Abstract
An interactive proof system is calledperfect zero-knowledge if the probability distribution generated by any probabilistic polynomial-time verifier interacting with the prover on input theoremϕ, can be generated by another probabilistic polynomial-time machine which only getsϕ as input (and interacts with nobody!).
In this paper we present aperfect zero-knowledge proof system for a decision problem which is computationally equivalent to the Discrete Logarithm Problem. Doing so we provide additional evidence to the belief thatperfect zero-knowledge proof systems exist in a nontrivial manner (i.e., for languages not inBPP). Our results extend to the logarithm problem in any finite Abelian group.
Article PDF
Similar content being viewed by others
Avoid common mistakes on your manuscript.
References
Aiello, W., and J. Hastad, Perfect Zero-Knowledge Languages Can Be Recognized in Two Rounds,Proc. 28th FOCS, 1987, pp. 439–448.
Babai, L., Trading Group Theory for Randomness,Proc. 17th STOC, 1985, pp. 421–429.
Babai, L., and L. Kucera, Canonical Labeling of Graphs in Linear Average Time,Proc. 20th FOCS, 1979, pp. 39–46.
Benaloh (Cohen), J. D., Cryptographic Capsules: A Disjunctive Primitive for Interactive Protocols,Advances in Cryptology—Crypto 86 (Proceedings), A. M. Odlyzko (ed.), pp. 213–222, Lecture Notes in Computer Science, Vol. 263, Springer-Verlag, Berlin, 1987.
Ben-or, M., O. Goldreich, S. Goldwasser, J. Hastad, J. Kilian, S. Micali, and P. Rogaway, Everything Provable Is Provable in Zero-Knowledge,Advances in Cryptology—Crypto 88 (Proceedings), S. Goldwasser (ed.), pp. 37–56, Lecture Notes in Computer Science, Vol. 403, Springer-Verlag, Berlin, 1990.
Blum, M., and S. Micali, How To Generate Cryptographically Strong Sequences of Pseudo-Random Bits,SIAM J. Comput., Vol. 13, 1984, pp. 850–864.
Boppana, R., J. Hastad, and S. Zachos, Does Co-NP Have Short Interactive Proofs?,Inform. Process. Lett., Vol. 25, May 1987, pp. 127–132.
Brassard, G., D. Chaum, and C. Crepeau, Minimum Disclosure Proofs of Knowledge,J. Comput. System Sci., Vol. 37, No. 2, October 1988, pp. 156–189.
Brickell E. F., D. Chaum, I. Damgard, and J. van de Graaf, Gradual and Verifiable Release of a Secret,Advances in Cryptology—Crypto 87 (Proceedings), C. Pomerance (ed.), pp. 156–166, Lecture Notes in Computer Science, Vol. 293, Springer-Verlag, Berlin, 1987.
Chaum, D., Demonstrating that a Public Predicate Can be Satisfied Without Revealing Any Information About How,Advances in Cryptology—Crypto 86 (Proceedings), A. M. Odlyzko (ed.), pp. 195–199, Lecture Notes in Computer Science, Vol. 263, Springer-Verlag, Berlin, 1987.
Chaum, D., J. H. Evertse, and J. van de Graaf, An Improved Protocol for Demonstrating Possession of a Discrete Logarithm Without Revealing It,Advances in Cryptology— Eurocrypt 87 (Proceedings), D. Chaum and W. L. Price (eds.), pp. 127–142, Lecture Notes in Computer Science, Vol. 304, Springer-Verlag, Berlin, 1988.
Chaum, D., J. H. Evertse, J. van de Graaf, and R. Peralta, Demonstrating Possession of a Discrete Logarithm Without Revealing It,Advances in Cryptology—Crypto 86 (Proceedings), A. M. Odlyzko (ed.), pp. 200–212, Lecture Notes in Computer Science, Vol. 263, Springer-Verlag, Berlin, 1987.
Even, S., O. Goldreich, and A. Lempel, A Randomized Protocol for Signing Contracts,Comm. ACM, Vol. 28, No. 6, 1985, pp. 637–647.
Even, S., A. L. Selman, and Y. Yacobi, The Complexity of Promise Problems with Applications to Public-Key CryptographyInform. Control, Vol. 61, 1984, pp. 159–173.
Fortnow, L, The Complexity of Perfect Zero-Knowledge,Proc. 19th STOC, pp. 204–209, 1987.
