Introduction Multi-Party Computation (MPC) heaivly relies on the primitive of Shamir's secret sharing (SSS) for various use cases. In this secret-sharing scheme a set of $n$ parties would like to hold a secret in a distributed manner. The secret, which will be denoted $s$ for the rest of this document, is an element of a field $\mathbb{Z}_p$. It is important to mention that "distributed manner" means that party $i$ will hold a piece of information, denoted $p_i$ so that : For each set of $t+1$ parties they will be able to retrieve, or make a certain MPC-driven computation on $s$. Each set of up to $t$ parties who choose to collude can learn nothing about $s$. The parameters $t$ and $n$ are known prior to the sharing of the secret. In the basic setting of Shamir's secret sharing there is a trusted-dealer who send to each party $i$ its corresponding $p_i$. So what is this $p_i$, and how does it look like? Shamir's Secret Sharing

While implementing some code relating to Bitcoin's P2P network security I've stumbled upon a long standing issue in Bitcoin caused by no other than Satoshi himself. To better explain it we'll first have to get acquainted a little bit deeper with Bitcoin's transaction format. So a bitcoin transaction has the following fields. version. witnessFlag, optional. inputsNum, the number of inputs in the transaction. inputs, an array of length inputsNum describing the inputs of the transaction. outputsNum, the number of outputs in the transaction.

Disclaimer and Foreword Recently I've been working on an implementation of FFTs over finite fields for some purposes (which I'll write about some day). I was finding the algorithm and the problem neat and thought it would be nice to share what are FFTs, how are they computed and what can be done with them. While reading please remember that FFTs are a gigantic subject with lots of cool caveats, algorithms and use-cases. This post only intends to be merely an introductory to the subject. If you have further questions about this post or if you find this topic interesting and want to discuss about it or general aspects of crypto, feel free to reach out on Telegram or on Twitter. Introduction Use cases Polynomials are a very interesting algebraic construct.

Schnorr Signature Scheme Notation: $[n] = {0,...,n-1}$ Public Parameters: A group $\mathcal{G}$ of prime size $n$ with generator $G$. A hash function $H:{0,1}^*\rightarrow [n]$

Introduction Another great week has passed in the zkhack event and I'm thrilled to share with you another writeup for another challenge that I (Matan Hamilis) have solved with Elichai Turkel and Shalevos. We have written also solutions to the first problem and the second problem, go ahead and check them out someday :) This puzzle called "Double Trouble" gives us some introductory material about ZK-proofs and Schnorr's Knowledge-of-Descrete-Logarithm Zero-Knowledge-Proof-of-Knowledge protocol. If all this means nothing to you we will get to it right away, it you already know about it, feel free to skip forward. Zero Knowledge Proofs If you're taking part in the awesome zkhack event you've probably already heard about Zero Knowledge proofs, at least by name.

Intro A really cool event is ongoing now in the Zero-Knowledge community - the ZK-Hack (details: https://zkhack.dev). Every week a workshop about one of the ZK technologies being developed today is given (details). The first one, given on 26/10/2021 was an introductory workshop about the field of Zero Knowledge Proofs with a great historical introduction. The event is ongoing for the following seven weeks, with each week a new puzzle is published after the workshop of that week is given. In this post I'll share a write-up of the first puzzle (link) I was solving with Elichai and Shalev. Let's Hash it Out So before the puzzle we are given introductory material to two topics in cryptography: BLS Signatures Pedersen Hashes

Following a previous post of mine I'm posting now an article introducing garbled circuits. If you have any comments or thoughts while reading you want to share, send me a message on Telegram (https://t.me/hamilis) and I'll be happy to chat! Introduction General Notion In this article I'd like to give some introduction to Garbled Circuits (Abbr.: GC). If you have reached to this article and are wondering what is a Garbled Circuit, you are probably at least somewhat familiar with Multi-Party-Computation (Abbr.: MPC) and cryptography. To make things clear, let's say that MPC is a sub-domain of cryptography that deals with methods which allow a set of mistrusting parties, each holding its own input, to compute a function of those inputs such that none of the parties learn anything about the input of the other parties (besides what can be trivially inferred about it from the input). For example, consider Yao's Millionaires Problem in which a two millionaires would like to know which of them is richer without disclosing their fortune. Each millionaire's input would be the value of its fortune and the function to be evaluated (which returns True or False) is whether the first input is bigger than the second input.