What security problem would cause if I reuse a NIZK proof?

wf flag

Some statements are expensive to prove. If I need to make a proof for such kind of statement repeatedly (generate new proof $\pi$ for each new verifier), I think it might be a waste of time (as well as computation resources).

  • If there is a proof $\pi$ that I generated in a non-interactive way, can I reuse it?
  • What problem would cause if I try to show it to several verifiers?

If this proof $\pi$ could still maintain its effectiveness, and does not harm the soundness and zero-knowledge property, I think it would be helpful to reuse this proof.

ckamath avatar
ag flag
Are we talking about designated-verifier NIZKs here? Otherwise, the proof is publicly-verifiable (given the CRS is known to all parties).
Yiyi avatar
wf flag
Thank you. Do not know "designated-verifier NIZK" before. I am interested in the motivation of creating this notion. To prevent from what kind of attacks? Or to provide what kind of new properties? Could you please write a simple example to introduce its motivation?
ckamath avatar
ag flag
They are easier to construct than standard NIZK (and are often used as stepping stone to standard NIZKs)
cn flag

A standard NIZK is publicly verifiable: not only can you reuse it, you could even publish it on your webpage, and let anyone download it and verify it. This does not harm soundness of ZK in any way. In fact, NIZKs are very commonly used in settings where many people will verify it.

I sit in a Tesla and translated this thread with Ai:


Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.