A perfect zero-knowledge proof system for a problem equivalent to the discrete logarithm

An interactive proof system is calledperfect zero-knowledge if the probability distribution generated by any probabilistic polynomial-time verifier interacting with the prover on input theoremϕ, can be generated by another probabilistic polynomial-time machine which only getsϕ as input (and interacts with nobody!).In this paper we present aperfect zero-knowledge proof system for a decision problem which is computationally equivalent to the Discrete Logarithm Problem. Doing so we provide additional evidence to the belief thatperfect zero-knowledge proof systems exist in a nontrivial manner (i.e., for languages not inBPP). Our results extend to the logarithm problem in any finite Abelian group.

[1]  Moni Naor,et al.  Bit commitment using pseudorandomness , 1989, Journal of Cryptology.

[2]  Stathis Zachos,et al.  Does co-NP Have Short Interactive Proofs? , 1987, Inf. Process. Lett..

[3]  Silvio Micali,et al.  Everything Provable is Provable in Zero-Knowledge , 1990, CRYPTO.

[4]  Lance Fortnow,et al.  The Complexity of Perfect Zero-Knowledge , 1987, Proceeding Structure in Complexity Theory.

[5]  Andrew M. Odlyzko,et al.  Discrete Logarithms in Finite Fields and Their Cryptographic Significance , 1985, EUROCRYPT.

[6]  Leonid A. Levin,et al.  Pseudo-random generation from one-way functions , 1989, STOC '89.

[7]  David Chaum,et al.  Demonstrating Possession of a Discrete Logarithm Without Revealing It , 1986, CRYPTO.

[8]  Ernest F. Brickell,et al.  Gradual and Verifiable Release of a Secret , 1987, CRYPTO.

[9]  Andrew Chi-Chih Yao,et al.  Theory and Applications of Trapdoor Functions (Extended Abstract) , 1982, FOCS.

[10]  Silvio Micali,et al.  The Knowledge Complexity of Interactive Proof Systems , 1989, SIAM J. Comput..

[11]  Ludek Kucera,et al.  Canonical labeling of regular graphs in linear average time , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[12]  Moni Naor,et al.  Bit Commitment Using Pseudo-Randomness , 1989, CRYPTO.

[13]  Yacov Yacobi,et al.  The Complexity of Promise Problems with Applications to Public-Key Cryptography , 1984, Inf. Control..

[14]  Burton S. Kaliski,et al.  Elliptic curves and cryptography: a pseudorandom bit generator and other tools , 1988 .

[15]  Yair Oren,et al.  On the cunning power of cheating verifiers: Some observations about zero knowledge proofs , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[16]  László Babai,et al.  Canonical labelling of graphs in linear average time , 1979, 20th Annual Symposium on Foundations of Computer Science (sfcs 1979).

[17]  Silvio Micali,et al.  Proofs that yield nothing but their validity and a methodology of cryptographic protocol design , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[18]  László Babai,et al.  Trading group theory for randomness , 1985, STOC '85.

[19]  Johan Håstad,et al.  Perfect zero-knowledge languages can be recognized in two rounds , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[20]  Silvio Micali,et al.  Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.

[21]  László Babai,et al.  Canonical labeling of graphs , 1983, STOC.

[22]  Shafi Goldwasser,et al.  Private coins versus public coins in interactive proof systems , 1986, STOC '86.

[23]  Adi Shamir,et al.  IP = PSPACE , 1992, JACM.

[24]  J. Rosser,et al.  Approximate formulas for some functions of prime numbers , 1962 .

[25]  Johan Håstad,et al.  Pseudo-random generators under uniform assumptions , 1990, STOC '90.

[26]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[27]  Manuel Blum,et al.  How to generate cryptographically strong sequences of pseudo random bits , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[28]  Andrew Chi-Chih Yao,et al.  Theory and application of trapdoor functions , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[29]  Moti Yung,et al.  Direct Minimum-Knowledge Computations , 1987, CRYPTO.

[30]  David Chaum,et al.  Demonstrating That a Public Predicate Can Be Satisfied Without Revealing Any Information About How , 1986, CRYPTO.

[31]  David Chaum,et al.  An Improved Protocol for Demonstrating Possession of Discrete Logarithms and Some Generalizations , 1987, EUROCRYPT.

[32]  Josh Benaloh,et al.  Cryptographic Capsules: A Disjunctive Primative for Interactive Protocols , 1986, CRYPTO.

[33]  Martin Tompa,et al.  Random self-reducibility and zero knowledge interactive proofs of possession of information , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[34]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..