Journal of Cryptology

, Volume 13, Issue 4, pp 449–472 | Cite as

Short Non-Interactive Cryptographic Proofs

  • Joan Boyar
  • Ivan Damgård
  • René Peralta


We show how to produce short proofs of theorems such that a distrusting Verifier can be convinced that the theorem is true yet obtains no information about the proof itself. We assume the theorem is represented by a boolean circuit, of size m gates, which is satisfiable if and only if the theorem holds. We use bit commitments of size k and bound the probability of false proofs going undetected by 2 -r . We obtain non-interactive zero-knowledge proofs of size O(mk( log m +r)) bits. In the random oracle model, we obtain non-interactive proofs of size O(m( log m+r) + rk) bits. By simulating a random oracle, we obtain non-interactive proofs which are short enough to be used in practice. We call the latter proofs ``discreet.''

Key words. Cryptographic proofs, Non-interactive proofs, Discreet proofs, Circuit complexity, Multiplicative complexity. 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© International Association for Criptologic Rese 2000

Authors and Affiliations

  • Joan Boyar
    • 1
  • Ivan Damgård
    • 2
  • René Peralta
    • 3
  1. 1.Department of Mathematics and Computer Science, University of Southern Denmark, Odense, Denmark joan@imada.sdu.dkDK
  2. 2.Department of Computer Science, BRICS, Aarhus University, DC-8000 Aarhus C, Denmark
  3. 3.Department of Computer Science, Yale University, New Haven, CT 06520-8285, U.S.A. peralta-rene@cs.yale.eduUK

Personalised recommendations