Typos
This commit is contained in:
parent
fda27d8a06
commit
f79065eb70
@ -267,7 +267,7 @@ Quasi-adaptive \NIZK (\QANIZK)~\cite{JR13} are \NIZK where the common reference
|
||||
\end{figure}
|
||||
\index{Zero Knowledge!Schnorr's protocol}
|
||||
|
||||
Schnorr's methodology to construct proofs is based on the $\Sigma$-protocol technique to design zero-knowledge proofs.
|
||||
Schnorr's methodology~\cite{Sch96} to construct proofs is based on the $\Sigma$-protocol technique to design zero-knowledge proofs.
|
||||
It has been introduced in order to prove the knowledge of a discrete logarithm (which can bee seen at the relation $R_{\mathsf{dlog}} = \{ (h, a) \in \GG \times \ZZ_p \mid h = g^a \}$ with $\GG = \langle g \rangle$ be a cyclic group of prime order $p > 2$) and is described in Figure~\ref{fig:schnorr-dlog}.
|
||||
|
||||
An interpretation of this methodology is the following: given a commitment scheme $(\Setup, \Commit, \Verify)$, where the randomness $r$ used in $\Commit$ is made explicit, the first move of the prover $P$ consists in binding the randomness used in the commitment scheme $r$ using the transmitted value $\rho = g^r$, then the verifier asks the prover to commit to a challenge message $c$ using the randomness carried by $\rho$, and the prover sends the opening for this commitment $\open$.
|
||||
|
@ -2,9 +2,8 @@
|
||||
% \addcontentsline{tof}{chapter}{\protect\numberline{\thechapter} Signatures de groupe dynamique à base de couplages}
|
||||
% \label{ch:sigmasig}
|
||||
%-------------------------------------------------
|
||||
|
||||
In this chapter, we aim at lifting the \textit{signature with efficient protocols} from~\cite{LPY15} into the random oracle model in order to get an efficient construction~\cite{BR93}.
|
||||
Signatures with efficient protocols in the Camenish and Lysyanskaya fashion~\cite{CL04a} are digital signatures which come with companion zero-knowledge proofs that allow a signature holder to prove knowledge of the signature of a commited message as well as proving possession of a hidden message-signature pair in a zero-knowledge manner.
|
||||
Signatures with efficient protocols in the Camenish and Lysyanskaya fashion~\cite{CL04a} are digital signatures which come with two companion protocols: a protocol whereby a signer can obliviously sign a committed message known only to the user and a zero-knowledge proof to efficiently attest possession of a hidden message-signature pair.
|
||||
|
||||
This building block proved useful in the design of many efficient anonymity-related protocols such as anonymous credentials~\cite{Cha85,CL01}, which are similar to group signatures except that anonymity is irrevocable (meaning that there is no opening authority).
|
||||
In other words, an anonymous credential scheme involves one (or more) credential issuer(s) and a set of users who have a long term secret key which can be seen as their digital identity, and pseudonyms that can be seen as commitments to their secret key.
|
||||
|
Loading…
Reference in New Issue
Block a user