Skip to content

Latest commit

 

History

History
49 lines (34 loc) · 2.84 KB

README.md

File metadata and controls

49 lines (34 loc) · 2.84 KB

Boomerang

This is an implementation of "Boomerang", a novel decentralised privacy-preserving incentive protocol that leverages cryptographic black box accumulators to securely store user interactions within incentive systems. The protocol employs black-box accumulators, zero-knowledge proofs, the ACL signature scheme and Pedersen commitments for issuance, accumulation and redemption. In this way, systems can transparently compute rewards for users, ensuring verifiability while preserving their privacy.

Quick Start

In order to build, run either:

make

or

cargo build

To test:

cargo test --release

To benchmark:

cargo bench

To see the protocol in action, run the end2end example client and server programs in separate terminals (this will use the secp256k1 curve):

cargo run --example server

and then

cargo run --example client

Components

The implementation is broken down into a number of crates handling specific parts of the protocol, tests, and demonstration code.

  • boomerang: Overall protocol implementation with separate representations for the client and server sides. It implements the issuance, collection and spend-verify sub-protocols.
  • pedersen: Commitment scheme after Pedersen,Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing.” Advances in Cryptology CRYPTO ’91, LNCS 576, pp. 129-140, 1992. Based on code from the CDLS paper.
  • acl: Anonymous Credentials Light blind signature system after Baldimtsi and Lysyanskaya, 2012.
  • bulletproofs: Zero-knowledge proof scheme from Short proofs for Confidential Transactions, 2017. This implementation is derived from the one by dalek cryptography with some borrowing from the curve tree fork and Alex Ozdemir's arkworks version. Used under the MIT license.
  • macros: Various utilities for generating test/bench/e2e boilerplate. Also from CDLS, but heavily modified.
  • demo: A demo of the e2e functionality using secp256k1.
  • t256 and t384: Elliptic curve implementations of the "Thom" representation of NIST-256 and NIST-384 curves (see ZKAttest) using the arkworks framework. These are also from the CDLS library. This is only for testing and should not be used in the whole boomerang protocol.
  • tsecp256k1 and tsecq256k1; Elliptic curve implementations of secp256k1 and secq256k1 2-cycle curves using the arkworks framework. These are the curves used in Boomerang.