CN116560668A - Data processing device and data processing method - Google Patents
Data processing device and data processing method Download PDFInfo
- Publication number
- CN116560668A CN116560668A CN202210108791.4A CN202210108791A CN116560668A CN 116560668 A CN116560668 A CN 116560668A CN 202210108791 A CN202210108791 A CN 202210108791A CN 116560668 A CN116560668 A CN 116560668A
- Authority
- CN
- China
- Prior art keywords
- code
- zero
- code structure
- data processing
- source code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformation of program code
- G06F8/51—Source to source
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformation of program code
- G06F8/41—Compilation
- G06F8/42—Syntactic analysis
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformation of program code
- G06F8/41—Compilation
- G06F8/43—Checking; Contextual analysis
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Devices For Executing Special Programs (AREA)
- Debugging And Monitoring (AREA)
- Stored Programmes (AREA)
Abstract
Description
技术领域technical field
本公开总体上涉及数据处理的技术领域,更具体地,涉及用于将可执行的源代码转化为用于验证该源代码的执行过程正确性的零知识证明的数据处理装置和数据处理方法。The present disclosure generally relates to the technical field of data processing, and more specifically, relates to a data processing device and data processing method for converting executable source code into a zero-knowledge proof for verifying the correctness of the execution process of the source code.
背景技术Background technique
在现有的各种数据处理技术中,当数据处理所涉及的业务逻辑比较复杂时,数据处理的性能会显著下降,数据处理的相关代价也会相应增加。In various existing data processing technologies, when the business logic involved in data processing is relatively complex, the performance of data processing will be significantly reduced, and the related costs of data processing will increase accordingly.
发明内容Contents of the invention
为了解决现有技术中存在的上述问题,本公开提出了一种用于将可执行的源代码转化为用于验证该源代码的执行过程正确性的零知识证明的数据处理技术。In order to solve the above-mentioned problems in the prior art, the present disclosure proposes a data processing technology for converting executable source code into a zero-knowledge proof for verifying the correctness of the execution process of the source code.
在下文中将给出关于本公开的简要概述,以便提供关于本公开的某些方面的基本理解。应当理解,此概述并非是关于本公开的穷举性概述,也并非意图确定本公开的关键或重要部分或者限定本公开的范围。其目的仅仅是以简化的形式给出某些概念,以此作为稍后论述的更详细描述的前序。A brief overview of the present disclosure is given below in order to provide a basic understanding of some aspects of the present disclosure. It should be understood that this summary is not an exhaustive overview of the disclosure, nor is it intended to identify key or critical elements of the disclosure or to delineate the scope of the disclosure. Its purpose is merely to present some concepts in a simplified form as a prelude to the more detailed description that is discussed later.
根据本公开的一个方面,提供了一种数据处理装置,用于将可执行的源代码转化为用于验证源代码的执行过程正确性的零知识证明,包括:运算电路约束生成单元,被配置成自动地分析源代码以将源代码分解为代码结构,并且生成描述代码结构的运算电路约束;以及零知识证明生成单元,被配置成使用运算电路约束生成零知识证明,其中零知识证明基于运算电路约束形成的多项式来构造。According to one aspect of the present disclosure, there is provided a data processing device for converting executable source code into a zero-knowledge proof for verifying the correctness of the execution process of the source code, including: an operation circuit constraint generation unit configured and a zero-knowledge proof generation unit configured to generate a zero-knowledge proof using the operational circuit constraints, wherein the zero-knowledge proof is based on an operation A polynomial formed by circuit constraints is constructed.
根据本公开的另一方面,提供了一种数据处理方法,用于将可执行的源代码转化为用于验证源代码的执行过程正确性的零知识证明,包括:自动地分析源代码以将源代码分解为代码结构,并且生成描述代码结构的运算电路约束;以及使用运算电路约束生成零知识证明,其中零知识证明基于运算电路约束形成的多项式来构造。According to another aspect of the present disclosure, there is provided a data processing method for converting executable source code into a zero-knowledge proof for verifying the correctness of the execution process of the source code, including: automatically analyzing the source code to convert The source code is decomposed into a code structure, and operational circuit constraints describing the code structure are generated; and a zero-knowledge proof is generated using the operational circuit constraints, wherein the zero-knowledge proof is constructed based on a polynomial formed by the operational circuit constraints.
根据本公开的另一方面,提供了一种能够实现上述的数据处理方法的计算机程序。此外,还提供了具有至少计算机可读介质形式的计算机程序产品,其上记录有用于实现上述的数据处理方法的计算机程序代码。According to another aspect of the present disclosure, a computer program capable of implementing the above data processing method is provided. Furthermore, there is also provided a computer program product in at least the form of a computer-readable medium on which computer program codes for realizing the above-mentioned data processing method are recorded.
根据本公开的用于将可执行的源代码转化为用于验证该源代码的执行过程正确性的零知识证明的数据处理技术,能够将复杂的链上业务逻辑转移到链下计算,并且自动地为链下的计算以及相关的数据生成零知识证明,从而保证链下计算的正确性。特别地,该数据处理技术能够自动分析链下计算的源代码以将计算过程转化为电路约束,并且用优化的零知识证明协议为其生成证明。这样,可以在保证安全性的同时降低区块链的计算代价。According to the data processing technology for converting executable source code into a zero-knowledge proof for verifying the correctness of the execution process of the source code in the present disclosure, it is possible to transfer complex on-chain business logic to off-chain calculations, and automatically Generating zero-knowledge proofs for off-chain calculations and related data to ensure the correctness of off-chain calculations. In particular, this data processing technology can automatically analyze the source code of off-chain calculations to convert the calculation process into circuit constraints, and generate proofs for it with an optimized zero-knowledge proof protocol. In this way, the computational cost of the blockchain can be reduced while ensuring security.
附图说明Description of drawings
参照下面结合附图对本公开实施方式的说明,会更加容易地理解本公开的以上和其它目的、特点和优点,在附图中:The above and other objects, features and advantages of the present disclosure will be more easily understood with reference to the following description of embodiments of the present disclosure in conjunction with the accompanying drawings, in which:
图1是示出根据本公开的实施方式的数据处理装置的框图;FIG. 1 is a block diagram illustrating a data processing device according to an embodiment of the present disclosure;
图2是示出根据本公开的实施方式的数据处理装置执行的示例性处理的示意图;2 is a schematic diagram illustrating exemplary processing performed by a data processing device according to an embodiment of the present disclosure;
图3是示出根据本公开的实施方式的运算电路约束生成单元的框图;3 is a block diagram illustrating an arithmetic circuit constraint generating unit according to an embodiment of the present disclosure;
图4是示出根据本公开的实施方式的静态分析子单元执行的示例性处理的示意图;4 is a schematic diagram illustrating exemplary processing performed by a static analysis subunit according to an embodiment of the present disclosure;
图5是示出根据本公开的实施方式的静态分析子单元针对第一代码结构执行的示例性处理的示意图;5 is a schematic diagram illustrating exemplary processing performed by a static analysis subunit for a first code structure according to an embodiment of the present disclosure;
图6是示出根据本公开的实施方式的静态分析子单元针对第二代码结构执行的示例性处理的示意图;6 is a schematic diagram illustrating exemplary processing performed by a static analysis subunit for a second code structure according to an embodiment of the present disclosure;
图7是示出根据本公开的实施方式的静态分析子单元针对第三代码结构执行的示例性处理的示意图;7 is a schematic diagram illustrating exemplary processing performed by a static analysis subunit for a third code structure according to an embodiment of the present disclosure;
图8是示出根据本公开的实施方式的静态分析子单元针对第四代码结构执行的示例性处理的示意图;FIG. 8 is a schematic diagram illustrating exemplary processing performed by a static analysis subunit for a fourth code structure according to an embodiment of the present disclosure;
图9是示出根据本公开的实施方式的动态分析子单元执行的示例性处理的示意图;FIG. 9 is a schematic diagram illustrating exemplary processing performed by a dynamic analysis subunit according to an embodiment of the present disclosure;
图10是示出根据本公开的实施方式的动态分析子单元针对第五至第八代码结构执行的示例性处理的示意图;10 is a schematic diagram illustrating exemplary processing performed by a dynamic analysis subunit for fifth to eighth code structures according to an embodiment of the present disclosure;
图11是示出根据本公开的实施方式的零知识证明生成单元执行的示例性处理的示意图;11 is a schematic diagram illustrating exemplary processing performed by a zero-knowledge proof generating unit according to an embodiment of the present disclosure;
图12是示出根据本公开的实施方式的零知识证明生成单元执行的示例性累加证明生成处理的示意图;12 is a schematic diagram showing an exemplary cumulative proof generation process performed by a zero-knowledge proof generation unit according to an embodiment of the present disclosure;
图13是示出根据本公开的实施方式的零知识证明生成单元执行的累加证明处理的示例的示意图;13 is a schematic diagram illustrating an example of cumulative proof processing performed by a zero-knowledge proof generation unit according to an embodiment of the present disclosure;
图14是示出根据本公开的实施方式的数据处理方法的流程图;以及14 is a flowchart illustrating a data processing method according to an embodiment of the present disclosure; and
图15是示出可用来实现根据本公开的实施方式的数据处理方法和数据处理装置的通用机器的结构简图。FIG. 15 is a schematic structural diagram showing a general-purpose machine that can be used to implement a data processing method and a data processing device according to an embodiment of the present disclosure.
具体实施方式Detailed ways
在下文中,将参照所附的说明性示图详细描述本公开的一些实施方式。在用附图标记指示附图的元件时,尽管相同的元件在不同的附图中示出,但相同的元件将由相同的附图标记表示。此外,在本公开的以下描述中,在有可能使本公开的主题不清楚的情况下,将省略对并入于本文中的已知功能和配置的详细描述。Hereinafter, some embodiments of the present disclosure will be described in detail with reference to the accompanying explanatory drawings. When referring to elements of a drawing with reference numerals, the same elements will be denoted by the same reference numerals even though they are shown in different drawings. Also, in the following description of the present disclosure, a detailed description of known functions and configurations incorporated herein will be omitted where it may make the subject matter of the present disclosure unclear.
