Is it posible to generate SNARK of MPC share validity?

Peersky

7/5/24, 3:30 PM

Assume we have a central issuing authority that sends each participant a share that reconstructs in key $P_k$. I.e. Shamir Secret Share with $2$ out of $N$ format where $N>3$.

This central authority also broadcasts public key $P_a$ so every participant guaranteed to receive same $P_a$.

Is it possible to generate such a proof, that participants can be sure that shares they receive indeed reconstruct in to $P_k$ (which constructs $P_a$) without showing their shards to each other? Can SNARKs handle such a task?

0 + 5

multiparty-computation

zero-knowledge-proofs

secret-sharing

snarks

ming alex

7/6/24, 2:47 AM

I guess SNARK can be qualified for the task. But, CA should generate different proofs for different participants, each proof is $\pi_{i^*} := \prod .Prove(crs, P_a, (\{P_{k,i}\}_{i\in {N-1}},P_{k,i^*}))$ where $P_{k,i^*}$ is known to the party $i^*$.

Peersky

7/6/24, 9:25 AM

Yes individual proofs for each participant is acceptable. I am more of an amateur in the question and just taking a look on a circom libraries am trying to figure out how to actually build such a circuit.

Marc Ilunga

7/6/24, 5:58 PM

The relation between $P_k$ and $P_a$ is not explained. I assumed these form a key pair? If all users are honest, maybe an homomorphic commitment + a broadcast mechanism would be enough?

Peersky

7/7/24, 2:10 AM

Yes they form a key pair. Pa is used for participants to send private messages to issuing authority. Pk is used by issuing authority to public sign messages. If due to some reason issuing authority stops operating participants want to be able to reconstruct the Pk, and use MPC for that. However it is a last resort and hence initially they just need to make sure that shares indeed construct back in to Pk without constructing the Pk itself.

ming alex

7/7/24, 4:05 AM

I am not familiar with the Circom lib. But I have confidence that the circuit can be built by [Zokrates](https://zokrates.github.io/gettingstarted.html) toolbox. All you need is writing a function of which input is $P_k$ and output is $P_a$.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Is it posible to generate SNARK of MPC share validity?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.