This preview shows page 1. Sign up to view the full content.
Unformatted text preview: ven 128 iterations, to be valid. This is the whole point of using a oneway hash function: Peggy cannot predict the output of the hash function because she cannot predict its input. The commitments which are used as the input are only known after she solves the new problems. Generalities
Blum proved that any mathematical theorem can be converted into a graph such that the proof of that theorem is equivalent to proving a Hamiltonian cycle in the graph. The general case that any NP statement has a zeroknowledge proof, assuming oneway functions and therefore good encryption algorithms, was proved in [620]. Any mathematical proof can be converted into a zeroknowledge proof. Using this technique, a researcher can prove to the world that he knows the proof of a particular theorem without revealing what that solution is. Blum could have published these results without revealing them. There are also minimumdisclosure proofs [590]. In a minimumdisclosure proof, the following properties hold: 1. Peggy cannot cheat Victor. If Peggy does not know the proof, her chances of convincing Victor that she knows the proof are negligible. 2. Victor cannot cheat Peggy. He doesn’t get the slightest hint of the proof, apart from the fact that Peggy knows the proof. In particular, Victor cannot demonstrate the proof to anyone else without proving it himself from scratch. Zeroknowledge proofs have an additional condition: 3. Victor learns nothing from Peggy that he could not learn by himself without Peggy, apart from the fact that Peggy knows the proof. There is considerable mathematical difference between proofs that are only minimumdisclosure and those that are zeroknowledge. That distinction is beyond the scope of this book, but more sophisticated readers are welcome to peruse the references. The concepts were introduced in [626,619,622]. Further elaboration on their ideas, based on different mathematical assumptions, were developed in [240,319,239]. There are also different kinds of zeroknowledge proofs: — P...
View Full
Document
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details