Fiat Shamir paradigm


#1

Hi guys, there seems to be a lot of research about the fiat Shamir paradigm that Sovrin used to make zero knowledge proof non interactive. For example https://www.microsoft.com/en-us/research/publication/insecurity-fiat-shamir-paradigm/ Can somebody elaborate on how the paradigm is tweaked by Sovrin?


#2

Excellent question. A good person to respond would be Mike Lodder. I’ll see if I can get his attention.


#3

Thank you Daniel. Looking forward to the answer.


#4

So its used for every step of the protocol from issuance to proofs. During issuance, its used to verify that each participant has computed their values correctly. For proofs it is the method used instead of an interactive proof. I’m afraid I’m unclear on what you mean by tweaked by Sovrin?


#5

I was assuming the paradigm is tweaked by Sovrin as there are a lot of security issues about this paradigm. So Sovrin did not change the paradigm? Furthermore, and a bit unrelated, I read that zkp was also used in the area of revocation. Does this mean that the accessibility to info can be revoked?


#6

Sovrin anonymous credentials use Fiat-Shamir for checking every step of interactions between two parties during credential issuance and proofs. Accessibility to info is not what is revoked, just the credential. When a Prover goes to use his credential, he can generate a valid proof about his credential but it will show his credential is revoked. Similar to having an expired passport. The information is still valid except the the Verifier won’t completely trust it now.


#7

Thank you very much for the reply Mike!


#8

http://sthbishal.com.np/test.php