[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [freehaven-dev] POKs for mix accountability transcript

On Mon, 1 Jan 2001, David Hopwood wrote:

>   except with sub-polynomial probability. ...
> The paper has been withdrawn from the ePrint archive though; I don't
> know why.

I contacted the author about this idea last year - IIRC, what happened is
that he found a fatal flaw in his proof that the resulting protocol was
zero-knowledge. The protocol is in fact just a speedup of Rabin's
"Deniable Authentication" (presented at CRYPTO '98, slides online in the
www.iacr.org archives - my copy of the paper is at school, so I won't try
to give a summary of it here.)

Rabin's grad student, Yan, independently had a similar idea and found a
similar flaw. I never did write down exactly what happened; maybe it would
be a good idea to do that when I return. In Yan's case, the protocol was
not broken - just the proof failed. I don't remember about Fischlin's