[cryptography] Proving knowledge of a message with a given SHA-1 without disclosing it?

Francois Grieu fgrieu at gmail.com
Wed Feb 1 15:01:32 EST 2012

On 01/02/2012 18:50, Nico Williams wrote:
> On Wed, Feb 1, 2012 at 3:49 AM, Francois Grieu<fgrieu at gmail.com>  wrote:
>> The talk does not give much details, and I failed to locate any article
>> with a similar claim.
>> I would find that result truly remarkable, and it is against my intuition.
> The video you posted does help me with the intuition problem.  The
> idea seems to be to replace the normal arithmetic in SHA-1 with
> operations from a zero-knowledge scheme such that in the end you get a
> zero-knowledge proof of the operations that were applied to the input.
>   That makes complete sense to me, even without seeing the details.
> But maybe I'm just gullible :^)

Issues seem to be: can we chain commitments of commitments,
to so many levels (hundreds, I guess), and still get something manageable?
Did some detail slept in the talk's method? In particular, the XOR and
ADD that make the bulk of SHA-1 are not field operations. A detailed
analysis could tell, but we do not have enough detail on the talk's method,
or on a similar claim.

   Francois Grieu

More information about the cryptography mailing list