EXHIBIT 05● REAL HASH-DERIVED CHALLENGE
Fiat-Shamir (Non-Interactive Proof)
Turn interactive challenge-response into a single hash-bound proof transcript
✓ Completeness
✓ Soundness (ROM model)
✓ Practical NIZK pattern
In Schnorr, the verifier sends a random challenge c. In Fiat-Shamir, we remove that verifier message and derive c by hashing public transcript data. This turns an interactive proof into a single self-contained proof object.
That "hash as verifier" pattern is the bridge from educational Sigma protocols toward many modern signature and proof systems used in production.
Toy vs Production Parameters
| Dimension | This Exhibit | Production Expectation |
|---|---|---|
| Hash input | R || y || message | Domain separated transcript with context binding |
| Challenge range | 1..50 | Large scalar field challenge |
| Math domain | Small prime modulus | Secure elliptic curves or large finite fields |
| Security model | Didactic random-oracle intuition | Audited proofs and protocol-specific assumptions |
PROVER OUTPUT
Message
—
Nonce commitment R = g^r mod p
—
Challenge c = H(R || y || message) mod 50 + 1
—
Response s = r + c·x mod (p-1)
—
VERIFIER CHECK
g^s mod p
—
R · y^c mod p
—
Ready.
— protocol log —
What changes from Schnorr: the verifier's random challenge is replaced by a deterministic challenge derived from hashing transcript data. This gives a non-interactive proof object at the cost of relying on random-oracle style assumptions.