本文中使用的术语仅用于描述特定实施方式的目的,而非旨在限制本公开。如本文所使用的,除非上下文另外指出,否则单数形式旨在也包括复数形式。还将理解的是,说明书中使用的术语“包括”、“包含”和“具有”旨在具体说明所陈述的特征、实体、操作和/或部件的存在,但是并不排除一个或更多个其他的特征、实体、操作和/或部件的存在或添加。The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the present disclosure. As used herein, unless the context dictates otherwise, singular forms are intended to include plural forms as well. It will also be understood that the terms "comprising", "comprising" and "having" used in the specification are intended to specify the existence of stated features, entities, operations and/or components, but do not exclude the presence of one or more The presence or addition of other features, entities, operations and/or components.
除非另有定义,否则本文中使用的包括技术术语和科学术语的所有术语具有与本发明构思所属领域技术人员通常理解的含义相同的含义。将进一步理解的是,诸如在常用词典中定义的那些术语应该被解释为具有与其在相关领域的上下文中的含义一致的含义,除非在此明确定义否则不应以理想化或过于正式的意义来解释。Unless otherwise defined, all terms including technical terms and scientific terms used herein have the same meaning as commonly understood by those skilled in the art to which the present inventive concept belongs. It will be further understood that terms such as those defined in commonly used dictionaries should be construed to have a meaning consistent with their meaning in the context of the relevant art and should not be interpreted in an idealized or overly formal sense unless expressly defined herein explain.
在下面的描述中,阐述了许多具体细节以提供对本公开的全面理解。本公开可以在没有这些具体细节中的一些或所有具体细节的情况下实施。在其他实例中,为了避免因不必要的细节而模糊了本公开,在附图中仅仅示出了与根据本公开的方案密切相关的部件,而省略了与本公开关系不大的其他细节。In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present disclosure. The present disclosure may be practiced without some or all of these specific details. In other instances, in order to avoid obscuring the present disclosure with unnecessary details, only components closely related to the solutions according to the present disclosure are shown in the drawings, while other details that are not relevant to the present disclosure are omitted.
零知识证明可以在不暴露任何计算相关信息的情况下对通用计算的正确性进行验证。零知识证明将通用计算按照计算步骤转化为运算电路,对于每一个电路门进行约束,将所有电路门的约束进行形式化统一,整合形成运算电路约束系统。将通用计算的正确性转化为运算电路约束系统的可满足性。将运算电路约束系统转化为多项式表示,将通用计算的正确性再一次转化为多项式的正确性。通过对多项式在定义域上的取值进行抽样验证,从而实现对通用计算的正确性验证。在这个过程中,通过密码学方案,使得验证方能够在不获得任何通用计算相关信息的前提下对通用计算的正确性进行了验证。Zero-knowledge proofs can verify the correctness of general computations without revealing any computation-related information. Zero-knowledge proof transforms general-purpose computing into computing circuits according to the computing steps, constrains each circuit gate, formalizes and unifies the constraints of all circuit gates, and integrates them to form a computing circuit constraint system. Transform the correctness of general computing into the satisfiability of computational circuit constraint systems. Transform the computational circuit constraint system into a polynomial representation, and transform the correctness of general computing into the correctness of polynomials again. By sampling and verifying the values of polynomials in the definition domain, the correctness verification of general calculations is realized. In this process, through the cryptographic scheme, the verifier can verify the correctness of the general calculation without obtaining any information related to the general calculation.
区块链可被视为一种以去中心化方式进行操作的分布式数据库。区块链技术通过使用数据加密、时间戳、分布式共识和经济激励等手段,在分布式系统中的交易节点无需互相信任的情况下,实现基于去中心化的点对点交易、协调与协作,从而解决中心化机构普遍存在的高成本、低效率和数据存储不安全等问题。Blockchain can be thought of as a distributed database that operates in a decentralized manner. Through the use of data encryption, time stamps, distributed consensus and economic incentives, blockchain technology realizes point-to-point transactions, coordination and collaboration based on decentralization without the need for mutual trust between transaction nodes in a distributed system, thereby Solve the common problems of high cost, low efficiency and insecure data storage in centralized institutions.
近年来,区块链作为一种新形式的具有普适性的分布式底层架构,已被广泛应用于金融、经济、科技甚至政治等各个领域。In recent years, blockchain, as a new form of universal distributed underlying architecture, has been widely used in various fields such as finance, economy, technology and even politics.
然而,在目前的区块链系统中,链上的业务逻辑通过智能合约实现。当链上业务逻辑比较复杂时,交易上链的性能会显著下降,交易的手续费也会相应增加However, in the current blockchain system, the business logic on the chain is implemented through smart contracts. When the business logic on the chain is more complex, the performance of the transaction on the chain will be significantly reduced, and the transaction fee will increase accordingly
此外,为了保证安全性,区块链应用的开发者在将链上的智能合约中的业务逻辑转移到链下时,需要手动地为这部分智能合约代码生成零知识证明,从而保证链下执行的业务逻辑过程是正确的。对于开发者来说,生成零知识证明需要了解密码学以及数学的相关知识。然而,大部分区块链应用的开发者并不了解密码学知识。此外,手动编写零知识证明的运算电路约束是非常耗时和困难的。即使开发者能够手动生成运算电路约束,在生成零知识证明时,仍需使用现有的零知识证明协议,而无法根据具体场景来缩短生成零知识证明的时间。In addition, in order to ensure security, developers of blockchain applications need to manually generate zero-knowledge proofs for this part of the smart contract code when transferring the business logic in the smart contract on the chain to the off-chain, so as to ensure the off-chain execution The business logic process is correct. For developers, generating zero-knowledge proofs requires knowledge of cryptography and mathematics. However, most developers of blockchain applications do not understand cryptography. In addition, it is very time-consuming and difficult to manually write the operational circuit constraints of zero-knowledge proofs. Even if developers can manually generate computational circuit constraints, when generating zero-knowledge proofs, they still need to use existing zero-knowledge proof protocols, and cannot shorten the time to generate zero-knowledge proofs according to specific scenarios.
根据如下文详细描述的本公开的数据处理技术,可以基于程序源代码的静态代码分析,针对顺序结构、所有的分支、循环、API(Application Program Interface)接口函数调用等生成电路约束;并且可以基于程序源代码的动态代码分析,针对动态数组、动态循环、具体执行的分支、递归函数等生成电路约束。此外,可以在源代码的动态执行的计算过程中记录代码变量的赋值。此外,在零知识证明生成的过程中,优化现有的零知识证明生成方法。具体地,对于结构不同(不重复)的代码结构,并发地生成零知识证明;而对于结构相同(重复)的代码结构,通过累加生成零知识证明。According to the data processing technology of the present disclosure as described in detail below, circuit constraints can be generated for sequential structures, all branches, loops, API (Application Program Interface) interface function calls, etc. based on static code analysis of program source code; and can be based on Dynamic code analysis of program source code generates circuit constraints for dynamic arrays, dynamic loops, specific execution branches, recursive functions, etc. Furthermore, assignments to code variables can be recorded during calculations of the dynamic execution of the source code. In addition, in the process of generating zero-knowledge proofs, the existing zero-knowledge proof generation methods are optimized. Specifically, for code structures with different (non-repetitive) structures, zero-knowledge proofs are generated concurrently; and for code structures with the same (repetitive) structures, zero-knowledge proofs are generated by accumulation.
在本文中,术语“运算电路约束”、“电路约束”、“约束”和“乘法电路约束”具有相同的含义,因此在说明书中混合使用。此外,在本文中,术语“零知识证明”和“证明”具有相同的含义,因此在说明书中混合使用。Herein, the terms "operational circuit constraint", "circuit constraint", "constraint" and "multiplication circuit constraint" have the same meaning, and thus are used mixedly in the description. In addition, in this article, the terms "zero-knowledge proof" and "proof" have the same meaning, so they are mixedly used in the specification.
下面,将参照附图结合根据本公开的实施方式详细描述本公开的用于将可执行的源代码转化为用于验证源代码的执行过程正确性的零知识证明的数据处理技术。In the following, the data processing technology for converting executable source code into a zero-knowledge proof for verifying the correctness of the execution process of the source code according to the present disclosure will be described in detail with reference to the accompanying drawings and embodiments according to the present disclosure.
图1是示出根据本公开的实施方式的数据处理装置100的框图。图2是示出根据本公开的实施方式的数据处理装置100执行的示例性处理的示意图。FIG. 1 is a block diagram illustrating a data processing device 100 according to an embodiment of the present disclosure. FIG. 2 is a schematic diagram illustrating exemplary processing performed by the data processing apparatus 100 according to an embodiment of the present disclosure.
如图1所示,根据本公开的实施方式的数据处理装置100可以包括运算电路约束生成单元101和零知识证明生成单元102。As shown in FIG. 1 , a data processing device 100 according to an embodiment of the present disclosure may include an arithmetic circuit constraint generation unit 101 and a zero-knowledge proof generation unit 102 .
如图2所示,根据本公开的实施方式,数据处理装置100的输入可以包括程序的源代码,例如使用例如C语言、Java语言或Golong语言等编写的源代码。此外,如图2所示,数据处理装置100的输出可以是用于验证源代码的执行过程正确性的零知识证明。As shown in FIG. 2 , according to an embodiment of the present disclosure, the input of the data processing apparatus 100 may include program source code, for example, source code written in C language, Java language or Golong language. In addition, as shown in FIG. 2 , the output of the data processing apparatus 100 may be a zero-knowledge proof for verifying the correctness of the execution process of the source code.
此外,如图2中的虚线框所示,根据本公开的其他实施方式,数据处理装置100的输入还可以包括程序中的函数的参数。In addition, as shown by the dotted line box in FIG. 2 , according to other embodiments of the present disclosure, the input of the data processing apparatus 100 may also include parameters of functions in the program.
