Findora-零知识证明Podcast特辑

Findora的技术大拿Ben Fisch和研究主管Benedikt Bünz最近来到由Anna Rose和Fredrik Harrysson主持的零知识Podcast，讨论了Findora及其为公链提供支持的底层技术。开始之前，Ben和Benedikt谈到了他们最近的一些研究重点以及对Findora的关注。

引 言

Ben和Benedikt都是美国工程院院士Dan Boneh教授在斯坦福大学的应用密码学系的成员。他们认为这种环境为研究密码学的诸多领域的提供了绝佳条件。他们的研究小组正在研究众多有趣的主题，包括零知识证明系统，经过身份验证的数据结构（ADS），抗量子签名以及对抗性机器学习。

Benedikt一直在研究新的加密学工具。其中最显著的是两个新的零知识证明系统。第一个系统叫做Supersonic。Supersonic 与Benedikt的较早发明的"防弹"类似，不仅不依赖于受信任的设置，并且有相当小的尺寸。而且与任何zk-SNARK一样，Supersonic的验证速度非常之快。第二个系统叫做Halo，出自Zcash的证明系统，这是由Benedikt与加州大学伯克利博士Pratyush Mishra和Alessandro Chiesa教授共同研发的。使用Halo，可以使递归证明组合更加行之有效。这意味着您可以有效地证明另一个证明是正确的，然后又像证明聚合器一样再次证明该证明是正确的。例如，你可以通过一个证明来证明一个区块链的状态是正确的。换句话说，用户只需要检验一个小的证明而不是整个区块链即可验证其正确性。

Benedikt补充说：“关于学术界，尤其是在密码学领域，最伟大的事情之一就是我们如何迅速发展自己的思想并彼此分享。人们将立即开始尝试并与他们一起创新。这使得我们能够在研究过程中找出看似微不足道但实际非常重要的问题。这样一来，通常会带来全新的创新浪潮以解决眼前的问题并基于此创建新的实现用例。您最终得到的是一个巨大的正反馈回路，这是推动加密技术（尤其是零知识证明）中大规模技术改进的重要部分。”

Ben作为Findora的CTO，在Findora的工程团队中担任领导角色，该团队目前有35名工程师，并且还在不断增长。Ben为Findora的合作伙伴们在启动测试网方面做出了很多努力。该测试网在八月启动，为合作伙伴提供测试版本的Findora，以开始测试其某些功能。Ben也在持续对零知识证明和经验证数据结构的研究。在2019年夏天，Ben与Benedikt等人一起发表了有关Supersonic的论文，这是在无需信任设置的零知识证明方向的重大发展。此后，Ben进行了进一步改进Supersonic的工作。他还在对多项式的承诺方案进行其他改进，这也是许多现代零知识证明系统和可验证计算系统的基础的主要工具。

Ben说：“您可能听说过许多零知识证明系统，例如Marlin，Sonic，PLONK，STARKS等，他们可以分为两个部分。其中一个是信息理论部分，它是构成系统的主干，另一个是一个多项式承诺方案，利用该方案可以编译信息理论部分。在DARK论文中，我们试图阐明这两个组件之间的模块化。例如，将PLONK的信息理论部分与DARK多项式承诺方案相结合，便构成了Supersonic。

Findora的开端

接下来，他们谈到了Findora的创立。当Ben被问及Findora是如何创立时， Ben解释说，在2018年夏天，他会见了创始人也是最初的种子投资者Lily Chao和Stanford校产基金前首席执行官John Powers。会面后不久，他们迎来了Benedikt和Charles Lu的加入。Ben认为，将拥有丰富经验和知识的人们聚集在一起对项目的成功至关重要。

Benedikt表示：“成立Findora的最初动力实际上是来自于Lily和John数十年的金融从业经验，他们对当前金融业的许多痛点了如指掌。区块链和零知识证明方面的工具具有能解决他们在职业生涯中面临的许多问题的真正潜力。他们决定将他们的金融知识与我们在密码学方面的专业知识相结合，以构建一个解决现实问题的平台，这仍然是推动Findora的背后动力。”

