Zero-Knowledge Argument for Polynomial Evaluation with Application to Blacklists
نویسندگان
چکیده
Verification of a polynomial’s evaluation in a secret committed value plays a role in cryptographic applications such as non-membership or membership proofs. We construct a novel special honest verifier zero-knowledge argument for correct polynomial evaluation. The argument has logarithmic communication cost in the degree of the polynomial, which is a significant improvement over the state of the art with cubic root complexity at best. The argument is relatively efficient to generate and very fast to verify compared to previous work. The argument has a simple public-coin 3-move structure and only relies on the discrete logarithm assumption. The polynomial evaluation argument can be used as a building block to construct zero-knowledge membership and non-membership arguments with communication that is logarithmic in the size of the blacklist. Non-membership proofs can be used to design anonymous blacklisting schemes allowing online services to block misbehaving users without learning the identity of the user. They also allow the blocking of single users of anonymization networks without blocking the whole network.
منابع مشابه
Efficient Batch Zero-Knowledge Arguments for Low Degree Polynomials
Bootle et al. (EUROCRYPT 2016) construct an extremely efficient zero-knowledge argument for arithmetic circuit satisfiability in the discrete logarithm setting. However, the argument does not treat relations involving commitments, and furthermore, for simple polynomial relations, the complex machinery employed is unnecessary. In this work, we give a framework for expressing simple relations bet...
متن کاملEfficient Zero-Knowledge Arguments for Arithmetic Circuits in the Discrete Log Setting
We provide a zero-knowledge argument for arithmetic circuit satisfiability with a communication complexity that grows logarithmically in the size of the circuit. The round complexity is also logarithmic and for an arithmetic circuit with fan-in 2 gates the computation of the prover and verifier is linear in the size of the circuit. The soundness of our argument relies solely on the well-establi...
متن کاملResettably-Sound Resettable Zero Knowledge in Constant Rounds
In FOCS 2001 Barak et al. conjectured the existence of zero-knowledge arguments that remain secure against resetting provers and resetting verifiers. The conjecture was proven true by Deng et al. in FOCS 2009 under various complexity assumptions and requiring a polynomial number of rounds. Later on in FOCS 2013 Chung et al. improved the assumptions requiring one-way functions only but still wit...
متن کاملA Zero-Knowledge Version of vSQL
Zero-knowledge arguments of knowledge are powerful cryptographic primitives that allow a computationally strong prover to convince a weaker verifier for the validity of an NP statement, without revealing anything about the corresponding witness (beyond its existence). Most state-of-the art implementations of such arguments that achieve succinct communication and verification cost follow the qua...
متن کاملAugmented Black-Box Simulation and Zero Knowledge Argument for NP
The standard zero knowledge notion is formalized by requiring that for any probabilistic polynomial-time (PPT) verifier V ∗, there is a PPT algorithm (simulator) SV ∗ , such that the outputs of SV ∗ is indistinguishable from real protocol views. The simulator is not permitted to access the verifier V ∗’s private state. So the power of SV ∗ is, in fact, inferior to that of V ∗. In this paper, a ...
متن کامل