many backup slides for future learning and researching, including four slides of references.
Smart contracts are the next version of automated contracts where the user won't have to rely on trust. Smart contracts are automated algorithmic digital forms of contracts where parties can exchange assets without any intermediaries based on specified rules. Here, the program within the smart contract will self-execute based on the conditions previously defined by the parties.
There are certain benefits to using smart contracts such as autonomous, secured, interruption-free, trustless, cost-effective, fast performance, and accurate and error-free. But here, we will analyze the examples of smart contracts, such as how it can be useful in digital identity, supply chain management, insurance, etc.
To help you understand how smart contracts work or how you can utilize this new form of technology for your personal gain, or company 101 Blockchains offers an array of courses. You can use these courses to learn more about smart contracts and its role in various sectors.
Learn more about smart contracts from here ->
Ethereum Development Fundamentals course
https://academy.101blockchains.com/courses/ethereum-development-fundamentals
The Complete Ethereum Technology Course
https://academy.101blockchains.com/courses/ethereum-technology-course
Learn more about the certification courses from here ->
Certified Enterprise Blockchain Professional (CEBP) course
https://academy.101blockchains.com/courses/blockchain-expert-certification
Certified Enterprise Blockchain Architect (CEBA) course
https://academy.101blockchains.com/courses/certified-enterprise-blockchain-architect
Certified Blockchain Security Expert (CBSE) course
https://academy.101blockchains.com/courses/certified-blockchain-security-expert
Learn more from our guide ->
https://101blockchains.com/smart-contracts/
https://101blockchains.com/ethereum-smart-contracts/
https://101blockchains.com/blockchain-smart-contract-examples/
https://101blockchains.com/smart-contract-use-cases/
https://101blockchains.com/what-is-a-smart-contract/
The Transaction Timer feature of NXP’s MIFARE DESFire EV3 and MIFARE Plus EV2 ICs defends against Man-in-the-Middle attacks. The new feature makes it possible to set a minimum time per transaction, so it’s harder for an attacker to interfere with the transaction. Learn more about the technical details of the Transaction Timer feature and how it can be used to make access control, transport ticketing, and micropayment installations more secure.
There are new and emerging opportunities for organisations in all sectors to create and deliver compelling services for their customers using the power of disruptive innovation. As organisations formulate their plans for the coming months, this paper aims to help business and public sector leaders understand the cultural and organisational challenges that are inevitably brought by the use of blockchain technologies, and provides them with the insights they need to overcome them.
Overview and clarification of blockchain on following respects: what blockchain is, when it appeared, how it works, who designed/develops it, what it can achieve?
Author : Dr Christian Cachin, IBM
Ethereum is an open-source blockchain platform that offers smart contract facilities. Solidity was first introduced as a new type of programing language for the Ethereum platform. Developers use the Solidity programming language to develop smart contracts. Using Solidity, you can program the contracts to do any type of task.
Solidity is a type of object-oriented programming language. This programing language is developed specifically for smart contracts. This type of language is widely used in creating smart contracts features in blockchain platforms.
To understand Solidity better developers, need to dive into the key elements of this language, such as the compiler, pragma, reserved keywords, value types, variables, etc. There are already many use cases of using Solidity as the foundation for smart contracts. However, this language also has its fair share of issues.
Here, at 101 blockchains, we are offering courses that will help you comprehend this topic in a simple manner. Using our courses, you will understand the concepts behind Solidity and Smart contracts in no time.
Learn more about Solidity and smart contracts from here ->
Ethereum Development Fundamentals course
https://academy.101blockchains.com/courses/ethereum-development-fundamentals
The Complete Ethereum Technology Course
https://academy.101blockchains.com/courses/ethereum-technology-course
Learn more about the certification courses from here ->
Certified Enterprise Blockchain Professional (CEBP) course
https://academy.101blockchains.com/courses/blockchain-expert-certification
Certified Enterprise Blockchain Architect (CEBA) course
https://academy.101blockchains.com/courses/certified-enterprise-blockchain-architect
Certified Blockchain Security Expert (CBSE) course
https://academy.101blockchains.com/courses/certified-blockchain-security-expert
Learn more from our guide ->
https://101blockchains.com/solidity-tutorial/
https://101blockchains.com/solidity-vs-move-vs-clarity/
https://101blockchains.com/smart-contract-best-practices/
https://101blockchains.com/solidity-issues/
https://101blockchains.com/smart-contracts/
https://101blockchains.com/ethereum-smart-contracts/
https://101blockchains.com/blockchain-smart-contract-examples/
Verifiable Credentials, Self Sovereign Identity and DLTs Vasiliy Suvorov
My talk from Crypto Valley Conference 2018 on emerging standards in Self-Sovereign Identity, Technology behind it, Overview of implementations and how to use it with blockchain and DLT systems.
