Jump to content

Witness-indistinguishable proof

Add links
From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Fizz fam (talk | contribs) at 05:55, 30 June 2020 (Adding short description: "Variant of a zero-knowledge proof for languages in NP" (Shortdesc helper)). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

A witness-indistinguishable proof (WIP) is a variant of a zero-knowledge proof for languages in NP. In a typical zero-knowledge proof of a statement, the prover will use a witness for the statement as input to the protocol, and the verifier will learn nothing other than the truth of the statement. In a WIP, this zero-knowledge condition is weakened, and the only guarantee is that the verifier will not be able to distinguish between provers that use different witnesses. In particular, the protocol may leak information about the set of all witnesses, or even leak the witness that was used when there is only one possible witness.

Witness-indistinguishable proof systems were first introduced by Feige and Shamir.[1] Unlike zero-knowledge proofs, they remain secure when multiple proofs are being performed concurrently.

References

  1. ^ Feige, U.; Shamir, A. (1990). "Witness indistinguishable and witness hiding protocols". Proceedings of the twenty-second annual ACM symposium on Theory of computing - STOC '90. pp. 416–426. doi:10.1145/100216.100272. ISBN 0897913612.


Stub icon

This cryptography-related article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Witness-indistinguishable_proof&oldid=965238442"