KVAC
doc
The Signal Private Group System and Anonymous Credentials Supporting Efficient Verifiable Encryption
注意这里zero knowledge proof的assume condition:
- uid的proof由server校验,因此用sk做verify,无需public 。
- user profile的proof由group member使用shared key校验。group management的access control。
- 利用elgamal encryption的同态特性来做blinded attr/public verifiable。
其他思路与group signature相似。