Introduction to Solidity and Smart Contract Development (9).pptxGene Leybzon
Blockchain is a revolutionary technology that is changing the way we handle digital transactions. It is a technology that can be applied in many different fields, from logistics and supply chain management to real estate and voting systems.
In order to help our clients to plan and execute digital transformation, we need to understand foundational elements, including smart contracts and languages that are popular in developing smart contracts.
In this presentation, we share an overview of what a smart contract is and how it functions, look into the real-world examples of smart contracts, and tools that are used to develop smart contracts. We look into Solidity, a powerful programming language that enables developers to create complex and sophisticated smart contract applications on Ethereum-compatible blockchains.
There is no expectation of prior knowledge of blockchain technology or smart contracts development and we are expecting to have a lively and engaging session.
Getting Started in Blockchain Security and Smart Contract AuditingBeau Bullock
Why is blockchain security important?
Blockchain usage has exploded since the Bitcoin whitepaper was first published in 2008. Many applications rely on this technology for increased trust and privacy, where they would otherwise be absent from a centralized system.
The ecosystem surrounding blockchain technology is large, complex, and has many moving pieces. Exchanges exist where users can transact various cryptocurrencies, NFTs, and tokens. Smart contracts can be written to programmatically apply behavior to blockchain transactions. Decentralized Finance (DeFi) markets exist where users can swap tokens without needing to sign up for an account.
All of these pieces are prone to vulnerabilities, and with blockchain being at the forefront of emerging technology new issues are being found daily.
In this Black Hills Information Security (BHIS) webcast, we'll use case studies about recent blockchain hacks to introduce the underlying issues that occur in writing/engineering smart contracts that have ultimately lead to the loss of millions of dollars to attackers.
Understanding Proof of Work (PoW) and Proof of Stake (PoS) AlgorithmsGautam Anand
We will focus on understanding "Proof of Stake (PoS)" Algorithm, how it different from "Proof of Work" algorithm, the performance benefits and security overview. We will also discuss the upcoming blockchain protocols that are planning to move to PoS.
Use extensively researched Blockchain PowerPoint Presentation Slides to educate your audience about the secure online payment transactions and cryptographic techniques. Show encryption methods and concept of decentralized network that allows the easy transfer of digital values such as currency and data. Bitcoin developers can incorporate this professionally designed content-ready blockchain PowerPoint presentation templates for their work. This deck covers topics like distributed ledger, working of a distributed ledger, use cases, industrial blockchain benefits, blockchain limitations, and more. Illustrate the idea of transferring funds directly between two parties without any banks or credit card company using blockchain PPT presentation templates. Demonstrate the workings of cryptocurrencies, showcase the process and its benefits with the help of cryptocurrency PPT slides. These templates are completely customizable. You can edit the slides as per your convenience. Change color, text, icon, and font size as per your need. Download now. Engage with disbelievers through our Blockchain Powerpoint Presentation Slides. Explain the grounds for your beliefs.
Introduction to Secure Socket Layer (SSL) and Tunnel Layer Security (TLS). Shows basic principle of SSL and also little bit of practical applicability.
Basics you need to know about Solidity and how it works. Learn the simple way of building a smart contract in Solidity. Tools that can be used with Solidity.
This is my first public speech about way to secure your API. Interective presentation you could find here - https://sergeypodgornyy.github.io/oauth-webbylab-presentation/
Security is something you want to get right. If you need to secure an API right now, I imagine you are worrying about how, exactly, to do it. It is to my surprise that JSON Web Tokens is a topic not often talked about, and I think it deserves to be in the spotlight today. We will see how easy it is to integrate it in an API authentication mechanism. If you want simple stateless HTTP authentication to an API, then JWT is just fine and relatively quick to implement. But JWT is a simple authentication protocol, OAuth is an authentication framework, that enables a third-party application to obtain limited access to an HTTP service. OAuth is a simple way to publish and interact with protected data. It's also a safer and more secure way for people to give you access.
The Transaction Timer feature of NXP’s MIFARE DESFire EV3 and MIFARE Plus EV2 ICs defends against Man-in-the-Middle attacks. The new feature makes it possible to set a minimum time per transaction, so it’s harder for an attacker to interfere with the transaction. Learn more about the technical details of the Transaction Timer feature and how it can be used to make access control, transport ticketing, and micropayment installations more secure.
There are new and emerging opportunities for organisations in all sectors to create and deliver compelling services for their customers using the power of disruptive innovation. As organisations formulate their plans for the coming months, this paper aims to help business and public sector leaders understand the cultural and organisational challenges that are inevitably brought by the use of blockchain technologies, and provides them with the insights they need to overcome them.
Overview and clarification of blockchain on following respects: what blockchain is, when it appeared, how it works, who designed/develops it, what it can achieve?
