Efficient Zero-Knowledge Proofs of Knowledge Without Intractability Assumptions

We initiate the investigation of the class of relations that admit extremely efficient perfect zero knowledge proofs of knowledge: constant number of rounds, communication linear in the length of the statement and the witness, and negligible knowledge error. In its most general incarnation, our result says that for relations that have a particular three-move honest-verifier zero-knowledge (HVZK) proof of knowledge, and which admit a particular three-move HVZK proof of knowledge for an associated commitment relation, perfect zero knowledge (against a general verifier) can be achieved essentially for free, even when proving statements on several instances combined under under monotone function composition. In addition, perfect zero-knowledge is achieved with an optimal 4-moves. Instantiations of our main protocol lead to efficient perfect ZK proofs of knowledge of discrete logarithms and RSA-roots, or more generally, q-one-way group homomorphisms. None of our results rely on intractability assumptions.

[1]  Hugo Krawczyk,et al.  On the Composition of Zero-Knowledge Proof Systems , 1990, ICALP.

[2]  Rafail Ostrovsky,et al.  Perfect zero-knowledge in constant rounds , 1990, STOC '90.

[3]  Ivan Damgård,et al.  Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols , 1994, CRYPTO.

[4]  Avi Wigderson,et al.  Characterizing non-deterministic circuit size , 1993, STOC '93.

[5]  Ivan Damgård,et al.  On the Existence of Bit Commitment Schemes and Zero-Knowledge Proofs , 1989, CRYPTO.

[6]  Ivan Damgård,et al.  Interactive Hashing can Simplify Zero-Knowledge Protocol Design Without Computational Assumptions (Extended Abstract) , 1993, CRYPTO.

[7]  Jean-Jacques Quisquater,et al.  A "Paradoxical" Indentity-Based Signature Scheme Resulting from Zero-Knowledge , 1988, CRYPTO.

[8]  Claus-Peter Schnorr E cient Identi cation and Signatures for Smart-Cards , 1990, CRYPTO 1990.

[9]  Ivan Damgård,et al.  Sequential Iteration of Interactive Arguments and an Efficient Zero-Knowledge Argument for NP , 1997, ICALP.

[10]  Kaoru Kurosawa,et al.  4 Move Perfect ZKIP of Knowledge with No Assumption , 1991, ASIACRYPT.

[11]  Giovanni Di Crescenzo,et al.  Secret Sharing and Perfect Zero Knowledge , 1994, CRYPTO.

[12]  Markus Jakobsson,et al.  Round-Optimal Zero-Knowledge Arguments Based on any One-Way Function , 1997, EUROCRYPT.

[13]  Hugo Krawczyk,et al.  On the Composition of Zero-Knowledge Proof Systems , 1990, ICALP.

[14]  Oded Goldreich,et al.  Foundations of Cryptography (Fragments of a Book) , 1995 .

[15]  Moti Yung,et al.  Robust efficient distributed RSA-key generation , 1998, STOC '98.

[16]  Tal Rabin,et al.  Simplified VSS and fast-track multiparty computations with applications to threshold cryptography , 1998, PODC '98.

[17]  Ivan Damgård,et al.  Zero-Knowledge Proofs for Finite Field Arithmetic; or: Can Zero-Knowledge be for Free? , 1998, CRYPTO.

[18]  Mihir Bellare,et al.  On Defining Proofs of Knowledge , 1992, CRYPTO.

[19]  Ronald Cramer,et al.  Modular Design of Secure yet Practical Cryptographic Protocols , 1997 .

[20]  Claus-Peter Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1990, EUROCRYPT.

[21]  Jeffrey Scott Vitter,et al.  Proceedings of the thirtieth annual ACM symposium on Theory of computing , 1998, STOC 1998.

[22]  Lajos Rónyai,et al.  Extremal bipartite graphs and superpolynomial lower bounds for monotone span programs , 1996, STOC '96.

[23]  Amit Sahai,et al.  Honest-verifier statistical zero-knowledge equals general statistical zero-knowledge , 1998, STOC '98.

[24]  Giovanni Di Crescenzo,et al.  On monotone formula closure of SZK , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[25]  Adi Shamir,et al.  Zero Knowledge Proofs of Knowledge in Two Rounds , 1989, CRYPTO.