根据本公开的实施方式,源代码用于在区块链架构中对与应用相关的数据进行链下预处理。这里提及的应用可以是例如在区块链架构中以智能合约形式实现的链上交易。本领域技术人员应认识到,尽管在本文中以用于区块链的智能合约的源代码为例详细描述了根据本公开的实施方式的数据处理装置和数据处理方法,但是本公开不限于此。在不偏离本公开的精神和范围的情况下,本公开的发明构思同样可以应用于其他相关的数据处理技术领域的源代码而不仅限于区块链。例如,在出于安全等原因不能泄露源代码自身的技术领域中,可以使用本公开的发明构思来将源代码转化为零知识证明,从而验证源代码的执行过程的正确性。According to an embodiment of the present disclosure, source code is used for off-chain pre-processing of application-related data in a blockchain architecture. The application mentioned here can be, for example, on-chain transactions implemented in the form of smart contracts in the blockchain architecture. Those skilled in the art should realize that although the data processing device and data processing method according to the embodiments of the present disclosure are described in detail herein by taking the source code of a smart contract for blockchain as an example, the present disclosure is not limited thereto . Without departing from the spirit and scope of the present disclosure, the inventive concepts of the present disclosure can also be applied to source codes in other related data processing technical fields and are not limited to blockchains. For example, in the technical field where the source code itself cannot be disclosed for security reasons, the inventive concept of the present disclosure can be used to convert the source code into a zero-knowledge proof, so as to verify the correctness of the execution process of the source code.
如图1和图2所示,根据本公开的实施方式,运算电路约束生成单元101可以自动地分析源代码以将源代码分解为代码结构,并且生成描述代码结构的运算电路约束。As shown in FIG. 1 and FIG. 2 , according to an embodiment of the present disclosure, the operation circuit constraint generating unit 101 can automatically analyze the source code to decompose the source code into a code structure, and generate an operation circuit constraint describing the code structure.
如图2所示,根据本公开的实施方式,运算电路约束生成单元101可以对源代码的静态代码结构进行分析以生成关于静态代码结构的运算电路约束,其中静态代码结构在源代码的执行期间不变;并且可以执行源代码的动态代码结构以生成关于动态代码结构的运算电路约束,其中动态代码结构在源代码的执行期间基于变量而动态变化。此外,如图2中的虚线框所示,根据本公开的其他实施方式,运算电路约束生成单元101还可以执行运算电路的变量赋值。如图2所示,根据本公开的实施方式,运算电路约束生成单元101可以基于对源代码的代码结构的分析和执行来生成具有源代码中包括的变量的乘法式的形式的运算电路约束。下文将结合图3至图10对运算电路约束生成单元101的结构和功能进行更详细的描述。As shown in FIG. 2 , according to an embodiment of the present disclosure, the operation circuit constraint generating unit 101 can analyze the static code structure of the source code to generate the operation circuit constraint on the static code structure, wherein the static code structure is during the execution of the source code invariant; and the dynamic code structure of the source code may be executed to generate operational circuit constraints on the dynamic code structure, wherein the dynamic code structure changes dynamically based on variables during execution of the source code. In addition, as shown by the dotted line box in FIG. 2 , according to other implementations of the present disclosure, the operation circuit constraint generation unit 101 may also perform variable assignment of the operation circuit. As shown in FIG. 2 , according to an embodiment of the present disclosure, the arithmetic circuit constraint generation unit 101 may generate arithmetic circuit constraints in the form of multiplication of variables included in the source code based on analysis and execution of the code structure of the source code. The structure and function of the arithmetic circuit constraint generation unit 101 will be described in more detail below in conjunction with FIGS. 3 to 10 .
如图1和图2所示,根据本公开的实施方式,零知识证明生成单元102可以使用运算电路约束生成单元101生成的运算电路约束生成零知识证明,其中零知识证明可以基于运算电路约束形成的多项式来构造。如上文所述,如图2中的虚线框所示,根据本公开的其他实施方式,零知识证明生成单元102可以使用运算电路约束生成单元101生成的运算电路约束和电路变量的赋值二者来生成零知识证明。As shown in FIG. 1 and FIG. 2, according to an embodiment of the present disclosure, the zero-knowledge proof generation unit 102 can use the operation circuit constraints generated by the operation circuit constraint generation unit 101 to generate a zero-knowledge proof, wherein the zero-knowledge proof can be formed based on the operation circuit constraints polynomial to construct. As mentioned above, as shown in the dashed box in FIG. 2 , according to other embodiments of the present disclosure, the zero-knowledge proof generation unit 102 can use both the operation circuit constraints generated by the operation circuit constraint generation unit 101 and the assignment of circuit variables to Generate a zero-knowledge proof.
如图2所示,根据本公开的实施方式,零知识证明生成单元102可以针对结构不同(不重复)的代码结构,并发地生成零知识证明;并且针对结构相同(重复)的代码结构,通过累加生成零知识证明。下文将结合图11至图13对零知识证明生成单元102的结构和功能进行更详细的描述。As shown in FIG. 2 , according to an embodiment of the present disclosure, the zero-knowledge proof generation unit 102 can concurrently generate zero-knowledge proofs for code structures with different structures (not repeated); and for code structures with the same structure (repeated), through Accumulate to generate a zero-knowledge proof. The structure and function of the zero-knowledge proof generation unit 102 will be described in more detail below in conjunction with FIGS. 11 to 13 .
图3是示出根据本公开的实施方式的运算电路约束生成单元101的框图。如图3所示,根据本公开的实施方式,运算电路约束生成单元101可以包括静态分析子单元1011和动态分析子单元1012。下文将对静态分析子单元1011和动态分析子单元1012的配置和功能分别进行详细描述。FIG. 3 is a block diagram illustrating the arithmetic circuit constraint generation unit 101 according to an embodiment of the present disclosure. As shown in FIG. 3 , according to an embodiment of the present disclosure, the operation circuit constraint generation unit 101 may include a static analysis subunit 1011 and a dynamic analysis subunit 1012 . The configuration and functions of the static analysis subunit 1011 and the dynamic analysis subunit 1012 will be described in detail below.
图4是示出根据本公开的实施方式的静态分析子单元1011执行的示例性处理的示意图。FIG. 4 is a schematic diagram illustrating exemplary processing performed by the static analysis subunit 1011 according to an embodiment of the present disclosure.
根据本公开的实施方式,静态分析子单元1011可以对源代码的静态代码结构进行分析以生成关于静态代码结构的运算电路约束,其中静态代码结构在源代码的执行期间不变。According to an embodiment of the present disclosure, the static analysis subunit 1011 may analyze the static code structure of the source code to generate operational circuit constraints on the static code structure, wherein the static code structure does not change during the execution of the source code.
如图4所示,静态分析子单元1011可以通过静态分析基于源代码的代码结构生成抽象语法树,并分析代码结构之间的依赖关系。抽象语法树(Abstract Syntax Tree,AST)是源代码语法结构的一种抽象表示,它以树状的形式表现源代码的语法结构,树上的每个节点都表示源代码中的一个代码结构。鉴于抽象语法树对于本领域技术人员而言是已知的,因此为了简洁起见,本文不对其细节进行更详细的描述。As shown in FIG. 4 , the static analysis subunit 1011 can generate an abstract syntax tree based on the code structure of the source code by static analysis, and analyze the dependencies between the code structures. Abstract syntax tree (Abstract Syntax Tree, AST) is an abstract representation of the grammatical structure of the source code. It expresses the grammatical structure of the source code in the form of a tree, and each node on the tree represents a code structure in the source code. Since abstract syntax trees are known to those skilled in the art, their details are not described in more detail herein for the sake of brevity.
如图4所示,根据本公开的实施方式,静态分析子单元1011可以分析源代码以查找具有不确定性的代码结构,以便于对具有不确定性的代码结构进行修改。这是因为,在零知识证明的运算电路约束系统中,运算电路的约束数量以及乘法电路门必须是确定的而且不能改变。如果存在不确定的代码结构,则当在程序的函数代码中传入不同的参数时,必将导致代码结构不相同,从而使得运算电路也不相同。因此,有必要分析出程序的源代码的不确定的代码结构。As shown in FIG. 4 , according to an embodiment of the present disclosure, the static analysis subunit 1011 may analyze the source code to find an uncertain code structure, so as to modify the uncertain code structure. This is because, in the operation circuit constraint system of the zero-knowledge proof, the constraint number of the operation circuit and the multiplication circuit gate must be definite and cannot be changed. If there is an uncertain code structure, when different parameters are passed in the function code of the program, the code structure will inevitably be different, and thus the operation circuit will also be different. Therefore, it is necessary to analyze the uncertain code structure of the source code of the program.
如图4所示,根据本公开的实施方式,具有不确定性的代码结构包括无返回结果的递归函数调用的代码结构、死循环的代码结构和指向不确定的分支的代码结构中的至少之一。根据本公开的实施方式,如果源代码中存在如上文所述的具有不确定性的结构,则可以建议开发者修改或者删除这样的代码结构。As shown in FIG. 4 , according to an embodiment of the present disclosure, the code structure with uncertainty includes at least one of a code structure of a recursive function call without returning a result, a code structure of an infinite loop, and a code structure pointing to an uncertain branch. one. According to the embodiments of the present disclosure, if there is an uncertain structure as described above in the source code, the developer may be suggested to modify or delete such code structure.
如图4所示,根据本公开的实施方式,静态分析子单元1011可以通过规则匹配的方式针对静态代码结构生成具有源代码中包括的变量的乘法式的形式的运算电路约束。根据本公开的实施方式,静态代码结构可以包括顺序执行的第一代码结构、固定指向分支的第二代码结构、固定次数循环的第三代码结构和接口函数的第四代码结构中的至少之一。As shown in FIG. 4 , according to an embodiment of the present disclosure, the static analysis subunit 1011 can generate an operation circuit constraint in the form of a multiplication of variables included in the source code for the static code structure by means of rule matching. According to an embodiment of the present disclosure, the static code structure may include at least one of a first code structure for sequential execution, a second code structure for a fixed pointing branch, a third code structure for a fixed number of loops, and a fourth code structure for an interface function .
图5是示出根据本公开的实施方式的静态分析子单元1011针对第一代码结构执行的示例性处理的示意图。FIG. 5 is a schematic diagram illustrating exemplary processing performed by the static analysis subunit 1011 for the first code structure according to an embodiment of the present disclosure.
