"Cryptography and Evidence," philosophy, and ZKPs
dmolnar
dmolnar at hcs.harvard.edu
Sun Jan 28 23:52:03 PST 2001
I just came across this PhD thesis in philosophy:
"Cryptography and Evidence"
Michael Roe
http://www.research.microsoft.com/users/mroe/THESIS.PDF
I have just started to read it. The thesis aims to give a careful account
of just what a protocol can and can *not* establish in the context of
repudiation. I'm pretty excited to see it, because I know of little
material on ZKPs from a "philosophical" point of view (besides Cypherpunks
archives).
What's more, the discussions I have seen with friends and such tend too
often to focus on the probabilistic nature of ZKPs, most often questioning
whether a probabilistic "proof" is a contradiction in terms. This isn't
interesting to me - not least because you can make perfectly rigorous
statements about the soundness of ZKPs. In the end, no matter what you
call it, it must convince you.
Better, but still short of the discussion I'd like, is that found in
"The Ongoing Value of Proof"
Gila Hanna
http://fcis.oise.utoronto.ca/~ghanna/pme96prf.html
which shows an understanding of what ZKPs are, but regretfully limits
itself only to a brief comment that
"..the most significant feature of the zero-knowledge method is that it is
entirely at odds with the traditional view of proof as a demonstration
open to inspection. This clearly thwarts the exchange of opinion among
mathematicians by which a proof has traditionally come to be accepted."
I wish the author had commented more, because as it stands I do *not*
think that it is so clear that a ZKP is "entirely at odds" with the
traditional view of proof. The interaction in a ZKP is certainly a
"demonstration," and every round is open to inspection. Perhaps you could
argue that the commitments used in ZKPs create a part of a ZKP "not open
to inspection," but the commitment values and decommits certainly are open
to inspection, so how far can you push this?
If you're familiar with Wittgenstein's "say vs. show" distinction, this is
how I might put it as a rough guide -- a ZKP's transcript is simulable,
therefore "says nothing," but the interaction "shows" the truth of a
proposition. (To some bounded probability of error.)
Does anyone know of other works which comment on ZKPs from standpoints in
philosophy? (or otherwise outside the usual standpoint of trying to
develop new technical results about ZKPs?)
Thanks,
-David
More information about the cypherpunks-legacy
mailing list