Author : Dr Christian Cachin, IBM
Ethereum is an open-source blockchain platform that offers smart contract facilities. Solidity was first introduced as a new type of programing language for the Ethereum platform. Developers use the Solidity programming language to develop smart contracts. Using Solidity, you can program the contracts to do any type of task.
Solidity is a type of object-oriented programming language. This programing language is developed specifically for smart contracts. This type of language is widely used in creating smart contracts features in blockchain platforms.
To understand Solidity better developers, need to dive into the key elements of this language, such as the compiler, pragma, reserved keywords, value types, variables, etc. There are already many use cases of using Solidity as the foundation for smart contracts. However, this language also has its fair share of issues.
Here, at 101 blockchains, we are offering courses that will help you comprehend this topic in a simple manner. Using our courses, you will understand the concepts behind Solidity and Smart contracts in no time.
Learn more about Solidity and smart contracts from here ->
Ethereum Development Fundamentals course
https://academy.101blockchains.com/courses/ethereum-development-fundamentals
The Complete Ethereum Technology Course
https://academy.101blockchains.com/courses/ethereum-technology-course
Learn more about the certification courses from here ->
Certified Enterprise Blockchain Professional (CEBP) course
https://academy.101blockchains.com/courses/blockchain-expert-certification
Certified Enterprise Blockchain Architect (CEBA) course
https://academy.101blockchains.com/courses/certified-enterprise-blockchain-architect
Certified Blockchain Security Expert (CBSE) course
https://academy.101blockchains.com/courses/certified-blockchain-security-expert
Learn more from our guide ->
https://101blockchains.com/solidity-tutorial/
https://101blockchains.com/solidity-vs-move-vs-clarity/
https://101blockchains.com/smart-contract-best-practices/
https://101blockchains.com/solidity-issues/
https://101blockchains.com/smart-contracts/
https://101blockchains.com/ethereum-smart-contracts/
https://101blockchains.com/blockchain-smart-contract-examples/
Verifiable Credentials, Self Sovereign Identity and DLTs Vasiliy Suvorov
My talk from Crypto Valley Conference 2018 on emerging standards in Self-Sovereign Identity, Technology behind it, Overview of implementations and how to use it with blockchain and DLT systems.
Introduction to Solidity and Smart Contract Development (9).pptxGene Leybzon
Blockchain is a revolutionary technology that is changing the way we handle digital transactions. It is a technology that can be applied in many different fields, from logistics and supply chain management to real estate and voting systems.
In order to help our clients to plan and execute digital transformation, we need to understand foundational elements, including smart contracts and languages that are popular in developing smart contracts.
In this presentation, we share an overview of what a smart contract is and how it functions, look into the real-world examples of smart contracts, and tools that are used to develop smart contracts. We look into Solidity, a powerful programming language that enables developers to create complex and sophisticated smart contract applications on Ethereum-compatible blockchains.
There is no expectation of prior knowledge of blockchain technology or smart contracts development and we are expecting to have a lively and engaging session.
Getting Started in Blockchain Security and Smart Contract AuditingBeau Bullock
Why is blockchain security important?
Blockchain usage has exploded since the Bitcoin whitepaper was first published in 2008. Many applications rely on this technology for increased trust and privacy, where they would otherwise be absent from a centralized system.
The ecosystem surrounding blockchain technology is large, complex, and has many moving pieces. Exchanges exist where users can transact various cryptocurrencies, NFTs, and tokens. Smart contracts can be written to programmatically apply behavior to blockchain transactions. Decentralized Finance (DeFi) markets exist where users can swap tokens without needing to sign up for an account.
All of these pieces are prone to vulnerabilities, and with blockchain being at the forefront of emerging technology new issues are being found daily.
In this Black Hills Information Security (BHIS) webcast, we'll use case studies about recent blockchain hacks to introduce the underlying issues that occur in writing/engineering smart contracts that have ultimately lead to the loss of millions of dollars to attackers.
Understanding Proof of Work (PoW) and Proof of Stake (PoS) AlgorithmsGautam Anand
We will focus on understanding "Proof of Stake (PoS)" Algorithm, how it different from "Proof of Work" algorithm, the performance benefits and security overview. We will also discuss the upcoming blockchain protocols that are planning to move to PoS.
Use extensively researched Blockchain PowerPoint Presentation Slides to educate your audience about the secure online payment transactions and cryptographic techniques. Show encryption methods and concept of decentralized network that allows the easy transfer of digital values such as currency and data. Bitcoin developers can incorporate this professionally designed content-ready blockchain PowerPoint presentation templates for their work. This deck covers topics like distributed ledger, working of a distributed ledger, use cases, industrial blockchain benefits, blockchain limitations, and more. Illustrate the idea of transferring funds directly between two parties without any banks or credit card company using blockchain PPT presentation templates. Demonstrate the workings of cryptocurrencies, showcase the process and its benefits with the help of cryptocurrency PPT slides. These templates are completely customizable. You can edit the slides as per your convenience. Change color, text, icon, and font size as per your need. Download now. Engage with disbelievers through our Blockchain Powerpoint Presentation Slides. Explain the grounds for your beliefs.
