ICALP 2012: Automata, Languages, and Programming pp 738-749

Strictly-Black-Box Zero-Knowledge and Efficient Validation of Financial Transactions

• Michael O. Rabin
• Yishay Mansour
• S. Muthukrishnan
• Moti Yung
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7391)

Abstract

Zero Knowledge Proofs (ZKPs) are one of the most striking innovations in theoretical computer science. In practice, the prevalent ZKP methods are, at times, too complicated to be useful for real-life applications. In this paper we present a practically efficient method for ZKPs which has a wide range applications. Specifically, motivated by the need to provide an upon-demand efficient validation of various financial transactions (e.g., the high-volume Internet auctions), we have developed a novel secure and highly efficient method for validating correctness of the output of a transaction while keeping input values secret. The method applies to input values which are publicly committed to by employing generic commitment functions (even input values submitted using tamper-proof hardware solely with input/ output access can be used.) We call these: strictly black box [SBB] commitments. Hence these commitments are typically much faster than public-key ones, and are the only cryptographic/ security tool we give the poly-time players, throughout. The general problem we solve in this work is: Let SLC be a publicly known staight line computation on n input values taken from a finite field and having k output values. The inputs are publicly committed to in a SBB manner. An Evaluator performs the SLC on the inputs and announces the output values. Upon demand the Evaluator, or a Prover acting on his behalf, can present to a Verifier a proof of correctness of the announced output values. This is done in a manner that (1) The input values as well as all intermediate values of the SLC remain information theoretically secret. (2) The probability that the Verifier will accept a false claim of correctness of the output values can be made exponentially small. (3) The Prover can supply any required number of proofs of correctness to multiple Verifiers. (4) The method is highly efficient. The application to financial processes is straight forward. To this end (1) we first use a novel technique for representation of values from a finite field which we call “split representation”, the two coordinates of the split representation are generically committed to; (2) next, the SLC is augmented by the Prover into a ”translation” which is presented to the Verifier as a sequence of generically committed split representations of values; (3) using the translation, the Prover and Verifier conduct a secrecy preserving proof of correctness of the announced SLC output values; (4) in order to exponentially reduce the probability of cheating by the Prover and also to enable multiple proofs, a novel highly efficient method for preparation of any number of committed-to split representations of the n input values is employed. The extreme efficiency of these ZK methods is of decisive importance for large volume applications. Secrecy preserving validation of announced results of Vickrey auctions is our demonstrative example.

Keywords

Interactive Proof Vickrey Auction Secure Multiparty Computation Generic Commitment Random Representation
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

1. 1.
Abe, M., Suzuki, K.: M+1-st Price Auction Using Homomorphic Encryption. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 115–124. Springer, Heidelberg (2002)
2. 2.
Brandt, F.: How to obtain full privacy in auctions. Tech. rep., Carnegie Mellon University (2005) (online)Google Scholar
3. 3.
Burmaster, M., Magkos, E., Chrissikopoulos, V.: Uncoercible e-bidding games. Electrocronic Commerce Research 4(1-2), 113–125 (2004)
4. 4.
Chen, X., Kim, K., Lee, B.: Receipt-Free Electronic Auction Schemes Using Homomorphic Encryption. In: Lim, J.-I., Lee, D.-H. (eds.) ICISC 2003. LNCS, vol. 2971, pp. 259–273. Springer, Heidelberg (2004)
5. 5.
Damgard, I., Jurik, M.: A generalisation, a simplification and some applications of P probabilistic public-key system. In: PKC 2001 (2001)Google Scholar
6. 6.
Jurik, M.J.: Extensions to the paillier cryptosystem with applications to cryptological protocols. Ph.D. thesis, University of Arhus (2003)Google Scholar
7. 7.
Lipmaa, H., Asokan, N., Niemi, V.: Secure Vickrey Auctions Without Threshold Trust. In: Blaze, M. (ed.) FC 2002. LNCS, vol. 2357, pp. 87–101. Springer, Heidelberg (2003)
8. 8.
Paillier, P.: Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–239. Springer, Heidelberg (1999)Google Scholar
9. 9.
Rabin, M.O., Servedio, R.A., Thorpe, C.: Highly efficient secrecy-preserving proofs of correctness of computations and applications. In: Proc. IEEE Symposium on Logic in Computer Science (2007)Google Scholar
10. 10.
Parkes, D.C., Rabin, M.O., Shieber, S.M., Thorpe, C.A.: Practical secrecy-preserving, verifiably correct and trustworthy auctions. In: Proceedings of the 8th International Conference on Electronic Commerce (ICEC), pp. 70–81 (2006)Google Scholar
11. 11.
Thorpe, C., Parkes, D.C.: Cryptographic Combinatorial Securities Exchanges. In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 285–304. Springer, Heidelberg (2009)
12. 12.
Bogetoft, P., Christensen, D.L., Damgård, I., Geisler, M., Jakobsen, T., Krøigaard, M., Nielsen, J.D., Nielsen, J.B., Nielsen, K., Pagter, J., Schwartzbach, M., Toft, T.: Secure Multiparty Computation Goes Live. In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 325–343. Springer, Heidelberg (2009)
13. 13.
Goldwasser, S., Micali, S., Rackoff, C.: The Knowledge Complexity of Interactive Proof Systems. SIAM Journal on Computing 18(1), 186–208 (1989)
14. 14.
Goldreich, O., Micali, S., Wigderson, A.: Proofs that Yield Nothing but Their Validity, or all Languages in NP have ZKP systems. Journal of the ACM 38(3), 691–729 (1991)
15. 15.
Brickell, E.F., Chaum, D., Damgård, I.B., van de Graaf, J.: Gradual and Verifiable Release of a Secret. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 156–166. Springer, Heidelberg (1988)Google Scholar
16. 16.
Camenisch, J.L., Shoup, V.: Practical Verifiable Encryption and Decryption of Discrete Logarithms. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 126–144. Springer, Heidelberg (2003)
17. 17.
Rabin, M.O., Shallit, J.O.: Randomized Algorithms in Number Theory. Comm. Pure and Applied Mathematics 39, 239–256 (1986)
18. 18.
Pedersen, T.P.: Non-interactive and Information-Theoretic Secure Verifiable Secret Sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992)Google Scholar
19. 19.
Kilian, J.: A note on efficient zero-knowledge proofs and arguments. In: Proceedings of STOC 1992, pp. 723–732 (1992)Google Scholar
20. 20.
Brassard, G., Chaum, D., Crepeau, C.: Minimum disclosure proofs of knowledge. Journal of Computer and System Sciences 37, 156–189 (1988)

Authors and Affiliations

• Michael O. Rabin
• 1
• 2
• Yishay Mansour
• 3
• S. Muthukrishnan
• 4
• Moti Yung
• 5
1. 1.Harvard UniversityUSA
2. 2.Hebrew UniversityIsrael
3. 3.Tel-Aviv UniversityIsrael
4. 4.Google Inc. and Rutgers UniversityUSA
5. 5.Google Inc. and Columbia UniversityUSA