By Rafael Pass

Show description

Read Online or Download Alternative Variants of Zero-Knowledge Proofs PDF

Similar nonfiction_5 books

Current Psychotherapies, 9e

Utilized in most sensible counseling, psychology, and social paintings courses, present PSYCHOTHERAPIES won't basically assist you excel within the path, but in addition to benefit, examine, and practice the key platforms of psychotherapy in a manner that would be significant on your personal perform. each one contributor is both an originator or a number one proponent of 1 of the platforms, and every offers the elemental rules of the approach in a transparent and simple demeanour, discussing it within the context of the opposite platforms.

Adaptive and Multilevel Metaheuristics

One of many keystones in functional metaheuristic problem-solving is the truth that tuning the optimization strategy to the matter into account is essential for attaining best functionality. This tuning/customization is generally within the fingers of the set of rules fashion designer, and regardless of a few methodological makes an attempt, it principally continues to be a systematic paintings.

Additional resources for Alternative Variants of Zero-Knowledge Proofs

Example text

Let us therefore turn to the T (n)-simulatability property. On a high level the proof follows the structure of the sequential composition lemma for ZK proofs of Goldreich and Oren [37]. We start by “partitioning” the malicious verifier VQ∗ into Q(n) phases, each of which is the execution of a verifier for a “stand-alone” interactive proof (P, V ), called V ∗ . The new stand-alone verifier V ∗ will communicate Q(n) times with a real prover P , and we wish to show that V ∗ does not “learn” anything from these Q(n) interactions.

We note that the proof of the fact that ZK implies WH in models with shared object is a straight-forward adaptation of the proof of this fact for the plain model [29]. Interestingly, concerning WI, on the other hand, such a simple adaptation can no longer be done. This was shown in [28] already for the case of non-interactive ZK in the CRS model. We mention that reason for this problem stems from the fact that the definition of ZK in models with shared object allows the simulator to “choose” the shared object, when performing the simulation.

It remains to show that the output of the simulator MQ is indistinguishable from the output of the verifier VQ in a real interaction with a prover. , HQ(n) . , for i = 1 to j let zi = M (x, zi−1 ). , for i = j to Q(n) let zi = P, V ∗ (zi−1 ) (x). • Output zQ(n) . The claim consists of proving that hybrids H0 and HQ(n) are computationally indistinguishable. Assume for contradiction that this is not the case. By a standard argument this implies that there are two consecutive hybrids distributions Hk , Hk+1 that are distinguishable.

Download PDF sample

Rated 4.58 of 5 – based on 15 votes