Perfect Non-interactive Zero Knowledge for NP

  • Jens Groth
  • Rafail Ostrovsky
  • Amit Sahai
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4004)


Non-interactive zero-knowledge (NIZK) proof systems are fundamental cryptographic primitives used in many constructions, including CCA2-secure cryptosystems, digital signatures, and various cryptographic protocols. What makes them especially attractive, is that they work equally well in a concurrent setting, which is notoriously hard for interactive zero-knowledge protocols. However, while for interactive zero-knowledge we know how to construct statistical zero-knowledge argument systems for all NP languages, for non-interactive zero-knowledge, this problem remained open since the inception of NIZK in the late 1980’s. Here we resolve two problems regarding NIZK:

We construct the first perfect NIZK argument system for any NP language.

We construct the first UC-secure NIZK argument for any NP language in the presence of a dynamic/adaptive adversary.

While it is already known how to construct efficient prover computational NIZK proofs for any NP language, the known techniques yield large common reference strings and large proofs. Another contribution of this paper is NIZK proofs with much shorter common reference string and proofs than previous constructions.


Non-interactive zero-knowledge universal composability non-malleability 


  1. 1.
    Aiello, W., Håstad, J.: Perfect zero-knowledge languages can be recognized in two rounds. In: Proceedings of FOCS 1987, pp. 439–448 (1987)Google Scholar
  2. 2.
    Blum, M., De Santis, A., Micali, S., Persiano, G.: Noninteractive zero-knowledge. SIAM Jornal of Computation 20(6), 1084–1118 (1991)MathSciNetCrossRefzbMATHGoogle Scholar
  3. 3.
    Blum, M., Feldman, P., Micali, S.: Non-interactive zero-knowledge and its applications. In: Proceedings of STOC 1988, pp. 103–112 (1988)Google Scholar
  4. 4.
    Boneh, D., Goh, E.-J., Nissim, K.: Evaluating 2-dnf formulas on ciphertexts. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 325–341. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  5. 5.
    Brassard, G., Chaum, D., Crèpeau, C.: Minimum disclosure proofs of knowledge. JCSS 37(2), 156–189 (1988)MathSciNetzbMATHGoogle Scholar
  6. 6.
    Brassard, G., Crèpeau, C.: Non-transitive transfer of confidence: A perfect zero-knowledge interactive protocol for sat and beyond. In: Proceedings of FOCS 1986, pp. 188–195 (1986)Google Scholar
  7. 7.
    Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: Proceedings of FOCS 2001, pp. 136–145 (2001), Full paper available at:
  8. 8.
    Canetti, R., Lindell, Y., Ostrovsky, R., Sahai, A.: Universally composable two-party and multi-party secure computation. In: Proceedings of STOC 2002, pp. 494–503 (2002), Full paper available at:
  9. 9.
    Damgård, I.: Non-interactive circuit based proofs and non-interactive perfect zero-knowledge with proprocessing. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 341–355. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  10. 10.
    Damgård, I., Groth, J.: Non-interactive and reusable non-malleable commitment schemes. In: Proceedings of STOC 2003, pp. 426–437 (2003)Google Scholar
  11. 11.
    De Santis, A., Di Crescenzo, G., Ostrovsky, R., Persiano, G., Sahai, A.: Robust non-interactive zero knowledge. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 566–598. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  12. 12.
    De Santis, A., Di Crescenzo, G., Persiano, G.: Non-interactive zero-knowledge: A low-randomness characterization of np. In: Wiedermann, J., Van Emde Boas, P., Nielsen, M. (eds.) ICALP 1999. LNCS, vol. 1644, pp. 271–280. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  13. 13.
    De Santis, A., Di Crescenzo, G., Persiano, G.: Randomness-optimal characterization of two np proof systems. In: Rolim, J.D.P., Vadhan, S.P. (eds.) RANDOM 2002. LNCS, vol. 2483, pp. 179–193. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  14. 14.
