How to Prove All NP Statements in Zero-Knowledge and a Methodology of Cryptographic Protocol Design (Extended Abstract)

  • Oded Goldreich
  • Silvio Micali
  • Avi Wigderson
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 263)


Under the assumption that encryption functions exist, we show that all languages in NP possess zero-knowledge proofs. That is, it is possible to demonstrate that a CNF formula is satisfiable without revealing any other property of the formula. In particular, without yielding neither a satisfying assignment nor weaker properties such as whether there is a satisfying assignment in which x 1 = TRUE, or whether there is a satisfying assignment in which x 1 = x 3 etc.

The above result allows us to prove two fundamental theorems in the field of (two-party and multi-party) cryptographic protocols. These theorems yield automatic and efficient transformations that, given a protocol that is correct with respect to an extremely weak adversary, output a protocol correct in the most adversarial scenario. Thus, these theorems imply powerful methodologies for developing two-party and multi-party cryptographic protocols.


Proof System Cryptographic Protocol Satisfying Assignment Oblivious Transfer Common Input 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [AHU]
    Aho, A.V., J.E. Hopcroft, and J.D. Ullman, The Design and Analysis of Computer Algorithms, Addison-Wesley Publ. Co., 1974.Google Scholar
  2. [ACGS]
    Alexi, W., B. Chor, O. Goldreich, and C.P. Schnorr, “RSA and Rabin Functions: Certain Parts Are As Hard As The Whole”, to appear in SIAM Jour. on Computing. Extended Abstract in Proc. 25th FOCS, 1984.Google Scholar
  3. [AGY]
    Alon, N., Z. Galil, and M. Yung, “A Fully Polynomial Simultaneous Broadcast in the Presence of Faults”, preprint, 1985.Google Scholar
  4. [B]
    Babai, L., “Trading Group Theory for Randomness”, Proc. 17th STOC, 1985, pp. 421–429.Google Scholar
  5. [Bena]
    Benaloh, (Cohen) J.D., “Secret Sharing Homomorphisms: Keeping Shares of a Secret Secret”, these proceedings.Google Scholar
  6. [Blu]
    Blum, M., “Coin Flipping by Phone”, IEEE Spring COMPCOM, pp. 133–137, February 1982.Google Scholar
  7. [BM]
    Blum, M., and Micali, S., “How to Generate Cryptographically Strong Sequences of Pseudo-Random Bits”, SIAM Jour. on Computing, Vol. 13, 1984, pp. 850–864.zbMATHCrossRefMathSciNetGoogle Scholar
  8. [BC1]
    Brassard, G., and C. Crepeau, “Zero-Knowledge Simulation of Boolean Circuits”, manuscript 1986.Google Scholar
  9. [BC2]
    Brassard, G., and C. Crepeau, “Non-Transitive Transfer of Confidence: A Perfect Zero-Knowledge Interactive Protocol for SAT and Beyond”, manuscript, 1986.Google Scholar
  10. [BD]
    Broder, A.Z., and D. Dolev, “Flipping Coins in Many Pockets (Byzantine Agreement on Uniformly Random Values”, Proc. 25th FOCS, 1984, pp. 157–170.Google Scholar
  11. [Cha]
    Chaum, D., “Demonstrating that a Public Predicate can be Satisfied Without Revealing Any Information About How”, these proceedings.Google Scholar
  12. [CEGP]
    Chaum, D., J.H. Evertse, J. van de Graaf, and R. Peralta, “Demonstrating Possession of a Discrete Logarithm without Revealing It”, these proceedings.Google Scholar
  13. [CGG]
    Chor, B., O. Goldreich, and S. Goldwasser, “The Bit Security of Modular Squaring given Partial Factorization of the Modulos”, Proc. of Crypto85, to appear (1986).Google Scholar
  14. [CGMA]
    Chor, B., S. Goldwasser, S. Micali, and B. Awerbuch, “Verifiable Secret Sharing and Achieving Simultaneity in the Presence of Faults”, Proc. 26th FOCS, 1985, pp. 383–395.Google Scholar
  15. [C]
    Cook, S.A., “The Complexity of Theorem Proving Procedures”, Proc. 3rd STOC, pp. 151–158, 1971.Google Scholar
  16. [DH]
    Diffie, W., and M.E. Hellman, “New Directions in Cryptography”, IEEE Trans. on Inform. Theory, Vol. IT-22, No. 6, November 1976, pp. 644–654.CrossRefMathSciNetGoogle Scholar
