matthiasgeihs

Read further into the paper. Another noticeable difference: In SyRA, the user private key is chosen by the issuer. Hence, if the issuer is compromised, it could generate signatures on...

Target application: anonymous voting Involved parties: User/Voter (U), Credential Issuer (CI), Poll Organizer (PO), Append-only Public Bulletin Board (B) Step 1: U proves identity and obtains credential from CI U...

> Correct, it hasn't been. But I discussed with one of the SyRA authors to add it but the implementation is going to be different than the one in the...

> I found an OPRF with committed inputs in [this paper](https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=7961985) which allows oblivious evaluation of DY PRF on a committed input. Its described in steps 1 and 2 of...

Overall, I need to reevaluate my design in comparison to SyRA, which I haven't been aware of. There seem to be the following core differences: - SyRA - One third...

> It doesn't matter that the CI learns the credential since the any usage of cred doesn't reveal the signature and CI couldn't learn it even after interacting with PO...

> > The poll organizer (PO) would be mandatory. It can be thought of as the party / committee hosting the poll. > > And its acceptable for CI to...

> > What signature are you referring to here? > > I was referring to the SyRA signature (what SyRA calls user secret key) and optionally BBS signature (when you...

@lovesh Very cool, thx for letting me know. Had other priorities in the meantime, but this motivates me to pick this up again 👍

@lovesh Happy new year 2025! Just found some time to look a bit more into the SyRA threshold issuance, downloaded the code, and ran the tests. What's the reason that...