Necessary and Sufficient Assumptions for Non-interactive Zero-Knowledge Proofs of Knowledge for All NP Relations

Extended Abstract
  • Alfredo De Santis
  • Giovanni Di Crescenzo
  • Giuseppe Persiano
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1853)


Establishing relationships between primitives is an important area in the foundations of Cryptography. In this paper we consider the primitive of non-interactive zero-knowledge proofs of knowledge, namely, methods for writing a proof that on input x the prover knows y such that relation R(x, y) holds. These proofs have important applications for the construction of cryptographic protocols, as cryptosystems and signatures that are secure under strong types of attacks. They were first defined in [10], where a sufficient condition for the existence of such proofs for all NP relations was given. In this paper we show, perhaps unexpectedly, that such condition, based on a variant of public-key cryptosystems, is also necessary. Moreover, we present an alternative and natural condition, based on a variant of commitment schemes, which we show to be necessary and sufficient as well for the construction of such proofs. Such equivalence also allows us to improve known results on the construction of such proofs under the hardness of specific computational problems. Specifically, we show that assuming the hardness of factoring Blum integers is sufficient for such constructions.


Random String Commitment Scheme Reference String Trapdoor Permutation Chosen Ciphertext Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    E. Bach, How to Generated Random Factored numbers, SIAM Journal on Computing, vol. 17, n. 2, 1988.Google Scholar
  2. 2.
    E. Bach and J. Shallit, Algorithmic Number Theory, MIT Press, 1996.Google Scholar
  3. 3.
    D. Beaver, Adaptive Zero-Knowledge and Computational Equivocation, in Proc. of FOCS 96.Google Scholar
  4. 4.
    M. Bellare and S. Goldwasser, Methodology for Constructing Signature Schemes based on Non-Interactive Zero-Know ledge Proofs, in Proc. of CRYPTO 88.Google Scholar
  5. 5.
    M. Blum, A. De Santis, S. Micali, and G. Persiano, Non-Interactive Zero-Knowledge, SIAM Journal of Computing, vol. 20, no. 6, Dec 1991, pp. 1084–1118.zbMATHCrossRefGoogle Scholar
  6. 6.
    M. Blum, P. Feldman, and S. Micali, Non-Interactive Zero-Knowledge and Applications, Proc. of STOC 88.Google Scholar
  7. 7.
    M. Blum and S. Micali, How to Generate Cryptographically Strong Sequence of Pseudo-Random Bits, SIAM J. on Computing, vol. 13, no. 4, 1984, pp. 850–864.zbMATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    G. Brassard, C. Crépeau, and D. Chaum, Minimum Disclosure Proofs of Knowledge, Journal of Computer and System Sciences, vol. 37, no. 2, pp. 156–189.Google Scholar
  9. 9.
    W. Diffie and M. Hellman, New Directions in Cryptography, in IEEE Transaction in Information Theory, 22, 1976.Google Scholar
  10. 10.
    A. De Santis and P. Persiano, Zero-Know ledge Proofs of Knowledge without Interaction, in Proc. of FOCS 92.Google Scholar
  11. 11.
    G. Di Crescenzo, Y. Ishai, and R. Ostrovsky, Non-Interactive and Non-Malleable Commitment, in Proc. of STOC 98.Google Scholar
  12. 12.
    G. Di Crescenzo and R. Ostrovsky, On Concurrent Zero-Knowledge with Pre-Processing, in Proc. of CRYPTO 99.Google Scholar
  13. 13.
    U. Feige, D. Lapidot, and A. Shamir, Multiple Non-Interactive Zero-Knowledge Proofs Based on a Single Random String, in Proc. of STOC 90.Google Scholar
  14. 14.
    O. Goldreich, S. Goldwasser, and S. Micali, How to Construct Random Functions, Journal of the ACM, vol. 33, no. 4, 1986, pp. 792–807.CrossRefMathSciNetGoogle Scholar
  15. 15.
    O. Goldreich and L. Levin, A Hard-Core Predicate for any One-Way Function, in Proc. of FOCS 90.Google Scholar
  16. 16.
    O. Goldreich, S. Micali, and A. Wigderson, Proofs that Yield Nothing but their Validity or All Languages in NP Have Zero-Knowledge Proof Systems, Journal of the ACM, vol. 38, n. 1, 1991, pp. 691–729.zbMATHMathSciNetGoogle Scholar
  17. 17.
    S. Goldwasser, and S. Micali, Probabilistic Encryption, Journal of Computer and System Sciences, vol. 28, n. 2, 1984, pp. 270–299.zbMATHCrossRefMathSciNetGoogle Scholar
  18. 18.
    S. Goldwasser, S. Micali, and C. Rackoff, The Knowledge Complexity of Interactive Proof-Systems, SIAM Journal on Computing, vol. 18, n. 1, 1989.Google Scholar
  19. 19.
    J. Hastad, R. Impagliazzo, L. Levin, and M. Luby, Construction of a Pseudo-Random Generator from any One-Way Function, SIAM Journal on Computing, vol. 28, n. 4, pp. 1364–1396, 1999.zbMATHCrossRefMathSciNetGoogle Scholar
  20. 20.
    R. Impagliazzo and M. Luby, One-Way Functions are Necessary for Complexity-Based Cryptography, in Proc. of FOCS 89.Google Scholar
  21. 21.
    R. Impagliazzo and S. Rudich, Limits on the Provable Consequences of One-Way Permutations, in Proc. of STOC 91.Google Scholar
  22. 22.
    M. Luby and C. Rackoff, How to Construct a Pseudo-Random Permutation from a Pseudo-Random Function, in SIAM Journal on Computing, vol. 17, n. 2, Aug 1988.Google Scholar
  23. 23.
    M. Naor, Bit Commitment using Pseudorandomness, in Proc. of CRYPTO 91.Google Scholar
  24. 24.
    M. Naor and M. Yung, Universal One-way Hash Functions and their Cryptographic Applications, in Proc. of STOC 89.Google Scholar
  25. 25.
    M. Naor and M. Yung, Public-Key Cryptosystems Provably Secure against Chosen Ciphertext Attack, Proc. of STOC 90.Google Scholar
  26. 26.
    R. Ostrovsky and A. Wigderson, One-way Functions are Necessary for Non-Trivial Zero-Knowledge Proofs, in Proc. of ISTCS 93.Google Scholar
  27. 27.
    J. Rompel, One-way Functions are Necessary and Sufficient for Secure Signatures, in Proc. of STOC 90.Google Scholar
  28. 28.
    A. Yao, Theory and Applications of Trapdoor Functions, in Proc. of FOCS 82.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2000

Authors and Affiliations

  • Alfredo De Santis
    • 1
  • Giovanni Di Crescenzo
    • 2
  • Giuseppe Persiano
    • 1
  1. 1.Dipartimento di Informatica ed ApplicazioniUniversitá di SalernoBaronissi (SA)Italy
  2. 2.Telcordia Technologies Inc.MorristownUSA

Personalised recommendations