Re: Proving knowledge of a message with a given SHA1 without disclosing it?
 From: Francois Grieu <fgrieu@xxxxxxxxx>
 Date: Thu, 02 Feb 2012 08:50:12 +0100
On 01/02/2012 22:40, Paul Rubin wrote:
Francois Grieu<fgrieu@xxxxxxxxx> writes:Can she convince Bob of her claim using some protocol, without letting
Bob find m, and without a third party or device that Bob trusts?
I don't know about zeroknowledge, but I'd expect from the PCP theorem
that there is a protocol that might leak some info about m. The amount
of leak would be bounded by k bits where Bob is supposed to be convinced
with confidence 12**O(k) that Alice has a preimage. Maybe the format
of m can be designed so that this bounded amount of leakage doesn't matter.
Or maybe a leak is not exploitable by Bob, because he is computationally
bounded.
For example, if Alice discloses SHA1(~m), she discloses 160 bits
about m, mostly additional to SHA1(m). Yet it does not help a computationally
bounded Bob, to the best of the known techniques.
Francois Grieu
.
 References:
 Proving knowledge of a message with a given SHA1 without disclosing it?
 From: Francois Grieu
 Re: Proving knowledge of a message with a given SHA1 without disclosing it?
 From: Paul Rubin
 Proving knowledge of a message with a given SHA1 without disclosing it?
 Prev by Date: Re: Not looking like a fool
 Next by Date: Re: Not looking like a fool
 Previous by thread: Re: Proving knowledge of a message with a given SHA1 without disclosing it?
 Next by thread: Re: Not looking like a fool
 Index(es):
Relevant Pages