如图5所示,根据本公开的实施方式,静态分析子单元1011可以针对顺序执行的第一代码结构,首先分析出与常量(constant)相关的变量(var),并且计算出所有和常量相关的变量值。随后,静态分析子单元1011可以滤除与函数参数(param)无关的变量,对于该部分代码不会生成运算电路约束。此外,静态分析子单元1011对于与函数参数以及返回值(Result)无关的变量不生成运算电路约束。随后,静态分析子单元1011可以将所有的代数计算转为乘法式的形式,其中每个乘法式表示一个运算电路约束。此外,静态分析子单元1011可以针对所生成的一系列乘法式,合并变量和常量相乘的计算以获得具有乘法电路约束形式的运算电路约束。As shown in FIG. 5, according to an embodiment of the present disclosure, the static analysis subunit 1011 can first analyze the variables (var) related to the constant (constant) for the first code structure executed sequentially, and calculate all the variables (var) related to the constant. variable value. Subsequently, the static analysis subunit 1011 can filter out variables that are not related to function parameters (param), and no operational circuit constraints will be generated for this part of the code. In addition, the static analysis subunit 1011 does not generate arithmetic circuit constraints for variables unrelated to function parameters and return values (Result). Subsequently, the static analysis subunit 1011 can convert all algebraic calculations into multiplication expressions, where each multiplication expression represents an operation circuit constraint. In addition, the static analysis subunit 1011 may combine calculations of multiplying variables and constants for the generated series of multiplication expressions to obtain arithmetic circuit constraints in the form of multiplication circuit constraints.
例如,如图5所示,作为示例的第一代码结构具有四个变量(var)a、b、c和d,其中变量a和b与函数参数(param)相关;并且变量c和d与常数相关,即分别被赋值12和3。此外,该第一代码结构具有中间变量(var)tmp1和tmp2,并且得到最终的返回值Result。For example, as shown in Figure 5, the first code structure as an example has four variables (var) a, b, c and d, wherein variables a and b are related to function parameters (param); and variables c and d are related to constant Correlation, i.e. assigned 12 and 3 respectively. In addition, the first code structure has intermediate variables (var) tmp1 and tmp2, and obtains the final return value Result.
如图5所示,根据本公开的实施方式,静态分析子单元1011计算所有与常量相关的变量值,例如使用14替换中间变量tmp2。如上文所述,对于这部分代码,静态分析子单元1011不生成运算电路约束。在图5中,与运算电路约束的生成相关的源代码部分由灰色框表示,而与运算电路约束的生成无关的源代码部分由白色框表示。因此,如图5中所示,静态分析子单元1011将通过上述方式得到的乘法式进行合并,从而得到用于表示该第一代码结构的运算电路约束,即Result=14*param1*param2。As shown in FIG. 5 , according to an embodiment of the present disclosure, the static analysis subunit 1011 calculates all constant-related variable values, for example, 14 is used to replace the intermediate variable tmp2. As mentioned above, for this part of the code, the static analysis subunit 1011 does not generate arithmetic circuit constraints. In Fig. 5, the source code parts related to the generation of arithmetic circuit constraints are indicated by gray boxes, while the source code parts not related to the generation of arithmetic circuit constraints are indicated by white boxes. Therefore, as shown in FIG. 5 , the static analysis subunit 1011 combines the multiplication formulas obtained in the above manner, so as to obtain the operation circuit constraint used to represent the first code structure, ie Result=14*param1*param2.
图6是示出根据本公开的实施方式的静态分析子单元1011针对第二代码结构执行的示例性处理的示意图。FIG. 6 is a schematic diagram illustrating exemplary processing performed by the static analysis subunit 1011 for the second code structure according to an embodiment of the present disclosure.
如图6所示,根据本公开的实施方式,如果源代码的分支判断语句是确定的,即静态代码,则静态分析子单元1011可以计算出具体执行的分支以直接生成乘法电路约束。As shown in FIG. 6 , according to an embodiment of the present disclosure, if the branch judgment statement of the source code is definite, that is, static code, the static analysis subunit 1011 can calculate the specific executed branch to directly generate the multiplication circuit constraint.
此外,根据本公开的实施方式,如果源代码的分支判断语句和函数参数相关,即动态代码,则静态分析子单元1011可以列出所有的分支结构,并且针对每个分支,生成范围证明的乘法电路约束以及该分支的内部代码的乘法电路约束。In addition, according to the embodiment of the present disclosure, if the branch judgment statement of the source code is related to the function parameter, that is, the dynamic code, the static analysis subunit 1011 can list all the branch structures, and for each branch, generate a multiplication of the range proof Circuit constraints and multiplicative circuit constraints for the internal code of that branch.
例如,如图6所示,分支判断语句基于函数参数param1的取值是否大于10而指向不同的两个分支。因此,如图6所示,静态分析子单元1011可以生成这两个分支结构的范围证明的乘法电路约束“param1>10”和“param1<=10”以及这两个分支结构的内部代码的乘法电路约束“Result=param1*param2”和“Result=param1*param3”。For example, as shown in FIG. 6 , the branch judgment statement points to two different branches based on whether the value of the function parameter param1 is greater than 10. Therefore, as shown in FIG. 6 , the static analysis subunit 1011 can generate the multiplication circuit constraints "param1>10" and "param1<=10" of the range proof of the two branch structures and the multiplication of the internal codes of the two branch structures Circuit constraints "Result=param1*param2" and "Result=param1*param3".
图7是示出根据本公开的实施方式的静态分析子单元1011针对第三代码结构执行的示例性处理的示意图。FIG. 7 is a schematic diagram illustrating exemplary processing performed by the static analysis subunit 1011 for the third code structure according to an embodiment of the present disclosure.
如图7所示,根据本公开的实施方式,对于固定次数循环的第三代码结构,如果源代码中的循环次数length是常量,则静态分析子单元1011可以针对循环的内部代码生成乘法电路约束,并且对于每次循环,重复生成相同的电路约束,其中重复的次数为上述常量。此外,如果源代码中的循环次数length是变量,则由下文描述的动态分析子单元1012生成相关的乘法电路约束。As shown in FIG. 7 , according to an embodiment of the present disclosure, for a third code structure with a fixed number of cycles, if the number of cycles length in the source code is constant, the static analysis subunit 1011 can generate multiplication circuit constraints for the internal code of the cycle , and for each loop, the same circuit constraints are repeatedly generated, where the number of repetitions is the above constant. In addition, if the loop number length in the source code is a variable, then the dynamic analysis subunit 1012 described below will generate the relevant multiplication circuit constraints.
图8是示出根据本公开的实施方式的静态分析子单元1011针对第四代码结构执行的示例性处理的示意图。FIG. 8 is a schematic diagram illustrating exemplary processing performed by the static analysis subunit 1011 for the fourth code structure according to an embodiment of the present disclosure.
如图8所示,根据本公开的实施方式,如果源代码中存在接口函数的第四代码结构,例如调用应用程序接口(API)函数,则静态分析子单元1011可以直接从数据库中获取API函数的电路约束。根据本公开的实施方式,第四代码结构的运算电路约束可以是预先确定的。例如,根据本公开的实施方式,每个API函数的电路约束可以通过上文所述的静态分析子单元1011针对第一至第三代码结构生成电路约束的方法提前生成,并且存储在数据库中。As shown in FIG. 8 , according to an embodiment of the present disclosure, if there is a fourth code structure of an interface function in the source code, such as calling an application programming interface (API) function, the static analysis subunit 1011 can directly obtain the API function from the database circuit constraints. According to an embodiment of the present disclosure, the arithmetic circuit constraints of the fourth code structure may be predetermined. For example, according to an embodiment of the present disclosure, the circuit constraints of each API function may be generated in advance by the method for generating circuit constraints for the first to third code structures by the static analysis subunit 1011 described above, and stored in the database.
现在返回图3,根据本公开的实施方式,动态分析子单元1012可以执行源代码的动态代码结构以生成关于动态代码结构的运算电路约束,其中动态代码结构在源代码的执行期间基于变量而动态变化。Returning now to FIG. 3 , according to an embodiment of the present disclosure, the dynamic analysis subunit 1012 may execute the dynamic code structure of the source code to generate operational circuit constraints on the dynamic code structure, wherein the dynamic code structure dynamically changes based on variables during the execution of the source code. Variety.
图9是示出根据本公开的实施方式的动态分析子单元1012执行的示例性处理的示意图。FIG. 9 is a schematic diagram illustrating exemplary processing performed by the dynamic analysis subunit 1012 according to an embodiment of the present disclosure.
如图9所示,根据本公开的实施方式,动态分析子单元1012可以对函数的源代码进行动态执行,记录代码中的动态结构的大小,包括例如动态数组的长度、循环的次数、执行的特定分支、递归函数调用的次数等。As shown in FIG. 9, according to an embodiment of the present disclosure, the dynamic analysis subunit 1012 can dynamically execute the source code of the function, and record the size of the dynamic structure in the code, including, for example, the length of the dynamic array, the number of loops, the execution Specific branches, number of recursive function calls, etc.
根据本公开的实施方式,动态分析子单元1012所分析的动态代码结构可以包括包含变量的阵列的第五代码结构、非固定次数循环的第六代码结构、非固定指向分支的第七代码结构和递归函数调用的第八代码结构中的至少之一。According to an embodiment of the present disclosure, the dynamic code structure analyzed by the dynamic analysis subunit 1012 may include a fifth code structure containing an array of variables, a sixth code structure with a non-fixed number of loops, a seventh code structure with a non-fixed pointing branch, and At least one of the eighth code structures of the recursive function call.
此外,根据本公开的实施方式,动态分析子单元1012可以在源代码中通过例如代码插桩(code instrumentation)来记录每个代码变量的赋值。代码插桩是一种基本的动态测试方法,用于向源代码中添加一些语句以实现对程序的执行、变量的变化等情况的检查,可以获得程序的控制流和数据流信息。鉴于代码插桩对于本领域技术人员而言是已知的,因此为了简洁起见,本文不对其细节进行更详细的描述。In addition, according to an embodiment of the present disclosure, the dynamic analysis subunit 1012 may record the assignment of each code variable in the source code through, for example, code instrumentation. Code instrumentation is a basic dynamic testing method, which is used to add some statements to the source code to check the execution of the program, the change of variables, etc., and can obtain the control flow and data flow information of the program. Given that code instrumentation is known to those skilled in the art, its details are not described in more detail herein for the sake of brevity.
