Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
jstanley 3 hours ago

> A zero knowledge proof (ZKP) answers a question without revealing anything more than answer. For example, a digital signature proves your possession of a private key without revealing that key.

I don't think a digital signature is a Zero-Knowledge Proof because someone else could copy and paste the signature and then it would look like they know the key, and because other third parties could check whether the signature was valid or not.

To be a true Zero-Knowledge Proof it needs to:

* show that you know the thing without revealing the thing

* not allow other people to copy your answer

* not allow anyone other than your intended counterparty to even verify the answer

phkahler 3 hours ago | parent | next [-]

>> I don't think a digital signature is a Zero-Knowledge Proof because someone else could copy and paste the signature and then it would look like they know the key, and because other third parties could check whether the signature was valid or not.

One of us is confused. You can't copy a digital signature in a useful way. Without the message it doesnt mean anything. With the message its proof that the message was signed by someone with the private key.

To meet your second two (arbitrary) requirements, have the signer encrypt the signed message with your public key before sending it to you.

jstanley 2 hours ago | parent | next [-]

They're not my arbitrary requirements, see https://en.wikipedia.org/wiki/Zero-knowledge_proof

Specifically:

> In light of the fact that one should be able to generate a proof of some statement only when in possession of certain secret information connected to the statement, the verifier, even after having become convinced of the statement's truth by means of a zero-knowledge proof, should nonetheless remain unable to prove the statement to further third parties.

pastel8739 3 hours ago | parent | prev [-]

I think it’s the original quote that is unclear:

> a digital signature proves your possession of a private key without revealing that key.

Signatures do not themselves do this; but they can be used to construct a protocol that does (e.g. the provee provides a random challenge that the prover must sign). But still this is not AFAIU a zero-knowledge proof as the signature is itself “knowledge”.

drdeca 2 hours ago | parent [-]

I think a definition of the security of a signature scheme is that a computationally limited attacker should not have a non-negligibly better than chance guess of the secret key.

I think some of the “ZKP” techniques are supposed to only be “ZK” for a computationally limited observer? Though I may be mistaken, and maybe non-interactive ZKP schemes are only assuming that the prover has limited computational resources, not that the observer/attacker hoping to get information from them does?

pastel8739 3 hours ago | parent | prev [-]

I think even aside from that (which can be solved with challenge-response) digital signatures are typically not ZKPs because the signature itself constitutes information that must be transferred during the proof.