The Knowledge-of-Exponent Assumptions and 3-Round Zero-Knowledge Protocols

  • Mihir Bellare
  • Adriana Palacio
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3152)


Hada and Tanaka [11,12] showed the existence of 3-round, negligible-error zero-knowledge arguments for NP based on a pair of non-standard assumptions, here called KEA1 and KEA2. In this paper we show that KEA2 is false. This renders vacuous the results of [11,12]. We recover these results, however, under a suitably modified new assumption called KEA3. What we believe is most interesting is that we show that it is possible to “falsify” assumptions like KEA2 that, due to their nature and quantifier-structure, do not lend themselves easily to “efficient falsification” (Naor [15]).


Discrete Logarithm Problem Oblivious Transfer Negligible Error Auxiliary Input Negligible Function 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Barak, B.: How to go beyond the black-box simulation barrier. In: Proceedings of the 42nd Symposium on Foundations of Computer Science, IEEE, Los Alamitos (2001)Google Scholar
  2. 2.
    Bellare, M.: A note on negligible functions. Journal of Cryptology 15(4), 271–284 (2002)zbMATHCrossRefMathSciNetGoogle Scholar
  3. 3.
    Bellare, M., Micali, S.: Non-interactive oblivious transfer and applications. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 547–557. Springer, Heidelberg (1990)Google Scholar
  4. 4.
    Bellare, M., Palacio, A.: The Knowledge-of-Exponent assumptions and 3-round zero-knowledge protocols. Full version of the current paper, available via,
  5. 5.
    Blum, M.: How to prove a theorem so no one else can claim it. In: Proceedings of the International Congress of Mathematicians, pp. 1444–1451 (1986)Google Scholar
  6. 6.
    Brassard, G., Chaum, D., Crépeau, C.: Minimum disclosure proofs of knowledge. J. Computer and System Sciences 37(2), 156–189 (1988)zbMATHCrossRefGoogle Scholar
  7. 7.
    Damgård, I.: Towards practical public-key cryptosystems provably-secure against chosen-ciphertext attacks. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 445–456. Springer, Heidelberg (1992)Google Scholar
  8. 8.
    Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)Google Scholar
  9. 9.
    Goldreich, O., Krawczyk, H.: On the Composition of Zero Knowledge Proof Systems. SIAM J. on Computing 25(1), 169–192 (1996)zbMATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM Journal of Computing 18(1), 186–208 (1989)zbMATHCrossRefMathSciNetGoogle Scholar
  11. 11.
    Hada, S., Tanaka, T.: On the existence of 3-round zero-knowledge protocols. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, p. 408. Springer, Heidelberg (1998) [Preliminary version of [12].]Google Scholar
  12. 12.
    Hada, S., Tanaka, T.: On the existence of 3-round zero-knowledge protocols. Cryptology ePrint Archive: Report 1999/009 (March 1999), [Final version of [11].]
  13. 13.
    Lepinski, M.: On the existence of 3-round zero-knowledge proofs. SM Thesis, MIT (June 2002),
  14. 14.
    Lepinski, M., Micali, S.: On the existence of 3-round zero-knowledge proof systems. MIT LCS Technical Memo. 616 (April 2001),
  15. 15.
    Naor, M.: On cryptographic assumptions and challenges. Invited paper and talk. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 96–109. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  16. 16.
    Sakurai, K., Itoh, T.: On the discrepancy between serial and parallel of zeroknowledge protocols. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 246–259. Springer, Heidelberg (1993)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Mihir Bellare
    • 1
  • Adriana Palacio
    • 1
  1. 1.Dept. of Computer Science & EngineeringUniversity of California, San DiegoLa JollaUSA

Personalised recommendations