Introduction to Secure Socket Layer (SSL) and Tunnel Layer Security (TLS). Shows basic principle of SSL and also little bit of practical applicability.
Basics you need to know about Solidity and how it works. Learn the simple way of building a smart contract in Solidity. Tools that can be used with Solidity.
This is my first public speech about way to secure your API. Interective presentation you could find here - https://sergeypodgornyy.github.io/oauth-webbylab-presentation/
Security is something you want to get right. If you need to secure an API right now, I imagine you are worrying about how, exactly, to do it. It is to my surprise that JSON Web Tokens is a topic not often talked about, and I think it deserves to be in the spotlight today. We will see how easy it is to integrate it in an API authentication mechanism. If you want simple stateless HTTP authentication to an API, then JWT is just fine and relatively quick to implement. But JWT is a simple authentication protocol, OAuth is an authentication framework, that enables a third-party application to obtain limited access to an HTTP service. OAuth is a simple way to publish and interact with protected data. It's also a safer and more secure way for people to give you access.
OxCEPT is a cyber security company providing authentication and encryption technology to product teams building connected products and services. Find out why authentication is critical to all connected products and the safety of their users.
, Blockchain offers a multitude of benefits, becoming a lucrative career option. So, if you are willing to make a good Blockchain career, you need to know about the various concepts. In this blog, we are going to discuss one such concept, Zero-Knowledge Proof.
OAuth is one of the most important but most misunderstood frameworks out there. What you think it is, it probably isn't. What it actually is, you probably hadn't considered. Regardless, when you consider the standards, specifications, and common practices interact and fit together, it's impressive what you can accomplish with minimal effort.In this session, we'll explore through the most common RFCs that are combined to make powerful, robust, and secure solutions that drive modern software development.
[WSO2 API Manager Community Call] Mastering JWTs with WSO2 API ManagerWSO2
In this community call, we discuss mastering JWTs with WSO2 API Manager including
- Backend user authentication with JWT
- Backend JWT generation
- Best practices to validate JWT
- User-related claims in JWT
- JWT grant
SGX: Improving Privacy, Security, and Trust Across Blockchain NetworksAltoros
These slides explain how to use Intel Software Garden Extensions (SGX) to improve privacy, security, trust, and transparency across blockchain networks that store sensitive data.
This talk articulates 1) what is a blockchain 2) why it is interesting 3) talks through use-cases grounded in real world projects. 4) Highlights questions government leaders should ask before deciding to use a blockchain.
Advanced Blockchain Technologies on Privacy & Scalability (All Things Open) Kaleido
(View presentation in full-screen mode for compatibility)
2019 is shaping up to be the pivotal point of broad adoption of blockchain technologies, thanks to the large amount of projects in the enterprise space. Among the top concerns of blockchain projects in the private sector and government alike are privacy and scalability. This talk will cover various technologies such as identity masking, data isolation, zero-knowledge proof, homomorphic encryption that helps keep private data protected from unintended parties, and technologies for improving scalability such as state/payment channels, sharding, and novel consensus algorithms.
Stateless Microservice Security via JWT and MicroProfile - MexicoOtávio Santana
The learning curve for REST API security is severe and unforgiving. Specifications promise infinite flexibility, habitually give old concepts new names, and almost seem designed to deliberately confuse. With an aggressive distaste for fancy terminology, the first half of this session delves into OAuth 2.0 with and without JWTs and shows how it falls into two camps: stateful and stateless. Starting at Basic Auth and walking forward, we'll compare each with heavy focus on the wire, showing actual HTTP messages and analyzing their impact on load and security against a baseline Microservice architecture.
The second half of this presentation we'll deep dive into MicroProfile JWT, which offers a clean Java API and standard configuration for consuming JWTs in Java Microservices. Code and demo focused, we'll see a complete MicroProfile JWT, TomEE and AngularJS app running on Oracle Cloud that issues JWTs with custom backend-data, performs server-side verification and injection of claims, and client-side login and refresh. All code in Github, you'll leave ready to bootstrap your next truly secure full-stack project.
Stateless Microservice Security via JWT and MicroProfile - ES Otavio Santana
The learning curve for REST API security is severe and unforgiving. Specifications promise infinite flexibility, habitually give old concepts new names, and almost seem designed to deliberately confuse. With an aggressive distaste for fancy terminology, the first half of this session delves into OAuth 2.0 with and without JWTs and shows how it falls into two camps: stateful and stateless. Starting at Basic Auth and walking forward, we'll compare each with a heavy focus on the wire, showing actual HTTP messages and analyzing their impact on load and security against a baseline Microservice architecture.
