HackerTrans
TopNewTrendsCommentsPastAskShowJobs

somezero

140 karmajoined 9 ปีที่แล้ว
my username at protonmail.com

Submissions

Bron-Crypto: A Go cryptography library focusing on MPC

github.com
1 points·by somezero·4 เดือนที่ผ่านมา·0 comments

comments

somezero
·8 วันที่ผ่านมา·discuss
The entire argument is based on the definition of an “Incoherent cryptosystem”, which is too restrictive to be useful for cases that you want eg. Tor is also developed and distributed by Tor people and it is supposed to protect you against everyone, including the Tor people.
somezero
·9 เดือนที่ผ่านมา·discuss
https://en.wikipedia.org/wiki/Prime_omega_function

https://en.wikipedia.org/wiki/Liouville_function
somezero
·10 เดือนที่ผ่านมา·discuss
This is not just a funny joke, but also timely given the recent sanctions.

https://en.wikipedia.org/wiki/International_sanctions_agains...
somezero
·2 ปีที่แล้ว·discuss
It’s all just bytes and hashes and alike at the bottom. Absolutely nothing magical. It is the abstractions over them that makes them esoteric, not the fundamental building blocks.

As to why your example isn’t zero-knowledge proof of knowledge of a password, it’s because hash of the same password is always the same thing. So what if someone copies the hashed password and passes it as their own? You say, sign something? But I can reuse the signature. You say, sign a random challenge? Okay, but what if, on the other side, the verifier (ie. the app) adaptively picks a challenge instead of randomly sampling it? … Continue this line of thought, and once you have the correct solution, simplify it and remove the unnecessary parts (eg. Signing something is too strong of a requirement) and you get something called Zero-Knowledge proof of knowledge out of an honest-verifier sigma protocol.

As for ZK proofs that are not proofs of knowledge, then the easiest way to think of it is an encrypted data structure like a database. Imagine the client wants to check whether an element is in some set on a server, where the server has an “encrypted” form of a set and can’t see what’s in it. How can the server check membership of an element and convince the client? That’s done with a ZK proof. You say what about Fully Homomorphic encryption? That’s also technically ZK… what’s not a ZK? For anything that you can’t write a simulator. What’s a simulator? Pick a cryptography textbook.
somezero
·2 ปีที่แล้ว·discuss
> zk signature schemes exist and are implied by the existence of one way functions and publicly verifiable nizk.

Almost. The result is from CRYPTO89 paper of Bellare and Goldwasser. They derive a signature scheme from a nizk. It is not known whether you can get a nizk from a signature scheme. Moreover, no signature scheme can be a ZK: https://crypto.stackexchange.com/questions/35177/is-using-di...
somezero
·2 ปีที่แล้ว·discuss
A signature is a PoK, but not ZK.