此外,如图9所示,根据本公开的其他实施方式,动态分析子单元1012可以使用动态代码结构中的变量的值对运算电路约束中的电路变量进行赋值。In addition, as shown in FIG. 9 , according to other implementations of the present disclosure, the dynamic analysis subunit 1012 can use the values of the variables in the dynamic code structure to assign values to the circuit variables in the operational circuit constraints.
图10是示出根据本公开的实施方式的动态分析子单元1012针对第五至第八代码结构执行的示例性处理的示意图。FIG. 10 is a schematic diagram illustrating exemplary processing performed by the dynamic analysis subunit 1012 for fifth to eighth code structures according to an embodiment of the present disclosure.
如图10所示,根据本公开的实施方式,动态分析子单元1012可以例如通过在执行动态代码结构时使用上文描述的静态分析子单元1011的静态分析结果来生成关于动态代码结构的运算电路约束。As shown in FIG. 10 , according to an embodiment of the present disclosure, the dynamic analysis subunit 1012 can, for example, use the static analysis results of the above-described static analysis subunit 1011 when executing the dynamic code structure to generate an operation circuit for the dynamic code structure. constraint.
具体地,包含变量的阵列的第五代码结构的具体示例可以是动态数组。如图10所示,根据本公开的实施方式,动态分析子单元1012可以根据动态代码执行的结果,确定数组的大小、数组长度以及数组内的代码变量。然后,动态分析子单元1012可以从静态分析子单元1011获取的电路约束(静态分析结果)中选择与数组变量相关的乘法电路约束。Specifically, a specific example of the fifth code structure containing an array of variables may be a dynamic array. As shown in FIG. 10 , according to an embodiment of the present disclosure, the dynamic analysis subunit 1012 can determine the size of the array, the length of the array, and the code variables in the array according to the result of dynamic code execution. Then, the dynamic analysis subunit 1012 can select the multiplication circuit constraints related to the array variables from the circuit constraints (static analysis results) obtained by the static analysis subunit 1011 .
例如,根据本公开的实施方式,动态分析子单元1012可以固定动态数组的变量并且从静态分析子单元1011获取的乘法电路约束中选择与数组变量相关的乘法电路约束。For example, according to an embodiment of the present disclosure, the dynamic analysis subunit 1012 may fix the variables of the dynamic array and select the multiplication circuit constraints related to the array variables from the multiplication circuit constraints acquired by the static analysis subunit 1011 .
此外,如图10所示,根据本公开的实施方式,对于非固定次数循环的第六代码结构(即动态循环结构),动态分析子单元1012可以根据动态代码执行的结果,确定循环的次数。然后,动态分析子单元1012可以将静态分析子单元1011获取的循环内部的乘法电路约束进行重复,重复的次数和循环的次数相同。In addition, as shown in FIG. 10 , according to an embodiment of the present disclosure, for a sixth code structure with a non-fixed number of loops (ie, a dynamic loop structure), the dynamic analysis subunit 1012 can determine the number of loops according to the result of dynamic code execution. Then, the dynamic analysis subunit 1012 may repeat the multiplication circuit constraints inside the loop acquired by the static analysis subunit 1011, and the number of repetitions is the same as the number of loops.
此外,如图10所示,根据本公开的实施方式,对于非固定指向分支的第七代码结构(即动态分支结构),动态分析子单元1012可以根据动态代码执行的结果,确定动态执行的特定分支。然后,动态分析子单元1012可以从静态分析子单元1011获取的所有分支的乘法电路约束(静态分析结果)中选择该特定分支的乘法电路约束,并且相似地附上该特定分支的范围证明的乘法电路约束。In addition, as shown in FIG. 10 , according to the embodiment of the present disclosure, for the seventh code structure (that is, the dynamic branch structure) that does not fixedly point to the branch, the dynamic analysis subunit 1012 can determine the specific code structure of the dynamic execution according to the result of the dynamic code execution. branch. Then, the dynamic analysis subunit 1012 can select the multiplication circuit constraints of the specific branch from the multiplication circuit constraints (static analysis results) of all branches obtained by the static analysis subunit 1011, and similarly attach the multiplication of the range proof of the specific branch circuit constraints.
此外,如图10所示,根据本公开的实施方式,对于递归函数调用的第八代码结构,动态分析子单元1012可以根据动态代码执行的结果,确定递归函数的调用次数。然后,动态分析子单元1012可以根据静态分析子单元1011的静态分析结果获取函数内部的乘法电路约束,随后将递归函数的所有乘法电路约束进行重复,重复的次数和递归调用的次数相同。此外,根据本公开的实施方式,动态分析子单元1012还要加上保证递归函数的调用参数和递归函数的传入参数相同的额外的相关约束。In addition, as shown in FIG. 10 , according to an embodiment of the present disclosure, for the eighth code structure called by a recursive function, the dynamic analysis subunit 1012 may determine the number of calls of the recursive function according to the result of dynamic code execution. Then, the dynamic analysis subunit 1012 can obtain the multiplication circuit constraints inside the function according to the static analysis results of the static analysis subunit 1011, and then repeat all the multiplication circuit constraints of the recursive function, and the number of repetitions is the same as the number of recursive calls. In addition, according to the embodiment of the present disclosure, the dynamic analysis subunit 1012 also adds additional relevant constraints to ensure that the calling parameters of the recursive function are the same as the incoming parameters of the recursive function.
根据如上文所述的运算电路约束生成单元101的配置和功能,可以基于静态代码分析,为例如顺序结构、所有的分支、循环、API函数调用生成乘法电路约束,并且可以基于动态代码执行,为例如动态数组、动态循环、具体执行的分支、递归函数生成乘法电路约束。此外,在动态执行的过程中记录代码变量的赋值。According to the configuration and function of the operation circuit constraint generation unit 101 as described above, it can be based on static code analysis, for example, generate multiplication circuit constraints for sequential structures, all branches, loops, API function calls, and can be based on dynamic code execution, for For example, dynamic arrays, dynamic loops, specific execution branches, and recursive functions generate multiplication circuit constraints. Additionally, assignments to code variables are recorded during dynamic execution.
现在返回图1,根据本公开的实施方式,零知识证明生成单元102可以使用运算电路约束生成单元101生成的运算电路约束生成零知识证明,其中零知识证明可以基于运算电路约束形成的多项式来构造。Now returning to FIG. 1 , according to an embodiment of the present disclosure, the zero-knowledge proof generation unit 102 can use the operational circuit constraints generated by the operational circuit constraint generation unit 101 to generate a zero-knowledge proof, wherein the zero-knowledge proof can be constructed based on a polynomial formed by the operational circuit constraints .
图11是示出根据本公开的实施方式的零知识证明生成单元102执行的示例性处理的示意图。FIG. 11 is a schematic diagram illustrating exemplary processing performed by the zero-knowledge proof generation unit 102 according to an embodiment of the present disclosure.
具体地,如图11所示,根据本公开的实施方式,对于接口函数的第四代码结构,如果存在多个不同的接口函数调用,则零知识证明生成单元102可以并发地生成零知识证明。Specifically, as shown in FIG. 11 , according to an embodiment of the present disclosure, for the fourth code structure of the interface function, if there are multiple different interface function calls, the zero-knowledge proof generation unit 102 can generate zero-knowledge proofs concurrently.
此外,如图11所示,根据本公开的实施方式,对于非固定次数循环的第六代码结构,零知识证明生成单元102可以针对重复的动态循环结构,使用累加证明生成零知识证明。In addition, as shown in FIG. 11 , according to an embodiment of the present disclosure, for the sixth code structure with a non-fixed number of loops, the zero-knowledge proof generating unit 102 can generate a zero-knowledge proof for a repeated dynamic loop structure using accumulation proofs.
相似地,如图11所示,根据本公开的实施方式,对于递归函数调用的第八代码结构,零知识证明生成单元102可以针对重复的递归函数调用结构,使用累加证明生成零知识证明。Similarly, as shown in FIG. 11 , according to an embodiment of the present disclosure, for the eighth code structure of a recursive function call, the zero-knowledge proof generating unit 102 can use cumulative proofs to generate a zero-knowledge proof for repeated recursive function call structures.
下文将结合图12和图13对零知识证明生成单元102使用累加证明生成零知识证明的处理进行更详细的描述。The process of generating a zero-knowledge proof by the zero-knowledge proof generation unit 102 using accumulated proofs will be described in more detail below with reference to FIG. 12 and FIG. 13 .
此外,如图11所示,根据本公开的实施方式,对于顺序执行的第一代码结构、固定指向分支的第二代码结构、固定次数循环的第三代码结构、包含变量的阵列的第五代码结构和非固定指向分支的第七代码结构,零知识证明生成单元102可以使用现有的零知识协议生成零知识证明。In addition, as shown in FIG. 11 , according to the embodiment of the present disclosure, for the first code structure of sequential execution, the second code structure of fixed pointing branch, the third code structure of fixed number of loops, and the fifth code structure of array containing variables The structure and the seventh code structure of the non-fixed pointing branch, the zero-knowledge proof generation unit 102 can use the existing zero-knowledge protocol to generate the zero-knowledge proof.
随后,零知识证明生成单元102可以将上述关于第一至第八代码结构的零知识证明合并成一个零知识证明。Subsequently, the zero-knowledge proof generation unit 102 may combine the above-mentioned zero-knowledge proofs about the first to eighth code structures into one zero-knowledge proof.
如上文所述,根据本公开的实施方式,如果多个代码结构的乘法电路约束是不同的(例如第四代码结构),则零知识证明生成单元102可以使用现有的零知识协议,为每个代码结构并发地生成零知识证明,从而缩短证明生成的时间。此外,如果多个代码结构的电路约束是相同的(例如第六代码结构和第八代码结构),则零知识证明生成单元102可以使用累加证明来生成零知识证明。As mentioned above, according to the embodiment of the present disclosure, if the multiplication circuit constraints of multiple code structures are different (for example, the fourth code structure), the zero-knowledge proof generation unit 102 can use the existing zero-knowledge protocol to generate Zero-knowledge proofs can be generated concurrently for each code structure, thereby shortening the proof generation time. In addition, if the circuit constraints of multiple code structures are the same (for example, the sixth code structure and the eighth code structure), the zero-knowledge proof generation unit 102 can generate the zero-knowledge proof using the accumulation proof.