The second half of this presentation we'll deep dive into MicroProfile JWT, which offers a clean Java API and standard configuration for consuming JWTs in Java Microservices. Code and demo focused, we'll see a complete MicroProfile JWT, TomEE and AngularJS app running on Oracle Cloud that issues JWTs with custom backend-data, performs server-side verification and injection of claims, and client-side login and refresh. All code in Github, you'll leave ready to bootstrap your next truly secure full-stack project.
Stateless Microservice Security via JWT and MicroProfile - GuatemalaOtávio Santana
The learning curve for REST API security is severe and unforgiving. Specifications promise infinite flexibility, habitually give old concepts new names, and almost seem designed to deliberately confuse. With an aggressive distaste for fancy terminology, the first half of this session delves into OAuth 2.0 with and without JWTs and shows how it falls into two camps: stateful and stateless. Starting at Basic Auth and walking forward, we'll compare each with heavy focus on the wire, showing actual HTTP messages and analyzing their impact on load and security against a baseline Microservice architecture.
The second half of this presentation we'll deep dive into MicroProfile JWT, which offers a clean Java API and standard configuration for consuming JWTs in Java Microservices. Code and demo focused, we'll see a complete MicroProfile JWT, TomEE and AngularJS app running on Oracle Cloud that issues JWTs with custom backend-data, performs server-side verification and injection of claims, and client-side login and refresh. All code in Github, you'll leave ready to bootstrap your next truly secure full-stack project.
In this webinar we will discuss:
- The profile of an organization that is Expert at Kubernetes on Azure and AKS
- How to get to Expert status
- The challenges along the way and how embracing Azure services can help
- A demo of deploying applications with velocity on AKS
Journey Through Four Stages of Kubernetes Deployment MaturityAltoros
In this webinar we will discuss a crawl, walk, run approach to continuous delivery (CD) for applications, point by point:
Where to start, how to advance, and how to reach the level of maximum automation.
How to orchestrate CI/CD processes along with routing and business continuity.
When the automation level is sufficient.
GitOps principles and their benefits.
What tools should be used to automate CI, CD, GitOps, Container Registry, Secrets management, etc
Using the Cloud Foundry and Kubernetes Stack as a Part of a Blockchain CI/CD ...Altoros
These slides exemplify how to employ the tools available through Cloud Foundry and Kubernetes to enable a continuous integration and continuous delivery pipeline on blockchain.
The combination of StackPointCloud with NetApp creates NetApp Kubernetes Service, the industry’s first complete Kubernetes platform for multi-cloud deployments and a complete cloud-based stack for Azure, Google Cloud, AWS, and NetApp HCI. Further, Trident is a fully supported open source project maintained by NetApp, designed from the ground up to help meet the sophisticated persistence demands of containerized applications.
With no built-in solutions for managing user accounts, Kubernetes has to rely on external systems for this. Can we use one UAA solution for both Cloud Foundry and Kubernetes authentication while building a hybrid deployment?
Troubleshooting .NET Applications on Cloud FoundryAltoros
These slides overview how logs can be employed to troubleshoot .NET app on Cloud Foundry, as well as how to use metrics to enable preventive maintenance.
Continuous Integration and Deployment with Jenkins for PCFAltoros
Jenkins has been the preferred tool for continuous integration and deployment for many years already due to it's smooth user experience, easy configuration, abundance of available plugins and integrations. During the talk we will tell about best practices on using Jenkins together with Cloud Foundry installations, accelerating cloud-native application delivery and packaging using combination of Docker and Jenkins and thoughtful configuration of CI/CD pipelines and keeping apps up-to-date on all CF environments.
At the Cloud Foundry Summit 2017 in Santa Clara, Altoros and GE Digital talked about a sensor-based solution for tracking luggage from registration to claim belt.
Navigating the Ecosystem of Pivotal Cloud Foundry TilesAltoros
For application developers, PCF tiles are arguably the easiest way to run Redis, Elasticsearch, Cassandra, or any other backing service with applications in the cloud.
Integrating AI into IoT networks is becoming a prerequisite for success in today’s data-driven digital ecosystems. The only way to keep up with IoT-generated data and gain the hidden insights it holds is using AI as the catalyst of IoT. Watch this slides to understand how IoT and AI may work together.
Over-Engineering: Causes, Symptoms, and TreatmentAltoros
If your are using Cloud Foundry, you are most obviously into the microservices architecture and cloud-native app development approach. These are definitely best practices in modern application development, but too much of a good thing is good for nothing. Overuse of these principles may lead to over-engineering, when an application is split into too much microservices and, as such, gets hard to maintain and support. This presentation highlights how far overuse of the microservices concept can go, what issues exist, and how these issues can be avoided.
A lot has changed in the Cloud Foundry ecosystem in the recent year. But how have these changes influenced the everyday life of the platform operations engineer? What has changed in the developer’s workflow? describe the changes accommodated by our engineers interacting with Cloud Foundry on a day-to-day basis. In this presentation, Altoros shares what features saved it most time and increased its confidence in the platform’s ability to self-heal. The presentation also touches upon the most anticipated features that are believed to make developers' lives much easier.
