zlacker

[parent] [thread] 1 comments
1. bobbie+(OP)[view] [source] 2025-07-03 22:27:26
Thank you!!

If I understand correctly:

* The prover commits to a starting value (public input)

* Instead of waiting for an interactive challenge, they hash it and use the resulting hash output as if it were a challenge

If we believe the hash is a random oracle (as we do for cryptographic hash functions), then it is hard for the prover to manipulate the challenges. Is that it?

replies(1): >>Matteo+Dz
2. Matteo+Dz[view] [source] 2025-07-04 07:07:12
>>bobbie+(OP)
You got it. There are a few nuisances, e.g. the "theorem statement" must be hashed as well so that proving that name=Mickey has a different oracle than proving that name=Goofy, but your basic understanding is correct.
[go to top]