Non-interactive sigma-protocols

You are here:
< All Topics

Sigma protocols are zero-knowledge proofs that can prove homomorphisms on algebraically encoded data. The algebraic encoding can be a Pedersen commitment or an ElGamal encryption. A sigma protocol can be used to show that two Pedersen commitments contain the same value or that an ElGamal encryption encrypts 0. Sigma protocols can be made non-interactive and transferable using the Fiat-Shamir heuristic. Here the verifier’s messages are replaced by the output of a hash function applied to the previous prover’s message. The same technique is used to make Bulletproofs non-interactive.

Previous Threshold cryptography
Next Group signatures
Table of Contents