# On the Composition of Zero-Knowledge Proof Systems

@inproceedings{Goldreich1990OnTC, title={On the Composition of Zero-Knowledge Proof Systems}, author={Oded Goldreich and Hugo Krawczyk}, booktitle={ICALP}, year={1990} }

A basic question concerning zero-knowledge proof systems is whether their (sequential and/or parallel) composition is zero-knowledge too. This question is not only of natural theoretical interest, but is also of great practical importance as it concerns the use of zero-knowledge proofs as subroutines in cryptographic protocols.

#### Supplemental Presentations

#### Topics from this paper

#### 260 Citations

On the Concurrent Composition of Zero-Knowledge Proofs

- Computer Science
- EUROCRYPT
- 1999

It is shown that, modulo certain complexity assumptions, any statement in NP has kƐ-round proofs and arguments in which one can efficiently simulate any kO(1) concurrent executions of the protocol. Expand

The power of preprocessing in zero-knowledge proofs of knowledge

- Mathematics, Computer Science
- Journal of Cryptology
- 2004

We show that, after a constant-round preprocessing stage, it is possible for a prover to prove knowledge of a witness for any polynomial-time relation without any further interaction. The number of… Expand

Practical Proofs of Knowledge without Relying on Theoretical Proofs of Membership on Languages

- Computer Science, Mathematics
- Theor. Comput. Sci.
- 1997

A four-move protocol for quadratic residuosity is proposed and a new notion of practical soundness is introduced based on its application to a cryptographic identification scheme. Expand

How to construct constant-round zero-knowledge proof systems for NP

- Mathematics, Computer Science
- Journal of Cryptology
- 2004

It follows that constant-round zero-knowledge proof systems exist assuming the intractability of either the Discrete Logarithm Problem or the Factoring Problem for Blum integers. Expand

Constant-Round Concurrent Zero Knowledge From Falsifiable Assumptions

- Computer Science
- IACR Cryptol. ePrint Arch.
- 2012

A constant-round concurrent zero-knowledge protocol for NP that is sound against uniform polynomial-time attackers, and relies on the existence of families of collision-resistant hash functions, and a new falsifiable intractability assumption. Expand

Parallel repetition of zero-knowledge proofs and the possibility of basing cryptography on NP-hardness

- Mathematics, Computer Science
- 21st Annual IEEE Conference on Computational Complexity (CCC'06)
- 2006

It is shown that, unless the polynomial-hierarchy collapses, black-box reductions cannot be used to provide positive answers to both NP-complete problem and one-way function questions. Expand

Lower Bounds For Concurrent Zero Knowledge*

- Mathematics, Computer Science
- Comb.
- 2005

Any 4 round (computational) zero-knowledge interactive proof (or argument) for a non-trivial language L is not black-box simulatable in the asynchronous setting. Expand

On Separating Proofs of Knowledge from Proofs of Membership of Languages and Its Application to Secure Identification Schemes (Extended Abstract)

- Computer Science
- COCOON
- 1995

A four-move protocol for quadratic residuosity is proposed and the security is discussed. An application of the proposed protocol to a cryptographic identification scheme introduces a new notion of… Expand

A Note on the Round-Complexity of Concurrent Zero-Knowledge

- Computer Science, Mathematics
- CRYPTO
- 2000

It is shown that in the context of Concurrent Zero-Knowledge, at least eight rounds of interaction are essential for black-box simulation of non-trivial proof systems (i.e., systems for languages that are not in BPP). Expand

Round-Optimal Perfect Zero-Knowledge Proofs

- Mathematics, Computer Science
- Inf. Process. Lett.
- 1994

We give a round-optimal perfect zero-knowledge proofs of membership to the language of q-residuosity.

#### References

SHOWING 1-10 OF 46 REFERENCES

Proofs that yield nothing but their validity and a methodology of cryptographic protocol design

- Computer Science
- 27th Annual Symposium on Foundations of Computer Science (sfcs 1986)
- 1986

This paper demonstrates the generality and wide applicability of zero-knowledge proofs, a notion introduced by Goldwasser, Micali and Rackoff that efficiently demonstrate membership in the language without conveying any additional knowledge. Expand

Zero Knowledge Proofs of Knowledge in Two Rounds

- Mathematics, Computer Science
- CRYPTO
- 1989

These protocols rely on two novel ideas: One for constructing commitment schemes, the other for constructing subprotocols which are not known to be zero knowledge, yet can be proven not to reveal useful information. Expand

Random self-reducibility and zero knowledge interactive proofs of possession of information

- Computer Science
- 28th Annual Symposium on Foundations of Computer Science (sfcs 1987)
- 1987

It is shown that any "random self-reducible" problem has a zero knowledge interactive proof of this sort, and new zeroknowledge interactive proofs are exhibited for "knowledge" of the factorization of an integer, nonmembership in cyclic subgroups of Zp*, and determining whether an element generates Zp*. Expand

Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems

- Computer Science, Mathematics
- JACM
- 1991

In this paper the generality and wide applicability of Zero-knowledge proofs, a notion introduced by Goldwasser, Micali, and Rackoff is demonstrated. These are probabilistic and interactive proofs… Expand

Perfect zero-knowledge in constant rounds

- Mathematics, Computer Science
- STOC '90
- 1990

This paper shows that any random self-reducible language has a 5 round perfect zero knowledge interactive proof, and shows that a language outside BPP requires more than 3 rounds from any perfect ZK proof. Expand

Everything in NP can be Argued in Perfect Zero-Knowledge in a Bounded Number of Rounds (Extended Abstract)

- Mathematics, Computer Science
- EUROCRYPT
- 1989

The first perfect zero-knowledge protocol that offers arbitrarily high security for any statement in NP with a constant number of rounds is given (under a suitable cryptographic assumption). Expand

On the cunning power of cheating verifiers: Some observations about zero knowledge proofs

- Mathematics, Computer Science
- 28th Annual Symposium on Foundations of Computer Science (sfcs 1987)
- 1987

It is shown that randomness of both the verifier and the prover, and nontriviality of the interaction are essential properties of non-trivial auxiliary-input zero-knowledge proofs. Expand

Minimum Disclosure Proofs of Knowledge

- Computer Science, Mathematics
- J. Comput. Syst. Sci.
- 1988

This paper unifies and extends models and techniques previously put forward by the authors, and compares some independent related work. Expand

Non-transitive transfer of confidence: A perfect zero-knowledge interactive protocol for SAT and beyond

- Computer Science
- 27th Annual Symposium on Foundations of Computer Science (sfcs 1986)
- 1986

A perfect zero-knowledge interactive proof is a protocol by which Alice can convince Bob of the truth of some theorem in a way that yields no information as to how the proof might proceed (in the… Expand

The Knowledge Complexity of Interactive Proof Systems

- Computer Science
- SIAM J. Comput.
- 1989

A computational complexity theory of the “knowledge” contained in a proof is developed and examples of zero-knowledge proof systems are given for the languages of quadratic residuosity and 'quadratic nonresiduosity. Expand