Communication efficient Zeroknowledge Proofs of knowledge
Abstract
We show that, after a constantround preprocessing stage, it is possible to give any polynomial number of NonInteractive ZeroKnowledge Proofs of Knowledge for any NP language. Our proofsystem is based on the sole assumption that oneway functions and NonInteractive ZeroKnowledge Proof Systems of Language Membership exist.

It is provably secure under general complexity assumptions. Its security is based on the existence of oneway functions and NonInteractive ZeroKnowledge Proof Systems.

It does not require the presence of a trusted center; not even the Bank is required to be trusted by the users.

Each transaction requires only constant rounds of interaction. Actually, most of the transactions requires just one round of interaction.

Each transaction can be performed by only the users that are interested; that is, it is not necessary for all the users to take part in each single transaction to guarantee privacy and security. Moreover, the transcript of each transaction can be used to prove that the transaction has actually taken place and to prove eventual frauds committed.
Keywords
Proof System Random String Reference String NIZK Proof Double SpendingPreview
Unable to display preview. Download preview PDF.
References
 [BaBe]J. Bar Han and D. Beaver, NonCryptographic FaultTolerant Computation in a Constant Number of Rounds of Interaction, in Proc. of the 8th PODC (1989) pp. 201–209.Google Scholar
 [BeMiRo]D. Beaver, S. Micali, and P. Rogaway, The Round Complexity of Secure Protocols, Proceedings of the 22nd Annual Symposium on the Theory of Computing, 1990, pp. 503–513.Google Scholar
 [BlDeMiPe]M. Blum, A. De Santis, S. Micali, and G. Persiano, NonInteractive ZeroKnowledge, SLAM Journal on Computing, December 1991. Preliminary version: MIT Research Report MIT/LCS/TM430, May 1990.Google Scholar
 [BlFeMi]M. Blum, P. Feldman, and S. Micali, NonInteractive ZeroKnowledge Proof Systems and Applications, Proceedings of the 20th Annual ACM Symposium on Theory of Computing, Chicago, Illinois, 1988.Google Scholar
 [BrCrYu]G. Brassard, C. Crépeau, and M. Yung, Everything in NP can be Proven in Perfect ZeroKnowledge in a Bounded Number of Rounds, Proceedings of the 16th ICALP, July 1989.Google Scholar
 [ChFiNa]D. Chaum, A. Fiat, and M. Naor, Untraceable Electronic Cash, in “Advances in CryptologyCRYPTO 88”, Ed. S. Goldwasser, vol. 403 of “Lecture Notes in Computer Science”, SpringerVerlag, pp.319–327.Google Scholar
 [DeMiPe1]A. De Santis, S. Micali, and G. Persiano, NonInteractive ZeroKnowledge ProofSystems, in “Advances in CryptologyCRYPTO 87”, vol. 293 of “Lecture Notes in Computer Science”, Springer Verlag.Google Scholar
 [DeMiPe2]A. De Santis, S. Micali, and G. Persiano, NonInteractive ZeroKnowledge ProofSystems with Preprocessing, in “Advances in CryptologyCRYPTO 88”, Ed. S. Goldwasser, vol. 403 of “Lecture Notes in Computer Science”, SpringerVerlag, pp. 269–282.Google Scholar
 [DePe]A. De Santis and G. Persiano, PublicRandomness in Publickey Cryptography, in “Advances in CryptologyEUROCRYPT 90”, Ed. I.B.Damgård, vol. 473 of “Lecture Notes in Computer Science”, SpringerVerlag, pp. 46–62.Google Scholar
 [DeYu]A. De Santis and M. Yung, Cryptographic Applications of the noninteractive Metaproof and Manyprover Systems, CRYPTO 1990.Google Scholar
 [FeFiSh]U. Feige, A. Fiat, and A. Shamir, Zeroknowledge Proofs of Identity, Journal of Cryptology, vol. 1, 1988, pp. 77–94. (Preliminary version in Proceedings of the 19th Annual ACM Symposium on Theory of Computing, New York, 1987, pp. 210–217.)Google Scholar
 [FeLaSh]U. Feige, D. Lapidot, and A. Shamir, Multiple Noninteractive Zeroknowledge Proofs Based on a Single Random String, Proceedings of the 22nd Annual Symposium on the Theory of Computing, 1990, pp. 308–317.Google Scholar
 [FeSh]U. Feige and A. Shamir, Zero knowledge proof of knowledge in two rounds, in “Advances in CryptologyCRYPTO 89”, vol. 435 of “Lecture Notes in Computer Science”, SpringerVerlag, pp. 526–544.Google Scholar
 [GoGoMi]O. Goldreich, S. Goldwasser, and S. Micali, How to Construct Random Functions, Journal of the Association for Computing Machinery, vol. 33, no. 4, 1986, pp. 792–807.Google Scholar
 [GoMiRa]S. Goldwasser, S. Micali, and C. Rackoff, The Knowledge Complexity of Interactive ProofSystems, SIAM Journal on Computing, vol. 18, n. 1, February 1989.Google Scholar
 [GoMiRi]S. Goldwasser, S. Micali, and R. Rivest, A Digital Signature Scheme Secure Against Adaptive ChosenMessage Attack, SIAM Journal of Computing, vol. 17, n. 2, April 1988, pp. 281–308.Google Scholar
 [KiMiOs]J. Kilian, S. Micali, and R. Ostrowsky, MinimumResource ZeroKnowledge Proofs, Proceedings of the 30th IEEE Symposium on Foundation of Computer Science, 1989, pp. 474–479.Google Scholar
 [GoMiWi]O. Goldreich, S. Micali, and A. Wigderson, Proofs that Yield Nothing but their Validity and a Methodology of Cryptographic Design, Proceedings of 27th Annual Symposium on Foundations of Computer Science, 1986, pp. 174–187.Google Scholar
 [Ha]J. Håstad, Pseudorandom Generators under Uniform Assumptions, Proceedings of the 22nd Annual ACM Symposium on Theory of Computing, 1990, pp. 395–404.Google Scholar
 [ImLeLu]R. Impagliazzo, L. Levin, and M. Luby, PseudoRandom Generation from Oneway Functions, Proceedings of the 21st Annual ACM Symposium on Theory of Computing, May 1989.Google Scholar
 [Na]M. Naor, Bit Commitment using Pseudorandomness, in “Advances in CryptologyCRYPTO 89”, vol. 435 of “Lecture Notes in Computer Science”, SpringerVerlag.Google Scholar
 [NaYu]M. Naor and M. Yung, Universal Oneway Hash Functions and their Cryptographic Applications, Proceedings of 21st Annual Symposium on the Theory of Computing, May 1989.Google Scholar
 [OkOh]T. Okamoto and K. Ohta, Disposable Zeroknowledge authentications and their Applications to Untraceable Electronic Cash, in “Advances in CryptologyCRYPTO 89”, vol. 435 of “Lecture Notes in Computer Science”, SpringerVerlag, pp. 481–496.Google Scholar
 [Ro]J. Rompel, Oneway Functions are Necessary and Sufficient for Secure Signatures, Proceedings of the 22nd Annual Symposium on the Theory of Computing, 1990, pp. 387–394.Google Scholar
 [ToWo]M. Tompa and H. Woll, Random SelfReducibility and Zeroknowledge Interactive Proofs of Possession of Information, Proceedings of 28th Symposium on Foundations of Computer Science, 1987, pp. 472–482.Google Scholar