Ben继续提供了有关Findora当前状态的更多信息：“我们目前拥有一家技术开发公司并推动Findora基金会的运营。这家开发公司正在构建一个多功能交易系统，该系统是一种高性能区块链系统，但重点在于隐私。我们可以称其为基于区块链的隐私交易系统。"多功能" 意味着它可以用于发行任何性质的资产，包括加密货币、法币、股权、债券和衍生品。它以中本聪共识为主，但同时也可以与任何共识算法一起使用来构成侧链。

金融机构可以用Findora替换其当前的基础结构，从而获得更多的隐私和效率。Findora还可以用作类似于以太坊的分散网络的骨干网，但在基础层具有内置的隐私保证。Findora基金会的重点是提供可以在去中心化共识算法上运行的公共服务。总而言之，Findora允许其他区块链具有相同的公共可访问性和可审计性，同时最大程度地保留了隐私。”

Benedikt补充说：“除了Findora的模块化和机密性功能之外，Findora真正与众不同的地方在于它能够执行自定义规则，并真正将隐私与合规性结合在一起。例如，您可以在Findora上拥有机密资产，发行人附有一项资产制度，规定该资产只能在欧盟公民之间转移。分类帐可以执行这些类型的规则，而不必甚至揭示规则的确切含义，而与交易涉及的各方是欧盟公民相比，这要少得多。即使有关交易的所有信息都是机密的，用户仍然可以验证该规则是否被正确遵循。因此，在Findora，Defi应用开发者可以轻松地遵循其管辖范围内制定的法规，而不必牺牲隐私权。”

使用为Findora开发的领域特定语言"Discret"，用户可以编写资产制度并建立智能合约，这些合约是为可预测性和静态分析而构建的。"Discret"和以太坊的 Solidity很不一样，但是它的重点在于涵盖金融应用所需的功能。Discret的设计目标之一是合并零知识证明，因为它是为Findora中大多数隐私和合规保证的基础。为此，将资产制度直接编译到电路中，然后与零知识编译器一起创建保密资产制度和智能合约。简而言之，您可以从Discret语言开始，该语言可以编译成电路，再编译成零知识证明系统，然后可以由公众进行验证。

将Findora与其他项目进行比较

接下来的问题是，Findora是否与其他现有的项目类似。Ben解释说，在以太坊之上构建了许多利用零知识证明的项目，但它们仅限于以太坊虚拟机。Findora是以一个独立的系统建立的，从而具有比以太坊上构建的其他项目更突出的性能表现。在另一个方面，正如前面所提到的，Findora支持许多用例所需的模块化：包括从银行服务到去中心化区块链和加密货币。

由于支持侧链模块化，Findora还可以轻松实现互操作。例如，通过插入Tendermint这样的共识协议，您可以创建类似于Cosmos的区块链网络。我们还可以创建一个可与Polkadot或Ethereum互操作的版本。最后，互操作性来自使用相同语言的系统。Findora原则上与所有这些语言兼容，因此归根结底，它只需专注于努力将系统连接在一起。

Benedikt扩展了对以太坊智能合约的比较：“有时我们会被问到，'为什么你们不将Findora打造成以太坊智能合约呢？'。?部分原因就在于要使零知识证明更加高效，我们需要投入大量工作。而且为了处理现实世界的系统，我们需要想尽所有的最优化方案。我们需要处理许多交易，并保持系统的灵活性。因此，将其作为基础层协议比试图让它在EVM的约束下运行要可行得多。”

