Lecture 16: Defining ZK Proofs of Knowledge
ثبت نشده
چکیده
منابع مشابه
2 . 2 Proofs of Knowledge Under Parallel Repetition
See [Gol01, §4.3.4] for the detailed proof. Note that the above only holds for sequential repetition. It is unknown whether parallel repetition holds for the graph Hamiltonicity protocol described in Lecture 16. Thus, using sequential repetition we have a ZK proof for all ofNP with negligible soundness error. However, this protocol is not constant-round. There do exist constant-round ZK proofs,...
متن کاملCmsc 858k — Advanced Topics in Cryptography Lecture 24
ZK proofs. Zero-knowledge proofs involve a prover P trying to prove a statement to a verifier V without revealing any knowledge beyond the fact that the statement is true. For example, consider the problem of proving membership in an NP language L, (e.g., graph Hamiltonicity, 3-coloring, etc.). A ZK proof protects against a cheating prover, in the sense that if a prover tries to give a proof fo...
متن کاملA Computationally Sound, Symbolic Abstraction for Malleable Zero-knowledge Proofs
Zero-knowledge (ZK) proofs have become a central building block for a variety of modern security protocols. Modern ZK constructions, such as the Groth-Sahai proof system, offer novel types of cryptographic flexibility: a participant is able to re-randomize existing ZK proofs, e.g., to achieve unlinkability in anonymity protocols; she can hide public parts of a ZK proof statement to meet her pri...
متن کاملSymbolic Malleable Zero-knowledge Proofs
Zero-knowledge (ZK) proofs have become a central building block for a variety of modern security protocols, e.g., as ZK-SNARKs in Pinocchio (IEEE S&P 2013) and ADSNARK (IEEE S&P 2015). One of the reasons is that modern ZK constructions, such as the Groth-Sahai proof system, offer novel types of cryptographic flexibility: a participant is able to re-randomize existing ZK proofs to achieve, for i...
متن کاملComputational Soundness of Symbolic Zero-Knowledge Proofs: Weaker Assumptions and Mechanized Verification
Proofs of security protocols are known to be error-prone and, owing to the distributed-system aspects of multiple interleaved protocol runs, awkward for humans to make. Hence work towards the automation of such proofs started soon after the first protocols were developed. The actual cryptographic operations in such proofs were idealized into so-called symbolic models. While symbolic models trad...
متن کامل