Non-interactive Zero-Knowledge from Homomorphic Encryption

  • Ivan Damgård
  • Nelly Fazio
  • Antonio Nicolosi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3876)


We propose a method for compiling a class of Σ-protocols (3-move public-coin protocols) into non-interactive zero-knowledge arguments. The method is based on homomorphic encryption and does not use random oracles. It only requires that a private/public key pair is set up for the verifier. The method applies to all known discrete-log based Σ-protocols. As applications, we obtain non-interactive threshold RSA without random oracles, and non-interactive zero-knowledge for NP more efficiently than by previous methods.


  1. 1.
    Barak, B., Canetti, R., Nielsen, J.B., Pass, R.: Universally Composable Protocols with Relaxed Set-Up Assumptions. In: Proceedings of the 45th Annual IEEE Symposium on Foundations of Computer Science (FOCS 2004), pp. 186–195. IEEE Computer Society, Los Alamitos (2004)Google Scholar
  2. 2.
    Boudot, F.: Efficient Proofs that a Commited Number Lies in an Interval. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 431–444. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  3. 3.
    Canetti, R., Goldreich, O., Goldwasser, S., Micali, S.: Resettable zero-knowledge. In: STOC 1999, pp. 235–244. ACM Press, New York (1999)Google Scholar
  4. 4.
    Chaum, D., Pedersen, T.P.: Wallet databases with observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89–105. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  5. 5.
    Cramer, R.: Modular Design of Secure yet Practical Cryptographic Protocols. PhD thesis, CWI and University of Amsterdam (1996)Google Scholar
  6. 6.
    Cramer, R., Damgård, I.: Linear Zero-Knowledge—A Note on Efficient Zero- Knowledge Proofs and Arguments. In: Proceedings of the 29th Annual ACM Symposium on Theory of Computing, pp. 436–445. ACM Press, New York (1997)Google Scholar
  7. 7.
    Cramer, R., Damgård, I.B.: Secret-Key Zero-Knowledge. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 223–237. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  8. 8.
    Cramer, R., Damgård, I.B., Schoenmakers, B.: Proof of partial knowledge and simplified design of witness hiding protocols. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 174–187. Springer, Heidelberg (1994)Google Scholar
  9. 9.
    Damgård, I.B., Fujisaki, E.: A statistically-hiding integer commitment scheme based on groups with hidden order. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 125–142. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  10. 10.
    Dwork, C., Naor, M.: Zaps and Their Applications. In: Proceedings of the 41st Annual IEEE Symposium on Foundations of Computer Science (FOCS 2000), pp. 283–293. IEEE Computer Society, Los Alamitos (2000)Google Scholar
  11. 11.
    Fiat, A., Shamir, A.: How to Prove Yourself: Practical Solutions to Identification and Signature Problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)CrossRefGoogle Scholar
  12. 12.
    Goldwasser, S., Tauman Kalai, Y.: On the (In)security of the Fiat-Shamir Paradigm. In: FOCS 2003, pp. 102–115. IEEE Computer Society, Los Alamitos (2003)Google Scholar
  13. 13.
    Groth, J., Ostrovsky, R., Sahai, A.: Perfect Non-Interactive Zero Knowledge for NP (2005),
  14. 14.
    Kilian, J., Petrank, E.: An Efficient Non-interactive Zero-Knowledge Proof System for NP with General Assumptions. J. Cryptology 11(1), 1–27 (1998)MathSciNetCrossRefzbMATHGoogle Scholar
  15. 15.
    Paillier, P.: Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  16. 16.
    Schnorr, C.: Efficient Signature Generation by Smart Cards. Journal of Cryptology 4(3), 161–174 (1991)CrossRefzbMATHGoogle Scholar
  17. 17.
    Shoup, V.: Practical threshold signatures. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 207–220. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  18. 18.
    van de Graaf, J., Peralta, R.: A Simple and Secure Way to Show the Validity of Your Public Key. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 128–134. Springer, Heidelberg (1988)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Ivan Damgård
    • 1
  • Nelly Fazio
    • 2
  • Antonio Nicolosi
    • 2
  1. 1.Aarhus UniversityDenmark
  2. 2.Courant Institute of Mathematical SciencesNew York UniversityNYUSA

Personalised recommendations