具体地,根据本公开的实施方式,对于第六代码结构和第八代码结构,零知识证明生成单元102可以使用其基于运算电路约束的多项式的累加作为其零知识证明。Specifically, according to an embodiment of the present disclosure, for the sixth code structure and the eighth code structure, the zero-knowledge proof generation unit 102 may use the accumulation of polynomials based on the constraint of the operation circuit as its zero-knowledge proof.
根据本公开的实施方式,累加证明可以为多个重复的代码结构生成一个零知识证明,从而减少运算电路约束的数量以缩短零知识证明的生成时间。对于非固定次数循环的第六代码结构和递归函数调用的第八代码结构,零知识证明生成单元102可以使用累加证明来加速零知识证明的生成。According to the embodiments of the present disclosure, cumulative proofs can generate a zero-knowledge proof for multiple repeated code structures, thereby reducing the number of operational circuit constraints and shortening the generation time of the zero-knowledge proof. For the sixth code structure of the non-fixed number of loops and the eighth code structure of the recursive function call, the zero-knowledge proof generation unit 102 can use cumulative proofs to accelerate the generation of zero-knowledge proofs.
图12是示出根据本公开的实施方式的零知识证明生成单元102执行的示例性累加证明生成处理的示意图。FIG. 12 is a schematic diagram illustrating an exemplary accumulation proof generation process performed by the zero-knowledge proof generation unit 102 according to an embodiment of the present disclosure.
根据本公开的实施方式,累加证明的算法如下:According to the implementation of the present disclosure, the algorithm of accumulation proof is as follows:
如上文所述,代码结构的运算电路约束可以通过三个多项式表示为L(x)*R(x)=O(x)。As mentioned above, the operational circuit constraint of the code structure can be expressed as L(x)*R(x)=O(x) by three polynomials.
因此,生成的零知识证明可以包括三个多项式L(x)、R(x)、O(x)。多项式L(x)可以被表示为:其中vi表示运算电路的变量的赋值,li(x)表示运算电路变量的系数,并且n表示运算电路的变量的数量。多项式R(x)和O(x)可以通过与多项式L(x)相同的方式来表示,即/>和/> Therefore, the generated zero-knowledge proof can include three polynomials L(x), R(x), O(x). The polynomial L(x) can be expressed as: where v i represents the assignment of variables of the arithmetic circuit, l i (x) represents the coefficient of the variable of the arithmetic circuit, and n represents the number of variables of the arithmetic circuit. The polynomials R(x) and O(x) can be represented in the same way as the polynomial L(x), i.e. and />
如图12所示,多项式L(x)、R(x)、O(x)中的每一个表示一个代码结构的运算电路约束。例如,对于相同的代码结构,运算电路的变量的系数是相同的,不同的是运算电路的变量的赋值vi。因此,根据本公开的实施方式,零知识证明生成单元102可以基于相同的运算电路的变量的系数将不同的代码结构的运算电路约束的多项式合并,从而得到两个多项式A(X)和B(X),作为最终的累加的零知识证明。As shown in FIG. 12, each of the polynomials L(x), R(x), O(x) represents an arithmetic circuit constraint of one code structure. For example, for the same code structure, the coefficients of the variables of the arithmetic circuits are the same, and the difference is the assignment v i of the variables of the arithmetic circuits. Therefore, according to an embodiment of the present disclosure, the zero-knowledge proof generation unit 102 can combine the polynomials constrained by the operational circuits of different code structures based on the coefficients of the variables of the same operational circuit, thereby obtaining two polynomials A(X) and B( X), as the final cumulative zero-knowledge proof.
图13是示出根据本公开的实施方式的零知识证明生成单元102执行的累加证明处理的示例的示意图。FIG. 13 is a schematic diagram showing an example of accumulative proof processing performed by the zero-knowledge proof generation unit 102 according to the embodiment of the present disclosure.
如图13所示,对于两个运算电路约束(2a+b)*b=a和(4a-b)*b=a,其中存在运算电路的变量a和b。变量a的系数可以用一阶多项式表示,并且可以通过解方程(即,求取多项式的各项的系数c0和c1)来确定变量a的系数多项式为la(x)=2x。如果存在两个相同的电路约束结构,由于它们的零知识证明信息包括相同的系数多项式,但是运算电路约束的变量a的赋值不同(即图13中的a_value1和a_value2),因此可以通过累加的方式将它们合并。As shown in FIG. 13 , for two arithmetic circuits constraints (2a+b)*b=a and (4a-b)*b=a, there are variables a and b of the arithmetic circuits. The coefficient of variable a can be represented by a first-order polynomial, and can be determined by solving the equation (ie, finding the coefficients c 0 and c 1 of each term of the polynomial) to determine the coefficient polynomial of variable a as l a (x)=2x. If there are two identical circuit constraint structures, since their zero-knowledge proof information includes the same coefficient polynomial, but the assignment of the variable a of the operational circuit constraint is different (that is, a_value1 and a_value2 in Figure 13), it can be obtained by accumulating Merge them.
根据本公开的实施方式,零知识证明生成单元102可以针对没有重复结构的乘法电路约束,并发地生成零知识证明;并且针对有重复结构的乘法电路约束,使用累加证明来生成零知识证明,从而缩短证明生成的时间。According to an embodiment of the present disclosure, the zero-knowledge proof generation unit 102 can concurrently generate zero-knowledge proofs for multiplication circuit constraints without repetitive structures; Shorten proof generation time.
本公开还提供了一种用于将可执行的源代码转化为用于验证该源代码的执行过程正确性的零知识证明的数据处理方法。图14是示出根据本公开的实施方式的数据处理方法1400的流程图。The present disclosure also provides a data processing method for converting executable source code into a zero-knowledge proof for verifying the correctness of the execution process of the source code. FIG. 14 is a flowchart illustrating a data processing method 1400 according to an embodiment of the present disclosure.
数据处理方法1400开始于步骤S1401。The data processing method 1400 starts at step S1401.
随后,在步骤S1402中,自动地分析源代码以将源代码分解为代码结构,并且生成描述代码结构的运算电路约束。步骤S1402中的处理可以通过例如根据上文参照图1至13描述的数据处理装置100中包括的运算电路约束生成单元101来实现,在此不再赘述。Subsequently, in step S1402, the source code is automatically analyzed to decompose the source code into a code structure, and an operation circuit constraint describing the code structure is generated. The processing in step S1402 can be realized by, for example, the arithmetic circuit constraint generation unit 101 included in the data processing device 100 described above with reference to FIGS. 1 to 13 , and details are not repeated here.
随后,在步骤S1403中,使用运算电路约束生成零知识证明,其中零知识证明基于运算电路约束形成的多项式来构造。步骤S1403中的处理可以通过例如根据上文参照图1至13描述的数据处理装置100中包括的零知识证明生成单元102来实现,在此不再赘述。Subsequently, in step S1403, a zero-knowledge proof is generated using the operational circuit constraints, wherein the zero-knowledge proof is constructed based on a polynomial formed by the operational circuit constraints. The processing in step S1403 can be realized by, for example, the zero-knowledge proof generating unit 102 included in the data processing apparatus 100 described above with reference to FIGS. 1 to 13 , and details are not repeated here.
最后,数据处理方法1400结束于步骤S1404。Finally, the data processing method 1400 ends in step S1404.
根据本公开的用于将可执行的源代码转化为用于验证该源代码的执行过程正确性的零知识证明的数据处理技术,当应用于例如基于区块链架构的数据处理过程时,能够将复杂的链上业务逻辑转移到链下计算,并且自动地为链下的计算以及相关的数据生成零知识证明,从而保证链下计算的正确性。特别地,该数据处理技术能够自动分析链下计算的源代码以将计算过程转化为电路约束,并且使用如上文所述的生成并发证明和累积证明的优化的零知识证明协议为其生成证明。这样,可以在保证安全性的同时降低区块链的计算代价。According to the data processing technology for converting executable source code into a zero-knowledge proof for verifying the correctness of the execution process of the source code according to the present disclosure, when applied to a data processing process based on a blockchain architecture, for example, it can Transfer complex on-chain business logic to off-chain calculations, and automatically generate zero-knowledge proofs for off-chain calculations and related data, thereby ensuring the correctness of off-chain calculations. In particular, this data processing technique is able to automatically analyze the source code of off-chain computations to convert the computation process into circuit constraints, and generate proofs for them using an optimized zero-knowledge proof protocol that generates concurrent proofs and cumulative proofs as described above. In this way, the computational cost of the blockchain can be reduced while ensuring security.
图15是示出可用来实现根据本公开的实施方式的数据处理方法1400和数据处理装置100的通用机器1500的结构简图。通用机器1500可以是例如计算机系统。应注意,通用机器1500只是一个示例,并非暗示对本公开的数据处理方法和数据处理装置的使用范围或者功能的局限。也不应将通用机器1500解释为对上述数据处理方法或数据处理装置中示出的任一组件或其组合具有依赖或需求。FIG. 15 is a simplified structural diagram showing a general-purpose machine 1500 that can be used to implement a data processing method 1400 and a data processing device 100 according to an embodiment of the present disclosure. General purpose machine 1500 may be, for example, a computer system. It should be noted that the general-purpose machine 1500 is just an example, and does not imply limitations on the scope of use or functions of the data processing method and data processing apparatus of the present disclosure. Nor should the general-purpose machine 1500 be interpreted as having any dependency or requirement on any one or combination of components shown in the above-mentioned data processing method or data processing apparatus.
在图15中,中央处理单元(CPU)1501根据只读存储器(ROM)1502中存储的程序或从存储部分1508加载到随机存取存储器(RAM)1503的程序执行各种处理。在RAM 1503中,还根据需要存储当CPU 1501执行各种处理等等时所需的数据。CPU 1501、ROM 1502和RAM 1503经由总线1504彼此连接。输入/输出接口1505也连接到总线1504。In FIG. 15 , a central processing unit (CPU) 1501 executes various processes according to programs stored in a read only memory (ROM) 1502 or loaded from a storage section 1508 to a random access memory (RAM) 1503 . In the RAM 1503, data required when the CPU 1501 executes various processes and the like is also stored as necessary. The CPU 1501 , ROM 1502 , and RAM 1503 are connected to each other via a bus 1504 . The input/output interface 1505 is also connected to the bus 1504 .
