Matthew Green - Zero Knowledge Proofs An Illustrated Primer, Part 2 – A Few Thoughts on Cryptographic Engineering (Highlights)

# Matthew Green - Zero Knowledge Proofs: An Illustrated Primer, Part 2 – A Few Thoughts on Cryptographic Engineering (Highlights) ![rw-book-cover|256](https://readwise-assets.s3.amazonaws.com/static/images/article4.6bc1851654a0.png) ## Metadata **Cover**:: https://readwise-assets.s3.amazonaws.com/static/images/article4.6bc1851654a0.png **Source**:: #from/readwise **Zettel**:: #zettel/fleeting **Status**:: #x **Authors**:: [[Matthew Green]] **Full Title**:: Zero Knowledge Proofs: An Illustrated Primer, Part 2 – A Few Thoughts on Cryptographic Engineering **Category**:: #articles #readwise/articles **Category Icon**:: 📰 **Document Tags**:: #cryptography #zero-knowledge-proof **URL**:: [blog.cryptographyengineering.com](https://blog.cryptographyengineering.com/2017/01/21/zero-knowledge-proofs-an-illustrated-primer-part-2/) **Host**:: [[blog.cryptographyengineering.com]] **Highlighted**:: [[2020-01-31]] **Created**:: [[2022-09-26]] ## Highlights - We’re asking that a protocol be both *sound* — meaning that a bogus Prover can’t trick some Verifier into accepting a statement unless it has special knowledge allowing it to prove the statement — but we’re also asking for the existence of an algorithm (the simulator) that can literally cheat. Clearly both properties can’t hold at the same time. The solution to this problem is that both properties *don’t* hold at the same time. - A knowledge extractor (or just ‘Extractor’ for short) is a special type of Verifier that interacts with a Prover, and — if the Prover succeeds in completing the proof — the Extractor should be able to extract the Prover’s original secret. - The Extractor is *not* required to exist during a normal run of the protocol.