Witness-indistinguishable proof
A witness-indistinguishable proof (WIP) is a variant of a zero-knowledge proof for languages in NP. In a typical zero-knowledge proof of a statement, the prover will use a witness for the statement as input to the protocol, and the verifier will learn nothing other than the truth of the statement. In a WIP, this zero-knowledge condition is weakened, and the only guarantee is that the verifier will not be able to distinguish between provers that use different witnesses. In particular, the protocol may leak information about the set of all witnesses, or even leak the witness that was used when there is only one possible witness.
Witness-indistinguishable proof systems were first introduced by Feige and Shamir.[1] Unlike zero-knowledge proofs, they remain secure when multiple proofs are being performed in parallel.
See also
[edit]References
[edit]- ^ Feige, U.; Shamir, A. (1990). "Witness indistinguishable and witness hiding protocols". Proceedings of the twenty-second annual ACM symposium on Theory of computing - STOC '90. pp. 416–426. doi:10.1145/100216.100272. ISBN 0897913612. S2CID 11146395.