Short Non-Interactive Cryptographic Proofs
- 85 Downloads
We show how to produce short proofs of theorems such that a distrusting Verifier can be convinced that the theorem is true yet obtains no information about the proof itself. We assume the theorem is represented by a boolean circuit, of size m gates, which is satisfiable if and only if the theorem holds. We use bit commitments of size k and bound the probability of false proofs going undetected by 2 -r . We obtain non-interactive zero-knowledge proofs of size O(mk( log m +r)) bits. In the random oracle model, we obtain non-interactive proofs of size O(m( log m+r) + rk) bits. By simulating a random oracle, we obtain non-interactive proofs which are short enough to be used in practice. We call the latter proofs ``discreet.''
Unable to display preview. Download preview PDF.