Question in tranform

Open sarthakg1234 opened this issue 6 years ago • 1 comments

just had a small question:

How can we attack a system which follows fiat-schamir heuristic given that the hash computed in by the prover in the second step only includes the provers public key and not the random challenge in step 1 as in the general protocol.

Why do we hash the random challenge along with the public key. Public key should be enough for the verifier to prove non-repudiation?

Thanking you

Oct 19 '19 23:10 sarthakg1234

Missing some context, which public key are you referring to?

Oct 20 '19 07:10 naure