Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack

  • Charles Rackoff
  • Daniel R. Simon
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 576)


The zero-knowledge proof of knowledge, first defined by Fiat, Fiege and Shamir, was used by Galil, Haber and Yung as a means of constructing (out of a trapdoor function) an interactive public-key cryptosystem provably secure against chosen ciphertext attack. We introduce a revised setting which permits the definition of a non-interactive analogue, the non-interactive zero-knowledge proof of knowledge, and show how it may be constructed in that setting from a non-interactive zero-knowledge proof system for N P (of the type introduced by Blum, Feldman and Micali). We give a formalization of chosen ciphertext attack in our model which is stronger than the “lunchtime attack” considered by Naor and Yung, and prove a non-interactive public-key cryptosystem based on non-interactive zero-knowledge proof of knowledge to be secure against it.


Signature Scheme Proof System Digital Signature Scheme Choose Ciphertext Attack Trapdoor Function 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [BFM]
    M. Blum, P. Feldman, and S. Micali, Non-Interactive Zero Knowledge and its Applications, Proc. 20th ACM Symposium on Theory of Computing (1988), pp. 103–112.Google Scholar
  2. [BG]
    M. Bellare and S. Goldwasser, New Paradigms for Digital signatures and Message Authentication based on Non-Interactive Zero-Knowledge Proofs, Proc. CRYPTO’ 89.Google Scholar
  3. [DDN]
    D. Dolev, C. Dwork and M. Naor, Non-Malleable Cryptography, Proc. 23rd ACM Symposium on Theory of Computing (1991), pp. 542–552.Google Scholar
  4. [DH]
    W. Diffie and M. Hellman, New directions in Cryptography, IEEE Trans. on Information Theory 22(6), 1976, pp. 644–654.zbMATHCrossRefMathSciNetGoogle Scholar
  5. [DY]
    A. De Santis and M. Yung, Cryptographic Applications of the Non-Interactive Metaproof and Many-Prover Systems, Proc. CRYPTO’ 90.Google Scholar
  6. [FFS]
    U. Feige, A. Fiat, and A. Shamir, Zero Knowledge Proofs of Identity, Proc. 19th ACM Symp. on Theory of Computing (1987), pp. 210–217.Google Scholar
  7. [FLS]
    U. Feige, D. Lapidot and A. Shamir, Multiple Non-Interactive Zero-Knowledge Proofs Based on a Single Random String, Proc. 31st IEEE Symp. on Foundations of Computer Science (1990), pp. 308–317.Google Scholar
  8. [GHY]
    Z. Galil, S. Haber and M. Yung, Symmetric Public-Key Cryptosystems, submitted to J. of Cryptology.Google Scholar
  9. [GM]
    S. Goldwasser and S. Micali, Probabilistic Encryption, JCSS Vol. 28, No. 2 (April 1984), pp. 270–299.zbMATHMathSciNetGoogle Scholar
  10. [GMRa]
    S. Goldwasser, S. Micali and C. Rackoff, The Knowledge Complexity of Interactive Proof Systems, Proc. 17th ACM Symp. on Theory of Computing (1985), pp. 291–304.Google Scholar
  11. [GMRi]
    S. Goldwasser, S. Micali and R. Rivest, A Secure Digital Signature Scheme, SIAM J. on Computing, Vol. 17,2 (1988), pp. 281–308.zbMATHCrossRefMathSciNetGoogle Scholar
  12. [NY]
    M. Naor and M. Yung, Public-Key Cryptosystems Provably Secure Against Chosen Ciphertext Attacks, Proc. 22nd ACM Symp on Theory of Computing (1990), pp. 427–437.Google Scholar
  13. [R]
    J. Rompel, One-Way Functions Are Necessary and Sufficient for Secure Signatures, Proc. 31st IEEE Symp. on Foundations of Computer Science (1990), pp. 387–394.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1992

Authors and Affiliations

  • Charles Rackoff
    • 1
  • Daniel R. Simon
    • 1
  1. 1.Dept. of Computer ScienceUniversity of TorontoTorontoCanada

Personalised recommendations