Non-interactive zero-knowledge and its applications

@inproceedings{Blum1988NoninteractiveZA,
  title={Non-interactive zero-knowledge and its applications},
  author={Manuel Blum and Paul Feldman and Silvio Micali},
  booktitle={STOC '88},
  year={1988}
}
We show that interaction in <italic>any</italic> zero-knowledge proof can be replaced by sharing a common, short, random string. We use this result to construct the <italic>first</italic> public-key cryptosystem secure against chosen ciphertext attack. 
Non-interactive Zero Knowledge Proofs in the Random Oracle Model
TLDR
The Fiat-Shamir transform is a well known and widely used technique to convert any constant-round public-coin honest-verifier zero- knowledge proof or argument system in a non-interactive zero-knowledge (NIZK) argument system.
Sub-linear Size Pairing-based Non-interactive Zero-Knowledge Arguments
  • Jens Groth
  • Mathematics, Computer Science
    IACR Cryptol. ePrint Arch.
  • 2009
We construct non-interactive zero-knowledge arguments for circuit satisfiability and arithmetic circuits with perfect completeness, perfect zero-knowledge and computational (co-)soundness. The
Publicly Verifiable Non-Interactive Zero-Knowledge Proofs
In this paper we construct the first publicly verifiable non-interactive zero-knowledge proof for any NP statement under the general assumption that one way permutations exist. If the prover is
Non-Interactive Zero-Knowledge Proofs in the Quantum Random Oracle Model
We present a construction for non-interactive zero-knowledge proofs of knowledge in the random oracle model from general sigma-protocols. Our construction is secure against quantum adversaries. Prior
Subversion-Zero-Knowledge SNARKs
TLDR
SNarks are proof systems with succinct proofs, which are at the core of the cryptocurrency Zcash, whose anonymity relies on ZK-SNARKs; they are also used for ZK contingent payments in Bitcoin.
Non-Interactive Zero-Knowledge with Preprocessing
TLDR
It is proved that the existence of any secure probabilistic encryption scheme is enough for Non-Interactive Zero-Knowledge in a modified model and the ability to prove a randomly chosen theorem allows to subsequently prove noninteractively and in Zero- knowledge any smaller size theorem whose proof is discovered.
Communication Efficient Zero-Knowledge Proofs of Knowledge (With Applications to Electronic Cash)
We show that, after a constant-round preprocessing stage, it is possible to give any polynomial number of Non-Interactive Zero-Knowledge Proofs of Knowledge for any NP language. Our proof-system is
Shorter QA-NIZK and SPS with Tighter Security
TLDR
Quasi-adaptive non-interactive zero-knowledge proof systems and structure-preserving signature schemes are two powerful tools for constructing practical pairing-based cryptographic schemes that directly affects the efficiency of the derived advanced protocols.
Proving Security Against Chosen Cyphertext Attacks
TLDR
This paper shows that interaction in any zero-knowledge proof can be replaced by sharing a common, short, random string, which finds immediate application in the construction of the first public-key cryptosystem secure against chosen ciphertext attack.
Short Pairing-Based Non-interactive Zero-Knowledge Arguments
  • Jens Groth
  • Mathematics, Computer Science
    ASIACRYPT
  • 2010
TLDR
This work constructs non-interactive zero-knowledge arguments for circuit satisfiability with perfect completeness, perfect zero- knowledge and computational soundness and security is based on two new cryptographic assumptions.
...
...

References

SHOWING 1-10 OF 29 REFERENCES
Proofs that yield nothing but their validity and a methodology of cryptographic protocol design
TLDR
This paper demonstrates the generality and wide applicability of zero-knowledge proofs, a notion introduced by Goldwasser, Micali and Rackoff that efficiently demonstrate membership in the language without conveying any additional knowledge.
The complexity of perfect zero-knowledge
  • L. Fortnow
  • Computer Science, Mathematics
    Adv. Comput. Res.
  • 1989
TLDR
It is shown that knowledge complexity can be used to show that a language is easy to prove and that there are not any perfect zero-knowledge protocols for NP-complete languages unless the polynomial time hierarchy collapses.
Theory and application of trapdoor functions
  • A. Yao
  • Computer Science, Mathematics
    23rd Annual Symposium on Foundations of Computer Science (sfcs 1982)
  • 1982
TLDR
A new information theory is introduced and the concept of trapdoor functions is studied and applications of such functions in cryptography, pseudorandom number generation, and abstract complexity theory are examined.
Why and how to establish a private code on a public network
TLDR
It is shown how users, which are more powerful adversarys than the traditionally considered passive eavesdroppers, can decrypt other users messages, in implementations of Public Key Cryptosystem using the RSA function, the Rabin function and the Goldwasser&Micali scheme.
Zero-knowledge proofs of identity
TLDR
This paper defines the definition of unrestricted input zero- knowledge proofs of knowledge in which the prover demonstrates possession of knowledge without revealing any computational information whatsoever (not even the one bit revealed in zero-knowledge proofs of assertions).
A Simple Unpredictable Pseudo-Random Number Generator
TLDR
Two closely-related pseudo-random sequence generators are presented: the ${1 / P} generator, with input P a prime, and the $x^2 \bmod N$generator, which outputs the quotient digits obtained on dividing 1 by P.
How to generate cryptographically strong sequences of pseudo random bits
  • M. Blum, S. Micali
  • Computer Science, Mathematics
    23rd Annual Symposium on Foundations of Computer Science (sfcs 1982)
  • 1982
TLDR
A more operative definition of Randomness should be pursued in the light of modern Complexity Theory.
Private coins versus public coins in interactive proof systems
TLDR
The probabilistic, nondeterministic, polynomial time Turing machine is defined and shown to be equivalent in power to the interactive proof system and to BPP much as BPP is the Probabilistic analog to P.
How to play ANY mental game
We present a polynomial-time algorithm that, given as a input the description of a game with incomplete information and any number of players, produces a protocol for playing the game that leaks no
...
...