[cryptography] Proving knowledge of a message with a given SHA-1 without disclosing it?

Harald Hanche-Olsen hanche at math.ntnu.no
Wed Feb 1 07:55:27 EST 2012


[William Whyte <wwhyte at securityinnovation.com> (2012-02-01 12:32:05 UTC)]

> > Alice discloses a 160-bit value h and claims that she (or
> parties/devices she
> > has access to) knows a message m with h=SHA-1(m).
> >
> > Can she convince Bob of her claim using some protocol, without letting
> Bob
> > find m, and without a third party or device that Bob trusts?
[...]

> You can obviously prove it in the case where Alice claims she knows
> SHA-1(SHA-1(m)), which seems to be the same claim.

I feel an anti-top-posting rant coming on, but I'll endeavour to clamp
down on it. Instead, let me ask if you have a different definition of
«obvious» than I do? Or if not, a sentence or two of explanation
should clear it up real quick.

- Harald




More information about the cryptography mailing list