Closed bichselb closed 5 years ago
Schaeff
commented
5 years ago Thanks for reporting this! Actually the dead link was fixed in #328 so this should not happen on 0.4.5. Can you make sure you're running the latest version and reopen if you still experience issues?
bichselb
commented
5 years ago Thanks for pointing me to the right resource (https://zokrates.github.io/reference/proving_schemes.html#g16-malleability). I had already found this independently, but it does not really answer my question above.
Does malleability imply violation of any of the 3 properties (completeness, soundness, zero-knowledge)?
It would also be helpful if you could provide a definition of (non-)malleability, ideally on https://zokrates.github.io/reference/proving_schemes.html#g16-malleability
Mahsa-Bastankhah
commented
5 years ago Hi. how does usage of an ethereum address as a public input to the program can help to the malleability problem? if any prover has to provide a unique number as public number does this solve the problem too?
daira
commented
4 years ago A definition of nonmalleability for zk-SNARKs is given in Definition 5 of
Alfredo De Santis, Giovanni Di Crescenzo, Rafail Ostrovsky, Guiseppe Persiano, and Amit Sa- hai. “Robust Non-Interactive Zero Knowledge”. In: Advances in Cryptology - CRYPTO 2001. DOI: 10.1007/3-540-44647-8_33. URL: https://www.iacr.org/archive/crypto2001/21390566.pdf
Nonmalleability is independent of completeness, soundness, or zero-knowledge.
I received this warning:
However, the link is down, so I cannot follow up on this.
In particular, the precise definition of malleability is unclear to me, what is it? I assume Groth16 still provides the usual notions of
So how does malleability fit into this picture?