Advances in Cryptology - ASIACRYPT 2010

Volume 6477 of the series Lecture Notes in Computer Science pp 321-340

Short Pairing-Based Non-interactive Zero-Knowledge Arguments

  • Jens GrothAffiliated withUniversity College London


We construct non-interactive zero-knowledge arguments for circuit satisfiability with perfect completeness, perfect zero-knowledge and computational soundness. The non-interactive zero-knowledge arguments have sub-linear size and very efficient public verification. The size of the non-interactive zero-knowledge arguments can even be reduced to a constant number of group elements if we allow the common reference string to be large. Our constructions rely on groups with pairings and security is based on two new cryptographic assumptions; we do not use the Fiat-Shamir heuristic or random oracles.


Sub-linear size non-interactive zero-knowledge arguments pairing-based cryptography power knowledge of exponent assumption computational power Diffie-Hellman assumption