[cryptography] Proving knowledge of a message with a given SHA-1 without disclosing it?

Natanael natanael.l at gmail.com
Wed Feb 1 12:38:42 EST 2012


We do have zero-knowledge proofs, but AFAIK they do not use SHA1.

http://en.wikipedia.org/wiki/Zero-knowledge_password_proof
http://en.wikipedia.org/wiki/Zero-knowledge_proof
http://en.wikipedia.org/wiki/Non-interactive_zero-knowledge_proof <--
Most likely what you want

--- If everybody is thinking alike, then somebody isn't thinking //
Stupidity is a renewable resource

On Wed, Feb 1, 2012 at 13:55, Harald Hanche-Olsen <hanche at math.ntnu.no> wrote:
> [William Whyte <wwhyte at securityinnovation.com> (2012-02-01 12:32:05 UTC)]
>
>> > Alice discloses a 160-bit value h and claims that she (or
>> parties/devices she
>> > has access to) knows a message m with h=SHA-1(m).
>> >
>> > Can she convince Bob of her claim using some protocol, without letting
>> Bob
>> > find m, and without a third party or device that Bob trusts?
> [...]
>
>> You can obviously prove it in the case where Alice claims she knows
>> SHA-1(SHA-1(m)), which seems to be the same claim.
>
> I feel an anti-top-posting rant coming on, but I'll endeavour to clamp
> down on it. Instead, let me ask if you have a different definition of
> «obvious» than I do? Or if not, a sentence or two of explanation
> should clear it up real quick.
>
> - Harald
>
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography



More information about the cryptography mailing list