Novel Ω-protocols for NP



Ω-protocols, introduced by Garay, Mackenzie and Yang, is a variant of S-protocols with online extractor which is a useful tool to overcome the nest effect in concurrent scenario. In this work, we construct an Ω-protocol for Hamiltonian cycle problem, and therefore, it allows us to present Ω-protocol for any NP relation. For most general NP relations, our construction of Ω-protocols is much more efficient than the informal one described by Garay et al. and we believe that the method for our construction may be of independent interest.


concurrent zero knowledge Ω-protocols Σ-protocols Hamiltonian cycle 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Goldwasser S, Micali S, Rackoff C. The knowledge complexity of interactive proofsystems. SIAM J Comp, 1989, 18(1): 186–208MATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    Dwork C, Naor M, Sahai A. Concurrent zero-knowledge. In: Proc. of 30th ACM Symp. on Theory of Computing (STOC’98). 1998. 409–418Google Scholar
  3. 3.
    Canetti R, Kilian J, Petrank E, et al. Concurrent zero-knowledge requires Ω (log n) rounds. In: Proc. of 33rd ACM Symp. on Theory of Computing (STOC’01). Heraklion, Crete, Greece: ACM Press, 2001, 570–579Google Scholar
  4. 4.
    Damgard I. Efficient concurrent zero-knowledge in the auxiliary string model. In: Advance in Cryptology-EUROCYPT’00. Springer LNCS 1807, 2000, 174–187Google Scholar
  5. 5.
    Barak B. How to go beyond the black-box simulation barrier. In: Proc. of 42nd IEEE Symp. on Foundations of Computer Science (FOCS’01). 2001. 106–115Google Scholar
  6. 6.
    Dolev D, Dwork C, Naor M. Non-malleable cryptography. SIAM J Comp, 2000, 30(2): 391–437MATHCrossRefMathSciNetGoogle Scholar
  7. 7.
    De Santis A, Di Crescenzo G, Ostrovsky R, et al. Robust non-interactive zero knowledge. In: Advance in Cryptology-CRYPTO’01. Springer LNCS 2139, 2001, 566–598Google Scholar
  8. 8.
    Sahai A. Non-malleable non-interactive zero-knowledge and adaptive chosen-ciphertext security. In: Proc. of 40th IEEE Symp. on Foundations of Computer Science (FOC S’99). 1999, 543–553Google Scholar
  9. 9.
    Barak B. Constant-round coin tossing with a man in the middle or realizing the shared random string model. In: Proc. of 43rd IEEE Symp. on Foundations of Computer Science (FOC S’02). 2001. 345–355Google Scholar
  10. 10.
    Pass R, Rosen A. New and improved constructions of non-malleable cryptographic Protocols. In: 37th ACM Symp. on Theory of Computing(STOC’05), 2005Google Scholar
  11. 11.
    Katz J. Efficient and non-malleable proofs of plaintext knowledge and applications. In: Advance in Cryptology-EUROCRYPT’03. Springer LNCS 2656, 2003, 211–228Google Scholar
  12. 12.
    Garay J, MacKenzie P, Yang K. Strengthening zero-knowledge protocols using signatures. In: Advance in Cryptology-EUROCRYPT’03. Springer LNCS 2656, 2003, 177–194Google Scholar
  13. 13.
    Gennaro R. Multi-trapdoor commitments and their applications to non-malleable protocols. In: Advance in Cryptology-CRYPTO’04. Springer LNCS 3152, 2004, 220–236Google Scholar
  14. 14.
    Fischlin M. Communication-efficient non-interactive proofs of knowledge with online extractors. In: Advances in Cryptology-Crypto 2005. Springer LNCS 3621, 2005, 152–168Google Scholar
  15. 15.
    Blum M. How to prove a theorem so no one else can claim it. In: Proc. of ICM’86. Berkeley: American Mathematical Society, 1986. 1444–1451Google Scholar
  16. 16.
    Goldreich O. Foundation of Cryptography-basic Tools. Cambridge: Cambridge University Press, 2001Google Scholar
  17. 17.
    Bellare M, Goldreich O. On defining proofs of knowledge. Advances in Cryptology-CRYPTO’92. Springer LNCS 740, 1992, 390–420Google Scholar
  18. 18.
    Fiat A, Shamir A. How to prove yourself: Practical solution to identification and signature problems. In: Advance of Cryptology-CRYPTO’86. Springer LNCS 263, 1986, 186–189Google Scholar
  19. 19.
    Guillou L C, Quisquater J-J. A practical zero-knowledge protocol fitted to security microprocessors minimizing both transmission and memery. In: Advance in Cryptology-EUROCRYPT’88. Springer LNCS 330, 1988, 123–128Google Scholar
  20. 20.
    Goldwasser S, Micali S. Probabilistic encryption. J Comp Syst Sci, 1984, 28(2): 270–299MATHCrossRefMathSciNetGoogle Scholar
  21. 21.
    Micali S, Rackoff C, Sloan R H. The notion of security for probabilistic cryptosystems. SIAM J Comp, 1988, 17(2): 412–426MATHCrossRefMathSciNetGoogle Scholar
  22. 22.
    Cramer R, Damgard I, Schoenmakers B. Proofs of partial knowledge and simplified design of witness hiding protocols. In: Advance in Cryptology-CRYPTO’94. Springer LNCS 839, 1994, 174–187Google Scholar

Copyright information

© Science in China Press 2008

Authors and Affiliations

  1. 1.State Key Laboratory of Information Security, Institute of softwareChinese Academy of sciencesBeijingChina
  2. 2.Graduate University of Chinese Academy of SciencesBeijingChina

Personalised recommendations