The power of preprocessing in zero-knowledge proofs of knowledge

We show that, after a constant-round preprocessing stage, it is possible for a prover to prove knowledge of a witness for any polynomial-time relation without any further interaction. The number of proofs that can be given is not bounded by any fixed polynomial in the size of the preprocessing. Our construction is based on the sole assumption that one-way functions and noninteractive zero-knowledge proof systems of membership exist.

[1]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[2]  Rafail Ostrovsky,et al.  Minimum resource zero knowledge proofs , 1989, 30th Annual Symposium on Foundations of Computer Science.

[3]  Judit Bar-Ilan,et al.  Non-cryptographic fault-tolerant computing in constant number of rounds of interaction , 1989, PODC '89.

[4]  Leonid A. Levin,et al.  Pseudo-random generation from one-way functions , 1989, STOC '89.

[5]  Amos Fiat,et al.  Zero-knowledge proofs of identity , 1988, Journal of Cryptology.

[6]  Giovanni Di Crescenzo,et al.  Zero-Knowledge Arguments and Public-Key Cryptography , 1995, Inf. Comput..

[7]  S. Micali,et al.  Noninteractive Zero-Knowledge , 1990, SIAM J. Comput..

[8]  Hugo Krawczyk,et al.  On the Composition of Zero-Knowledge Proof Systems , 1990, ICALP.

[9]  Rafail Ostrovsky,et al.  Perfect zero-knowledge in constant rounds , 1990, STOC '90.

[10]  Alfredo De Santis,et al.  Zero-knowledge proofs of knowledge without interaction , 1992, Proceedings., 33rd Annual Symposium on Foundations of Computer Science.

[11]  Silvio Micali,et al.  Non-Interactive Zero-Knowledge with Preprocessing , 1988, CRYPTO.

[12]  Moni Naor,et al.  Bit commitment using pseudorandomness , 1989, Journal of Cryptology.

[13]  Silvio Micali,et al.  Non-Interactive Zero-Knowledge Proof Systems , 1987, CRYPTO.

[14]  Alfredo De Santis,et al.  Communication Efficient Zero-Knowledge Proofs of Knowledge (With Applications to Electronic Cash) , 1992, STACS.

[15]  Silvio Micali,et al.  The round complexity of secure protocols , 1990, STOC '90.

[16]  Johan Håstad,et al.  Pseudo-random generators under uniform assumptions , 1990, STOC '90.

[17]  Adi Shamir,et al.  Zero Knowledge Proofs of Knowledge in Two Rounds , 1989, CRYPTO.

[18]  Moti Yung,et al.  Constant-Round Perfect Zero-Knowledge Computationally Convincing Protocols , 1991, Theor. Comput. Sci..

[19]  Moti Yung,et al.  Crptograpic Applications of the Non-Interactive Metaproof and Many-Prover Systems , 1990, CRYPTO.

[20]  Silvio Micali,et al.  Optimal algorithms for Byzantine agreement , 1988, STOC '88.

[21]  Silvio Micali,et al.  Proofs that yield nothing but their validity and a methodology of cryptographic protocol design , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[22]  Gilles Brassard,et al.  Computationally Convincing Proofs of Knowledge , 1991, STACS.

[23]  Moti Yung,et al.  Certifying Cryptographic Tools: The Case of Trapdoor Permutations , 1992, CRYPTO.

[24]  Mihir Bellare,et al.  On Defining Proofs of Knowledge , 1992, CRYPTO.

[25]  Martin Tompa,et al.  Random self-reducibility and zero knowledge interactive proofs of possession of information , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[26]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[27]  Manuel Blum,et al.  Noninteractive Zero-Knowledge , 1991, SIAM J. Comput..

[28]  Manuel Blum,et al.  Non-interactive zero-knowledge and its applications , 1988, STOC '88.

[29]  Adi Shamir,et al.  Multiple non-interactive zero knowledge proofs based on a single random string , 1990, Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science.

[30]  A. DeSantis,et al.  Zero-knowledge arguments and public-key cryptography , 1995 .