luisbran
commented
5 years ago Our initial contribution is detailed in section 7 ("Proposal about transferability and deniability") of the "NIST-PEC contributions to advance the draft ZKProof Community Reference from version 0.1 to 0.2"
Proposed contribution: Elaborate more on the concept of transferability. For example, in an interactive protocol over the Internet, how do regular authenticated channels vs. “ideally” authenticated channels affect transferability? Would a non-transferable protocol become transferable when the prover signs all sent messages and the verifier uses the output of a cryptographic hash function to select random challenges?
Also, in Section 3.2, revise the incorrect assertion in item 1: “Only non-interactive ZK (NIZK) can actually hold this property” [being publicly verifiable / transferable?]. For example, if transferability is a design goal then there are settings where it is possible to design interactive protocols for which the view (transcript) of the original verifier (interacting with the original prover) can later serve as a transferable proof for other verifiers.
Related locations: Chapter 1 ("Security/Theory"); and Section 3.2.
Proposed contributors: Luís B
Contribution context: Proposed in the "NIST comments on the initial ZKProof documentation" (April 06, 2019) --- items C9 and C14. This is also related to the "deniability" item identified in the breakout session on "Interactive Zero Knowledge".