论文信息 - Perfect Zero-Knowledge Arguments for NP Using Any One-Way Permutation

Perfect Zero-Knowledge Arguments for NP Using Any One-Way Permutation

Abstract. ``Perfect zero-knowledge arguments'' is a cryptographic primitive which allows one polynomial-time player to convince another polynomial-time player of the validity of an NP statement, without revealing any additional information (in the information-theoretic sense). Here the security achieved is on-line: in order to cheat and validate a false theorem, the prover must break a cryptographic assumption on-line during the conversation, while the verifier cannot find (ever) any information unconditionally. Despite their practical and theoretical importance, it was only known how to implement zero-knowledge arguments based on specific algebraic assumptions. In this paper we show a general construction which can be based on any one-way permutation. The result is obtained by a construction of an information-theoretic secure bit-commitment protocol. The protocol is efficient (both parties are polynomial time) and can be based on any one-way permutation.

[1] Manuel Blum,et al. How to generate cryptographically strong sequences of pseudo random bits , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[2] Adi Shamir,et al. Multiple non-interactive zero knowledge proofs based on a single random string , 1990, Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science.

[3] R. Cramer,et al. Linear Zero-Knowledgde. A Note on Efficient Zero-Knowledge Proofs and Arguments , 1996 .

[4] Michael Luby,et al. Pseudorandomness and cryptographic applications , 1996, Princeton computer science notes.

[5] Moti Yung,et al. One-Way Group Actions , 1990, CRYPTO.

[6] Andrew Chi-Chih Yao,et al. Theory and application of trapdoor functions , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[7] Silvio Micali,et al. CS proofs , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[8] Silvio Micali,et al. The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[9] S. Brands. An Eecient Oo-line Electronic Cash System Based on the Representation Problem , 1993 .

[10] Ivan Damgård,et al. Linear zero-knowledge—a note on efficient zero-knowledge proofs and arguments , 1997, STOC '97.

[11] Ivan Damgård,et al. Collision Free Hash Functions and Public Key Signature Schemes , 1987, EUROCRYPT.

[12] Moni Naor,et al. Universal one-way hash functions and their cryptographic applications , 1989, STOC '89.

[13] Hugo Krawczyk,et al. On the Existence of Pseudorandom Generators , 1993, SIAM J. Comput..

[14] Oded Goldreich,et al. Foundations of Cryptography (Fragments of a Book) , 1995 .

[15] Leonid A. Levin,et al. Average Case Complete Problems , 1986, SIAM J. Comput..

[16] Johan Håstad,et al. Pseudo-random generators under uniform assumptions , 1990, STOC '90.

[17] Rafail Ostrovsky,et al. Fair Games against an All-Powerful Adversary , 1990, Advances In Computational Complexity Theory.

[18] Russell Impagliazzo,et al. One-way functions are essential for complexity based cryptography , 1989, 30th Annual Symposium on Foundations of Computer Science.

[19] Moni Naor,et al. Does parallel repetition lower the error in computationally sound protocols? , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[20] David Chaum,et al. Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[21] Leonid A. Levin,et al. One-way functions and pseudorandom generators , 1985, STOC '85.

[22] Joe Kilian,et al. A note on efficient zero-knowledge proofs and arguments (extended abstract) , 1992, STOC '92.

[23] Leonid A. Levin,et al. Pseudo-random generation from one-way functions , 1989, STOC '89.

[24] John Rompel,et al. One-way functions are necessary and sufficient for secure signatures , 1990, STOC '90.

[25] David Chaum,et al. Cryptographically Strong Undeniable Signatures, Unconditionally Secure for the Signer , 1991, CRYPTO.

[26] Ivan Damgård,et al. On the Existence of Statistically Hiding Bit Commitment Schemes and Fail-Stop Signatures , 1993, CRYPTO.

[27] Leonid A. Levin,et al. A hard-core predicate for all one-way functions , 1989, STOC '89.

[28] Rafail Ostrovsky,et al. Interactive Hashing Simplifies Zero-Knowledge Protocol Design , 1994, EUROCRYPT.

[29] Manuel Blum,et al. How to Generate Cryptographically Strong Sequences of Pseudo Random Bits , 1982, FOCS.

[30] Leonid A. Levin,et al. Security preserving amplification of hardness , 1990, Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science.

[31] Moti Yung,et al. Direct Minimum-Knowledge Computations , 1987, CRYPTO.

[32] Nathan Linial,et al. Fault-tolerant computation in the full information model , 1991, [1991] Proceedings 32nd Annual Symposium of Foundations of Computer Science.

[33] Ivan Damgård,et al. Interactive Hashing can Simplify Zero-Knowledge Protocol Design Without Computational Assumptions (Extended Abstract) , 1993, CRYPTO.

[34] Rafail Ostrovsky,et al. The (true) complexity of statistical zero knowledge , 1990, STOC '90.

[35] Moni Naor,et al. Bit Commitment Using Pseudo-Randomness , 1989, CRYPTO.

[36] S. Micali,et al. Noninteractive Zero-Knowledge , 1990, SIAM J. Comput..

[37] Stefan A. Brands,et al. An Efficient Off-line Electronic Cash System Based On The Representation Problem. , 1993 .

[38] Rafail Ostrovsky,et al. Secure Commitment Against A Powerful Adversary , 1992, STACS.

[39] Rafail Ostrovsky,et al. One-way functions are essential for non-trivial zero-knowledge , 1993, [1993] The 2nd Israel Symposium on Theory and Computing Systems.

[40] Silvio Micali,et al. Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.