Zero-Knowledge for Multivariate Polynomials
نویسندگان
چکیده
In [12] a Zero-Knowledge scheme ZK(2) was designed from a solution of a set of multivariate quadratic equations over a finite field. In this paper we will give two methods to generalize this construction for polynomials of any degree d, i.e. we will design two Zero-Knowledge schemes ZK(d) and ̃ ZK(d) from a set of polynomial equations of degree d. We will show that ̃ ZK(d) is optimal in term of the number of computations to be performed and that ZK(d) is optimal in term of the number of bits to be send. Moreover this property is still true for all kinds of polynomials: for example if the polynomials are sparse or dense. Finally, we will present two examples of applications: with Brent equations, or with morphisms of polynomials.
منابع مشابه
The Isomorphism Problem for One-time-only Branching Programs and Arithmetic Circuits
We investigate the computational complexity of the isomorphism problem for one-time-only branching programs (1-BPI): on input of two one-time-only branching programs B 0 and B 1 , decide whether there exists a permutation of the variables of B 1 such that it becomes equivalent to B 0. Our main result is that 1-BPI cannot be NP-hard unless the polynomial hierarchy collapses. The result is extend...
متن کاملPublic-Key Identification Schemes Based on Multivariate Cubic Polynomials
Solving a system of multivariate polynomials over a finite field is a promising problem in cryptography. Recently, Sakumoto et al. proposed public-key identification schemes based on the quadratic version of the problem, which is called the MQ problem. However, it is still an open question whether or not it is able to build efficient constructions of public-key identification based on multivari...
متن کاملGeneric Zero-Knowledge and Multivariate Quadratic Systems
Zero-knowledge proofs are a core building block for a broad range of cryptographic protocols. This paper introduces a generic zeroknowledge proof system capable of proving the correct computation of any circuit. Our protocol draws on recent advancements in multiparty computation and its security relies only on the underlying commitment scheme. Furthermore, we optimize this protocol for use with...
متن کاملThe Isomorphism Problem for Read-Once Branching Programs and Arithmetic Circuits
We investigate the computational complexity of the isomorphism Abstract-1 problem for read-once branching programs (1-BPI): upon input of two read-once branching programs B0 and B1, decide whether there exists a permutation of the variables of B1 such that it becomes equivalent to B0. Our main result is that 1-BPI cannot be NP-hard unless the polyAbstract-2 nomial hierarchy collapses. The resul...
متن کاملPractical zero-knowledge protocols based on the discrete logarithm assumption
Zero-knowledge proofs were introduced by Goldwasser, Micali, and Rackoff. A zero-knowledge proof allows a prover to demonstrate knowledge of some information, for example that they know an element which is a member of a list or which is not a member of a list, without disclosing any further information about that element. Existing constructions of zero-knowledge proofs which can be applied to a...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2012 شماره
صفحات -
تاریخ انتشار 2012