3-Message NP Arguments in the BPK Model with Optimal Soundness and Zero-Knowledge

  • Giovanni Di Crescenzo
  • Helger Lipmaa
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5369)


Under sub-exponential time hardness assumptions, we show that any language in NP has a 3-message argument system in the bare public key (BPK) model, that satisfies resettable zero-knowledge (i.e., it reveals no information to any cheating verifier that can even reset provers) and bounded-resettable soundness (i.e., a verifier cannot be convinced of a false theorem, even if the cheating prover resets the verifier up to a fixed polynomial number of sessions). Our protocol has essentially optimal soundness among 3-message protocols (in that all stronger known soundness notions cannot be achieved with only 3 messages) and zero-knowledge (in that it achieves the strongest known zero-knowledge notion). We also show an extension of this protocol so that it achieves polylogarithmic communication complexity, although under very strong assumptions.


Zero-knowledge arguments resettable zero-knowledge resettable soundness bare public-key model for zero-knowledge protocols 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [APV05]
    Alwen, J., Persiano, G., Visconti, I.: Impossibility and Feasibility Results for Zero Knowledge with Public Keys. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, Springer, Heidelberg (2005)Google Scholar
  2. [Bar01]
    Barak, B.: How to Go Beyond the Black-Box Simulation Barrier. In: Proc. of IEEE FOCS 2001 (2001)Google Scholar
  3. [BGG+01]
    Barak, B., Goldreich, O., Goldwasser, S., Lindell, Y.: Resettably-Sound Zero-Knowledge and its Applications. In: Proc. of IEEE FOCS 2001 (2001)Google Scholar
  4. [BDMP91]
    Blum, M., De Santis, A., Micali, S., Persiano, G.: Non-Interactive Zero-Knowledge. SIAM Journal on Computing 20 (1991)Google Scholar
  5. [CGGM00]
    Canetti, R., Goldreich, O., Goldwasser, S., Micali, S.: Resettable Zero-Knowledge. In: Proc. of ACM STOC 2000 (2000)Google Scholar
  6. [CKPR01]
    Canetti, R., Kilian, J., Petrank, E., Rosen, A.: Black-Box Concurrent Zero-Knowledge Requires ω(logn) Rounds. In: Proc. of ACM STOC 2001 (2001)Google Scholar
  7. [DL08]
    Di Crescenzo, G., Lipmaa, H.: Succinct NP Proofs from an Extractability Assumption. In: Beckmann, A., Dimitracopoulos, C., Löwe, B. (eds.) CiE 2008. LNCS, vol. 5028. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  8. [DPV04a]
    Di Crescenzo, G., Persiano, G., Visconti, I.: Constant-Round Resettable Zero Knowledge with Concurrent Soundness in the Bare Public-Key Model. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152. Springer, Heidelberg (2004)Google Scholar
  9. [DPV04b]
    Di Crescenzo, G., Persiano, G., Visconti, I.: Improved Setup Assumptions for 3-Round Resettable Zero Knowledge. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 530–544. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  10. [DV05]
    Di Crescenzo, G., Visconti, I.: Concurrent Zero-Knowledge in the Public-Key Model. In: Caires, L., Italiano, G.F., Monteiro, L., Palamidessi, C., Yung, M. (eds.) ICALP 2005. LNCS, vol. 3580, Springer, Heidelberg (2005)Google Scholar
  11. [DN00]
    Dwork, C., Naor, M.: Zaps and their applications. In: Proc. of IEEE FOCS 2000 (2000)Google Scholar
  12. [FLS99]
    Feige, U., Lapidot, D., Shamir, A.: Multiple Non-Interactive Zero Knowledge Proofs Under General Assumptions. SIAM J. on Computing 29 (1999)Google Scholar
  13. [GGM86]
    Goldreich, O., Goldwasser, S., Micali, S.: How to Construct Random Functions. Journal of the ACM 33 (1986)Google Scholar
  14. [GK90]
    Goldreich, O., Krawczyk, H.: On the Composition of Zero-Knowledge Proof Systems. In: Proc. of ICALP 1990 (1990)Google Scholar
  15. [GMR89]
    Goldwasser, S., Micali, S., Rackoff, C.: The Knowledge Complexity of Interactive Proof-Systems. SIAM J. on Computing 18 (1989)Google Scholar
  16. GOS06.
    Groth, J., Ostrovsky, R., Sahai, A.: Non-Interactive Zaps and New Techniques for NIZK. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 97–111. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  17. [K91]
    Kilian, J.: A Note on Efficient Zero-Knowledge Proofs and Arguments. In: Proc. of ACM STOC 1991 (1991)Google Scholar
  18. [NY91]
    Naor, M., Yung, M.: Universal One-Way Hash Functions and Applications. In: Proc. of ACM STOC 1991 (1991)Google Scholar
  19. [RK99]
    Richardson, R., Kilian, J.: On the Concurrent Composition of Zero-Knowledge Proofs. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592. Springer, Heidelberg (1999)Google Scholar
  20. [MR01a]
    Micali, S., Reyzin, L.: Soundness in the Public-Key Model. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139. Springer, Heidelberg (2001)Google Scholar
  21. [MR01b]
    Micali, S., Reyzin, L.: Min-Round Resettable Zero-Knowledge in the Public-key Model. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045. Springer, Heidelberg (2001)Google Scholar
  22. [Pas03]
    Pass, R.: Simulation in Quasi-Polynomial Time and Its Applications to Protocol Composition. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656. Springer, Heidelberg (2003)Google Scholar
  23. [R90]
    Rompel, J.: One-Way Functions are Necessary and Sufficient for Digital Signatures. In: Proc. of ACM STOC 1990 (1990)Google Scholar
  24. [ZDLZ03]
    Zhao, Y., Deng, X., Lee, C.H., Zhu, H.: Resettable Zero-Knowledge in the Weak Public-Key Model. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045. Springer, Heidelberg (2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Giovanni Di Crescenzo
    • 1
  • Helger Lipmaa
    • 2
  1. 1.Telcordia TechnologiesPiscatawayUSA
  2. 2.Cybernetica ASEstonia

Personalised recommendations