# Honest Verifier vs Dishonest Verifier in Public Coin Zero-Knowledge Proofs

@inproceedings{Damgrd1995HonestVV, title={Honest Verifier vs Dishonest Verifier in Public Coin Zero-Knowledge Proofs}, author={Ivan Damg{\aa}rd and Oded Goldreich and Tatsuaki Okamoto and Avi Wigderson}, booktitle={CRYPTO}, year={1995} }

This paper presents two transformations of public-coin/Arthur-Merlin proof systems which are zero-knowledge with respect to the honest verifier into (public-coin/Arthur-Merlin) proof systems which are zero-knowledge with respect to any verifier.The first transformation applies only to constant-round proof systems. It builds on Damgard's transformation (see Crypto93), using ordinary hashing functions instead of the interactive hashing protocol (of Naor, Ostrovsky, Venkatesan and Yung - see…

## 50 Citations

Honest-verifier statistical zero-knowledge equals general statistical zero-knowledge

- Mathematics, Computer ScienceSTOC '98
- 1998

We show how to transform any interactive proof system which is statistical zero-knowledge with respect to the honest-verifier, into a proof system which is statistical zero-knowledgewith respect to…

On transformation of interactive proofs that preserve the prover's complexity

- Computer Science, MathematicsSTOC '00
- 2000

It is argued that the increase in prover complexity incurred by the transformation of Furer et al.

Generic yet Practical ZK Arguments from any Public-Coin HVZK

- Mathematics, Computer ScienceElectron. Colloquium Comput. Complex.
- 2005

This work develops generic yet practical 3-round perfectly-hiding equivocal (string) commitment scheme under any OWF admitting -proto cols, which is possibly of independent value and shows that three rounds is the lower-bound of round-complexity for equvocal commitment schemes.

Keeping the SZK-Verifier Honest Unconditionally

- Mathematics, Computer ScienceCRYPTO
- 1997

This paper shows that using direct properties of a zero-knowledge protocol itself, one may impose a honest behavior on the verifier (without additional cryptographic tools) when using a non-uniform simulation model of SZK.

Practical zero-knowledge protocols based on the discrete logarithm assumption

- Computer Science, Mathematics
- 2014

This work constructs zero-knowledge arguments with sublinear communication complexity, and achievable computational demands, and constructs new protocols which compare very favorably to the current state of the art.

Generic yet Practical ( Statistical ) Zero-Knowledge from any Public-Coin HVZK ∗ †

- Computer Science, Mathematics
- 2007

A generic yet practical three-round perfectly-hiding equivocal (string) commitment scheme under any OWF admitting Σ-protocols, which is of independent value and the roundcomplexity (i.e., three rounds) is optimal for black-box Equivocal commitment schemes.

A Study of Statistical Zero-Knowledge Proofs

- Computer Science, Mathematics
- 2021

This thesis is a detailed investigation of statistical zero-knowledge proofs, which are zero- knowledge proofs in which the condition that the verifier “learns nothing” is interpreted in a strong statistical sense.

Efficient Zero-Knowledge Proof Systems

- Computer Science, MathematicsFOSAD
- 2016

An overview of some central techniques behind the construction of efficient zero-knowledge proof systems is given, where the prover convinces the verifier that the statement is true but does not leak any other information.

Zero-Knowledge Proof for Knowledge of RLWE (Ring-Learning with Errors) Secret Keys

- Computer Science, Mathematics
- 2018

A cryptanalysis of RLWE key exchange is provided, presenting two polynomial time strategies to exploit key reuse and a defense against such exploits is proposed by presenting a Zero Knowledge authentication protocol to verify the prover’s knowledge of a secret corresponding to his public key.

Witness-Indistinguishability Against Quantum Adversaries 6 . 845 Quantum Complexity Theory – Project Report

- Computer Science, Mathematics
- 2011

This report characterize witness-indistinguishability against quantum adversaries and surveys the main results of research aimed at characterizing what happens to zero-knowledge when quantum adversaries are possible.

## References

SHOWING 1-10 OF 37 REFERENCES

Interactive Hashing can Simplify Zero-Knowledge Protocol Design Without Computational Assumptions (Extended Abstract)

- Computer Science, MathematicsCRYPTO
- 1993

We show that any 3-round protocol (in general, any bounded round protocol) in which the verifier sends only random bits, and which is zero-knowledge against an honest verifier can be transformed into…

Private coins versus public coins in interactive proof systems

- Computer ScienceSTOC '86
- 1986

The probabilistic, nondeterministic, polynomial time Turing machine is defined and shown to be equivalent in power to the interactive proof system and to BPP much as BPP is the Probabilistic analog to P.

Interactive Hashing Simplifies Zero-Knowledge Protocol Design

- Computer Science, MathematicsEUROCRYPT
- 1993

This paper shows how a compiler which transforms protocols proven secure only with respect to the honest verifier into protocols which are secure against any (even cheating) verifier can be constructed based on any one-way permutation using the recent method of interactive hashing.

Everything in NP can be Argued in Perfect Zero-Knowledge in a Bounded Number of Rounds

- Computer Science, MathematicsICALP
- 1989

This paper gives the first perfect zero-knowledge protocol that offers arbitrarily high security for any statement in NP with a constant number of rounds (under the assumption that it is infeasible to compute discrete logarithms modulo p even for someone who knows the factors of p−1, or more generally under the assumptions that one-way group homomorphisms exist).

Hashing Functions can Simplify Zero-Knowledge Protocol Design (too)

- Computer Science, Mathematics
- 1994

In Crypto93 , Damgard showed that any constant-round protocol in which the verifier sends only independent, random bits and which is zero-knowledge against the honest verifier can be transformed into…

Perfect Zero-Knowledge Arguments for NP Can Be Based on General Complexity Assumptions (Extended Abstract)

- Computer Science, MathematicsCRYPTO
- 1992

A general construction of zero-knowledge arguments, which can be based on any one-way permutation, is shown, which is efficient both players can execute only polynomial-time programs during the protocol and the security achieved is on-line.

On the Composition of Zero-Knowledge Proof Systems

- Mathematics, Computer ScienceICALP
- 1990

It is proved that three-round interactive proofs and constant-round Arthur--Merlin proofs that are black-box simulation zero-knowledge exist only for languages in BPP, and it follows that the "parallel versions" of the first interactive proofs systems presented for quadratic residuosity, graph isomorphism, and any language in NP, are not black- box simulationzero-knowledge, unless the corresponding languages are in B PP.

The (true) complexity of statistical zero knowledge

- Computer Science, MathematicsSTOC '90
- 1990

It is shown that given a complexity assumption a much weaker condition suffices to attain statistical zeroknowledge and is able to simplify statistical zero-knowledge and to better characterize, on many counts, the class of languages that possess statisticalzero-knowledge proofs.

Zero Knowledge Proofs of Knowledge in Two Rounds

- Computer Science, MathematicsCRYPTO
- 1989

These protocols rely on two novel ideas: One for constructing commitment schemes, the other for constructing subprotocols which are not known to be zero knowledge, yet can be proven not to reveal useful information.

Proofs that yield nothing but their validity and a methodology of cryptographic protocol design

- Computer Science, Mathematics27th Annual Symposium on Foundations of Computer Science (sfcs 1986)
- 1986

This paper demonstrates the generality and wide applicability of zero-knowledge proofs, a notion introduced by Goldwasser, Micali and Rackoff that efficiently demonstrate membership in the language without conveying any additional knowledge.