Comments (3)
Hi, thank you for the explanation!
The terminology is much clearer to me now and the code (abstraction) also makes more sense.
Thanks again!
from crypto.
Hi.
I am wondering about the terminology of the witness and its "implementation".
The term "witness" is found in zero-knowledge proof literature to refer to the data known to prover (and not the verifier) and whose knowledge is being proven in the proof, see definition 19.2 and 19.3 here.
Is the witness the actual secret value, or is it some wrapper around it, e.g., a commitment (or rather, the value commited to and opening of said commitment)?
Its the actual secret value, the wrapper is just an abstraction. Regarding commitments, they are usually not the witness (unless the proof is about proving knowledge of a commitment and not just its opening), the opening (committed value and any randomness used) is the witness when the proof is for the knowledge of the opening.
This equality proof is done via Schnorr, as far as I understand, where we prove knowledge of the commited value (the witness?) and the opening for the commitment (also part of the witness then?) that is used in the particular other proofs (POKS, set membership, etc). What is part of the witness here?
The opening of the commitment is/includes the committed value and will be the witness. Eg. in a Pedersen commitment C = g * m + h * r
, g
and h
are public but m
and r
are the opening (m
and r
being the committed value and randomness respectively) and known only to the committer. When the committer proves knowledge of opening of C
, it proves that given public C
, g
, and h
, it knows m
and r
that satisfy C = g * m + h * r
.
In the case of POKS, the messages not being revealed and the signature are the "witness"
I feel that the term witness is used quite heterogeneously on the Web - and, FWIW, Rannenberg, Camenisch and Sabouri don't even mention that term in their work on Attribute-based Credentials for Trust.
Probably to avoid jargon :), and the book is about the application of ZKP. Have only read small part of it though.
Hope that helps.
from crypto.
You're welcome.
from crypto.
Related Issues (11)
- Can BBS+ signature be a delegatable credentials HOT 1
- `disjoint_witness_equalities` does not ensure disjoint lists HOT 3
- First part of if condition redundant HOT 1
- ps_proof benchmark fails HOT 5
- Benchmarks for BBS+/PS HOT 3
- Fixes to shamir HOT 4
- Consider replacing KOS with Softspoken HOT 5
- C interface to "crypto" HOT 3
- Question: Composite Proofs HOT 4
- some crates use path to reference other creates, others do not: leading to "two version" problem HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from crypto.