What is the point of using NIZK for hash function?

Jimmy

2/9/23, 5:34 PM

So my question is the point of using NIZK for hash function. My reasoning is that if you want to prove you have a certain preimage, isn't providing the hash value of this preimage directly enough to prove that argument? Maybe I am missing something here. Thanks!

0 + 0

hash

kodlu

2/10/23, 11:14 AM

please edit your question in light of answer and comments by Daniel S, so it is clear exactly what you are asking.

Score:1

Crypto

Daniel S

2/9/23, 5:40 PM

Providing a hash value is no evidence that you have a pre-image. I can easily produce the 256-bit number 0x9A867C4957D32E09420239682A3502F6, but that doesn't prove that I have an input to SHA256 that generates it.

A NIZK construction would allow me to demonstrate that I do have an input that produces that value, but without revealing any information about the input.

0 + 0

Jimmy

2/9/23, 5:47 PM

Yes. But let me be more clear on my scenario. The message digest is kept as one secret for validation by Party A (received from somewhere but A is not allowed to learn the preimage) and another Party B has the access to the preimage if B finishes certain tasks (defined by some contract). After the tasks are finished, B can use the preimage to generate the hash and submit it to A for validation. Here since the hash value is also a secret, do we still need NIZK?

Daniel S

2/9/23, 8:45 PM

For future reference, it is not easy to infer that set-up from your question. The set-up that you describe is vulnerable to a [pass the hash](https://en.wikipedia.org/wiki/Pass_the_hash) attack if someone can read the stored hash on the server. NIZK would block the pass-the-hash approach (but you might like to still worry about replay attacks).

Jimmy

2/9/23, 9:02 PM

Thanks for the tips! Back to your explanation, I am not sure your password/hash example is the same as what I have here. The goal is to ensure that B actually finishes the task and this hash-preimage pair will only be used once. In this case, I don't think passing the hash value is a big problem?

Daniel S

2/10/23, 9:56 AM

I'm really not sure what your security model is here. If the goal is that you only want legitimate completers of the task to be validated, then NIZK will defend against those who access (authorised or otherwise) the stored value on A. Without NIZK we have assurance that B knows the hash value which could be obtained from the pre-iamge, but could be obtained in other ways depending on your threat model.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: What is the point of using NIZK for hash function?

TH: จุดประสงค์ของการใช้ NIZK สำหรับฟังก์ชันแฮชคืออะไร?

RO: Care este rostul folosirii NIZK pentru funcția hash?

RU: Какой смысл использовать NIZK для хэш-функции?

VI: Điểm sử dụng NIZK cho hàm băm là gì?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.