下述部件也连接到输入/输出接口1505:输入部分1506(包括键盘、鼠标等等)、输出部分1507(包括显示器,例如阴极射线管(CRT)、液晶显示器(LCD)等,和扬声器等)、存储部分1508(包括硬盘等)、通信部分1509(包括网络接口卡例如LAN卡、调制解调器等)。通信部分1509经由网络例如因特网执行通信处理。根据需要,驱动器1510也可连接到输入/输出接口1505。可拆卸介质1511例如磁盘、光盘、磁光盘、半导体存储器等等可以根据需要被安装在驱动器1510上,使得从中读出的计算机程序可根据需要被安装到存储部分1508中。The following components are also connected to the input/output interface 1505: an input section 1506 (including a keyboard, a mouse, etc.), an output section 1507 (including a display such as a cathode ray tube (CRT), a liquid crystal display (LCD), etc., and a speaker, etc.) , a storage section 1508 (including a hard disk, etc.), a communication section 1509 (including a network interface card such as a LAN card, a modem, etc.). The communication section 1509 performs communication processing via a network such as the Internet. A driver 1510 may also be connected to the input/output interface 1505 as needed. A removable medium 1511 such as a magnetic disk, optical disk, magneto-optical disk, semiconductor memory, etc. can be mounted on the drive 1510 as needed, so that a computer program read therefrom can be installed into the storage section 1508 as needed.
在通过软件实现上述系列处理的情况下,可以从网络例如因特网或从存储介质例如可拆卸介质1511安装构成软件的程序。In the case where the above-described series of processing is realized by software, the program constituting the software can be installed from a network such as the Internet or from a storage medium such as the removable medium 1511 .
本领域的技术人员应当理解,这种存储介质不局限于图15所示的其中存储有程序、与设备相分离地分发以向用户提供程序的可拆卸介质1511。可拆卸介质1511的例子包含磁盘(包含软盘)、光盘(包含光盘只读存储器(CD-ROM)和数字通用盘(DVD))、磁光盘(包含迷你盘(MD)(注册商标))和半导体存储器。或者,存储介质可以是ROM 1502、存储部分1508中包含的硬盘等等,其中存有程序,并且与包含它们的设备一起被分发给用户。Those skilled in the art should understand that such a storage medium is not limited to the removable medium 1511 shown in FIG. 15 in which the program is stored and distributed separately from the device to provide the program to the user. Examples of the removable medium 1511 include magnetic disks (including floppy disks), optical disks (including compact disk read only memory (CD-ROM) and digital versatile disks (DVD)), magneto-optical disks (including MiniDisc (MD) (registered trademark)), and semiconductor disks. memory. Alternatively, the storage medium may be the ROM 1502, a hard disk contained in the storage section 1508, or the like, in which programs are stored and distributed to users together with devices containing them.
此外,本公开还提出了一种存储有机器可读取的指令代码的程序产品。所述指令代码由机器读取并执行时,可执行上述根据本公开的数据处理方法。相应地,用于承载这种程序产品的上面列举的各种存储介质也包括在本公开的范围内。In addition, the present disclosure also proposes a program product storing machine-readable instruction codes. When the instruction code is read and executed by a machine, the above data processing method according to the present disclosure can be executed. Accordingly, the various storage media listed above for carrying such program products are also included in the scope of the present disclosure.
上面已通过框图、流程图和/或实施方式进行了详细描述,阐明了根据本公开的实施方式的装置和/或方法的具体实施方式。当这些框图、流程图和/或实施方式包含一个或多个功能和/或操作时,本领域的技术人员明白,这些框图、流程图和/或实施方式中的各功能和/或操作可以通过各种硬件、软件、固件或实质上它们的任意组合而单独地和/或共同地实施。在一种实施方式中,本说明书中描述的主题的几个部分可通过特定用途集成电路(ASIC)、现场可编程门阵列(FPGA)、数字信号处理器(DSP)或其他集成形式实现。然而,本领域的技术人员会认识到,本说明书中描述的实施方式的一些方面能够全部或部分地以在一个或多个计算机上运行的一个或多个计算机程序的形式(例如,以在一个或多个计算机系统上运行的一个或多个计算机程序的形式)、以在一个或多个处理器上运行的一个或多个程序的形式(例如,以在一个或多个微处理器上运行的一个或多个程序的形式)、以固件的形式、或以实质上它们的任意组合的形式等效地实施,并且,根据本说明书中公开的内容,设计用于本公开的电路和/或编写用于本公开的软件和/或固件的代码完全是在本领域技术人员的能力范围之内。The above has been described in detail through block diagrams, flow charts and/or implementations, illustrating specific implementations of devices and/or methods according to implementations of the present disclosure. When these block diagrams, flowcharts, and/or implementations include one or more functions and/or operations, those skilled in the art will understand that each function and/or operation in these block diagrams, flowcharts, and/or implementations can be achieved by Various hardware, software, firmware, or essentially any combination thereof, individually and/or collectively. In one embodiment, several portions of the subject matter described in this specification may be implemented in application specific integrated circuits (ASICs), field programmable gate arrays (FPGAs), digital signal processors (DSPs), or other integrated formats. However, those skilled in the art will recognize that some aspects of the implementations described in this specification can be fully or partially in the form of one or more computer programs running on one or more computers (for example, in the form of in the form of one or more computer programs running on one or more computer systems), in the form of one or more programs running on one or more processors (e.g., in the form of in the form of one or more programs), in the form of firmware, or in the form of substantially any combination thereof, and, according to the content disclosed in this specification, the circuits and/or Writing the code for the software and/or firmware of the present disclosure is well within the capabilities of those skilled in the art.
尽管上面已经通过对本公开的具体实施方式的描述对本公开进行了披露,但是,应该理解,本领域的技术人员可在所附权利要求的精神和范围内设计对本公开的各种修改、改进或者等同物。这些修改、改进或者等同物也应当被认为包括在本公开的保护范围内。Although the present disclosure has been disclosed above through the description of specific embodiments of the present disclosure, it should be understood that those skilled in the art can design various modifications, improvements or equivalents to the present disclosure within the spirit and scope of the appended claims thing. These modifications, improvements or equivalents should also be considered to be included in the protection scope of the present disclosure.
综上,在根据本公开的实施方式中,本公开提供了如下方案,但不限于此:To sum up, in the embodiments according to the present disclosure, the present disclosure provides the following solutions, but is not limited thereto:
方案1.一种数据处理装置,用于将可执行的源代码转化为用于验证所述源代码的执行过程正确性的零知识证明,包括:Scheme 1. A data processing device for converting executable source code into a zero-knowledge proof for verifying the correctness of the execution process of the source code, comprising:
运算电路约束生成单元,被配置成自动地分析所述源代码以将所述源代码分解为代码结构,并且生成描述所述代码结构的运算电路约束;以及an arithmetic circuit constraint generation unit configured to automatically analyze the source code to decompose the source code into a code structure, and generate arithmetic circuit constraints describing the code structure; and
零知识证明生成单元,被配置成使用所述运算电路约束生成所述零知识证明,其中所述零知识证明基于所述运算电路约束形成的多项式来构造。A zero-knowledge proof generation unit configured to generate the zero-knowledge proof using the operational circuit constraints, wherein the zero-knowledge proof is constructed based on a polynomial formed by the operational circuit constraints.
方案2.根据方案1所述的数据处理装置,其中,所述源代码用于在区块链架构中对与应用相关的数据进行链下预处理。Solution 2. The data processing device according to solution 1, wherein the source code is used to perform off-chain preprocessing on application-related data in a blockchain architecture.
方案3.根据方案1所述的数据处理装置,其中,所述运算电路约束具有所述源代码中包括的变量的乘法式的形式。Aspect 3. The data processing device according to Aspect 1, wherein the arithmetic circuit constraint has a form of a multiplicative expression of variables included in the source code.
方案4.根据方案1至3中任一项所述的数据处理装置,其中,所述运算电路约束生成单元包括:Scheme 4. The data processing device according to any one of schemes 1 to 3, wherein the operation circuit constraint generating unit includes:
静态分析子单元,被配置成对所述源代码的静态代码结构进行分析以生成关于所述静态代码结构的运算电路约束,其中所述静态代码结构在所述源代码的执行期间不变;以及a static analysis subunit configured to analyze a static code structure of the source code to generate operational circuit constraints on the static code structure, wherein the static code structure does not change during execution of the source code; and
动态分析子单元,被配置成执行所述源代码的动态代码结构以生成关于所述动态代码结构的运算电路约束,其中所述动态代码结构在所述源代码的执行期间基于变量而动态变化。A dynamic analysis subunit configured to execute a dynamic code structure of the source code to generate operational circuit constraints on the dynamic code structure, wherein the dynamic code structure changes dynamically based on variables during execution of the source code.
方案5.根据方案4所述的数据处理装置,其中,所述静态分析子单元被配置成分析所述源代码以查找具有不确定性的代码结构,以便于对所述具有不确定性的代码结构进行修改。Scheme 5. The data processing device according to scheme 4, wherein the static analysis subunit is configured to analyze the source code to find a code structure with uncertainty, so as to analyze the code structure with uncertainty The structure is modified.
方案6.根据方案5所述的数据处理装置,其中,所述具有不确定性的代码结构包括无返回结果的递归函数调用的代码结构、死循环的代码结构和指向不确定的分支的代码结构中的至少之一。Scheme 6. The data processing device according to scheme 5, wherein the code structure with uncertainty includes a code structure of a recursive function call without a return result, a code structure of an infinite loop, and a code structure pointing to an uncertain branch at least one of the .
方案7.根据方案4所述的数据处理装置,其中,所述静态代码结构包括顺序执行的第一代码结构、固定指向分支的第二代码结构、固定次数循环的第三代码结构和接口函数的第四代码结构中的至少之一。Scheme 7. The data processing device according to scheme 4, wherein the static code structure includes a first code structure executed sequentially, a second code structure fixedly pointing to a branch, a third code structure fixed number of cycles and an interface function At least one of the fourth code structures.
