Re: Proving knowledge of a message with a given SHA-1 without disclosing it?
- From: Francois Grieu <fgrieu@xxxxxxxxx>
- Date: Thu, 02 Feb 2012 08:50:12 +0100
On 01/02/2012 22:40, Paul Rubin wrote:
Francois Grieu<fgrieu@xxxxxxxxx> writes:Can she convince Bob of her claim using some protocol, without letting
Bob find m, and without a third party or device that Bob trusts?
I don't know about zero-knowledge, but I'd expect from the PCP theorem
that there is a protocol that might leak some info about m. The amount
of leak would be bounded by k bits where Bob is supposed to be convinced
with confidence 1-2**O(k) that Alice has a preimage. Maybe the format
of m can be designed so that this bounded amount of leakage doesn't matter.
Or maybe a leak is not exploitable by Bob, because he is computationally
bounded.
For example, if Alice discloses SHA-1(~m), she discloses 160 bits
about m, mostly additional to SHA-1(m). Yet it does not help a computationally
bounded Bob, to the best of the known techniques.
Francois Grieu
.
- References:
- Proving knowledge of a message with a given SHA-1 without disclosing it?
- From: Francois Grieu
- Re: Proving knowledge of a message with a given SHA-1 without disclosing it?
- From: Paul Rubin
- Proving knowledge of a message with a given SHA-1 without disclosing it?
- Prev by Date: Re: Not looking like a fool
- Next by Date: Re: Not looking like a fool
- Previous by thread: Re: Proving knowledge of a message with a given SHA-1 without disclosing it?
- Next by thread: Re: Not looking like a fool
- Index(es):
Relevant Pages
|
