Cryptographic Applications of the Non-Interactive Metaproof and Many-prover Systems

  • Alfredo De Santis
  • Moti Yung
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 537)


In a companion paper [DeYu] we have developed the tool of non-interactive proof-system we call “Metaproof” (μ-NIZK proof system); this provides a proof of “the existence of a proof to a statement”. Using a reduction of the theorem to a set of claims about encrypted values, enabled us to develop a crucial proof-system property which we called “on-line simulatable NIZK proof-system”. This was used to implement the “Many-Prover Non-Interactive Proof-System” where independent users can send proofs (which was not known in the original system and was open), and a “Self-Referential NIZK proof system” where the random reference string is available to the polynomial-time opponent who chooses the theorem to prove, (this was an intriguing question regarding such systems).

In this abstract we present an introduction to the basic tools and their possible applications. The subject of this paper is a variety of cryptographic applications provided by the new tools. We demonstrate its applicability in enhancing security and properties of a methodology for signature and authentication developed by Bellare and Goldwasser [BeGo] (by using the Metaproof system to solve the open problem of many-prover NIZK system). We also show, among other things, how the tools can be used to provide security mechanisms such as an “Oblivious Warden” which translates non-interactive proofs to random ones independently of the proof itself, and the notion of “Gradual opening of a zero-knowledge computation” which is first demonstrated to be correct using a non-interactive proof, and then is opened gradually and fast (i.e., without further proofs).


