Short-lived zero-knowledge proofs

VDF

Pain point

A digital signature is forever, which is not safe.

Designated verifier proofs/signatures 【Small party control】

Solution

Short-lived proofs are non-interactive and publicly verifiable yet become deniable after a specified period of time without any further action by the prover.

Short-lived zero-knowledge proofs = ZK(SNARG)+VDF

(A SNARG is a weaker form of a succinctnon-interactive argument of knowledge (SNARK))

A natural idea to improve the verification time is to use verifiable computation.

The argument can be efficiently verified using resources that are independent of the size of the computation.

How

It takes at least t steps of sequential work to forge the proof. (so there is a time line)

Random beacon value to ensure it was not created before a specific time T0.

If a verifier observes the proof within ∆ units of time after T0, she will believe it is a valid proof

if ∆ < t, the results is trusted. Since it would be impossible to have forged the proof within t

Once ∆ ≥t, the proof is no longer convincing as it may have been constructed through the forgery process. So it requires specifically verifiable delay functions (VDFs)

Under the hood, the sequential computation required for forging a proof or signature in all of our schemes is equivalent to evaluating a VDF on a random input

Funcitons:

short-lived signatures provide deniability without the sender needing to interact with the recipient (or even know the receivers’ public key) makes them uniquely qualified for achieving deniability

VDFs, by contrast, may require an initial trusted setup but then must be usable on any randomly chosen input

In what follows we say that an algorithm runs in parallel time t with p processors if it can be implemented on a PRAM machine with p parallel processors running in time t.

IVC: The basic idea of IVC is that at every incremental step of the computation, a prover can produce a proof that a certain state is indeed the current state of the computation. This proof is updated after every step of the computation to produce a new proof.

Example:

SSL证书采用公钥体制，即利用一对互相匹配的密钥对进行数据加密和解密。

每个用户自己设定一把特定的、仅为本人所知的私有密钥（私钥），并用它进行解密和签名；

同时设定一把公共密钥（公钥）并由本人公开，为一组用户所共享，用于加密和验证签名。

An example is sending signed email to a large group of individuals who do not have known public keys using a single signature.

A signature might need to only provide authenticity for a few seconds to conduct an authenticated key exchange or verify the provenance of an email. 【based on time-based cryptography】

Want to print your doc?
This is not the way.

Try clicking the ⋯ next to your doc name or using a keyboard shortcut (

CtrlP

) instead.