Linear Zero-Knowledgde. A Note on Efficient Zero-Knowledge Proofs and Arguments

Forfattere

  • Ivan B. Damgård
  • Ronald Cramer

DOI:

https://doi.org/10.7146/brics.v3i7.19970

Resumé

We present a zero-knowledge proof system [19] for any NP language L, which
allows showing that x in L with error probability less than 2^−k using communication
corresponding to O(|x|^c) + k bit commitments, where c is a constant depending only
on L. The proof can be based on any bit commitment scheme with a particular set
of properties. We suggest an efficient implementation based on factoring.
We also present a 4-move perfect zero-knowledge interactive argument for any NP-language
L. On input x in L, the communication complexity is O(|x|^c) max(k; l)
bits, where l is the security parameter for the prover. Again, the protocol can be
based on any bit commitment scheme with a particular set of properties. We suggest
efficient implementations based on discrete logarithms or factoring.
We present an application of our techniques to multiparty computations, allowing
for example t committed oblivious transfers with error probability 2^−k to be done
simultaneously using O(t+k) commitments. Results for general computations follow
from this.
As a function of the security parameters, our protocols have the smallest known
asymptotic communication complexity among general proofs or arguments for NP.
Moreover, the constants involved are small enough for the protocols to be practical in
a realistic situation: both protocols are based on a Boolean formula Phi containing and-
, or- and not-operators which verifies an NP-witness of membership in L. Let n be
the number of times this formula reads an input variable. Then the communication
complexity of the protocols when using our concrete commitment schemes can be
more precisely stated as at most 4n + k + 1 commitments for the interactive proof
and at most 5nl +5l bits for the argument (assuming k <= l). Thus, if we use k = n,
the number of commitments required for the proof is linear in n.
Both protocols are also proofs of knowledge of an NP-witness of membership in
the language involved.

Downloads

Publiceret

1996-01-07

Citation/Eksport

Damgård, I. B., & Cramer, R. (1996). Linear Zero-Knowledgde. A Note on Efficient Zero-Knowledge Proofs and Arguments. BRICS Report Series, 3(7). https://doi.org/10.7146/brics.v3i7.19970

Nummer

Nr. 7 (1996): RS-7 Linear Zero-Knowledgde - A Note on Efficient Zero-Knowledge Proofs and Arguments

Sektion

Artikler

Licens

Authors who publish with this journal agree to the following terms:

    1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.

    1. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.

  1. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).