Welcome to the resource topic for 2023/1961
Title:
On The Practical Advantage of Committing Challenges in Zero-Knowledge Protocols
Authors: David Naccache, Ofer Yifrach-Stav
Abstract:The Fiat-Shamir transform is a classical technique for turning any zero-knowledge \Sigma-protocol into a signature scheme.
In essence, the idea underlying this transform is that deriving the challenge from the digest of the commitment suppresses simulatability and hence provides non-interactive proofs of interaction.
It follows from that observation that if one wishes to preserve deniability the challenge size (per round) must be kept low. For instance in the original Fiat-Shamir protocol the authors recommend 18 bits but suggest that the challenge size can be made larger to reduce communication overhead, e.g. the value of 20 is proposed in \cite{micali}.
We show that even with relatively small challenge sizes \textsl{practical} deniability can be destroyed by having the verifier artificially impose upon himself the use of slowed-down hash function or by resorting to a trusted agency proposing an on-line deniability enforcement service against the provers community’s will.
ePrint: https://eprint.iacr.org/2023/1961
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .