On 01/02/2012 18:50, Nico Williams wrote:
On Wed, Feb 1, 2012 at 3:49 AM, Francois Grieu<[email protected]> wrote:
The talk does not give much details, and I failed to locate any article
with a similar claim.
I would find that result truly remarkable, and it is against my intuition.
The video you posted does help me with the intuition problem. The
idea seems to be to replace the normal arithmetic in SHA-1 with
operations from a zero-knowledge scheme such that in the end you get a
zero-knowledge proof of the operations that were applied to the input.
That makes complete sense to me, even without seeing the details.
But maybe I'm just gullible :^)
Issues seem to be: can we chain commitments of commitments,
to so many levels (hundreds, I guess), and still get something manageable?
Did some detail slept in the talk's method? In particular, the XOR and
ADD that make the bulk of SHA-1 are not field operations. A detailed
analysis could tell, but we do not have enough detail on the talk's method,
or on a similar claim.
Francois Grieu
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
