# Practical zero-knowledge proofs: Giving hints and using deficiencies

Article

- 99 Downloads
- 11 Citations

## Abstract

New zero-knowledge proofs are given for some number-theoretic problems. All of the problems are in NP, but the proofs given here are much more efficient than the previously known proofs. In addition, these proofs do not require the prover to be superpolynomial in power. A probabilistic polynomial-time prover with the appropriate trapdoor knowledge is sufficient. The proofs are perfect or statistical zero-knowledge in all cases except one.

## Key words

Zero-knowledge proofs Efficiency Number-theoretic problems## Preview

Unable to display preview. Download preview PDF.

## References

- [1]Adleman, L., and M.-D. Huang, Recognizing primes in random polynomial time,
*Proc. 19th ACM Symp. on Theory of Computing*, 1987, pp. 462–469.Google Scholar - [2]Adleman, L., K. Manders, and G. Miller, On taking roots in finite fields,
*Proc. 18th IEEE Symp. on Foundations of Computer Science*, 1977, pp. 175–178.Google Scholar - [3]Bach, E., How to generate factored random numbers,
*SIAM Journal on Computing*, vol. 17, no. 2, April 1988, pp. 179–193.Google Scholar - [4]Bellare, M., S. Micali, and R. Ostrovsky, Perfect zero-knowledge in constant rounds,
*Proc. 22nd ACM Symp. on Theory of Computing*, 1990, pp. 482–493.Google Scholar - [5]Benaloh, J., Cryptographic capsules: a disjunctive primitive for interactive protocols,
*Advances in Cryptology—Crypto '86 Proceedings*, 1987, pp. 213–222.Google Scholar - [6]Berlekamp, E. Factoring polynomials over large finite fields,
*Mathematics of Computations*, vol. 24, 1970, pp. 713–735.Google Scholar - [7]Boppana, R., J. Hastad, and S. Zachos, Does co-NP have short interactive proofs?,
*Information Processing Letters*, vol. 25, 1987, pp. 127–132.Google Scholar - [8]Brassard, G., and C. Crépeau, Non-transitive transfer of confidence: a perfect zero-knowledge interactive protocol for SAT and beyond,
*Proc. 27th IEEE Symp. on Foundations of Computer Science*, 1986, pp. 188–195.Google Scholar - [9]Brassard, G., C. Crépeau, and J. M. Robert, All-or-nothing disclosure of secrets,
*Advances in Cryptology—Crypto '86 Proceedings*, 1987, pp. 234–238.Google Scholar - [10]Chaum, D., Demonstrating that a public predicate can be satisfied without revealing any information about how,
*Advances in Cryptology—Crypto '86 Proceedings*, 1987, pp. 195–199.Google Scholar - [11]Chaum, D., J.-H. Evertse, J. van de Graaf, An improved protocol for demonstrating possession of discrete logarithms and some generalizations,
*Advances in Cryptology—Eurocrypt '87 Proceedings*, 1988, pp. 127–141.Google Scholar - [12]Chaum, D., J.-H. Evertse, J. van de Graaf, and R. Peralta, Demonstrating possession of a discrete logarithm without revealing it,
*Advances in Cryptology—Crypto '86 Proceedings*, 1987, pp. 200–212.Google Scholar - [13]Davenport, H.,
*Multiplicative Number Theory*, Markham, Chicago, 1967.Google Scholar - [14]Even, S., A. L. Selman, and Y. Yacobi, The complexity of promise problems with applications to public-key cryptography,
*Information and Control*, vol. 61, 1984, pp. 159–173.Google Scholar - [15]Feige, U., A. Fiat, and A. Shamir, Zero-knowledge proofs of identity,
*Journal of Cryptology*, vol. 1, no. 2, 1988, pp. 77–94.Google Scholar - [16]Feige, U., and A. Shamir, Zero knowledge proofs of knowledge in two rounds,
*Advances in Cryptology—Crypto '89 Proceedings*, 1990, pp. 526–544.Google Scholar - [17]Fortnow, L., The complexity of perfect zero-knowledge,
*Proc. 19th ACM Symp. on Theory of Computing*, 1987, pp. 204–209.Google Scholar - [18]Goldreich, O., and E. Kushilevitz, A perfect zero-knowledge proof for a problem equivalent to discrete logarithm,
*Advances in Cryptology—Crypto '88 Proceedings*, 1990, pp. 57–70.Google Scholar - [19]Goldreich, O. S. Micali, and A. Wigderson, Proofs that yield nothing but their validity and a methodology of cryptographic protocol design,
*Proc. 27th IEEE Symp. on Foundations of Computer Science*, 1986, pp. 174–187.Google Scholar - [20]Goldreich, O., S. Micali, and A. Wigderson, Proofs that yield nothing but their validity and a methodology of cryptographic protocol design, to appear.Google Scholar
- [21]Goldwasser, S., and S. Micali, Probabilistic encryption,
*Journal of Computer and System Sciences*, vol. 28, 1984, pp. 270–299.Google Scholar - [22]Goldwasser, S., S. Micali, and C. Rackoff, The knowledge complexity of interactive proof systems,
*SIAM Journal on Computing*, vol. 18, 1989, pp. 186–208.Google Scholar - [23]Van de Graaf, J., and R. Peralta, A simple and secure way to show the validity of your public key,
*Advances in Cryptology—Crypto '87 Proceedings*, 1988, pp. 128–134.Google Scholar - [24]Knuth, D. E.,
*The Art of Computer Programming*, Vol. 2, Addison-Wesley, Reading, MA, 1969.Google Scholar - [25]Oren, Y., On the cunning power of cheating verifiers: some observations about zero knowledge proofs,
*Proc. 28th IEEE Symp. on Foundations of Computer Science*, 1987, pp. 462–471.Google Scholar - [26]Rabin, M. O., Digitalized Signatures and Public-Key Functions as Intractable as Factorization, Technical Report MIT/LCS/TR-212, M.I.T., January 1979.Google Scholar
- [27]Rabin, M. O., Probabilistic algorithms in finite fields,
*SIAM Journal on Computing*, vol. 9, 1980, pp. 273–280.Google Scholar - [28]Rosser, J. B., and Schoenfeld, L., Approximate formulas for some functions of prime numbers,
*Illinois Journal of Mathematics*, vol. 6, 1962, pp. 64–94.Google Scholar - [29]Schwarz, W., Representation of square-free integers,
*American Mathematical Monthly*, vol. 73, 1966, pp. 426–427.Google Scholar - [30]Tompa, M., and H. Woll, Random self-reducibility and zero knowledge interactive proofs of possession of information,
*Proc. 28th IEEE Symp. on Foundations of Computer Science*, 1987, pp. 472–482.Google Scholar - [31]Wagstaff, S. S., Greatest of the least primes in arithmetic progressions having a given modulus,
*Mathematics of Computation*, vol. 33 no. 147, July 1979, pp. 1073–1080.Google Scholar

## Copyright information

© Springer-Verlag New York Inc. 1991