so the idea of using length-extension attack to prove the authenticity of chunks A and C in a page A|B|C while hiding B, is to have the auditor controlling the HMAC key K, and in a rudimentary MAC setup, producing H(K|A) first, then transfer it to the auditee to create H(K|A|B), and return it to the auditor to finally create H(K|A|B|C) and check if it matches the digest. The previous concern with this scheme was that the auditor could
replace A|B with something entirely, but that doesn't appear to be justified, as the auditee doesn't know the HMAC key K, he could not create some H(K|A1|B1) that could produce a H(K|A1|B1|C) that can match the digest while the last step of hashing is carried out by the auditor, as you can't deduce H(K|A1|B1) just from the digest and C
I will talk about how to extend it to multiple chunks of hidden content tomorrow, btw botbot.me appears to be shutting down :0
*something entirely* should be *something entirely different*
well the whould clause should be "the previous concern with this scheme was that the auditee could replace A|B with something entirely different(A1|B1)"
as long as part 2 comes before matt green's third blog post on ZKP i'll be happy proslogion :)
btw i saw something about deprecation of 1.0/1.1 yesterday ... think it might have been google. didn't chase up.
waxwing, though I have not been in this space for long, I can assure you that I wasn't busy shilling some altcoins while I was away :)
dunno what you mean, he's just progressing satoshi's true vision
arubi joined the channel
makes you wonder if he has a ZKP of the Riemann Hypothesis, yet you can't even know if the size of the proof can fit in a blog post