Zero-Knowledge Proofs for Finite Field Arithmetic; or: Can Zero-Knowledge be for Free?

We present zero-knowledge proofs and arguments for arithmetic circuits over finite prime fields, namely given a circuit, show in zero-knowledge that inputs can be selected leading to a given output. For a field GF (q), where q is an n-bit prime, a circuit of size O(n), and error probability 2−n, our protocols require communication of O(n) bits. This is the same worst-cast complexity as the trivial (non zero-knowledge) interactive proof where the prover just reveals the input values. If the circuit involves n multiplications, the best previously known methods would in general require communication of Ω(n log n) bits. Variations of the technique behind these protocols lead to other interesting applications. We first look at the Boolean Circuit Satisfiability problem and give zeroknowledge proofs and arguments for a circuit of size n and error probability 2−n in which there is an interactive preprocessing phase requiring communication of O(n) bits. In this phase, the statement to be proved later need not be known. Later the prover can non-interactively prove any circuit he wants, i.e. by sending only one message, of size O(n) bits. As a second application, we show that Shamirs (Shens) interactive proof system for the (IP-complete) QBF problem can be transformed to a zero-knowledge proof system with the same asymptotic communication complexity and number of rounds. The security of our protocols can be based on any one-way group homomorphism with a particular set of properties. We give examples of special assumptions sufficient for this, including: the RSA assumption, hardness of discrete log in a prime order group, and polynomial security of Diffie-Hellman encryption. We note that the constants involved in our asymptotic complexities are small enough for our protocols to be practical with realistic choices of parameters. 1ETH Zurich, [email protected] 2Aarhus University, BRICS (Basic Research in Computer Science, center of the Danish National Research Foundation), [email protected]