Short Non-Interactive Cryptographic Proofs

Abstract. We show how to produce short proofs of theorems such that a distrusting Verifier can be convinced that the theorem is true yet obtains no information about the proof itself. We assume the theorem is represented by a boolean circuit, of size m gates, which is satisfiable if and only if the theorem holds. We use bit commitments of size k and bound the probability of false proofs going undetected by 2-r . We obtain non-interactive zero-knowledge proofs of size O(mk( log m +r)) bits. In the random oracle model, we obtain non-interactive proofs of size O(m( log m+r) + rk) bits. By simulating a random oracle, we obtain non-interactive proofs which are short enough to be used in practice. We call the latter proofs ``discreet.''

[1]  J. Boyar,et al.  On The Multiplicative Complexity of Boolean Functions over the Basis $(\wedge, \oplus, 1)$ , 1998 .

[2]  Anatolij A. Karatsuba,et al.  Multiplication of Multidigit Numbers on Automata , 1963 .

[3]  Silvio Micali,et al.  Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.

[4]  Paul E. Dunne,et al.  The Complexity of Boolean Networks , 1988 .

[5]  Manuel Blum,et al.  Coin Flipping by Telephone. , 1981, CRYPTO 1981.

[6]  Joe Kilian,et al.  An Efficient Noninteractive Zero-Knowledge Proof System for NP with General Assumptions , 1998, Journal of Cryptology.

[7]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[8]  Tatsuaki Okamoto,et al.  Statistical Zero Knowledge Protocols to Prove Modular Polynomial Relations , 1997, CRYPTO.

[9]  Joan Boyar,et al.  A discrete logarithm implementation of perfect zero-knowledge blobs , 1990, Journal of Cryptology.

[10]  Claus-Peter Schnorr,et al.  The Multiplicative Complexity of Quadratic Boolean Forms , 1992, Theor. Comput. Sci..

[11]  Silvio Micali,et al.  Non-Interactive Zero-Knowledge with Preprocessing , 1988, CRYPTO.

[12]  S. Micali,et al.  Noninteractive Zero-Knowledge , 1990, SIAM J. Comput..

[13]  Manuel Blum,et al.  Non-interactive zero-knowledge and its applications , 1988, STOC '88.

[14]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[15]  Carsten Lund,et al.  On the communication complexity of zero-knowledge proofs , 1993, Journal of Cryptology.

[16]  Ivan Damgård,et al.  Non-Interactive Circuit Based Proofs and Non-Interactive Perfect Zero-knowledge with Proprocessing , 1992, EUROCRYPT.

[17]  Giovanni Di Crescenzo,et al.  Secret Sharing and Perfect Zero Knowledge , 1994, CRYPTO.

[18]  Joan Boyar’RenC Peralta Short Discreet Proofs , 2002 .

[19]  R. Cramer,et al.  Linear Zero-Knowledgde. A Note on Efficient Zero-Knowledge Proofs and Arguments , 1996 .

[20]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[21]  Ivan Damgård,et al.  Sequential Iteration of Interactive Arguments and an Efficient Zero-Knowledge Argument for NP , 1997, ICALP.

[22]  Ivan Damgård,et al.  Zero-Knowledge Proofs for Finite Field Arithmetic; or: Can Zero-Knowledge be for Free? , 1998, CRYPTO.

[23]  Adi Shamir,et al.  Multiple non-interactive zero knowledge proofs based on a single random string , 1990, Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science.

[24]  Jeroen van de Graaf,et al.  A Simple and Secure Way to Show the Validity of Your Public Key , 1987, CRYPTO.

[25]  Stuart A. Kurtz,et al.  A discrete logarithm implementation of zero-knowledge blobs , 1987 .

[26]  Gilles Brassard,et al.  Subquadratic zero-knowledge , 1991, [1991] Proceedings 32nd Annual Symposium of Foundations of Computer Science.

[27]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[28]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[29]  Manuel Blum,et al.  Noninteractive Zero-Knowledge , 1991, SIAM J. Comput..

[30]  Gilles Brassard,et al.  Zero-Knowledge Simulation of Boolean Circuits , 1986, CRYPTO.

[31]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[32]  Ken Thompson,et al.  Password security: a case history , 1979, CACM.

[33]  Ivan Damgård,et al.  Linear zero-knowledge—a note on efficient zero-knowledge proofs and arguments , 1997, STOC '97.