当前位置: 山口网>星座运势 >万博微信存款没到账户,Hyperledger Fabric中的零知识证明 | 火星技术帖
万博微信存款没到账户,Hyperledger Fabric中的零知识证明 | 火星技术帖

万博微信存款没到账户,Hyperledger Fabric中的零知识证明 | 火星技术帖

2020-01-11 11:02:26      来源:匿名

万博微信存款没到账户,Hyperledger Fabric中的零知识证明 | 火星技术帖

万博微信存款没到账户,免责声明:本文旨在传递更多市场信息,不构成任何投资建议。文章仅代表作者观点,不代表火星财经官方立场。

小编:记得关注哦

投资区块链,猛戳:火星财经app下载

来源:hyperledger实践

fabric 1.3中的新增的idemixer(identity mixer)以前不大懂zero-knowledge proof(零知识证明),原本觉得pki基础的msp是比较常用和稳健的方式,新加个验证方式是不是有点增加复杂性。

最近有时间整理下,才发现零知识证明也真是个黑科技。

1. 零知识证明入门

网上这篇文章写得蛮好的http://www.elecfans.com/blockchain/1015964.html

这里以fabric给出的例子: 假设alice需要向bob(门店职员)证明她dmv(车管所)颁发的合法驾照。这个场景,alice就是下图的user/用户, dmv车管所则是issuer/证书颁发者, bob则是verifier验证者。

alice为了证明自己是合法的司机,大多时候她会把自己的驾照交给bob检查和验证,但这样做bob就可以知道alice的很多额外的隐私信息,例如名字,地址,年龄等。

如果使用idemixer和零正式证明的方式, 我们只允许bob知道当前这个女用户是个合法的司机,其它信息都保密。 即使下次alice再来门店,alice应该提供给bob不同的证明,保证bob不会知道这个证明是同一个用户。

即零知识证明可提供匿名性和无关联性。

1.2 零知识证明用处

elecfans的文章总结得很好了,常见的是以下两点。

- 数据隐私保护和身份验证,如alice和bob的例子所示,

- 减少计算和扩容,同样的多次计算可以使用零知识证明压缩和减少,最新的以太坊可是大力推崇

具体参看https://hyperledger-fabric.readthedocs.io/en/latest/idemixgen.html

(1) fabric ca配置 fabric-ca-server init

会生成issuerpublickey和issuerrevocationpublickey两个文件

(2) msp初始化配置 configtx.yaml定义org1idemix和org2idemix两个组织, 注意msptype类型为idemix, mspdir对应文件应使用fabric ca生成的issuerpublickey和issuerrevocationpublickey构成。

organizations:

- &org1idemix

# defaultorg defines the organization which is used in the sampleconfig

# of the fabric.git development environment

name: idemixmsp1

# id to load the msp definition as

id: idemixmspid1

msptype: idemix

mspdir: crypto-config/peerorganizations/org3.example.com

- &org2idemix

# defaultorg defines the organization which is used in the sampleconfig

# of the fabric.git development environment

name: idemixmsp2

# id to load the msp definition as

id: idemixmspid2

msptype: idemix

mspdir: crypto-config/peerorganizations/org4.example.com

profiles:

twoorgsorderergenesis_v13:

capabilities:

orderer:

organizations:

- *ordererorg

capabilities:

consortiums:

sampleconsortium:

organizations:

- *org1

- *org2

- *org1idemix

- *org2idemix

application:

organizations:

- *ordererorg

capabilities:

twoorgschannel_v13:

consortium: sampleconsortium

application:

organizations:

- *org1

- *org2

- *org1idemix

- *org2idemix

capabilities:

(3) ca客户端生成用户

(4)验证者链码如何获取idemixer信息 暂时go的链码的cid(client identity)库才支持获取idemixer证书信息。

func getattributevalue(stub chaincodestubinterface, attrname string) (value string, found bool, err error)type chaincodestubinterface interface {// getcreator returns `signatureheader.creator` (e.g. an identity)// of the `signedproposal`. this is the identity of the agent (or user)// submitting the transaction.getcreator ([]byte, error)}type clientidentity interface {// getid returns the id associated with the invoking identity. this id// is guaranteed to be unique within the msp.getid (string, error)// return the msp id of the clientgetmspid (string, error)// getattributevalue returns the value of the client's attribute named `attrname`.// if the client possesses the attribute, `found` is true and `value` equals the// value of the attribute.// if the client does not possess the attribute, `found` is false and `value`// equals "".getattributevalue(attrname string) (value string, found bool, err error)// assertattributevalue verifies that the client has the attribute named `attrname`// with a value of `attrvalue`; otherwise, an error is returned.assertattributevalue(attrname, attrvalue string) error// getx509certificate returns the x509 certificate associated with the client,// or nil if it was not identified by an x509 certificate.getx509certificate (*x509.certificate, error)}

暂时idemixer的getattributevalue只支持ou和role

- ou 是identity’s affiliation (e.g. “org1.department1”)

- role 是‘member’ 或 ‘admin’.

具体调用的go链码

package mainimport ("fmt""log""os""strconv""strings""github.com/hyperledger/fabric-chaincode-go/pkg/cid""github.com/hyperledger/fabric-chaincode-go/shim"pb "github.com/hyperledger/fabric-protos-go/peer")// invoke makes payment of x units from a to bfunc (t *simplechaincode) invoke(stub shim.chaincodestubinterface) pb.response {info.println("########### example_cc invoke ###########")function, args := stub.getfunctionandparameters// getting attributes from an idemix credentialou, found, err := cid.getattributevalue(stub, "ou");if err != nil {return shim.error("failed to get attribute 'ou'")}if !found {return shim.error("attribute 'ou' not found")}if !strings.hassuffix(ou, "department1") {return shim.error(fmt.sprintf("incorrect 'ou' returned, got '%s' expecting to end with 'department1'", ou))}role, found, err := cid.getattributevalue(stub, "role");if err != nil {return shim.error("failed to get attribute 'role'")}if !found {return shim.error("attribute 'role' not found")}if role != "member" {return shim.error(fmt.sprintf("incorrect 'role' returned, got '%s' expecting 'member'", role))}if function == "delete" {// deletes an entity from its statereturn t.delete(stub, args)}if function == "query" {// queries an entity statereturn t.query(stub, args)}if function == "move" {// deletes an entity from its statereturn t.move(stub, args)}error.printf("unknown action, check the first argument, must be one of 'delete', 'query', or 'move'. but got: %v", args[0])return shim.error(fmt.sprintf("unknown action, check the first argument, must be one of 'delete', 'query', or 'move'. but got: %v", args[0]))}

还不大完善,基本现阶段还是推荐用传统的msp方式,具体参考https://hyperledger-fabric.readthedocs.io/en/latest/idemix.html#current-limitations

零知识证明在以太坊是推崇的,它的应用场景实际蛮广的,fabric尚需努力,不过貌似2.0那么久还没release或者是推广得不好。不过区块链的前途是光明的,道路是曲折的,多了解下这些基础不是坏事。

ued赫塔菲最新官网