Findora中的零知识证明

在前面的介绍中，Bulletproofs和Supersonic有被简单提到过，Benedikt想借此机会告诉听众更多关于这些工具是如何被应用于Findora的：

“我们的目标是在Findora中实现隐私与透明度之间的平衡。零知识证明是我们用于此目的的关键工具之一。像比特币这样的系统会在链上透明发布所有交易的输入和输出。同样在以太坊中，所有人都可以看到智能合约的所有输入。在Findora中，我们可以将所有内容（发件人，收件人，交易明细和合同数据）隐藏在零知识证明中。我们对不同类型的交易使用不同的工具。

对于简单的交易，例如基本的保密资产转移，我们会使用Bulletproofs。但如果交易变得复杂，使用Bulletproof验证就太昂贵了。因此对于高复杂度的交易，我们需要类似于ZK-SNARK的工具，即使使用了非常复杂的语句，也仍然易于验证。这就是Supersonic闪光之处：?即使需要证明复杂的陈述，比如通过Discret添加到资产的特定规则，它也仍然易于验证。与Bulletproofs一样，它不需要受信任的设置即可发挥作用。”

Ben补充道：“我们还使用了其他可用于特殊用例场景的工具，它们是专门为那些用例量身定制的，以使它们尽可能高效。因此，不只限于Supersonic，Bulletproofs或STARKS等通用证明系统，我们开发了优于最先进的通用系统的工具，但它具有更加特定的使用范围。”

Findora的亮点和近期发展

最后， Ben被问到关于Findora的里程碑和即将发布的版本。Ben回答：

“过去一年的几个主要里程碑是我们的Supersonic系统的发布，该系统不久将开源。我们于2019年12月结束了由Polychain Capital牵头的第一轮融资。在2020年6月，我们宣布与腾讯云建立合作伙伴关系，以提供一种云产品，该云产品将使服务能够运行而无需直接访问客户数据。

8月即将面世的是我们的第一个测试网FORGE。这将在Tendermint共识算法上运行，并支持机密资产发行和转让所需的许多基本功能。我们很高兴能让我们的合作伙伴和开发人员认真研究并实践。我们也确实在增加招聘。任何有兴趣的人都可以在https://jobs.lever.co/findora查看我们的公开职位。

Findora CTO Ben Fisch and Head of Research Benedikt Bünz recently returned to the Zero Knowledge Podcast, hosted by Anna Rose and Fredrik Harrysson, to talk about Findora and the underlying technology empowering the system. To start off the podcast, Ben and Benedikt spoke about some of their recent focus in research and at Findora.

Introductions

Ben and Benedikt are both a part of Dan Boneh’s Ph.D. research group at Stanford. They mention that it’s a great environment for researching many areas of cryptography. Many interesting topics are being worked on within the group, ranging from zero-knowledge systems and authenticated data structures to post-quantum signatures to adversarial machine learning.

Benedikt has been working on new cryptography tools. Most notably, he’s been researching two new zero-knowledge proof systems. The first one is called Supersonic. Supersonic is similar to Bulletproofs, one of Benedikt’s earlier inventions, in that it doesn’t rely on a trusted setup and has reasonably small proof sizes. However, similar to a SNARK, Supersonic is very fast to verify. The second system is called Halo, a proof system that came forth out of Zcash, which Benedikt has been working on alongside UC Berkeley Ph.D. Pratyush Mishra and Professor Alessandro Chiesa. With Halo, you can make recursive proof composition very practical. What this means is that you can efficiently prove another proof is correct, and then prove that proof is correct again, basically like a proof aggregator. For example, this allows you to prove the state of a blockchain is correct with a single proof. In other words, a user only needs to check one small proof rather than the entire blockchain to verify it’s correctness.

Benedikt added: “One of the great things about the academic community, especially in cryptography, is how we so rapidly evolve our ideas and share them with each other. Right away people will start experimenting and building with them. This allows us to isolate issues that may have seemed tiny during research, but in practice turned out to be a big deal. This then often leads to an entirely new wave of innovation to solve the issues at hand and create new implementations based on that. What you end up with is a giant positive feedback loop, and that’s a big part of what’s been driving these massive technological improvements within cryptography, and especially zero-knowledge proofs.”

