On the Composition of Zero-Knowledge Proof Systems

@inproceedings{Goldreich1990OnTC,
  title={On the Composition of Zero-Knowledge Proof Systems},
  author={Oded Goldreich and Hugo Krawczyk},
  booktitle={ICALP},
  year={1990}
}
A basic question concerning zero-knowledge proof systems is whether their (sequential and/or parallel) composition is zero-knowledge too. This question is not only of natural theoretical interest, but is also of great practical importance as it concerns the use of zero-knowledge proofs as subroutines in cryptographic protocols. 
On the Concurrent Composition of Zero-Knowledge Proofs
TLDR
It is shown that, modulo certain complexity assumptions, any statement in NP has kƐ-round proofs and arguments in which one can efficiently simulate any kO(1) concurrent executions of the protocol. Expand
The power of preprocessing in zero-knowledge proofs of knowledge
We show that, after a constant-round preprocessing stage, it is possible for a prover to prove knowledge of a witness for any polynomial-time relation without any further interaction. The number ofExpand
Practical Proofs of Knowledge without Relying on Theoretical Proofs of Membership on Languages
  • K. Sakurai
  • Computer Science, Mathematics
  • Theor. Comput. Sci.
  • 1997
TLDR
A four-move protocol for quadratic residuosity is proposed and a new notion of practical soundness is introduced based on its application to a cryptographic identification scheme. Expand
How to construct constant-round zero-knowledge proof systems for NP
TLDR
It follows that constant-round zero-knowledge proof systems exist assuming the intractability of either the Discrete Logarithm Problem or the Factoring Problem for Blum integers. Expand
Constant-Round Concurrent Zero Knowledge From Falsifiable Assumptions
TLDR
A constant-round concurrent zero-knowledge protocol for NP that is sound against uniform polynomial-time attackers, and relies on the existence of families of collision-resistant hash functions, and a new falsifiable intractability assumption. Expand
Parallel repetition of zero-knowledge proofs and the possibility of basing cryptography on NP-hardness
  • R. Pass
  • Mathematics, Computer Science
  • 21st Annual IEEE Conference on Computational Complexity (CCC'06)
  • 2006
TLDR
It is shown that, unless the polynomial-hierarchy collapses, black-box reductions cannot be used to provide positive answers to both NP-complete problem and one-way function questions. Expand
Lower Bounds For Concurrent Zero Knowledge*
TLDR
Any 4 round (computational) zero-knowledge interactive proof (or argument) for a non-trivial language L is not black-box simulatable in the asynchronous setting. Expand
On Separating Proofs of Knowledge from Proofs of Membership of Languages and Its Application to Secure Identification Schemes (Extended Abstract)
A four-move protocol for quadratic residuosity is proposed and the security is discussed. An application of the proposed protocol to a cryptographic identification scheme introduces a new notion ofExpand
A Note on the Round-Complexity of Concurrent Zero-Knowledge
TLDR
It is shown that in the context of Concurrent Zero-Knowledge, at least eight rounds of interaction are essential for black-box simulation of non-trivial proof systems (i.e., systems for languages that are not in BPP). Expand
Round-Optimal Perfect Zero-Knowledge Proofs
We give a round-optimal perfect zero-knowledge proofs of membership to the language of q-residuosity.
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 46 REFERENCES
Proofs that yield nothing but their validity and a methodology of cryptographic protocol design
TLDR
This paper demonstrates the generality and wide applicability of zero-knowledge proofs, a notion introduced by Goldwasser, Micali and Rackoff that efficiently demonstrate membership in the language without conveying any additional knowledge. Expand
Zero Knowledge Proofs of Knowledge in Two Rounds
TLDR
These protocols rely on two novel ideas: One for constructing commitment schemes, the other for constructing subprotocols which are not known to be zero knowledge, yet can be proven not to reveal useful information. Expand
Random self-reducibility and zero knowledge interactive proofs of possession of information
  • M. Tompa, H. Woll
  • Computer Science
  • 28th Annual Symposium on Foundations of Computer Science (sfcs 1987)
  • 1987
TLDR
It is shown that any "random self-reducible" problem has a zero knowledge interactive proof of this sort, and new zeroknowledge interactive proofs are exhibited for "knowledge" of the factorization of an integer, nonmembership in cyclic subgroups of Zp*, and determining whether an element generates Zp*. Expand
Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems
In this paper the generality and wide applicability of Zero-knowledge proofs, a notion introduced by Goldwasser, Micali, and Rackoff is demonstrated. These are probabilistic and interactive proofsExpand
Perfect zero-knowledge in constant rounds
TLDR
This paper shows that any random self-reducible language has a 5 round perfect zero knowledge interactive proof, and shows that a language outside BPP requires more than 3 rounds from any perfect ZK proof. Expand
Everything in NP can be Argued in Perfect Zero-Knowledge in a Bounded Number of Rounds (Extended Abstract)
TLDR
The first perfect zero-knowledge protocol that offers arbitrarily high security for any statement in NP with a constant number of rounds is given (under a suitable cryptographic assumption). Expand
On the cunning power of cheating verifiers: Some observations about zero knowledge proofs
  • Yair Oren
  • Mathematics, Computer Science
  • 28th Annual Symposium on Foundations of Computer Science (sfcs 1987)
  • 1987
TLDR
It is shown that randomness of both the verifier and the prover, and nontriviality of the interaction are essential properties of non-trivial auxiliary-input zero-knowledge proofs. Expand
Minimum Disclosure Proofs of Knowledge
TLDR
This paper unifies and extends models and techniques previously put forward by the authors, and compares some independent related work. Expand
Non-transitive transfer of confidence: A perfect zero-knowledge interactive protocol for SAT and beyond
  • G. Brassard, C. Crépeau
  • Computer Science
  • 27th Annual Symposium on Foundations of Computer Science (sfcs 1986)
  • 1986
A perfect zero-knowledge interactive proof is a protocol by which Alice can convince Bob of the truth of some theorem in a way that yields no information as to how the proof might proceed (in theExpand
The Knowledge Complexity of Interactive Proof Systems
TLDR
A computational complexity theory of the “knowledge” contained in a proof is developed and examples of zero-knowledge proof systems are given for the languages of quadratic residuosity and 'quadratic nonresiduosity. Expand
...
1
2
3
4
5
...