Non-Interactive Circuit Based Proofs and Non-Interactive Perfect Zero-knowledge with Proprocessing

In the first part of this paper, we present a noninteractive zero-knowledge proof system for Circuit Satisfiability. With this protocol, we can prove an arbitrary NP-statement non-interactively without using Karp-reductions to 3-SAT or Graph Hamiltonicity. The proof system is based on the quadratic residuosity problem and allows processing of XOR and NOT gates at virtually no cost. It is significantly more efficient than previously known non-interactive proof systems. In the second part, we present protocols based on the existence of collision intractable hash functions, leading to a statistical zero-knowledge noninteractive argument with preprocessing for any NP-statement. Under the certified discrete log assumption, the protocol is perfect zero-knowledge. In the preprocessing, the parties need only exchange messages of length independent of the theorem to be proved later. This is the first protocol with such efficient preprocessing that does not need to assume oblivious transfer. Finally we present a perfect zero-knowledge non-interactive protocol based on discrete logarithms that may potentially remove the need for preprocessing.

[1]  David Chaum,et al.  Multiparty Computations Ensuring Privacy of Each Party's Input and Correctness of the Result , 1987, CRYPTO.

[2]  Moni Naor,et al.  Bit Commitment Using Pseudo-Randomness , 1989, CRYPTO.

[3]  Adi Shamir,et al.  Multiple non-interactive zero knowledge proofs based on a single random string , 1990, Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science.

[4]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[5]  S. Micali,et al.  Noninteractive Zero-Knowledge , 1990, SIAM J. Comput..

[6]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[7]  Manuel Blum,et al.  Noninteractive Zero-Knowledge , 1991, SIAM J. Comput..

[8]  Silvio Micali,et al.  Non-Interactive Zero-Knowledge with Preprocessing , 1988, CRYPTO.

[9]  Rafail Ostrovsky,et al.  Minimum resource zero knowledge proofs , 1989, 30th Annual Symposium on Foundations of Computer Science.

[10]  Alfredo De Santis,et al.  Public-Randomness in Public Key Cryptography , 1990, EUROCRYPT.

[11]  Stuart A. Kurtz,et al.  A discrete logarithm implementation of zero-knowledge blobs , 1987 .

[12]  Manuel Blum,et al.  Non-interactive zero-knowledge and its applications , 1988, STOC '88.

[13]  Adi Shamir,et al.  Zero Knowledge Proofs of Knowledge in Two Rounds , 1989, CRYPTO.

[14]  Moni Naor,et al.  Universal one-way hash functions and their cryptographic applications , 1989, STOC '89.

[15]  Adi Shamir,et al.  Publicly Verifiable Non-Interactive Zero-Knowledge Proofs , 1990, CRYPTO.

[16]  Amos Fiat,et al.  Zero-knowledge proofs of identity , 1987, Journal of Cryptology.

[17]  Lance Fortnow,et al.  The Complexity of Perfect Zero-Knowledge , 1987, Proceeding Structure in Complexity Theory.

[18]  Rafail Ostrovsky,et al.  Minimum resource zero-knowledge proofs (extended abstracts) , 1989, CRYPTO 1989.

[19]  Ivan Damgård,et al.  On the Existence of Bit Commitment Schemes and Zero-Knowledge Proofs , 1989, CRYPTO.

[20]  Ivan Damgård,et al.  A Design Principle for Hash Functions , 1989, CRYPTO.