|
|
|
|
|
|
by mlyle
2446 days ago
|
|
|
No.. You wouldn't need a ZKP for that. From the paper: > Note that such a proof is not straightforward. We firstly
prove that a ciphertext, CS N I , is the result of an encryption
without disclosing the public key nor the plaintext. This
causes the highest overhead in our construction. We use
the construction presented in [7] for this purpose. > Then we
need to link the public key encrypted in clause two, with
the one used in clause one. For this we use a proof that two
commitments hide the same secret [5]. > Finally the third clause
can be openly computed by A given that it received the public
key from R. > Using this, S can convince A that the tunnel created is to
a domain that the latter considers valid, without disclosing
which one. |
|
|