Bluemix Live Sync: Speed Up Maintenance and Delivery for Node.jsAltoros
There are many ways to become a part of the Node.js ecosystem, but not all of them allow developers to jump in equally easily. A tool reducing the infrastructure development process to minutes would definitely make the process smoother. The presentation describes how IBM Bluemix Live Sync can help engineers working with Node.js to accelerate the setup of an IT infrastructure and a development environment.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
2. @altoros
The situation
● you need to prove your identity
● you only have your driver’s
license
Driver License
First Name: Dmitry
Last Name: Lavrenov
Date of Birth: 21.08.1995
City: Minsk
3. @altoros
Wouldn’t it be better to have
an option that hides
your private information,
but still keeps
the driver’s license valid?
Driver License
First Name: Dmitry
Last Name: Lavrenov
Date of Birth: 21.08.1995
City: Minsk
7. @altoros
Zero-knowledge proof
03 Goal ?
The Prover has a secret value X
The Goal is to prove it to the Verifier without revealing any
information about X
8. @altoros
ZKP conditions
Completeness
If the statement is true, then the honest verifier — the one that is following the
protocol properly — will be convinced of this fact by an honest prover.
9. @altoros
ZKP conditions
Soundness
If the statement is false, then no cheating prover can convince the honest
verifier that it is true, except for some small probability.
20. @altoros
A non interactive ZKP
● Note that interaction between users is required for general ZKP
● What can be done if interaction between users is not an option?
21. @altoros
The general structure of a non interactive
ZKP
Witness P
Function
“Make a proof”
02
Get the proof
03 Send the proof
01
Send a confidential info
Function
“Check a proof”
05
Get the result
04
Check the proof
V
24. @altoros
zk-SNARK
Noninteractive
Only one set of information is sent to the verifier for verification, therefore
there is no back and forth communication between the prover and verifier.
26. @altoros
Where can ZKP be applied ?
● Authentication systems
● Ethical behaviour
● Confidentiality
● Checking personal information
● Anonymity
27. @altoros
Zcash
zk-SNARK - based
Bitcoin transactions are fully transparent.
Everyone can use a Bitcoin block explorer to
check transaction that has been sent from
one BTC address to another BTC address.
Bitcoin vs Zcash
Zcash transactions can be private only if the
user chooses z-address. A special view key
can provide selective transparency.
1FeexV6 bAHb8ybZjqQMjJrcCrHGW9sb6uF
5 BTC
nothing to see here
1JCe8z4jJVNXSjohjM4i9Hh813dLCNx2Sy nothing to see here
Sender’s address
??? ZEC
Unknown amount
“shielded ZEC”
Recipient’s address
unkown address
unkown address
28. @altoros
Zcash
Bitcoin, UTXO
● Bitcoin tracks UTXOs to determine what transactions are spendable and
validates it
BUT: All UTXO’s information is open and public.
32. @altoros
Zcash
● the sum of the input values is equal to the sum of the output values for
each shielded transfer
● the sender proves that they have the private spending keys of the input
notes, giving them the authority to spend
33. @altoros
Zcash
● the private spending keys of the input notes are cryptographically
linked to a signature over the whole transaction
● for each input note, a revealed commitment exists
34. @altoros
Zcash
● the nullifiers and note commitments are computed correctly
● it is infeasible for the nullifier of an output note to collide with the
nullifier of any other note
35. @altoros
Ethereum
● zk-SNARK-based solution can potentially increase transaction
processing to 500 tx/sec
● transaction cost is about 600,000 gas
● goal is to reduce the total transaction cost
36. @altoros
Ethereum. AZTEC protocol
● zk-SNARK-based solution on smart-contract level in Ethereum
● confidential Transfer function
● transaction cost is between 800,000-900,000 gas
(a simple transaction cost is about 21,000 gas)
37. @altoros
Identity Mixer (Idemix)
● ZKP-based cryptographic protocol
● Based on Camenisch-Lysyanskaya signature scheme
● Flexible public keys
● Flexible credentials
43. @altoros
Idemix implementation in Go
AttributeNames := [ ]string{"First Name", "Last Name", "Age", "City"}
data := [ ]string{"Dmitry00000000000000000000000000",
"Lavrenov000000000000000000000000",
"23000000000000000000000000000000",
"Minsk000000000000000000000000000"}
44. @altoros
Idemix implementation in Go.
//1. The prover creates keys and credential request to the issuer.
sk := idemix.RandModOrder(rng)
ni := idemix.RandModOrder(rng)
m := idemix.NewCredRequest(sk, idemix.BigToBytes(ni), key.Ipk, rng)
45. @altoros
Idemix implementation in Go.
