Journal of Cryptology

, Volume 6, Issue 2, pp 97–116

A perfect zero-knowledge proof system for a problem equivalent to the discrete logarithm

  • Oded Goldreich
  • Eyal Kushilevitz
Article

Abstract

An interactive proof system is calledperfect zero-knowledge if the probability distribution generated by any probabilistic polynomial-time verifier interacting with the prover on input theoremϕ, can be generated by another probabilistic polynomial-time machine which only getsϕ as input (and interacts with nobody!).

In this paper we present aperfect zero-knowledge proof system for a decision problem which is computationally equivalent to the Discrete Logarithm Problem. Doing so we provide additional evidence to the belief thatperfect zero-knowledge proof systems exist in a nontrivial manner (i.e., for languages not inBPP). Our results extend to the logarithm problem in any finite Abelian group.

Key words

Interactive proofs Perfect zero-knowledge Discrete logarithm 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [AH]
    Aiello, W., and J. Hastad, Perfect Zero-Knowledge Languages Can Be Recognized in Two Rounds,Proc. 28th FOCS, 1987, pp. 439–448.Google Scholar
  2. [Ba]
    Babai, L., Trading Group Theory for Randomness,Proc. 17th STOC, 1985, pp. 421–429.Google Scholar
  3. [BK]
    Babai, L., and L. Kucera, Canonical Labeling of Graphs in Linear Average Time,Proc. 20th FOCS, 1979, pp. 39–46.Google Scholar
  4. [Be]
    Benaloh (Cohen), J. D., Cryptographic Capsules: A Disjunctive Primitive for Interactive Protocols,Advances in Cryptology—Crypto 86 (Proceedings), A. M. Odlyzko (ed.), pp. 213–222, Lecture Notes in Computer Science, Vol. 263, Springer-Verlag, Berlin, 1987.Google Scholar
  5. [BGG+.
    Ben-or, M., O. Goldreich, S. Goldwasser, J. Hastad, J. Kilian, S. Micali, and P. Rogaway, Everything Provable Is Provable in Zero-Knowledge,Advances in Cryptology—Crypto 88 (Proceedings), S. Goldwasser (ed.), pp. 37–56, Lecture Notes in Computer Science, Vol. 403, Springer-Verlag, Berlin, 1990.Google Scholar
  6. [BM]
    Blum, M., and S. Micali, How To Generate Cryptographically Strong Sequences of Pseudo-Random Bits,SIAM J. Comput., Vol. 13, 1984, pp. 850–864.MATHCrossRefMathSciNetGoogle Scholar
  7. [BHZ]
    Boppana, R., J. Hastad, and S. Zachos, Does Co-NP Have Short Interactive Proofs?,Inform. Process. Lett., Vol. 25, May 1987, pp. 127–132.MATHCrossRefMathSciNetGoogle Scholar
  8. [BCC]
    Brassard, G., D. Chaum, and C. Crepeau, Minimum Disclosure Proofs of Knowledge,J. Comput. System Sci., Vol. 37, No. 2, October 1988, pp. 156–189.MATHCrossRefMathSciNetGoogle Scholar
  9. [BCDG]
    Brickell E. F., D. Chaum, I. Damgard, and J. van de Graaf, Gradual and Verifiable Release of a Secret,Advances in Cryptology—Crypto 87 (Proceedings), C. Pomerance (ed.), pp. 156–166, Lecture Notes in Computer Science, Vol. 293, Springer-Verlag, Berlin, 1987.Google Scholar
  10. [C]
    Chaum, D., Demonstrating that a Public Predicate Can be Satisfied Without Revealing Any Information About How,Advances in Cryptology—Crypto 86 (Proceedings), A. M. Odlyzko (ed.), pp. 195–199, Lecture Notes in Computer Science, Vol. 263, Springer-Verlag, Berlin, 1987.Google Scholar
  11. [CEG]
    Chaum, D., J. H. Evertse, and J. van de Graaf, An Improved Protocol for Demonstrating Possession of a Discrete Logarithm Without Revealing It,Advances in Cryptology— Eurocrypt 87 (Proceedings), D. Chaum and W. L. Price (eds.), pp. 127–142, Lecture Notes in Computer Science, Vol. 304, Springer-Verlag, Berlin, 1988.Google Scholar
  12. [CEGP]
    Chaum, D., J. H. Evertse, J. van de Graaf, and R. Peralta, Demonstrating Possession of a Discrete Logarithm Without Revealing It,Advances in Cryptology—Crypto 86 (Proceedings), A. M. Odlyzko (ed.), pp. 200–212, Lecture Notes in Computer Science, Vol. 263, Springer-Verlag, Berlin, 1987.Google Scholar
  13. [EGL]
    Even, S., O. Goldreich, and A. Lempel, A Randomized Protocol for Signing Contracts,Comm. ACM, Vol. 28, No. 6, 1985, pp. 637–647.CrossRefMathSciNetGoogle Scholar
