Abstract
Establishing relationships between primitives is an important area in the foundations of Cryptography. In this paper we consider the primitive of non-interactive zero-knowledge proofs of knowledge, namely, methods for writing a proof that on input x the prover knows y such that relation R(x, y) holds. These proofs have important applications for the construction of cryptographic protocols, as cryptosystems and signatures that are secure under strong types of attacks. They were first defined in [10], where a sufficient condition for the existence of such proofs for all NP relations was given. In this paper we show, perhaps unexpectedly, that such condition, based on a variant of public-key cryptosystems, is also necessary. Moreover, we present an alternative and natural condition, based on a variant of commitment schemes, which we show to be necessary and sufficient as well for the construction of such proofs. Such equivalence also allows us to improve known results on the construction of such proofs under the hardness of specific computational problems. Specifically, we show that assuming the hardness of factoring Blum integers is sufficient for such constructions.
Part of this work done while visiting Universitá di Salerno.
Copyright Ŗ 2000. Telcordia Technologies, Inc. All Rights Reserved.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
E. Bach, How to Generated Random Factored numbers, SIAM Journal on Computing, vol. 17, n. 2, 1988.
E. Bach and J. Shallit, Algorithmic Number Theory, MIT Press, 1996.
D. Beaver, Adaptive Zero-Knowledge and Computational Equivocation, in Proc. of FOCS 96.
M. Bellare and S. Goldwasser, Methodology for Constructing Signature Schemes based on Non-Interactive Zero-Know ledge Proofs, in Proc. of CRYPTO 88.
M. Blum, A. De Santis, S. Micali, and G. Persiano, Non-Interactive Zero-Knowledge, SIAM Journal of Computing, vol. 20, no. 6, Dec 1991, pp. 1084–1118.
M. Blum, P. Feldman, and S. Micali, Non-Interactive Zero-Knowledge and Applications, Proc. of STOC 88.
M. Blum and S. Micali, How to Generate Cryptographically Strong Sequence of Pseudo-Random Bits, SIAM J. on Computing, vol. 13, no. 4, 1984, pp. 850–864.
G. Brassard, C. Crépeau, and D. Chaum, Minimum Disclosure Proofs of Knowledge, Journal of Computer and System Sciences, vol. 37, no. 2, pp. 156–189.
W. Diffie and M. Hellman, New Directions in Cryptography, in IEEE Transaction in Information Theory, 22, 1976.
A. De Santis and P. Persiano, Zero-Know ledge Proofs of Knowledge without Interaction, in Proc. of FOCS 92.
G. Di Crescenzo, Y. Ishai, and R. Ostrovsky, Non-Interactive and Non-Malleable Commitment, in Proc. of STOC 98.
G. Di Crescenzo and R. Ostrovsky, On Concurrent Zero-Knowledge with Pre-Processing, in Proc. of CRYPTO 99.
U. Feige, D. Lapidot, and A. Shamir, Multiple Non-Interactive Zero-Knowledge Proofs Based on a Single Random String, in Proc. of STOC 90.
O. Goldreich, S. Goldwasser, and S. Micali, How to Construct Random Functions, Journal of the ACM, vol. 33, no. 4, 1986, pp. 792–807.
O. Goldreich and L. Levin, A Hard-Core Predicate for any One-Way Function, in Proc. of FOCS 90.
O. Goldreich, S. Micali, and A. Wigderson, Proofs that Yield Nothing but their Validity or All Languages in NP Have Zero-Knowledge Proof Systems, Journal of the ACM, vol. 38, n. 1, 1991, pp. 691–729.
S. Goldwasser, and S. Micali, Probabilistic Encryption, Journal of Computer and System Sciences, vol. 28, n. 2, 1984, pp. 270–299.
S. Goldwasser, S. Micali, and C. Rackoff, The Knowledge Complexity of Interactive Proof-Systems, SIAM Journal on Computing, vol. 18, n. 1, 1989.
J. Hastad, R. Impagliazzo, L. Levin, and M. Luby, Construction of a Pseudo-Random Generator from any One-Way Function, SIAM Journal on Computing, vol. 28, n. 4, pp. 1364–1396, 1999.
R. Impagliazzo and M. Luby, One-Way Functions are Necessary for Complexity-Based Cryptography, in Proc. of FOCS 89.
R. Impagliazzo and S. Rudich, Limits on the Provable Consequences of One-Way Permutations, in Proc. of STOC 91.
M. Luby and C. Rackoff, How to Construct a Pseudo-Random Permutation from a Pseudo-Random Function, in SIAM Journal on Computing, vol. 17, n. 2, Aug 1988.
M. Naor, Bit Commitment using Pseudorandomness, in Proc. of CRYPTO 91.
M. Naor and M. Yung, Universal One-way Hash Functions and their Cryptographic Applications, in Proc. of STOC 89.
M. Naor and M. Yung, Public-Key Cryptosystems Provably Secure against Chosen Ciphertext Attack, Proc. of STOC 90.
R. Ostrovsky and A. Wigderson, One-way Functions are Necessary for Non-Trivial Zero-Knowledge Proofs, in Proc. of ISTCS 93.
J. Rompel, One-way Functions are Necessary and Sufficient for Secure Signatures, in Proc. of STOC 90.
A. Yao, Theory and Applications of Trapdoor Functions, in Proc. of FOCS 82.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
De Santis, A., Di Crescenzo, G., Persiano, G. (2000). Necessary and Sufficient Assumptions for Non-interactive Zero-Knowledge Proofs of Knowledge for All NP Relations. In: Montanari, U., Rolim, J.D.P., Welzl, E. (eds) Automata, Languages and Programming. ICALP 2000. Lecture Notes in Computer Science, vol 1853. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45022-X_38
Download citation
DOI: https://doi.org/10.1007/3-540-45022-X_38
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-67715-4
Online ISBN: 978-3-540-45022-1
eBook Packages: Springer Book Archive