//2. The issuer creates credentials for the prover.
cred, err := idemix.NewCredential(key, m, attrs, rng)
46. @altoros
Idemix implementation in Go.
// 3. The prover signs the credentials without disclosure Age and City.
disclosure = [ ]byte{1, 1, 0, 0}
sig, err = idemix.NewSignature(cred, sk, Nym, RandNym, key.Ipk,
disclosure, msg, rhindex, cri, rng)
attrs[2] = FP256BN.NewBIGint(0)
attrs[3] = FP256BN.NewBIGint(1)
47. @altoros
Idemix implementation in Go.
// 4. The verifier checks the signature using the Issuer’s public key.
err = sig.Ver(disclosure, key.Ipk, msg, attrs, rhindex,
&revocationKey.PublicKey, epoch)
Hello everyone, I’m from Minsk.
I’m a senior blockchain R&D engineer at Altoros and professionally focus on cryptography.
Today I would like to talk about a mechanism that has a close connection to cryptography, called zero-knowledge proof, and its potential within blockchain. From potentially being used in nuclear disarmament to providing anonymous and secure transactions for public blockchain networks, a zero-knowledge proof is a profound example of cryptographic innovation.
Let’s imagine the following situation. You need to prove your identity with First Name and Last Name to 3rd party. But you only have your driver’s license that contains additional personal information.
Wouldn’t it be better to have an option hides your private information, but still keeps the driver’s license valid ?
In this case, Zero-knowledge proof can help us
The first question is what is a zero-knowledge proof ?
There are 2 types of participants: the prover and the verifier
The prover has a secret value X. But The prover wants to prove it to the Verifier without revealing any information about X. The essence of a zero-knowledge proof is that it is trivial to prove that someone possesses knowledge of certain information by simply revealing it. The challenge is to justify such possession without revealing the information itself or any additional information.
Also, zero-knowledge proof protocol must satisfy the following three parameters:
Completeness. If the statement is true, the honest verifier—the one that is following the protocol properly—will be convinced of this fact by an honest prover
Soundness. If the statement is false, no cheating prover can convince the honest verifier that it is true, except for some small probability.
Zero knowledge. If the statement is true, no verifier learns anything, except the fact that the statement is true.
Completeness and soundness are properties of more general interactive proof systems. The addition of zero knowledge is what turns the verification process into a zero-knowledge proof.
Zero-knowledge proofs are not proofs in the mathematical sense of the term, because there is some small probability, the soundness error, that a cheating prover will be able to convince the verifier of a false statement.
In other words, zero-knowledge proofs are probabilistic proofs rather than deterministic ones.
The general structure of a zero-knowledge proof consists of three sequential actions between the prover and the verifier. These actions are called a witness, a challenge, and a response.
The fact that the Prover knows the secret determines the set of the questions, which always can be answered by the Prover correctly. At first, the Prover chooses randomly any question from the set and calculates a proof. Then, the Prover sends the proof to the Verifier.
After that, the Verifier chooses a question from the set and asks the Prover to answer it.
The Prover calculates the answer and sends it back to the Verifier.
The received answer allows the Verifier to check that the Prover really knows the secret.
The procedure can be repeated as many times as you want, until the probability that the Prover makes guesses rather than knows the correct answers becomes low enough.
To illustrate how ZKP works in practice, Wikipedia refers to the Ali Baba cave story. In this example, Peggy acts as the prover and Victor acts as the verifier.
In the story, the cave is shaped like a ring.
The entrance is on the left side, and there’s a magic door blocking the right side.
Peggy wants to prove to Victor that she knows the secret word to open the magic door.
However, she does not want to reveal the secret word.
To prove that Peggy knows the secret word, they mark the left and right paths from the entrance as A and B. Victor waits outside the cave, while Peggy enters. Hidden from Victor, Peggy walks along either path A or B.
Victor then enters the cave and shouts the name of the path—A or B—he wants Peggy to return to.
Peggy can easily do it if she knows the secret key.
In case Peggy doesn’t know the secret word, she would only be able to return from the door to the entrance if Victor called out the path she took after entering.
Since the path Victor chooses in random, the probability that Peggy doesn’t know the keyword is 1/2. If you repeat the process ktimes, then the probability becomes (½)^k.
This way, it’s enough, for example, to repeat the procedure 20 times to prove that Peggy know the keyword.
Note that the interaction between the users is needed for a ZKP. Although the number of interactions is small in single-round and constant protocols, both users must be involved simultaneously.
In this case, we have the following question: “What can be done if interaction between users is not an option ?”
Blum, Feldman, and Micali suggested a noninteractive ZKP, where users have a shared secret key, which is enough to prove that P knows some secret information without simultaneously involving both users and revealing the information itself.
Unlike a regular zero-knowledge proof, a general structure of a noninteractive ZKP consists of just a single action between participants P and V, and this action is a witness.