  14. [ESY]
    Even, S., A. L. Selman, and Y. Yacobi, The Complexity of Promise Problems with Applications to Public-Key CryptographyInform. Control, Vol. 61, 1984, pp. 159–173.MATHCrossRefMathSciNetGoogle Scholar
  15. [F]
    Fortnow, L, The Complexity of Perfect Zero-Knowledge,Proc. 19th STOC, pp. 204–209, 1987.Google Scholar
  16. [GK]
    Goldreich, O., and A. Kahn, in preparation.Google Scholar
  17. [GMW]
    Goldreich, O., S. Micali, and A. Wigderson, Proofs that Yield Nothing but Their Validity and a Methodology of Cryptographic Protocol Design,J. Assoc. Comput. Math., Vol. 38, No. 1, 1991, pp. 691–729.MATHMathSciNetGoogle Scholar
  18. [GO]
    Goldreich, O., and Y. Oren, On the Cunning Power of Cheating Verifiers: Some Observations about Zero-Knowledge Proofs, in preparation.Google Scholar
  19. [GM]
    Goldwasser, S., and S. Micali, Probabilistic Encryption,J. Comput. System Sci., Vol. 28, No. 2, 1984, pp. 270–299.MATHCrossRefMathSciNetGoogle Scholar
  20. [GMR]
    Goldwasser, S., S. Micali, and C. Rackoff, The Knowledge Complexity of Interactive Proof Systems,SIAM J. Comput., Vol. 18, No. 1, 1989, pp. 186–208. Early version appeared inProc. 17th STOC, 1985, pp. 291–304.MATHCrossRefMathSciNetGoogle Scholar
  21. [GS]
    Goldwasser, S., and M. Sipser, Private Coins vs. Public Coins in Interactive Proof Systems,Proc. 18th STOC, 1986, pp. 59–68.Google Scholar
  22. [H]
    Hastad, J., Psuedo-random Generators Under Uniform Assumptions,Proc. 22nd STOC, 1990, pp. 395–404.Google Scholar
  23. [ILL]
    Impagliazo, R., L. A. Levin, and M. Luby, Pseudorandom Generation from One-Way Functions,Proc. 21st STOC, 1989, pp. 12–24.Google Scholar
  24. [IY]
    Impagliazo, R., and M. Yung, Direct Minimum-Knowledge Computations,Advances in Cryptology—Crypto 87 (Proceedings), C. Pomerance (ed.), pp. 40–51, Lecture Notes in Computer Science, Vol. 293, Springer-Verlag, Berlin, 1987.Google Scholar
  25. [Ka]
    Kaliski, B. S., Elliptic Curves and Cryptography: A Pseudorandom Bit Generator and Other Tools. Ph.D. Thesis, MIT/LCS/TR-411, Massachusetts Institute of Technology, 1988.Google Scholar
  26. [Kuc]
    Kucera, L., Canonical Labeling of Regular Graphs in Linear Average Time,Proc. 28th FOCS, 1987, pp. 271–279.Google Scholar
  27. [Kus]
    Kushilevitz, E., Perfect Zero-Knowledge Proofs, Master Thesis, Technion, 1989 (in Hebrew). A translation in English of the subsection concerning the parallel execution of the basic protocol is available from the author.Google Scholar
  28. [N]
    Naor, M., Bit Commitment Using Pseudorandomness,Advances in Cryptology—Crypto 89 (Proceedings), G. Brassard, (ed.), pp. 128–136, Lecture Notes in Computer Science, Vol. 435, Springer-Verlag, Berlin, 1990.Google Scholar
  29. [Od]
    Odlyzko, A., Discrete Logarithm in Finite Fields and Their Cryptographic Significance,Proc. Eurocrypt 84, pp. 224–314, Lecture Notes in Computer Science, Vol. 209, Springer-Verlag, Berlin, 1985.Google Scholar
  30. [Or]
    Oren, Y., On the Cunning Power of Cheating Verifiers: Some Observations about Zero-Knowledge Proofs,Proc. 28th FOCS, 1987, pp. 462–471.Google Scholar
  31. [RS]
    Rosser, J., and L. Schoenfield, Approximate Formulas for Some Functions of Prime Numbers,Illinois J. Math., Vol. 6, 1961, pp. 64–94.Google Scholar
  32. [S]
    Shamir A., IP=PSPACE,Proc. 31st FOCS, 1990, pp. 11–15.Google Scholar
  33. [TW]
    Tompa, M., and H. Woll, Random Self-Reducibility and Zero-Knowledge Interactive Proofs of Possession of Information,Proc. 28th FOCS, 1987, pp. 472–482.Google Scholar
  34. [Y]
    Yao, A. C., Theory and Applications of Trapdoor Functions,Proc. 23rd FOCS, 1982, pp. 80–91.Google Scholar

Copyright information

© International Association for Cryptologic Research 1993

Authors and Affiliations

  • Oded Goldreich
    • 1
  • Eyal Kushilevitz
    • 1
  1. 1.Department of Computer ScienceTechnionHaifaIsrael

Personalised recommendations