Advertisement

On the concrete complexity of zero-knowledge proofs

  • Joan Boyar
  • René Peralta
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 435)

Abstract

The fact that there axe zero-knowledge proofs for all languages in NP has, potentially, enormous implications to cryptography. For cryptographers, the issue is no longer “which languages in NP have zero-knowledge proofs” but rather “which languages in NP have practical zero-knowledge proofs”. Thus, the concrete complexity of zero-knowledge proofs for different languages must be established.

In this paper, we study the concrete complexity of the known general meth- ods for constructing zero-knowledge proofs. We establish that circuit-based methods have the potential of producing proofs which can be used in prac- tice. Then we introduce several techniques which greatly reduce the concrete complexity of circuit-based proofs. In order to show that our protocols yield proofs of knowledge, we show how to extend the Feige-Fiat-Shamir definition for proofs of knowledge to the model of Brassard-Chaum-Crépeau. Finally, we present techniques for improving the efficiency of protocols which involve arith- metic computations, such as modular addition, subtraction, and multiplication, and greatest common divisor.

References

  1. [1]
    J. C. Benaloh. Cryptographic capsules: A disjunctive primitive for interactive protocols. In Advances in Cryptology-proceedings of CRYPTO 86, Lecture Notes in Computer Science, pages 213–222 Springer-Verlag, 1987.Google Scholar
  2. [2]
    M. Blum and S. Kannan. Designing programs that check their work. Proceedings of the 21th Annual ACM Symposium on the Theory of Computing, pages 86–97, 1989.Google Scholar
  3. [3]
    J. Boyar, M. Krentel, and S. Kurtz. A discrete logarithm implementation of zero-knowledge blobs. Technical Report 87-002, University of Chicago, 1987. To appear in Journal of Cryptology.Google Scholar
  4. [4]
    G. Brassard, D. Chaum, and C. Crépeau. Minimum disclosure proofs of knowledge. Journal of Computer and System Sciences, 37:156–189, 1988.zbMATHCrossRefMathSciNetGoogle Scholar
  5. [5]
    G. Brassard and C. Crépeau. Nontransitive transfer of confidence: a perfect zero-knowledge interactive protocol for Sat and beyond. In Proceedings of the 27th IEEE Symposium on the Foundations of Computer Science, pages 188–195, 1986.Google Scholar
  6. [6]
    G. Brassard and C. Crépeau. Zero-knowledge simulation of boolean circuits. In Advances in Cryptology-proceedings of CRYPTO 86, Lecture Notes in Computer Science, pages 223–233. Springer-Verlag, 1987.Google Scholar
  7. [7]
    D. Chaum. Demonstrating that a public predicate can be satisfied without revealing any information about how. In Advances in Cryptology-proceedings of CRYPTO 86, Lecture Notes in Computer Science, pages 195–199. Springer-Verlag, 1987.Google Scholar
  8. [8]
    D. Chaum, I. Damgård, and J. van de Graaf. Multiparty computations ensuring privacy of each party’s input and correctness of the result. In Advances in Cryptology-proceedings of CRYPTO 87, Lecture Notes in Computer Science, pages 87–119. Springer-Verlag, 1988.Google Scholar
  9. [9]
    P.L. Chebyshev. Mémoire sur les nombres premiers. J. Math. Pures et Appl, (I)(17):366–390, 1852.Google Scholar
  10. [10]
    S. A. Cook. The complexity of theorem-proving procedures. In Proceedings of the 3rd Annual ACM Symposium on the Theory of Computing, pages 151–158, 1971.Google Scholar
  11. [11]
    B. den Boer. An efficiency improvement to prove satisfiability with zero knowledge with public key. In Advances in Cryptology-proceedings of EUROCRYPT 89, Lecture Notes in Computer Science, 1989. To appear.Google Scholar
  12. [12]
    U. Feige, A. Fiat, and A. Shamir. Zero-knowledge proofs of identity. Journal of Cryptology, 1(2):77–94,1988.zbMATHCrossRefMathSciNetGoogle Scholar
  13. [13]
    M.R. Garey, D.S. Johnson, and L. Stockmeyer. Some simplified np-complete graph problems. Theoretical Computer Science, 1:237–267, 1976.zbMATHCrossRefMathSciNetGoogle Scholar
  14. [14]
    O. Goldreich, S. Micali, and A. Wigderson. Proofs that yield nothing but their validity and a methodology of cryptographic protocol design. In 27th. IEEE Symposium on Foundations of Computer Science, pages 174–187, 1986.Google Scholar
  15. [15]
    S. Goldwasser and S. Micali. Probabilistic encryption. Journal of Computer and System Sciences, 28:270–299, 1984.zbMATHCrossRefMathSciNetGoogle Scholar
  16. [16]
    S. Goldwasser, S. Micali, and C. Rackoff. The knowledge complexity of interactive proof-systems. SIAM Journal of Computation, 18(l):186–208, 1989.zbMATHCrossRefMathSciNetGoogle Scholar
  17. [17]
    R. Impagliazzo and M. Yung. Direct minimum-knowledge computations. In Advances in Cryptology-proceedings of CRYPTO 87, Lecture Notes in Computer Science, pages 40–51. Springer-Verlag, 1988.Google Scholar
  18. [18]
    J. Kilian, S. Micali, and R. Ostrovsky. Efficient zero-knowledge proofs with bounded interaction. In Advances in Cryptology-proceedings of CRYPTO 89, Lecture Notes in Computer Science. Springer-Verlag, 1990. To appear.Google Scholar
  19. [19]
    W. LeVeque. Fundamentals of Number Theory. Addison-Wesley, 1977.Google Scholar
  20. [20]
    N. Pippenger and M. Fischer. Relations among complexity measures. Journal of the Association for Computing Machinery, 23:361–381, 1979.MathSciNetGoogle Scholar
  21. [21]
    J. Rosser and L. Schoenfeld. Approximate formulas for some functions of prime numbers. Illinois Journal of Mathematics, 6:64–94, 1962.zbMATHMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1990

Authors and Affiliations

  • Joan Boyar
    • 1
  • René Peralta
    • 2
  1. 1.Computer Science DepartmentUniversity of ChicagoChicago
  2. 2.Computer Science DepartmentUniversity of WisconsinMilwaukee

Personalised recommendations