Altcoins Talks - Cryptocurrency Forum
Crypto Discussion Forum => Cryptocurrency discussions => Topic started by: ataraxiaceleste on August 16, 2020, 12:33:08 AM
-
Consider the following seemingly paradoxical question :
Can Peggy convince Vic of the veracity of an NP statement, without leaking any information about the witness even in case Vic is malicious and Peggy does not trust her computer?
Can we avoid that Peggy fools Vic into accepting false statements, even if Peggy is mali- cious and Vic does not trust her computer?
At EUROCRYPT 2015, Mironov and Stephens-Davidowitz introduced cryptographic reverse firewalls (RFs) as an attractive approach to tackling such questions.
Study interactive proof systems (IPSes) in a strong adversarial setting where the machines of honest parties might be corrupted and under control of the adversary. Their aim is mainly to answer the seemingly paradoxical questions like above.
Intuitively, a Reverse Firewall for Peggy/Vic is an external party that sits between Peggy/Vic and the outside world and whose scope is to sanitize Peggy’s/Vic’s incoming and outgoing messages in the face of subversion of her/his computer, e.g. in order to destroy subliminal channels.
The researchers at Concordium, Chaya Ganesh , Bernardo Margi , Daniele Venturi put forward several natural security properties for RFs in the concrete setting of IPSes.
As their main contribution, they construct efficient RFs for different IPSes derived from a large class of Sigma protocols that they call malleable.
A nice feature of their design is that it is completely transparent, in the sense that their RFs can be directly applied to already deployed IPSes, without the need to re-implement them.
It can get quite technical unless you are actually have prior knowledge about subversion, Cryptographic Firewalls , Zero knowledge Proofs to fully understand this in depth.
They finally conclude the research by showing how to design cryptographic reverse firewalls allowing to preserve security of interactive proof systems in the face of subversion. Their firewalls apply to a large class of Sigma protocols meeting a natural malleability property, and can be extended to cover classical applications of Sigma protocols for designing zero-knowledge proofs and for proving compound statements.