  17. [EGL]
    Even, S., O. Goldreich, and A. Lempel, “A Randomized Protocol for Signing Contracts”, CACM, Vol. 28, No. 6, 1985, pp. 637–647.MathSciNetGoogle Scholar
  18. [F]
    Feldman, P., “A Practical Scheme for Verifiable Secret Sharing”, manuscript, 1986.Google Scholar
  19. [FM]
    Feldman, P., and S., Micali, in preparation, 1985.Google Scholar
  20. [FMRW]
    Fischer, M., S. Micali, C. Rackoff, and D.K. Wittenberg, “An Oblivious Transfer Protocol Equivalent to Factoring”, in preparation. Preliminary versions were presented in EuroCrypt84 (1984), and in the NSF Workshop on Mathematical Theory of Security, Endicott House (1985).Google Scholar
  21. [GHY]
    Galil, Z., S. Haber, and M. Yung, “A Private Interactive Test of a Boolean Predicate and Minimum-Knowledge Public-Key Cryptosystems”, Proc. 26th FOCS, 1985, pp. 360–371.Google Scholar
  22. [GJ]
    Garey, M.R., and D.S. Johnson, Computers and Intractability: A Guide to the Theory of NP-Completeness, W.H. Freeman and Company, New York, 1979.zbMATHGoogle Scholar
  23. [G]
    Goldreich, O., “A Zero-Knowledge Proof that a Two-Prime Moduli Is Not a Blum Integer”, unpublished manuscript, 1985.Google Scholar
  24. [GGM]
    Goldreich, O., S. Goldwasser, and S. Micali, “How to Construct Random Functions”, Proc. of 25th Symp. on Foundation of Computer Science, 1984, pp. 464–479. To appear in Jour. of ACM.Google Scholar
  25. [GMW]
    Goldreich, O., S. Micali, and A. Wigderson, “Proofs that Yield Nothing But their Validity”, in preparation. An extended abstract will appear in the proceedings of 27th FOCS, 1986.Google Scholar
  26. [GMW2]
    Goldreich, O., S. Micali, and A. Wigderson, “How to Automatically Generate Correct and Private Fault-Tolerant Protocols”, in preparations.Google Scholar
  27. [GM]
    Goldwasser, S., and S. Micali, “Probabilistic Encryption”, JCSS, Vol. 28, No. 2, 1984, pp. 270–299.zbMATHMathSciNetGoogle Scholar
  28. [GMR]
    Goldwasser, S., S. Micali, and C. Rackoff, “Knowledge Complexity of Interactive Proofs”, Proc. 17th STOC, 1985, pp. 291–304.Google Scholar
  29. [GMRiv]
    Goldwasser, S., S. Micali, and R.L. Rivest, “A Paradoxical Signature Scheme”, Proc. 25th FOCS, 1984.Google Scholar
  30. [GS]
    Goldwasser, S., and M. Sipser, “Arthur Merlin Games versus Interactive Proof Systems”, Proc. 18th STOC, pp. 59–68, 1986.Google Scholar
  31. [K]
    Karp, R.M., “Reducibility among Combinatorial Problems”, Complexity of Computer Computations, R.E. Miller and J.W. Thatcher (eds.), Plenum Press, pp. 85–103, 1972.Google Scholar
  32. [L]
    Levin, L.A., “Universal Search Problems”, Problemy Peredaci Informacii 9, pp. 115–116, 1973. Translated in problems of Information Transmission 9, pp. 265–266.MathSciNetzbMATHGoogle Scholar
  33. [RSA]
    Rivest, R.L., Shamir, A., and Adleman, L., “A Method for Obtaining Digital Signatures and Public Key Cryptosystems”, Comm. of the ACM, Vol. 21, February 1978, pp. 120–126.zbMATHCrossRefMathSciNetGoogle Scholar
  34. [R1]
    Rabin, M.O., “Digitalized Signatures as Intractable as Factorization”, MIT/LCS/TR-212, 1979.Google Scholar
  35. [R2]
    Rabin, M.O., “How to Exchange Secrets by Oblivious Transfer”, unpublished manuscript, 1981.Google Scholar
  36. [Sha]
    Shamir, A., “How to Share a Secret”, CACM, Vol. 22, 1979, pp. 612–613.zbMATHMathSciNetGoogle Scholar
  37. [Y]
    Yao, A.C., “Theory and Applications of Trapdoor Functions”, Proc. of the 23rd IEEE Symp. on Foundation of Computer Science, 1982, pp. 80–91.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1987

Authors and Affiliations

  • Oded Goldreich
    • 1
  • Silvio Micali
    • 2
  • Avi Wigderson
    • 3
  1. 1.Dept. of Computer Sc.TechnionHaifaIsrael
  2. 2.Lab. for Computer Sc.MITCambridge
  3. 3.Inst. of Math. and CSHebrew UniversityJerusalemIsrael

Personalised recommendations