论文信息 - Broadcast Interactive Proofs (Extended Abstract)

Broadcast Interactive Proofs (Extended Abstract)

In this paper we extend the notion of (single-verifier) interactive zero-knowledge proofs to (multi-verifier) broadcast proofs. In our scheme the prover broadcasts messages to many verifiers simultaneously. We consider two cases: one for which the number of rounds of messages exchanged is unbounded (as a function of the length of the common input x), and one for which it is constant. Compared to repeated single-verifier proofs (one proof for each verifier), the saving in broadcast bits is of the order of the number of verifiers in the first case, provided there are enough verifiers. More precisely, if the number of verifiers exceeds log |x| then there is "practically" no extra cost in broadcast bits by further increasing the number of verifiers. In the second case the saving in the number of rounds is "practically" |x|/log|x|. An added feature of broadcast proofs of the second type is that they are sabotage-free. Our scheme makes use of a network which directs the messages of the verifiers to the prover. The universality of the scheme derives from the way in which the network handles collisions.

Yvo Desmedt | Mike Burmester

[1] Rafail Ostrovsky,et al. Perfect zero-knowledge in constant rounds , 1990, STOC '90.

[2] Amos Fiat,et al. How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[3] Kaoru Kurosawa,et al. Multi-Language Zero Knowledge Interactive Proof Systems , 1990, CRYPTO.

[4] Silvio Micali,et al. The Knowledge Complexity of Interactive Proof Systems , 1989, SIAM J. Comput..

[5] Avi Wigderson,et al. Multi-prover interactive proofs: how to remove intractability assumptions , 2019, STOC '88.

[6] S. Micali,et al. Noninteractive Zero-Knowledge , 1990, SIAM J. Comput..

[7] Silvio Micali,et al. Non-Interactive Zero-Knowledge with Preprocessing , 1988, CRYPTO.

[8] Shafi Goldwasser,et al. Advances in Cryptology — CRYPTO’ 88: Proceedings , 1990, Lecture Notes in Computer Science.

[9] Manuel Blum,et al. Noninteractive Zero-Knowledge , 1991, SIAM J. Comput..

[10] Leonard M. Adleman,et al. Open Problems in Number Theoretic Complexity , 1987 .

[11] Moti Yung,et al. Abritrated Unconditionally Secure Authentication Can Be Unconditionally Protected Against Arbiter's Attacks (Extended Abstract) , 1990, CRYPTO.

[12] Jean-Jacques Quisquater,et al. A Practical Zero-Knowledge Protocol Fitted to Security Microprocessor Minimizing Both Transmission and Memory , 1988, EUROCRYPT.