As CTO at Findora, Ben has a leading role in the engineering team at Findora, which currently stands at 15 engineers and growing. Ben has also been putting a lot of effort into launching the testnet for Findora’s partners. The testnet is launching in August and provides partners with an early version of Findora to start testing some of its capabilities. Ben has also been continuing his research into zero-knowledge proofs and authenticated data structures. In the summer of 2019, Ben released a paper on Supersonic, alongside Benedikt and others, which is a major development in trustless zero-knowledge proofs. Since then, Ben has done work on improving Supersonic even further. In addition, Ben has been working on other improvements to polynomial commitment schemes, which is a major tool that underlies many of the modern ZKP and verifiable computation systems.

Ben said: “Many of the ZKP systems you might have heard of, say, Marlin, Sonic, PLONK, STARKS, etc., can be separated into two components. There’s an information-theoretic component, that forms the backbone of the system, and then a polynomial commitment scheme with which the information-theoretic component is compiled. In the DARK paper, we tried to make this modularity between those two components clear. For example, combining the information-theoretical component of PLONK with the DARK polynomial commitment scheme gives rise to Supersonic.

Findora’s beginnings

Following the introductions, the focus shifted over to Findora. Ben was asked about how Findora began. Ben explained that during the summer of 2018, he met with co-founders Lily Chao, who would turn out to be the initial seed investor, and John Powers, who was the former CEO of the Stanford endowment fund. Shortly after meeting with them, they brought on Benedikt and Charles Lu. Charles was a Ph.D. student in Dan’s group but left to take the role of CEO at Findora. Ben believes that bringing together people with diverse experience and knowledge is at the heart of successful projects.

Benedikt remarked: “The initial momentum behind founding Findora was really the decades of experience in finance between Lily and John, who knew first hand many of the current pain-points in finance. Tools like blockchain and zero-knowledge proofs had true potential to solve many of the issues they had faced during their careers. They decided to combine their knowledge of finance with our expertise in cryptography to build a platform that solves real-world problems, and that is still the driving motivation behind Findora.”

Ben went on to give some more information about the current state of Findora: “We currently have a technology development company and the Findora Foundation. The development company is building a multi-purpose transactional system that has many similarities to a blockchain, but with a focus on privacy. We can call it a blockchain-based system. Multi-purpose means that it can be used for issuing assets of any nature, including cryptocurrency. It can work with any consensus algorithm, or without any consensus.

A bank could replace its current infrastructure with Findora, thereby gaining much privacy and efficiency. Findora can also be used as the backbone for a decentralized network similar to Ethereum, but with built-in privacy guarantees at the base layer. The focus of the Findora Foundation is to provide such a public service that can run on a decentralized consensus algorithm. To summarize, Findora allows for the same properties of public accessibility and auditability of other blockchains, yet also retains privacy to the greatest extent.”

Benedikt added: “Beyond the modularity and confidentiality features of Findora, what really differentiates Findora is the ability to enforce custom rules and really combine privacy and compliance. For example, you can have a confidential asset on Findora, where the issuer attached a policy that the asset can only be transferred between EU citizens. The ledger can enforce these types of rules without having to even reveal what the rule exactly is, much less that the parties involved in the transaction are EU citizens. Users can still verify the rule is being followed correctly, even though everything about the transaction is confidential. So, in Findora, companies can easily follow regulations laid out in their jurisdiction without having to compromise on privacy.”

Using Discret, a domain-specific language developed for Findora, users can write policies and set up smart contracts that are built for predictability and static analysis. It’s not as comprehensive as Solidity, instead Discret primarily focuses on covering the functionality needed for financial applications. One of the design goals of Discret is to incorporate zero-knowledge proofs, as it is the foundation for most of the privacy and compliance guarantees in Findora. To do this policies are directly compiled to circuits, which, in combination with the zero-knowledge compilers, creates the confidential policies and smart-contracts. Simply put, you start out with the Discret language, which compiles into circuits, which compiles into the zero-knowledge proof system, which can then be verified by the public.

