Round-Efficient Sub-linear Zero-Knowledge Arguments for Linear Algebra

  • Jae Hong Seo
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6571)


The round complexity of interactive zero-knowledge arguments is an important measure along with communication and computational complexities. In the case of zero-knowledge arguments for linear algebraic relations over finite fields, Groth proposed (at CRYPTO 2009) an elegant methodology that achieves sub-linear communication overheads and low computational complexity. He obtained zero-knowledge arguments of sub-linear size for linear algebra using reductions from linear algebraic relations to equations of the form z = x*′y, where x, \(\mathbf{y}\in\mathbb{F}_p^n\) are committed vectors, \(z\in\mathbb{F}_p\) is a committed element, and \(*':\mathbb{F}_p^n\times\mathbb{F}_p^n\rightarrow\mathbb{F}_p\) is a bilinear map. These reductions impose additional rounds on zero-knowledge arguments of sub-linear size. We focus on minimizing such additional rounds, and we reduce the rounds of sub-linear zero-knowledge arguments for linear algebraic relations as compared with Groth’s zero-knowledge arguments for the same relations. To reduce round complexity, we propose a general transformation from a t-round zero-knowledge argument, satisfying mild conditions, to a (t − 2)-round zero-knowledge argument; this transformation is of independent interest.


Round-efficient zero-knowledge arguments sub-linear zero-knowledge arguments linear algebra 


  1. 1.
    Bar-Ilan, J., Beaver, D.: Non-cryptographic fault-tolerant computing in a constant number of rounds. In: ACM PODC, pp. 201–209 (1989)Google Scholar
  2. 2.
    Beaver, D.: Minimal-latency secure function evaluation. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 335–350. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  3. 3.
    Beaver, D., Feigenbaum, J., Kilian, J., Rogaway, P.: Locally random reductions: Improvements and applications. Journal of Cryptology 10, 17–36 (1997)MathSciNetzbMATHCrossRefGoogle Scholar
  4. 4.
    Beaver, D., Micali, S., Rogaway, P.: The round complexity of secure protocols. In: STOC, pp. 503–513. ACM, New York (1990)Google Scholar
  5. 5.
    Cachin, C., Camenisch, J., Kilian, J., Müller, J.: One-round secure computation and secure autonomous mobile agents. In: Welzl, E., Montanari, U., Rolim, J.D.P. (eds.) ICALP 2000. LNCS, vol. 1853, p. 512. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  6. 6.
    Feige, U., Kilian, J., Naor, M.: A minimal model for secure computation. In: STOC, pp. 554–563 (1994)Google Scholar
  7. 7.
    Gennaro, R., Ishai, Y., Kushilevitz, E., Rabin, T.: The round complexity of verifiable secret sharing and secure multicast. In: STOC, pp. 580–589 (2001)Google Scholar
  8. 8.
    Goldreich, O., Kahan, A.: How to construct contant-round zero-knowledge proof systems for np. Journal of Cryptology 9, 167–190 (1996)MathSciNetzbMATHCrossRefGoogle Scholar
  9. 9.
    Groth, J.: Linear algebra with sub-linear zero-knowledge arguments. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 192–208. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  10. 10.
    Groth, J.: Short non-interactive zero-knowledge proofs. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 341–358. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  11. 11.
    Groth, J.: Short pairing-based non-interactive zero-knowledge arguments. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 321–340. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  12. 12.
    Groth, J.: Honest Verifier Zero-Knowledge Arguments Applied. PhD thesis, Department of Computer Science, University of Aarhus (June 2004)Google Scholar
  13. 13.
    Ishai, Y., Kushilevitz, E.: Private simultaneous messages protocols with applications. In: ISTCS, pp. 174–184 (1997)Google Scholar
  14. 14.
    Ishai, Y., Kushilevitz, E.: Randomizing polynomials: A new representation with applications to round-efficient secure computation. In: FOCS, pp. 294–304 (2000)Google Scholar
  15. 15.
    Lim, C.H.: Efficient multi-exponentiation and application to batch verification of digital signatures (2000),
  16. 16.
    Pedersen, T.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992)Google Scholar
  17. 17.
    Sander, T., Young, A., Yung, M.: Non-interactive cryptocomputing for nc\({\mbox{1}}\). In: FOCS, pp. 554–567 (1999)Google Scholar
  18. 18.
    Tzeng, W.-G., Tzeng, Z.-J.: Round-efficient conference key agreement protocols with provable security. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 614–627. Springer, Heidelberg (2000)CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2011

Authors and Affiliations

  • Jae Hong Seo
    • 1
  1. 1.Department of Mathematical Sciences and ISaC-RIMSeoul National UniversitySeoulKorea

Personalised recommendations