As we will show, the fact that no advanced math is required (no factorization, no elliptic curves, no pairings, no polynomials) makes this solution surprisingly easy to implement, even in restricted environments, while it compares favorably against Bulletproofs for both 32 and 64 bit numeric values.
the zero-knowledge property is relaxed to witness indistinguishability (we just need to hide the exact amount of the issued value)īy taking advantage of these relaxed properties, we describe a new lightweight scheme called HashWires, whose security is based solely upon the security of cryptographically secure hash functions.the soundness requirement is relaxed to a weaker notion which we refer to as commitment-conditional soundness (because we already trust issuers, i.e., the identity and passport authorities).These observations motivated research in the field of credential-based range proofs (CBRP), which differ from regular zero-knowledge range proof solutions in two ways: The latter is because we’re interested in proving that some issued credential satisfies a threshold and nothing else. Briefly, in the second scenario a) we have a trusted authority that issues credentials and b) typically we don’t perform operations between encrypted values, thus commitment homomorphism is not required. Apart from the inconvenience of exposing personal data in these scenarios, some may have privacy and security concerns about how this information is stored once collected.īy looking closer into the requirements, we realized that there exist two substantial differences between applying range proofs for confidential amounts in blockchains and showing your age or income data in real world activities and purchases. Those familiar with applications of zero-knowledge proofs (ZKP) have probably encountered the concept of range proofs in protocols such as Bulletproofs, MimbleWimble and generic zkSNARK constructions.īut if you ask non-experts to enlist the most important applications of such a mechanism, two common applications mentioned include proof-of-age and proof-of-income to relevant third-parties, such as landlords. We present results on a practical implementation of our attack, generating collisions for shash in less than a second on a typical desktop computer.This post presents one of the easiest-to-implement protocols for proving that a secret integer lies within an interval, without revealing anything else about the number itself. Finally, we reformulate the shash compression function showing that it is a PTX function and thus vulnerable.
Next, we show that all PTX functions, including functions which use random oracles, are vulnerable to our collision attack. We call members of this family PTX functions. First, we define the family of functions which have the structure we wish to exploit. We exploit the fundamental structure of the algorithm, completely bypassing the hash function's formidable cryptographic protections. To best of our knowledge, our attack is the only known attack against the shash algorithm. Spectral-Hash (shash) is a Merkle-Damgård based hash function, carefully designed to resist all known cryptographic attacks. This paper presents an attack on the strong collision resistance of the Spectral Hash SHA-3 candidate. Paper 2009/415 Attacks Against Permute-Transform-Xor Compression Functions and Spectral Hash
0 kommentar(er)