Comparing Findora with other projects

The question came up if Findora is similar to any existing projects. Ben explained that there are a number of projects built on top of Ethereum that utilize zero-knowledge proofs, but they are limited to the Ethereum virtual machine. Findora was built as a stand-alone system in order to have better performance than any protocol built on top of Ethereum can achieve. As mentioned earlier, another factor was the modularity necessary to support many use cases, ranging from banking services to decentralized blockchains and cryptocurrencies.

Findora can also easily be interoperable because of modularity. For instance, by plugging in a consensus protocol like Tendermint, you can create a network of blockchains similar to Cosmos. We could also create a version that is interoperable with Polkadot or Ethereum. In the end, interoperability comes from systems speaking the same language. Findora is in principle compatible with all these languages, so it just comes down to putting in the effort of hooking the systems together.

Benedikt expanded on the comparison to the Ethereum smart contracts: “Sometimes we get asked, ‘why didn’t you build Findora as an Ethereum smart contract?’. Part of it is that there’s been a lot of work into making zero-knowledge proofs more performant. But in order to handle real-world systems, we need to squeeze out all the optimizations we can. We need to handle many transactions and retain flexibility in our system. It’s a lot more feasible to do this as a base layer protocol instead of trying to work within the constraints of the EVM.”

Zero-knowledge proofs in Findora

Earlier in the podcast， Bulletproofs and Supersonic briefly came up, Benedikt took this opportunity to tell the listeners a bit more about how these types of tools are used in Findora:

“What we are aiming to achieve in Findora is a balance between privacy and transparency. Zero-knowledge proofs are one of the key tools we use for this. Systems like Bitcoin have all the inputs and outputs to transactions transparently published on-chain. Similarly, in Ethereum, all the inputs to a smart contract are in plain sight for everyone to see. In Findora, we can hide everything, the sender, receiver, transaction details, and contract data, inside zero-knowledge proofs. We use different tools for different kinds of transactions.

For simple transactions, such as basic confidential asset transfers, we use Bulletproofs. If things become more complex, then verifying a Bulletproof will be too expensive. For high complexity transactions, we need something that is like a SNARK, meaning it remains easy to verify, even with a highly complex statement. This is where Supersonic shines. It remains easy to verify, even when proving complicated statements, like specific rules added to assets through Discret. And like Bulletproofs it doesn’t need a trusted setup to function.”

Ben added: “We also use other tools that can be used for special cases, and they are specifically tailored to be as efficient as possible for those use cases. So these are not just generic proof systems like Supersonic, Bulletproofs, or STARKS, etc. Instead, we develop tools that outperform the state of the art generic systems, but have a more limited scope of applicability.”

Highlights and upcoming developments in Findora

To wrap things up, Ben was asked about some of the milestones and upcoming releases in Findora. Ben answered:

“A couple of major milestones from the past year was the release of our Supersonic system, which will soon be open-sourced. We closed our first round of funding led by Polychain Capital in December of 2019. In June 2020, we announced our partnership with Tencent Cloud to offer a cloud product that will allow services to operate without requiring direct access to customer data.

Upcoming in August is our first testnet. This will run on a Tendermint consensus algorithm and support many of the basic functionality needed for confidential asset issuance and transfers. We’re excited to have our partners and developers look at that and play around with it. We’re also really ramping up on our hiring. Anyone who is interested should take a look at our open roles athttps://jobs.lever.co/findora.

—-

编译者/作者：Findoraorg

玩币族申明：玩币族作为开放的资讯翻译/分享平台，所提供的所有资讯仅代表作者个人观点，与玩币族平台立场无关，且不构成任何投资理财建议。文章版权归原作者所有。