Abstract
A perfect zero-knowledge interactive protocol allows a prover to convince a verifier of the validity of a statement in a way that does not give the verifier any additional information [GMR, GMW]. Such protocols take place by the exchange of messages back and forth between the prover and the verifier. An important measure of efficiency for these protocols is the number of rounds in the interaction. In previously known perfect zero-knowledge protocols for statements concerning NP-complete problems [BCC], at least k rounds were necessary in order to prevent one party from having a probability of undetected cheating greater than 2−k. In this paper, we give the first perfect zero-knowledge protocol that offers arbitrarily high security for any statement in NP with a constant number of rounds (under the assumption that it is possible to find a prime p with known factorization of p−1 such that it is infeasible to compute discrete logarithms modulo p even for someone who knows the factors of p−1, or more generally under the assumption that one-way group homomorphisms exist). All these protocols are BCC-arguments rather than GMR-proofs [BC3].
Supported in part by Canada NSERC grant A4107.
Supported in part by an NSERC postgraduate scholarship; part of this research was performed while this author was visiting the IBM Almaden Research Center.
Preview
Unable to display preview. Download preview PDF.
Bibliography
Benaloh, J. C., “Cryptographic capsules: A disjunctive primitive for interactive protocols”, Advances in Cryptology — Crypto '86 Proceedings, Springer-Verlag, 1987, pp. 213–222.
Boyar, J. F., Krentel, M. W. and Kurtz, S. A., “A discrete logarithm implementation of zero-knowledge blobs”, Journal of Cryptology, to appear.
Brassard, G., Chaum, D. and Crépeau, C., “Minimum disclosure proofs of knowledge”, Journal of Computer and System Sciences, vol. 37, no. 2, 1988, pp. 156–189.
Brassard, G. and Crépeau, C., “Zero-knowledge simulation of Boolean circuits”, Advances in Cryptology — Crypto '86 Proceedings, Springer-Verlag, 1987, pp. 224–233.
Brassard, G. and Crépeau, C., “Non-transitive transfer of confidence: A perfect zero-knowledge interactive protocol for SAT and beyond”, Proceedings of the 27th IEEE Symposium on Foundations of Computer Science, 1986, pp. 188–195.
Brassard, G. and Crépeau, C., “Sorting out zero-knowledge”, Advances in Cryptology — Eurocrypt '89 Proceedings, Springer-Verlag, to appear.
Chaum, D., “Demonstrating that a public predicate can be satisfied without revealing any information about how”, Advances in Cryptology — Crypto '86 Proceedings, Springer-Verlag, 1987, pp. 195–199.
Chaum, D., Damgaard, I.B. and van de Graaf, J., “Multiparty computations ensuring privacy of each party's input and correctness of the result”, Advances in Cryptology — Crypto '87 Proceedings, Springer-Verlag, 1988, pp. 87–119.
Chaum, D., Evertse, J.-H. and van de Graaf, J., “An improved protocol for demonstrating possession of discrete logarithms and some generalizations”, Advances in Cryptology — Eurocrypt '87 Proceedings, Springer-Verlag, 1988, pp. 127–141.
Chaum, D., Evertse, J.-H., van de Graaf, J. and Peralta, R., “Demonstrating possession of a discrete logarithm without revealing it”, Advances in Cryptology — Crypto '86 Proceedings, Springer-Verlag, 1987, pp.200–212.
Feige, U., Fiat, A. and Shamir, A., “Zero knowledge proofs of identity”, Journal of Cryptology, vol. 1, no. 2, 1988, pp. 77–94.
Feige, U. and Shamir, A., “Zero knowledge proofs of knowledge in two rounds”, submitted to Crypto '89, March 1989.
Fortnow, L., “The complexity of perfect zero-knowledge”, Proceedings of the 19th ACM Symposium on Theory of Computing, 1987, pp.204–209.
Goldreich, O., personal communication.
Goldreich, O., Micali, S. and Wigderson, A., “Proofs that yield nothing but their validity and a methodology of cryptographic protocol design”, Proceedings of the 27th IEEE Symposium on Foundations of Computer Science, 1986, pp. 174–187.
Goldwasser, S., Micali, S. and Rackoff, C., “The knowledge complexity of interactive proof systems”, SIAM Journal on Computing, vol. 18, no. 1, 1989, pp. 186–208.
Impagliazzo, R. and Yung, M., “Direct minimum-knowledge computations”, Advances in Cryptology — Crypto '87 Proceedings, Springer-Verlag, 1988, pp. 40–51.
Pohlig, S. and Hellman, M.E., “An improved algorithm for computing logarithms over GF(p) and its cryptographic significance”, IEEE Transactions on Information Theory, vol.IT-24, 1978, pp. 106–110.
Shannon, C.E., “A mathematical theory of communications”, Bell System Technical Journal, vol.27, 1948, pp.379–423 and 623–656.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1989 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Brassard, G., Crépeau, C., Yung, M. (1989). Everything in NP can be argued in perfect zero-knowledge in a bounded number of rounds. In: Ausiello, G., Dezani-Ciancaglini, M., Della Rocca, S.R. (eds) Automata, Languages and Programming. ICALP 1989. Lecture Notes in Computer Science, vol 372. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0035756
Download citation
DOI: https://doi.org/10.1007/BFb0035756
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-51371-1
Online ISBN: 978-3-540-46201-9
eBook Packages: Springer Book Archive