# Talk:Feige–Fiat–Shamir identification scheme

WikiProject Cryptography / Computer science  (Rated Start-class, High-importance)
This article is within the scope of WikiProject Cryptography, a collaborative effort to improve the coverage of Cryptography on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
Start  This article has been rated as Start-Class on the quality scale.
High  This article has been rated as High-importance on the importance scale.

## algorithm accuracy

The algorith given under the "procedure" heading describes the Fiat-Shamit identification scheme, which is not zero-knowledge. See the German wikipedia for the differences of Feige-Fiat_shamir and Fiat-Shamir.

## ZK simulator

In the security section, a ZK simulator is proposed. This simulator is not sufficient: the x it outputs is always a square (a member of QR(N)), while this is not the case for honest commitments.

## participant names

In ZKPs, it's traditional to use Peggy/Victor (prover/verifier) instead of Alice and Bob. --Johnruble 15:07, 10 July 2007 (UTC)

## Section "Setup": Wrong equation?

Could it be that v_i ≡ s_i^2 ( mod n ) is wrong? According to Trappe, Wade; Washington, Lawrence C. (2003). Introduction to Cryptography with Coding Theory it is v_i ≡ s_i^(-2) ( mod n ) which is equal to v_i*s_i^2 ≡ (1 mod n) 138.246.2.114 (talk) 08:51, 27 July 2016 (UTC) ANSWER: To me, v_i ≡ s_i^2 ( mod n ) looks good! You propose v_i ≡ s_i^(-2) which means v_i^2 = s_i, i.e. squaring the public value yields the secret value. Squaring is easy mod N, so what you propose is not secure. (I didn't check Trappe et al). — Preceding unsigned comment added by 78.48.105.117 (talk) 15:38, 25 September 2016 (UTC)