On the Existence of Bit Commitment Schemes and Zero-Knowledge Proofs

It has been proved earlier that the existence of bit commitment schemes (blobs) implies the existence of zero-knowledge proofs of information possession, which are MA-protocols (i.e. the verifier sends only independent random bits) [BrChCr], [GoMiWi].In this paper we prove the converse result in a slightly modified form: We define a concept called weakly zero-knowledge, which is like ordinary zero-knowledge, except that we only require that an honest verifier learns nothing from the protocol. We then show that if, using an MA-protocol, P can prove to V in weakly zero-knowledge, that he possesses a solution to some hard problem, then this implies the existence of a bit commitment scheme. If the original protocol is (almost) perfect zero-knowledge, then the resulting commitments are secure against an infinitely powerful receiver.Finally, we also show a similar result for a restricted class of non-MA protocols.

[1]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[2]  Oded Goldreich,et al.  RSA and Rabin Functions: Certain Parts are as Hard as the Whole , 1988, SIAM J. Comput..

[3]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[4]  Evangelos Kranakis Primality and cryptography , 1986, Wiley-Teubner series in computer science.

[5]  David Chaum,et al.  An Improved Protocol for Demonstrating Possession of Discrete Logarithms and Some Generalizations , 1987, EUROCRYPT.

[6]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[7]  Martin Tompa,et al.  Random self-reducibility and zero knowledge interactive proofs of possession of information , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[8]  Leonid A. Levin,et al.  A hard-core predicate for all one-way functions , 1989, STOC '89.

[9]  Adi Shamir,et al.  Zero Knowledge Proofs of Knowledge in Two Rounds , 1989, CRYPTO.

[10]  David Chaum,et al.  Multiparty Computations Ensuring Privacy of Each Party's Input and Correctness of the Result , 1987, CRYPTO.

[11]  Gilles Brassard,et al.  Modern Cryptology , 1988, Lecture Notes in Computer Science.

[12]  Stuart A. Kurtz,et al.  A discrete logarithm implementation of zero-knowledge blobs , 1987 .

[13]  Amos Fiat,et al.  Zero Knowledge Proofs of Identity , 1987, STOC.

[14]  Silvio Micali,et al.  Proofs that yield nothing but their validity and a methodology of cryptographic protocol design , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[15]  Martín Abadi,et al.  On Generating Solved Instances of Computational Problems , 1988, CRYPTO.