方案8.根据方案7所述的数据处理装置,其中,所述第四代码结构的运算电路约束是预先确定的。Solution 8. The data processing device according to solution 7, wherein the arithmetic circuit constraint of the fourth code structure is predetermined.
方案9.根据方案4所述的数据处理装置,其中,所述动态代码结构包括包含变量的阵列的第五代码结构、非固定次数循环的第六代码结构、非固定指向分支的第七代码结构和递归函数调用的第八代码结构中的至少之一。Scheme 9. The data processing device according to scheme 4, wherein the dynamic code structure includes a fifth code structure comprising an array of variables, a sixth code structure with a non-fixed number of loops, and a seventh code structure with a non-fixed pointing branch and at least one of the eighth code structure of the recursive function call.
方案10.根据方案4所述的数据处理装置,其中,所述动态分析子单元通过在执行所述动态代码结构时使用静态分析子单元的静态分析结果来生成关于所述动态代码结构的运算电路约束。Item 10. The data processing device according to item 4, wherein the dynamic analysis subunit generates an operation circuit on the dynamic code structure by using a static analysis result of the static analysis subunit when executing the dynamic code structure constraint.
方案11.根据方案9所述的数据处理装置,其中,对于所述第六代码结构和所述第八代码结构,所述零知识证明生成单元使用其基于运算电路约束的多项式的累加作为其零知识证明。Scheme 11. The data processing device according to scheme 9, wherein, for the sixth code structure and the eighth code structure, the zero-knowledge proof generation unit uses the accumulation of its polynomials based on arithmetic circuit constraints as its zero proof of knowledge.
方案12.一种数据处理方法,用于将可执行的源代码转化为用于验证所述源代码的执行过程正确性的零知识证明,包括:Scheme 12. A data processing method for converting executable source code into a zero-knowledge proof for verifying the correctness of the execution process of the source code, comprising:
自动地分析所述源代码以将所述源代码分解为代码结构,并且生成描述所述代码结构的运算电路约束;以及automatically analyzing the source code to decompose the source code into a code structure and generate computational circuit constraints describing the code structure; and
使用所述运算电路约束生成所述零知识证明,其中所述零知识证明基于所述运算电路约束形成的多项式来构造。The zero-knowledge proof is generated using the operational circuit constraints, wherein the zero-knowledge proof is constructed based on a polynomial formed by the operational circuit constraints.
方案13.根据方案12所述的数据处理方法,其中,所述源代码用于在区块链架构中对与应用相关的数据进行链下预处理。Solution 13. The data processing method according to solution 12, wherein the source code is used to perform off-chain preprocessing on application-related data in the blockchain architecture.
方案14.根据方案12所述的数据处理方法,其中,所述运算电路约束具有所述源代码中包括的变量的乘法式的形式。Item 14. The data processing method according to item 12, wherein the arithmetic circuit constraint is in the form of a multiplication of variables included in the source code.
方案15.根据方案12至14中任一项所述的数据处理方法,其中,自动地分析所述源代码以将所述源代码分解为代码结构,并且生成描述所述代码结构的运算电路约束的步骤包括:Scheme 15. The data processing method according to any one of schemes 12 to 14, wherein the source code is automatically analyzed to decompose the source code into a code structure and generate arithmetic circuit constraints describing the code structure The steps include:
对所述源代码的静态代码结构进行分析以生成关于所述静态代码结构的运算电路约束,其中所述静态代码结构在所述源代码的执行期间不变;以及analyzing a static code structure of the source code to generate computational circuit constraints on the static code structure, wherein the static code structure does not change during execution of the source code; and
执行所述源代码的动态代码结构以生成关于所述动态代码结构的运算电路约束,其中所述动态代码结构在所述源代码的执行期间基于变量而动态变化。A dynamic code structure of the source code is executed to generate operational circuit constraints on the dynamic code structure, wherein the dynamic code structure changes dynamically based on variables during execution of the source code.
方案16.根据方案15所述的数据处理方法,其中,对所述源代码的静态代码结构进行分析包括分析所述源代码以查找具有不确定性的代码结构,以便于对所述具有不确定性的代码结构进行修改。Scheme 16. The data processing method according to scheme 15, wherein analyzing the static code structure of the source code comprises analyzing the source code to find a code structure with uncertainty, so as to analyze the static code structure with uncertainty The permanent code structure is modified.
方案17.根据方案16所述的数据处理方法,其中,所述具有不确定性的代码结构包括无返回结果的递归函数调用的代码结构、死循环的代码结构和指向不确定的分支的代码结构中的至少之一。Scheme 17. The data processing method according to scheme 16, wherein the uncertain code structure includes a code structure of a recursive function call without a return result, a code structure of an infinite loop, and a code structure pointing to an uncertain branch at least one of the .
方案18.根据方案15所述的数据处理方法,其中,所述静态代码结构包括顺序执行的第一代码结构、固定指向分支的第二代码结构、固定次数循环的第三代码结构和接口函数的第四代码结构中的至少之一。Scheme 18. The data processing method according to scheme 15, wherein the static code structure includes a first code structure executed sequentially, a second code structure fixedly pointing to a branch, a third code structure fixed number of cycles, and an interface function At least one of the fourth code structures.
方案19.根据方案15所述的数据处理方法,其中,所述动态代码结构包括包含变量的阵列的第五代码结构、非固定次数循环的第六代码结构、非固定指向分支的第七代码结构和递归函数调用的第八代码结构中的至少之一。Scheme 19. The data processing method according to scheme 15, wherein the dynamic code structure includes a fifth code structure containing an array of variables, a sixth code structure with a non-fixed number of loops, and a seventh code structure with a non-fixed pointing branch and at least one of the eighth code structure of the recursive function call.
方案20.一种计算机可读存储介质,其上存储有程序,所述程序在被计算机执行时使得所述计算机执行数据处理方法,所述数据处理方法用于将可执行的源代码转化为用于验证所述源代码的执行过程正确性的零知识证明,包括:Solution 20. A computer-readable storage medium, on which a program is stored, and when the program is executed by a computer, the computer executes a data processing method, and the data processing method is used to convert executable source code into A zero-knowledge proof for verifying the correctness of the execution process of the source code, including:
自动地分析所述源代码以将所述源代码分解为代码结构,并且生成描述所述代码结构的运算电路约束;以及automatically analyzing the source code to decompose the source code into a code structure and generate computational circuit constraints describing the code structure; and
使用所述运算电路约束生成所述零知识证明,其中所述零知识证明基于所述运算电路约束形成的多项式来构造。The zero-knowledge proof is generated using the operational circuit constraints, wherein the zero-knowledge proof is constructed based on a polynomial formed by the operational circuit constraints.
Claims (10)
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210108791.4A CN116560668A (en) | 2022-01-28 | 2022-01-28 | Data processing device and data processing method |
| JP2023007773A JP2023110884A (en) | 2022-01-28 | 2023-01-23 | Data processing device and data processing method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210108791.4A CN116560668A (en) | 2022-01-28 | 2022-01-28 | Data processing device and data processing method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116560668A true CN116560668A (en) | 2023-08-08 |
Family
ID=87490379
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210108791.4A Pending CN116560668A (en) | 2022-01-28 | 2022-01-28 | Data processing device and data processing method |
Country Status (2)
| Country | Link |
|---|---|
| JP (1) | JP2023110884A (en) |
| CN (1) | CN116560668A (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118520516B (en) * | 2024-07-19 | 2024-09-24 | 湖南天河国云科技有限公司 | Privacy computing method and system capable of verifying computing process and tracing original data |
-
2022
- 2022-01-28 CN CN202210108791.4A patent/CN116560668A/en active Pending
-
2023
- 2023-01-23 JP JP2023007773A patent/JP2023110884A/en active Pending
Also Published As
| Publication number | Publication date |
|---|---|
| JP2023110884A (en) | 2023-08-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3707852B1 (en) | Arithmetic enhancement of c-like smart contracts for verifiable computation | |
| US20100223599A1 (en) | Efficient symbolic execution of software using static analysis | |
| US20090328013A1 (en) | Componentization of compiler functionality | |
| US11188911B2 (en) | Object oriented smart contracts for UTXO-based blockchains | |
| Kobayashi et al. | Temporal verification of programs via first-order fixpoint logic | |
| de Oliveira et al. | Synthesizing invariants by solving solvable loops | |
| US9104428B1 (en) | Wide-spectrum type system incorporating representation types, correctness types, coercions, and function overload resolution | |
| Shashidhar et al. | Verification of source code transformations by program equivalence checking | |
| Nguyen et al. | Quantum circuit transformations with a multi-level intermediate representation compiler | |
| CN116560668A (en) | Data processing device and data processing method | |
| Paquet | Intensional scientific programming | |
| Bramas | Inastemp: A Novel Intrinsics‐as‐Template Library for Portable SIMD‐Vectorization | |
| Mirliaz et al. | A flow-insensitive-complete program representation | |
| Straznickas | Towards a verified first-stage bootloader in Coq | |
| CN114564686B (en) | Method, device, system and storage medium for generating operators for tensor operations | |
| US11694197B2 (en) | Object oriented smart contracts for UTXO-based blockchains | |
| Zhang et al. | Joint mitigation of quantum gate and measurement errors via the Z-mixed-state expression of the Pauli channel | |
| Blech et al. | Certifying compilers using higher-order theorem provers as certificate checkers | |
| Xu et al. | D-Hammer: Efficient Equational Reasoning for Labelled Dirac Notation | |
| Yogananda Jeppu et al. | Enhancing active model learning with equivalence checking using simulation relations | |
| Yaseen et al. | Comparative Analysis of Smart Contract Vulnerability Detection: Traditional RegEx vs DL Codebert Model | |
| Kähkönen | Implementing Delegable Inference for Graphical Models | |
| Egidi et al. | NDED-Numerical derivatives from equispaced data | |
| Ballou et al. | Identifying minimal changes in the zone abstract domain | |
| Joisha et al. | A Software Tool for Inferring Types in MATLAB |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |