zkpstandard / zkreference

The official repository hosting the ZKProof Community Reference & Proposals documents.
https://community.zkproof.org/c/zkproof-2019
103 stars 11 forks source link

Discuss transferability and deniability #6

Closed luisbran closed 4 years ago

luisbran commented 5 years ago

Proposed contribution: Elaborate more on the concept of transferability. For example, in an interactive protocol over the Internet, how do regular authenticated channels vs. “ideally” authenticated channels affect transferability? Would a non-transferable protocol become transferable when the prover signs all sent messages and the verifier uses the output of a cryptographic hash function to select random challenges?

Also, in Section 3.2, revise the incorrect assertion in item 1: “Only non-interactive ZK (NIZK) can actually hold this property” [being publicly verifiable / transferable?]. For example, if transferability is a design goal then there are settings where it is possible to design interactive protocols for which the view (transcript) of the original verifier (interacting with the original prover) can later serve as a transferable proof for other verifiers.

Related locations: Chapter 1 ("Security/Theory"); and Section 3.2.

Proposed contributors: Luís B

Contribution context: Proposed in the "NIST comments on the initial ZKProof documentation" (April 06, 2019) --- items C9 and C14. This is also related to the "deniability" item identified in the breakout session on "Interactive Zero Knowledge".

luisbran commented 5 years ago

Our initial contribution is detailed in section 7 ("Proposal about transferability and deniability") of the "NIST-PEC contributions to advance the draft ZKProof Community Reference from version 0.1 to 0.2"

luisbran commented 5 years ago

We updated the text of our contributions on Oct 10, 2019