Coder Social home page Coder Social logo

Comments (3)

uvdsl avatar uvdsl commented on July 20, 2024 1

Hi, thank you for the explanation!
The terminology is much clearer to me now and the code (abstraction) also makes more sense.
Thanks again!

from crypto.

lovesh avatar lovesh commented on July 20, 2024

Hi.

I am wondering about the terminology of the witness and its "implementation".

The term "witness" is found in zero-knowledge proof literature to refer to the data known to prover (and not the verifier) and whose knowledge is being proven in the proof, see definition 19.2 and 19.3 here.

Is the witness the actual secret value, or is it some wrapper around it, e.g., a commitment (or rather, the value commited to and opening of said commitment)?

Its the actual secret value, the wrapper is just an abstraction. Regarding commitments, they are usually not the witness (unless the proof is about proving knowledge of a commitment and not just its opening), the opening (committed value and any randomness used) is the witness when the proof is for the knowledge of the opening.

This equality proof is done via Schnorr, as far as I understand, where we prove knowledge of the commited value (the witness?) and the opening for the commitment (also part of the witness then?) that is used in the particular other proofs (POKS, set membership, etc). What is part of the witness here?

The opening of the commitment is/includes the committed value and will be the witness. Eg. in a Pedersen commitment C = g * m + h * r, g and h are public but m and r are the opening (m and r being the committed value and randomness respectively) and known only to the committer. When the committer proves knowledge of opening of C, it proves that given public C, g, and h, it knows m and r that satisfy C = g * m + h * r.
In the case of POKS, the messages not being revealed and the signature are the "witness"

I feel that the term witness is used quite heterogeneously on the Web - and, FWIW, Rannenberg, Camenisch and Sabouri don't even mention that term in their work on Attribute-based Credentials for Trust.

Probably to avoid jargon :), and the book is about the application of ZKP. Have only read small part of it though.

Hope that helps.

from crypto.

lovesh avatar lovesh commented on July 20, 2024

You're welcome.

from crypto.

Related Issues (11)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.