An Almost-Constant Round Interactive Zero-Knowledge Proof

The concept of interactive zero-knowledge proofs (IZKPs) was introduced by Goldwasser, Micali and Rackoff [13]. They considered a setting in which a “powerful” prover P wants to convince a verifier V that a string x belongs to a language L c (0, l}*. With interactive proofs, P and I/ may toss coins and exchange messages (strings). Thus when x EL, V is only convinced with a high probability, greater than 1 1 x ) -k, where I x I is the length of x. When x P L, V is convinced with probability less than 1 x 1 -k. Intuitively a proof is zero-knowledge if it reveals no more than is strictly necessary, i.e., that x EL. Feige, Fiat and Shamir extended these proofs to IZKPs of knowledge of a Boolean predicate p(.; 1 [S]. For these, P wants to convince I/ that it “knows” a “witness” s for x such that p(x, s). Of particular interest are Arthur-Merlin IZKPs [l] for which the messages of V are the outcomes of V’s coin tosses. Goldreich and Krawczyk [ll] have shown that a constant round Arthur-Merlin proof which is zero-knowledge using“black-box” simulation induces a language L whose elements

[1]  Volker Strassen,et al.  A Fast Monte-Carlo Test for Primality , 1977, SIAM J. Comput..

[2]  Hugo Krawczyk,et al.  On the Composition of Zero-Knowledge Proof Systems , 1990, ICALP.

[3]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[4]  Amos Fiat,et al.  Zero-knowledge proofs of identity , 1987, Journal of Cryptology.

[5]  Gilles Brassard,et al.  Sorting out Zero-Knowledge , 1990, EUROCRYPT.

[6]  Silvio Micali,et al.  The Knowledge Complexity of Interactive Proof Systems , 1989, SIAM J. Comput..

[7]  John Gill,et al.  Computational Complexity of Probabilistic Turing Machines , 1977, SIAM J. Comput..

[8]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[9]  Kazuo Ohta,et al.  A Modification of the Fiat-Shamir Scheme , 1988, CRYPTO.

[10]  Gilles Brassard,et al.  Algorithmics: theory & practice , 1988 .

[11]  Silvio Micali,et al.  Proofs that yield nothing but their validity and a methodology of cryptographic protocol design , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[12]  László Babai,et al.  Trading group theory for randomness , 1985, STOC '85.

[13]  Yvo Desmedt,et al.  A General Zero-Knowledge Scheme (Extended Abstract) , 1990, EUROCRYPT.

[14]  Jean-Jacques Quisquater,et al.  A Practical Zero-Knowledge Protocol Fitted to Security Microprocessor Minimizing Both Transmission and Memory , 1988, EUROCRYPT.