Abstract
The fact that there are zero-knowledge proofs for all languages in NP (see [15], [6], and [5]) has, potentially, enormous implications to cryptography. For cryptographers, the issue is no longer “which languages in NP have zeroknowledge proofs” but rather “which languages in NP have practical zeroknowledge proofs.” Thus, the concrete complexity of zero-knowledge proofs for different languages must be established.
In this paper we study the concrete complexity of the known general methods for constructing zero-knowledge proofs. We establish that circuit-based methods, which can be applied in either the GMR or the BCC model, have the potential of producing proofs which can be used in practice. Then we introduce several techniques which greatly reduce the concrete complexity of circuit-based proofs, and we show that these techniques lead to zero-knowledge proofs of knowledge.
Finally, we show how to combine the techniques of Kilian, Micali, and Ostrovsky, for designing zero-knowledge proofs with only two envelopes, with some of our techniques for reducing the number of bits which the prover must commit to.
Article PDF
Similar content being viewed by others
Avoid common mistakes on your manuscript.
References
L. Babai. Trading group theory for randomness. InProceedings of the 17th Annual ACM Symposium on the Theory of Computing, pp. 421–429, 1985.
J.C. Benaloh. Cryptographic capsules: a disjunctive primitive for interactive protocols. InAdvances in Cryptology—Proceedings of CRYPTO 86, pp. 213–222. Lecture Notes in Computer Science, vol. 263, Springer-Verlag, Berlin, 1987.
J. Boyar, G. Brassard, and R. Peralta. Subquadratic zero-knowledge. InProceedings of the 32nd IEEE Symposium on the Foundations of Computer Science, pp. 69–78, 1991.
J. Boyar, M. Krentel, and S. Kurtz. A discrete logarithm implementation of zero-knowledge blobs.Journal of Cryptology,2(2):63–76, 1990.
G. Brassard, D. Chaum, and C. Crépeau. Minimum disclosure proofs of knowledge.Journal of Computer and System Sciences,37:156–189, 1988.
G. Brassard and C. Crépeau. Nontransitive transfer of confidence: a perfect zero-knowledge interactive protocol for SAT and beyond. InProceedings of the 27th IEEE Symposium on the Foundations of Computer Science, pp. 188–195, 1986.
G. Brassard and C. Crépeau. Zero-knowledge simulation of boolean circuits. InAdvances in Cryptology—Proceedings of CRYPTO 86, pp. 223–233. Lecture Notes in Computer Science, vol. 263, Springer-Verlag, Berlin, 1987.
D. Chaum. Demonstrating that a public predicate can be satisfied without revealing any information about how. InAdvances in Cryptology—Proceedings of CRYPTO 86, pp. 195–199. Lecture Notes in Computer Science, vol. 263, Springer-Verlag, Berlin, 1987.
D. Chaum, I. Damgård, and J. van de Graaf. Multiparty computations ensuring privacy of each party’s input and correctness of the result. InAdvances in Cryptology—Proceedings of CRYPTO 87, pp. 87–119. Lecture Notes in Computer Science, vol. 293, Springer-Verlag, Berlin, 1988.
S. A. Cook. The complexity of theorem-proving procedures. InProceedings of the 3rd Annual ACM Symposium on the Theory of Computing, pp. 151–158, 1971.
S. A. Cook. Short propositional formulas represent nondeterministic computation.Information Processing Letters,26:269–270, 1988.
B. den Boer. An efficiency improvement to prove satisfiability with zero knowledge with public key. InAdvances in Cryptology—Proceedings of EUROCRYPT 89, pp. 208–217. Lecture Notes in Computer Science, vol. 434, Springer-Verlag, Berlin, 1989.
U. Feige, A. Fiat, and A. Shamir. Zero-knowledge proofs of identity.Journal of Cryptology,1(2):77–94, 1988.
M. R. Garey, D. S. Johnson, and L. Stockmeyer. Some simplified NP-complete graph problems.Theoretical Computer Science,1:237–267, 1976.
O. Goldreich, S. Micali, and A. Wigderson. Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems.Journal of the Association for Computing Machinery,38:691–729, 1991.
S. Goldwasser and S. Micali. Probabilistic encryption.Journal of Computer and System Sciences,28:270–299, 1984.
S. Goldwasser, S. Micali, and C. Rackoff. The knowledge complexity of interactive proof-systems.SIAM Journal of Computation,18(1):186–208, 1989.
R. Impagliazzo and M. Yung. Direct minimum-knowledge computations. InAdvances in Cryptology—Proceedings of CRYPTO 87, pp. 40–51. Lecture Notes in Computer Science, vol. 293, Springer-Verlag, Berlin, 1988.
J. Kilian. A note on efficient zero-knowledge proofs and arguments. InProceedings of the 24th Annual ACM Symposium on the Theory of Computing, pp. 723–732, 1992.
J. Kilian, S. Micali, and R. Ostrovsky. Minimum resource zero-knowledge proofs. InProceedings of the 30th IEEE Symposium on the Foundations of Computer Science, pp. 474–479, 1990.
Author information
Authors and Affiliations
Additional information
Communicated by Ernest F. Brickell and Gilles Brassard
Supported in part by NSA Grant No. MDA90488-H-2006.
Supported in part by NSF Grant No. CCR-8909657.
Rights and permissions
About this article
Cite this article
Boyar, J., Lund, C. & Peralta, R. On the communication complexity of zero-knowledge proofs. J. Cryptology 6, 65–85 (1993). https://doi.org/10.1007/BF02620135
Received:
Revised:
Issue Date:
DOI: https://doi.org/10.1007/BF02620135