whaatt
commented
5 years ago Normally PoE is an interactive protocol, and making it non-interactive applies the Fiat-Shamir heuristic (hashing the transcript of the interaction thus far) to generate the challenge prime.
(Ctrl+F "Fiat-Shamir" in the accumulators paper for a better explanation)
If the challenge prime were a constant, I believe the prover can construct an attack, although I haven't worked out the details
hash_to_prime is slow, and (unless I'm mistaken) the only property of it that we use is that it's a 256-bit number. Can this be replaced with a constant?