Cmsc 858k — Advanced Topics in Cryptography Lecture 24
نویسندگان
چکیده
ZK proofs. Zero-knowledge proofs involve a prover P trying to prove a statement to a verifier V without revealing any knowledge beyond the fact that the statement is true. For example, consider the problem of proving membership in an NP language L, (e.g., graph Hamiltonicity, 3-coloring, etc.). A ZK proof protects against a cheating prover, in the sense that if a prover tries to give a proof for an x 6∈ L the verifier will reject the proof with all but negligible probability. Further, a ZK proof protects against a cheating verifier, in the sense that it ensures that the verifier (informally) does not learn anything from a proof that x ∈ L other than the fact that x ∈ L. A ZK proof system requires the existence of a simulator who can simulate a transcript of the protocol execution without knowing the witness to the statement. As we have seen, a simulator typically does this by rewinding the verifier to a prior state and then trying to continue the simulation until it comes up with a valid transcript.
منابع مشابه
Cmsc 858k — Advanced Topics in Cryptography
In a previous class (Lecture 25), we showed how to construct an identification scheme which is secure against a passive adversary using an Honest-Verifier Zero-Knowledge Proof of Knowledge (HVZK-PoK). We also showed that it is possible to construct an Identification Scheme secure against an active adversary using a Witness Indistinguishable Proof of Knowledge (WI-PoK). In this lecture, we will ...
متن کاملCmsc 858k — Advanced Topics in Cryptography
In a previous lecture, we saw how to construct a three-round zero-knowledge (ZK) proof system for graph 3-colorability with soundness error 1 − 1/ |E| on a common input G = (V,E). The soundness error can be made negligible, while maintaining zero knowledge, by repeating the protocol |E| · ω(log k) times sequentially (where k is the security parameter); unfortunately, this increases the round co...
متن کاملCmsc 858k — Advanced Topics in Cryptography
In this lecture, we study the Byzantine Agreement problem, defined as follows: consider a network of n processors, where each pair of processors can communicate (this is the so-called “point-to-point” model). Furthermore, at most t processors within this network may be faulty; a faulty processor may exhibit arbitrary behavior. (We also assume that the behavior of these faulty processors may be ...
متن کامل