-
**Proposed contribution:** Provide more rationale for the choice on NIZK and R1CS. Section 3.2 could benefit from a comparative overview of the various low-level backend options for representing relat…
-
Just to add, there is a quick way to prove the PLUME security, in case anyone asks.
This is the GDH undeniable signature with the confirmation protocol replaced with NIZK, and here the NIZK is a cl…
-
This makes Helios provably secure and defends against some particularly advanced attacks.
-
[Signatures of Correct Computation](https://eprint.iacr.org/2011/587.pdf)
In PVC, a “proof of correct computation” is tied to a specific challenge, and can only be verified by the client who has ge…
-
I do not understand `num_non_zero_entries`.
For a R1CS instance defined via matrices A,B,C, `num_non_zero_entries` refers to which matrix?
It appears to be essential for the runtime of SNARK proof.…
-
The current implementation is not in line with https://datatracker.ietf.org/doc/rfc8235/. This specification standardizes Schnorr NIZKs.
In particular, we are not following the recommended practice d…
-
From #57 .
Analyse whether a social graph can be constructed from either communication or proof shares. Proof shares should be fine, since they are unlinkable.
The communication might actually r…
dbosk updated
5 years ago
-
We might have use of the [code from Anon-Pass](https://github.com/ut-osa/anon-pass) and adapt it to handle NIZK proofs. This relates to #27 . The paper [P-signatures and Noninteractive Anonymous Crede…
dbosk updated
6 years ago
-
We want to measure how much computations and storage the protocol requires in different stages. We are mostly interested in efficiency (or lack thereof) during the protest, when all parts rely on batt…
dbosk updated
5 years ago
-
How can zero proof knowledge protocols help building metadata resistant and decentralised communication protocols?