P creates the proof from the secret key using special function - “Make a proof”. Then P sends the proof to V. After than V can easily check the proof using another function, called “Check a proof”.
Let’s consider one of the most famous noninteractive zero-knowledge proof protocol.
It’s a zero-knowledge succinct noninteractive argument of knowledge protocol or zk-SNARK.
As we can see, It’s a ZKP-based protocol with additional features.
Succinct. It means that The size of the proof is small enough to be verified in a few milliseconds
Noninteractive. It means that Only one set of information is sent to the verifier for verification, therefore there is no back and forth communication between the prover and verifier.
Argument of knowledge. It means bounded computation for the prover.
ZKP protocol can be applied for the following actions.
Zcash is the first widespread application of zk-SNARK. In most public blockchains like Bitcoin, Ethereum, Bitshares and etc, transactions are validated by linking the sender address, receiver address, and input and output values. Zcash uses zk-SNARKs to prove that the conditions for a valid transaction have been satisfied without revealing any crucial information about the addresses or values involved.
Let consider differences between Bitcoin and Zcash for better understanding how zk-SNARK protocol enables privacy in Zcash.
Bitcoin tracks unspent transaction outputs (UTXOs) to determine what transactions are spendable and validates it.
In Zcash, the shielded equivalent of a UTXO is called a commitment, and spending a commitment involves revealing a nullifier.
Zcash nodes keep lists of all the commitments that have been created, and all the nullifiers that have been revealed.
Commitments and nullifiers are stored as hashes, to avoid disclosing any information about the commitments, or which nullifiers relate to which commitments.
For each new note created by a shielded payment, a commitment is published which consists of a hash of: the address to which the note was sent, the amount being sent, a number rho which is unique to this note (later this number is used to derive the nullifier), and a random nonce.
When a shielded transaction is spent, the sender uses their spending key to publish a nullifier which is the hash of the secret unique number rho from an existing commitment that has not been spent, and provides a zero-knowledge proof demonstrating that they are authorized to spend it.
The zero-knowledge proof for a shielded transaction verifies that the following assertions are true.
In September 2018 V.Buterin published the article[3] about on-chain scaling to potentially 500 tx/sec. Also It’s a zk-SNARK - based solution.
The main idea is to scale asset transfer transactions on ethereum by using ZK-SNARKs to mass-validate transactions.
In this case, the cost of a ZK-SNARK verification with the latest protocols is about 600,000 gas. The main goal for ZK-SNARK implementation in the Ethereum blockchain is to reduce
the total transaction’s cost.
Today, AZTEC team has implemented zk-SNARK-based solution on smart-contract level in Ethereum blockchain. You can use private transactions in Ethereum with AZTEC smart contract using confidentialTransfer function.
A standard AZTEC zero-knowledge transaction costs between 800,000 - 900,000 gas.
Idemix is the another example of ZKP-based protocol that is suite for privacy-preserving authentication and transfer of certified attributes which is developed by IBM Research.
Identity Mixer works in a similar way as client certificates in a classical public-key infrastructure (PKI), but with two important differences:
Flexible public keys: Rather than being bound to a single public key, users can have many independent public keys for the same secret key, so that they can use a different keys for each verifier or even for each session.
Flexible credentials: The credentials that certify the user’s attributes can be transformed into valid tokens that contain only a subset of the attributes in the original credential.
Hyperledger Fabirc is one of the famous Hyperledger’s frameworks for blockchain technology which also has implemented Idemix.
There is the picture that described Idemix implementation in Hyperledger Fabric.
Idemix crypto package implements basic cryptographic algorithms.
In this way, Hyperledger Fabric with Idemix protocol provides strong authentication as well as privacy-preserving features such as anonymity, the ability to transact without revealing the identity of the transactor, and unlinkability, the ability of a single identity to send multiple transactions without revealing that the transactions were sent by the same identity.
Hyperledger Indy also uses Idemix. Indy provides a software ecosystem for private, secure, and powerful identity.
Indy-anoncreds is the main cryptographical part of Hyperledger Indy which provides privacy of identity’s credentials. It’s ZKP-based upon the Idemix protocol.
There are the main steps which describe the main anoncreds workflow.
Firstly, the prover creates master key. Master key is used to guarantee that a credential uniquely applies to the prover.
Then the Prover creates credentials which is signed by the Issuer’s private key and stores it in the wallet.
Finally, the Prover can create the proof to the Verifier.
Identity Mixer crypto package was implemented firstly in Golang in Hyperledger Fabric v1.2. There is the example in Go which represents essence of Idemix.
There are just high-level pictures which illustrate how it can be implemented in Go.
The goal is to prove identity without disclosing Age and City.
Firstly, 1. The prover creates keys and credential request to the issuer.
After that, The issuer creates credentials for the prover.
Then The prover signs the credentials without disclosure Age and City.
Finally, The verifier checks the signature using the Issuer’s public key.