Closed bichselb closed 5 years ago
Thanks for reporting this! Actually the dead link was fixed in #328 so this should not happen on 0.4.5. Can you make sure you're running the latest version and reopen if you still experience issues?
Thanks for pointing me to the right resource (https://zokrates.github.io/reference/proving_schemes.html#g16-malleability). I had already found this independently, but it does not really answer my question above.
Does malleability imply violation of any of the 3 properties (completeness, soundness, zero-knowledge)?
It would also be helpful if you could provide a definition of (non-)malleability, ideally on https://zokrates.github.io/reference/proving_schemes.html#g16-malleability
Hi. how does usage of an ethereum address as a public input to the program can help to the malleability problem? if any prover has to provide a unique number as public number does this solve the problem too?
A definition of nonmalleability for zk-SNARKs is given in Definition 5 of
Alfredo De Santis, Giovanni Di Crescenzo, Rafail Ostrovsky, Guiseppe Persiano, and Amit Sa- hai. “Robust Non-Interactive Zero Knowledge”. In: Advances in Cryptology - CRYPTO 2001. DOI: 10.1007/3-540-44647-8_33. URL: https://www.iacr.org/archive/crypto2001/21390566.pdf
Nonmalleability is independent of completeness, soundness, or zero-knowledge.
I received this warning:
However, the link is down, so I cannot follow up on this.
In particular, the precise definition of malleability is unclear to me, what is it? I assume Groth16 still provides the usual notions of
So how does malleability fit into this picture?