Non-Interactive Zero-Knowledge Proof Systems
نویسندگان
چکیده
The intriguing notion of a Zerc-Knowledge Proof System has been introduced by Goldwasser, Micali and Rackoff [GMR] and its wide applicability has been demonstrated by Goldreich, Micali and Wigderson (GMWl]-[GMWZ]. Based on complexity theoretic assumptions, Zero-Knowledge Proof Systems exist, provided that (i) The prover and the verifier are allowed to talk back and forth. (ii) The verifier is allowed to flip coins whose result the prover cannot see. Blum, Feldman and Micali [BFM] have recently shown that, based on specific complexity theoretic assumption (the computational difficulty of distinguishing products of two primes from those product of three primes), both the requirements (i) and (ii) above are not necessary to the existence of ZereKnowledge Proof Systems. Instead of (i), it is enough for the prover only to talk and for the verifier only to listen. Instead of (ii), it is enough that both the prover and verifier share a randomly selected string. We strengthen their result by showing that Non-Interactive Zero-Knowledge Proof Systems exist based on the weaker and well-known assumption that quadratic residuosity is hard. t Dipartimento di Inforrnatica ed Applicazioni, UniversitL di Salerno, 84100 Salerno, * MIT, Laboratory for Computer Science, Cambridge, Mass. 02139. Supported by NSF Italy.
منابع مشابه
Super-Perfect Zero-Knowledge Proofs
We initiate a study of super-perfect zero-knowledge proof systems. Loosely speaking, these are proof systems for which the interaction can be perfectly simulated in strict probabilistic polynomial-time. In contrast, the standard definition of perfect zero-knowledge only requires that the interaction can be perfectly simulated by a strict probabilistic polynomial-time that is allowed to fail wit...
متن کاملIncreasing the Power of the Dealer in Non-interactive Zero-Knowledge Proof Systems
We introduce weaker models for non-interactive zero knowledge, in which the dealer is not restricted to deal a truly random string and may also have access to the input to the protocol (i.e. the statement to prove). We show in these models a non-interactive statistical zero-knowledge proof for every language that has (interactive) statistical zero-knowledge proof, and a computational zero-knowl...
متن کاملNon-Interactive Quantum Statistical and Perfect Zero-Knowledge
This paper introduces quantum analogues of non-interactive perfect and statistical zeroknowledge proof systems. Similar to the classical cases, it is shown that sharing randomness or entanglement is necessary for non-trivial protocols of non-interactive quantum perfect and statistical zero-knowledge. It is also shown that, with sharing EPR pairs a priori, the class of languages having one-sided...
متن کامل"Metaproofs" (and their Cryptographic Applications)
We develop a non-interactive proof-system which we call “Metaproof” (μ-NIZK proof system); it provides a proof of “the existence of a proof to a statement”. This metamathematical notion indeed seems redundant when we deal with proving NP statements, but in the context of zero-knowledge theory and cryptography it has a large variety of applications. Combined with another tool we develop which we...
متن کاملInteractive Proof Systems
We intoduce the notion of interactive proof systems and the complexity classes IP, AM, MA, emphazing the role of randomness and interaction in these models. The concept is demonstrated by giving an interactive proof system for the graph non-isomorphism problem. We discuss issues regarding the relations between the complexity classes with respect to the number of rounds allowed. Furthermore we g...
متن کاملPerfect Non-interactive Zero Knowledge for NP
Non-interactive zero-knowledge (NIZK) systems are fundamental cryptographic primitives used in many constructions, including CCA2-secure cryptosystems, digital signatures, and various cryptographic protocols. What makes them especially attractive, is that they work equally well in a concurrent setting, which is notoriously hard for interactive zero-knowledge protocols. However, while for intera...
متن کامل