A zero-knowledge proof is an interactive proof with the additional property that the verifier learns nothing beyond the correctness of the statement being proved. The theory of zero-knowledge proofs is beautiful and rich, and is a cornerstone of the foundations of cryptography. In the context of cryptographic protocols, zero-knowledge proofs can be used to enforce “good behavior” by having parties prove that they indeed followed the protocol correctly. These proofs must reveal nothing about the parties’ private inputs, and as such must be zero knowledge. Zero-knowledge proofs are often considered an expensive (and somewhat naive) way of enforcing honest behavior, and those who view them in this way consider them to be not very useful when constructing efficient protocols.
[1]
Mihir Bellare,et al.
On Defining Proofs of Knowledge
,
1992,
CRYPTO.
[2]
Oded Goldreich,et al.
How to construct constant-round zero-knowledge proof systems for NP
,
1996,
Journal of Cryptology.
[3]
Ivan Damgård,et al.
On the Amortized Complexity of Zero-Knowledge Protocols
,
2009,
CRYPTO.
[4]
Ivan Damgård,et al.
Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols
,
1994,
CRYPTO.
[5]
Mihir Bellare,et al.
On Probabilistic versus Deterministic Provers in the Definition of Proofs Of Knowledge
,
2006,
IACR Cryptol. ePrint Arch..
[6]
Oded Goldreich,et al.
Foundations of Cryptography: Volume 1, Basic Tools
,
2001
.