Advertisement

Journal of Cryptology

, Volume 6, Issue 2, pp 65–85 | Cite as

On the communication complexity of zero-knowledge proofs

  • Joan Boyar
  • Carsten Lund
  • René Peralta
Article

Abstract

The fact that there are zero-knowledge proofs for all languages in NP (see [15], [6], and [5]) has, potentially, enormous implications to cryptography. For cryptographers, the issue is no longer “which languages in NP have zeroknowledge proofs” but rather “which languages in NP have practical zeroknowledge proofs.” Thus, the concrete complexity of zero-knowledge proofs for different languages must be established.

In this paper we study the concrete complexity of the known general methods for constructing zero-knowledge proofs. We establish that circuit-based methods, which can be applied in either the GMR or the BCC model, have the potential of producing proofs which can be used in practice. Then we introduce several techniques which greatly reduce the concrete complexity of circuit-based proofs, and we show that these techniques lead to zero-knowledge proofs of knowledge.

Finally, we show how to combine the techniques of Kilian, Micali, and Ostrovsky, for designing zero-knowledge proofs with only two envelopes, with some of our techniques for reducing the number of bits which the prover must commit to.

Key words

Zero-knowledge Proofs of knowledge Efficiency Cryptographic protocols Communication complexity 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [1]
    L. Babai. Trading group theory for randomness. InProceedings of the 17th Annual ACM Symposium on the Theory of Computing, pp. 421–429, 1985.Google Scholar
  2. [2]
    J.C. Benaloh. Cryptographic capsules: a disjunctive primitive for interactive protocols. InAdvances in Cryptology—Proceedings of CRYPTO 86, pp. 213–222. Lecture Notes in Computer Science, vol. 263, Springer-Verlag, Berlin, 1987.CrossRefGoogle Scholar
  3. [3]
    J. Boyar, G. Brassard, and R. Peralta. Subquadratic zero-knowledge. InProceedings of the 32nd IEEE Symposium on the Foundations of Computer Science, pp. 69–78, 1991.Google Scholar
  4. [4]
    J. Boyar, M. Krentel, and S. Kurtz. A discrete logarithm implementation of zero-knowledge blobs.Journal of Cryptology,2(2):63–76, 1990.zbMATHCrossRefMathSciNetGoogle Scholar
  5. [5]
    G. Brassard, D. Chaum, and C. Crépeau. Minimum disclosure proofs of knowledge.Journal of Computer and System Sciences,37:156–189, 1988.zbMATHCrossRefMathSciNetGoogle Scholar
  6. [6]
    G. Brassard and C. Crépeau. Nontransitive transfer of confidence: a perfect zero-knowledge interactive protocol for SAT and beyond. InProceedings of the 27th IEEE Symposium on the Foundations of Computer Science, pp. 188–195, 1986.Google Scholar
  7. [7]
    G. Brassard and C. Crépeau. Zero-knowledge simulation of boolean circuits. InAdvances in Cryptology—Proceedings of CRYPTO 86, pp. 223–233. Lecture Notes in Computer Science, vol. 263, Springer-Verlag, Berlin, 1987.CrossRefGoogle Scholar
  8. [8]
    D. Chaum. Demonstrating that a public predicate can be satisfied without revealing any information about how. InAdvances in Cryptology—Proceedings of CRYPTO 86, pp. 195–199. Lecture Notes in Computer Science, vol. 263, Springer-Verlag, Berlin, 1987.CrossRefGoogle Scholar
  9. [9]
    D. Chaum, I. Damgård, and J. van de Graaf. Multiparty computations ensuring privacy of each party’s input and correctness of the result. InAdvances in Cryptology—Proceedings of CRYPTO 87, pp. 87–119. Lecture Notes in Computer Science, vol. 293, Springer-Verlag, Berlin, 1988.Google Scholar
  10. [10]
    S. A. Cook. The complexity of theorem-proving procedures. InProceedings of the 3rd Annual ACM Symposium on the Theory of Computing, pp. 151–158, 1971.Google Scholar
  11. [11]
    S. A. Cook. Short propositional formulas represent nondeterministic computation.Information Processing Letters,26:269–270, 1988.zbMATHCrossRefMathSciNetGoogle Scholar
  12. [12]
    B. den Boer. An efficiency improvement to prove satisfiability with zero knowledge with public key. InAdvances in Cryptology—Proceedings of EUROCRYPT 89, pp. 208–217. Lecture Notes in Computer Science, vol. 434, Springer-Verlag, Berlin, 1989.Google Scholar
  13. [13]
    U. Feige, A. Fiat, and A. Shamir. Zero-knowledge proofs of identity.Journal of Cryptology,1(2):77–94, 1988.zbMATHCrossRefMathSciNetGoogle Scholar
  14. [14]
    M. R. Garey, D. S. Johnson, and L. Stockmeyer. Some simplified NP-complete graph problems.Theoretical Computer Science,1:237–267, 1976.zbMATHCrossRefMathSciNetGoogle Scholar
  15. [15]
    O. Goldreich, S. Micali, and A. Wigderson. Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems.Journal of the Association for Computing Machinery,38:691–729, 1991.zbMATHMathSciNetGoogle Scholar
  16. [16]
    S. Goldwasser and S. Micali. Probabilistic encryption.Journal of Computer and System Sciences,28:270–299, 1984.zbMATHCrossRefMathSciNetGoogle Scholar
  17. [17]
    S. Goldwasser, S. Micali, and C. Rackoff. The knowledge complexity of interactive proof-systems.SIAM Journal of Computation,18(1):186–208, 1989.zbMATHCrossRefMathSciNetGoogle Scholar
  18. [18]
    R. Impagliazzo and M. Yung. Direct minimum-knowledge computations. InAdvances in Cryptology—Proceedings of CRYPTO 87, pp. 40–51. Lecture Notes in Computer Science, vol. 293, Springer-Verlag, Berlin, 1988.Google Scholar
  19. [19]
    J. Kilian. A note on efficient zero-knowledge proofs and arguments. InProceedings of the 24th Annual ACM Symposium on the Theory of Computing, pp. 723–732, 1992.Google Scholar
  20. [20]
    J. Kilian, S. Micali, and R. Ostrovsky. Minimum resource zero-knowledge proofs. InProceedings of the 30th IEEE Symposium on the Foundations of Computer Science, pp. 474–479, 1990.Google Scholar

Copyright information

© International Association for Cryptologic Research 1993

Authors and Affiliations

  • Joan Boyar
    • 1
  • Carsten Lund
    • 1
  • René Peralta
    • 2
  1. 1.University of ChicagoChicagoU.S.A.
  2. 2.University of WisconsinMilwaukeeU.S.A.

Personalised recommendations