Advances in Cryptology — CRYPTO’ 92

Volume 740 of the series Lecture Notes in Computer Science pp 390-420


On Defining Proofs of Knowledge

  • Mihir BellareAffiliated withHigh Performance Computing and Communications, IBM T.J. Watson Research Center
  • , Oded GoldreichAffiliated withComputer Science Department, Technion


The notion of a “proof of knowledge,” suggested by Goldwasser, Micali and Rackoff, has been used in many works as a tool for the construction of cryptographic protocols and other schemes. Yet the commonly cited formalizations of this notion are unsatisfactory and in particular inadequate for some of the applications in which they are used. Consequently, new researchers keep getting misled by existing literature. The purpose of this paper is to indicate the source of these problems and suggest a definition which resolves them.