Goldreich, O., and A. Kahn, in preparation.
Goldreich, O., S. Micali, and A. Wigderson, Proofs that Yield Nothing but Their Validity and a Methodology of Cryptographic Protocol Design,J. Assoc. Comput. Math., Vol. 38, No. 1, 1991, pp. 691–729.
Goldreich, O., and Y. Oren, On the Cunning Power of Cheating Verifiers: Some Observations about Zero-Knowledge Proofs, in preparation.
Goldwasser, S., and S. Micali, Probabilistic Encryption,J. Comput. System Sci., Vol. 28, No. 2, 1984, pp. 270–299.
Goldwasser, S., S. Micali, and C. Rackoff, The Knowledge Complexity of Interactive Proof Systems,SIAM J. Comput., Vol. 18, No. 1, 1989, pp. 186–208. Early version appeared inProc. 17th STOC, 1985, pp. 291–304.
Goldwasser, S., and M. Sipser, Private Coins vs. Public Coins in Interactive Proof Systems,Proc. 18th STOC, 1986, pp. 59–68.
Hastad, J., Psuedo-random Generators Under Uniform Assumptions,Proc. 22nd STOC, 1990, pp. 395–404.
Impagliazo, R., L. A. Levin, and M. Luby, Pseudorandom Generation from One-Way Functions,Proc. 21st STOC, 1989, pp. 12–24.
Impagliazo, R., and M. Yung, Direct Minimum-Knowledge Computations,Advances in Cryptology—Crypto 87 (Proceedings), C. Pomerance (ed.), pp. 40–51, Lecture Notes in Computer Science, Vol. 293, Springer-Verlag, Berlin, 1987.
Kaliski, B. S., Elliptic Curves and Cryptography: A Pseudorandom Bit Generator and Other Tools. Ph.D. Thesis, MIT/LCS/TR-411, Massachusetts Institute of Technology, 1988.
Kucera, L., Canonical Labeling of Regular Graphs in Linear Average Time,Proc. 28th FOCS, 1987, pp. 271–279.
Kushilevitz, E., Perfect Zero-Knowledge Proofs, Master Thesis, Technion, 1989 (in Hebrew). A translation in English of the subsection concerning the parallel execution of the basic protocol is available from the author.
Naor, M., Bit Commitment Using Pseudorandomness,Advances in Cryptology—Crypto 89 (Proceedings), G. Brassard, (ed.), pp. 128–136, Lecture Notes in Computer Science, Vol. 435, Springer-Verlag, Berlin, 1990.
Odlyzko, A., Discrete Logarithm in Finite Fields and Their Cryptographic Significance,Proc. Eurocrypt 84, pp. 224–314, Lecture Notes in Computer Science, Vol. 209, Springer-Verlag, Berlin, 1985.
Oren, Y., On the Cunning Power of Cheating Verifiers: Some Observations about Zero-Knowledge Proofs,Proc. 28th FOCS, 1987, pp. 462–471.
Rosser, J., and L. Schoenfield, Approximate Formulas for Some Functions of Prime Numbers,Illinois J. Math., Vol. 6, 1961, pp. 64–94.
Shamir A., IP=PSPACE,Proc. 31st FOCS, 1990, pp. 11–15.
Tompa, M., and H. Woll, Random Self-Reducibility and Zero-Knowledge Interactive Proofs of Possession of Information,Proc. 28th FOCS, 1987, pp. 472–482.
Yao, A. C., Theory and Applications of Trapdoor Functions,Proc. 23rd FOCS, 1982, pp. 80–91.
Author information
Authors and Affiliations
Additional information
Communicated by Ernest F. Brickell
This research was partially supported by the Fund for Basic Research Administered by the Israeli Academy of Sciences and Humanities. An early version of this paper appeared inAdvances in Cryptology —Crypto 88 (Proceedings), S. Goldwasser (ed.), pp. 57–70, Lecture Notes in Computer Science, vol. 403, Springer-Verlag, Berlin, 1990.
Rights and permissions
About this article
Cite this article
Goldreich, O., Kushilevitz, E. A perfect zero-knowledge proof system for a problem equivalent to the discrete logarithm. J. Cryptology 6, 97–116 (1993). https://doi.org/10.1007/BF02620137
Received:
Revised:
Issue Date:
DOI: https://doi.org/10.1007/BF02620137