A framework to build Zero-knowledge non-interactive proofs, based on the Fiat-Shamir heuristic, a proof-of-work, and a constant-size commitment scheme.
How can we attack a system which follows fiat-schamir heuristic given that the hash computed in by the prover in the second step only includes the provers public key and not the random challenge in step 1 as in the general protocol.
Why do we hash the random challenge along with the public key. Public key should be enough for the verifier to prove non-repudiation?
just had a small question:
How can we attack a system which follows fiat-schamir heuristic given that the hash computed in by the prover in the second step only includes the provers public key and not the random challenge in step 1 as in the general protocol.
Why do we hash the random challenge along with the public key. Public key should be enough for the verifier to prove non-repudiation?
Thanking you