Signature Scheme Turing Machine Proof System Random String Satisfying Assignment 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [BaMo]
    L. Babai and S. Moran, Arthur-Merlin Games: A Randomized Proof System and a Hierarchy of Complexity Classes, Journal of Computer and System Sciences, vol. 36, 1988, pp. 254–276.MathSciNetCrossRefGoogle Scholar
  2. [BeGo]
    M. Bellare and S. Goldwasser, New Paradigms for Digital Signatures and Message Authentication based on Non-interactive Zero-knowledge Proofs, Crypto 1989.Google Scholar
  3. [BeMi]
    M. Bellare and S. Micali, Non-interactive Oblivious Transfer and Applications, Crypto 1989.Google Scholar
  4. [BlDeMiPe]
    M. Blum, A. De Santis, S. Micali, and G. Persiano, Non-Interactive Zero-Knowledge Proof Systems, preprint.Google Scholar
  5. [BlFeMi]
    M. Blum, P. Feldman, and S. Micali, Non-Interactive Zero-Knowledge Proof Systems and Applications, Proceedings of the 20th Annual ACM Symposium on Theory of Computing, Chicago, Illinois, 1988.Google Scholar
  6. [Bl]
    M. Blum, How to Prove a Theorem So No One Else Can Claim It, Proceedings of the International Congress of Mathematicians, Berkeley, California, 1986, pp. 1444–1451.Google Scholar
  7. [Co]
    S. A. Cook, The Complexity of Theorem-Proving Procedures, Proc. 3rd Ann. ACM Symp. on Theory of Computing, New York, pp. 151–158.Google Scholar
  8. [De]
    Y. Desmeth, Abuse-free Cryptosystems: Particularly Subliminal-Free Authentication and Signature, preprint.Google Scholar
  9. [DiHe]
    W. Diffie and M. E. Hellman, New Directions in Cryptography, IEEE Transactions on Information Theory, vol. IT-22, no. 6, Nov. 1976, pp. 644–654.MathSciNetCrossRefGoogle Scholar
  10. [DePe]
    A. De Santis and G. Petsiano, Public-Randomness in Public-key Cryptosystems, Eurocrypt-90.Google Scholar
  11. [DeMiPe1]
    A. De Santis, S. Micali, and G. Persiano, Non-Interactive Zero-Knowledge Proof-Systems, in “Advances in Cryptology — CRYPTO 87”, vol. 293 of “Lecture Notes in Computer Science”, Springer Verlag.Google Scholar
  12. [DeMiPe2]
    A. De Santis, S. Micali, and G. Persiano, Non-Interactive Zero-Knowledge Proof-Systems with Preprocessing, Crypto 1988.Google Scholar
  13. [DeYu]
    A. De Santis and M. Yung, Non-Interactive Metaproofs and Non-Interactive Protocols, Manuscript.Google Scholar
  14. [EvGoMi]
    S. Even, O. Goldreich, and S. Micali, On-line/Off-line Digital Signatures, Crypto 1989.Google Scholar
  15. [FeLaSh]
    U. Feige, D. Lapidot and A. Shamir, Multiple Non-Interactive Zero Knowledge Proofs Based on a Single Random String, Focs 90.Google Scholar
  16. [FeSh]
    U. Feige, and A. Shamir, Witness-Hiding Protocols, Proceedings of the 22th Annual ACM Symposium on Theory of Computing, 1990, announcement in Crypto-89.Google Scholar
  17. [GaJo]
    M. Garey and D. Johnson, Computers and Intractability: a Guide to the Theory of NP-Completeness, W. H. Freeman & Co., New York, 1979.zbMATHGoogle Scholar
  18. [Go]
    O. Goldreich, A Uniform-Complexity Treatment of Encryption and Zero-Knowledge, Technical Report no. 568, Technion, June 1989.Google Scholar
  19. [GoGoMi]
    O. Goldreich, S. Goldwasser, and S. Micali, How to Construct Random Functions, Journal of the Association for Computing Machinery, vol. 33, no. 4, 1986, pp. 792–807.MathSciNetCrossRefGoogle Scholar
  20. [GoMil]
    S. Goldwasser and S. Micali. Probabilistic Encryption. Journal of Computer and System Science, vol. 28, n. 2, 1984, pp. 270–299.MathSciNetCrossRefGoogle Scholar
  21. [GoMiRa]
    S. Goldwasser, S. Micali, and C. Rackoff, The Knowledge Complexity of Interactive Proof-Systems, SIAM Journal on Computing, vol. 18, n. 1, February 1989.MathSciNetCrossRefGoogle Scholar
  22. [GoMiRi]
    S. Goldwasser, S. Micali, and R. Rivest, A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attack, SIAM Journal of Computing, vol. 17, n. 2, April 1988, pp. 281–308.MathSciNetCrossRefGoogle Scholar
  23. [GoMiWi1]
    O. Goldreich, S. Micali, and A. Wigderson, Proofs that Yield Nothing but their Validity and a Methodology of Cryptographic Design, Proceedings of 27th Annual Symposium on Foundations of Computer Science, 1986, pp. 174–187.Google Scholar
  24. [GoMiWi2]
    O. Goldreich, S. Micali, and A. Wigderson, How to Play Any Mental Game, Proceedings of the 19th Annual ACM Symposium on Theory of Computing, New York, pp. 218–229.Google Scholar
  25. [Ha]
    J. Håstad, Pseudorandom Generation under Uniform Assumptions, Proceedings of the 22th Annual ACM Symposium on Theory of Computing, 1990.Google Scholar
  26. [ImLeLu]
    R. Impagliazzo, L. Levin, and M. Luby, Pseudo-Random Generation from One-way Functions, Proceedings of 21st STOC, May 1989.Google Scholar
  27. [ImNa]
    R. Impagliazzo and M. Naor, Efficient Cryptographic Schemes Provably Secure as Subset Sum, Proceedings of 30th FOCS, 1989.Google Scholar
  28. [ImYu]
    R. Impagliazzo and M. Yung, Direct Minimum Knowledge Computations, in “Advances in Cryptology — CRYPTO 87”, vol. 293 of “Lecture Notes in Computer Science”, Springer Verlag pp. 40–51.Google Scholar
  29. [LaSh]
    D. Lapidot and A. Shamir, These Proceedings.Google Scholar
  30. [Na]
    M. Naor, Bit Commitment using Pseudo-randomness, Crypto 1989.Google Scholar
  31. [NaYu]
    M. Naor and M. Yung, Public-key Cryptosystems Probably Secure Against Chosen Ciphertext Attacks, Proceedings of the 22th Annual ACM Symposium on Theory of Computing, 1990.Google Scholar
  32. [Ro]
    J. Rompel, One-way functions are Necessary and Sufficient for Secure Signatures, STOC 90.Google Scholar
  33. [Ya]
    A. Yao, Theory and Applications of Trapdoor Functions, Proc. 23rd IEEE Symp. on Foundations of Computer Science, 1982, pp. 80–91.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1991

Authors and Affiliations

  • Alfredo De Santis
    • 1
  • Moti Yung
    • 2
  1. 1.Dipartimento di Informatica ed ApplicazioniUniversità di SalernoBaronissi (Salerno)Italy
  2. 2.IBM Research DivisionT. J. Watson Research CenterYorktown HeightsUSA

Personalised recommendations