    De Santis, A., Di Crescenzo, G., Persiano, G., Yung, M.: Image density is complete for non-interactive-szk. In: Larsen, K.G., Skyum, S., Winskel, G. (eds.) ICALP 1998. LNCS, vol. 1443, pp. 784–795. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  15. 15.
    Di Crescenzo, G., Ishai, Y., Ostrovsky, R.: Non-interactive and non-malleable commitment. In: Proceedings of STOC 1998, pp. 141–150 (1998)Google Scholar
  16. 16.
    Di Crescenzo, G., Katz, J., Ostrovsky, R., Smith, A.: Efficient and non-interactive non-malleable commitment. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 40–59. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  17. 17.
    Dolev, D., Dwork, C., Naor, M.: Non-malleable cryptography. SIAM J. of Computing 30(2), 391–437 (2000), Earlier version at STOC 1991CrossRefzbMATHGoogle Scholar
  18. 18.
    Feige, U., Lapidot, D., Shamir, A.: Multiple non-interactive zero knowledge proofs under general assumptions. SIAM J. Comput. 29(1), 1–28 (1999), Earlier version entitled Multiple Non-Interactive Zero Knowledge Proofs Based on a Single Random String appeared at FOCS 1990MathSciNetCrossRefzbMATHGoogle Scholar
  19. 19.
    Fortnow, L.: The complexity of perfect zero-knowledge. In: Proceedings of STOC 1987, pp. 204–209 (1987)Google Scholar
  20. 20.
    Garay, J.A., MacKenzie, P.D., Yang, K.: Strengthening zero-knowledge protocols using signatures. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 177–194. Springer, Heidelberg (2003), Full paper available at: CrossRefGoogle Scholar
  21. 21.
    Goldreich, O., Levin, L.A.: A hard-core predicate for all one-way functions. In: proceedings of STOC 1989, pp. 25–32 (1989)Google Scholar
  22. 22.
    Goldreich, O., Ostrovsky, R., Petrank, E.: Computational complexity and knowledge complexity. SIAM J. Comput. 27, 1116–1141 (1998)MathSciNetCrossRefzbMATHGoogle Scholar
  23. 23.
    Goldreich, O., Sahai, A., Vadhan, S.P.: Can statistical zero knowledge be made non-interactive? or on the relationship of szk and niszk. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 467–484. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  24. 24.
    Groth, J.: Honest verifier zero-knowledge arguments applied. Dissertation Series DS-04-3, BRICS, PhD thesis. xii+119 pp (2004)Google Scholar
  25. 25.
    Groth, J.: Cryptography in subgroups of ℤn *. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 50–65. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  26. 26.
    Groth, J., Ostrovsky, R., Sahai, A.: Perfect non-interactive zero-knowledge for np. ECCC Report TR05-097 (2005),
  27. 27.
    Kilian, J., Petrank, E.: An efficient noninteractive zero-knowledge proof system for np with general assumptions. Journal of Cryptology 11(1), 1–27 (1998)MathSciNetCrossRefzbMATHGoogle Scholar
  28. 28.
    MacKenzie, P.D., Yang, K.: On simulation-sound trapdoor commitments. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 382–400. Springer, Heidelberg (2004), Full paper available at: CrossRefGoogle Scholar
  29. 29.
    Ostrovsky, R.: One-way functions, hard on average problems, and statistical zero-knowledge proofs. In: Proceedings of Structure in Complexity Theory Conference, pp. 133–138 (1991)Google Scholar
  30. 30.
    Pass, R.: On deniability in the common reference string and random oracle model. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 316–337. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  31. 31.
    Pass, R., Shelat, A.: Characterizing non-interactive zero-knowledge in the public and secret parameter models. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 118–134. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  32. 32.
    Sahai, A.: Non-malleable non-interactive zero-knowledge and adaptive chosen-ciphertext security. In: Proceedings of FOCS 2001, pp. 543–553 (2001)Google Scholar
  33. 33.
    Sahai, A., Vadhan, S.P.: A complete problem for statistical zero knowledge. J. ACM 50(2), 196–249 (2003)MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Jens Groth
    • 1
  • Rafail Ostrovsky
    • 1
  • Amit Sahai
    • 1
  1. 1.UCLA, Computer Science DepartmentLos AngelesUSA

Personalised recommendations