On the Existence of Bit Commitment Schemes and Zero-Knowledge Proofs
It has been proved earlier that the existence of bit commitment schemes (blobs) implies the existence of zero-knowledge proofs of information possession, which are MA-protocols (i.e. the verifier sends only independent random bits) [BrChCr], [GoMiWi].
In this paper we prove the converse result in a slightly modified form: We define a concept called weakly zero-knowledge, which is like ordinary zero-knowledge, except that we only require that an honest verifier learns nothing from the protocol. We then show that if, using an MA-protocol, P can prove to V in weakly zero-knowledge that he possesses a solution to some hard problem, then this implies the existence of a bit commitment scheme. If the original protocol is (almost) perfect zero-knowledge, then the resulting commitments are secure against an infinitely powerful receiver.
Finally, we also show a similar result for a restricted class of non-MA protocols.
KeywordsHard Problem Proof System Powerful Receiver Commitment Scheme Information Possession
- [AABFH]Abadi, Allender, Broder, Feigenbaum and Hemachandra: “On Generating Solved Instances of Computational Problems”, Proc. of CRYPTO 88, Springer.Google Scholar
- [BoKrKu]Boyar, Krentel and Kurtz: “A Discrete Logarithm Implementation of Zero-knowledge Blobs”, Tech. Report, Dept. of Computer Science, University of Chicago, 1987.Google Scholar
- [ChDaGr]Chaum, Damgåd, van de Grad “Multiparty Computations Ensuring Privacy of Each Party's Input and Correctness of the Result”, Proc. of Crypto 87.Google Scholar
- [ChGr]Chaum, van de Graaf: “An Improved Protocol for Demonstrating possession of a Discrete Log”, Proc. of EuroCrypt 87.Google Scholar
- [Da]Damgård: “The Application of Claw Free Functions in Cryptography”, PhD-Thesis, Aarhus University, Denmark, May 1988.Google Scholar
- [FiSh]Fiege and Shamir: “Zero-Knowledge Proofs of Knowledge in Two Rounds”, these proceedings.Google Scholar
- [FiFiSh]Fiat, Fiege, Shamir: “Zero-Knowledge Proof of Identity”, Proc. of STOC 87.Google Scholar
- [FLM]Feigenbaum, Lipton and Mahaney: “A Completeness Theorem for Almost-Everywhere Invulnerable Generators”, manuscript, AT& T Bell Labs. Tech. Memo, Febr. 89.Google Scholar
- [GoLe]Goldreich and Levin: “A Hard-Core Predicate for all One-Way Functions”, Proc. of STOC 89, pp.25–32.Google Scholar
- [GoMiRa]Goldwasser, Micali, Rackoff: “The Knowledge Complexity of Interactive Proof Systems”, Proc. of STOC 85, pp.291–304.Google Scholar
- [GoMiWi]Goldreich, Micali, Wigderson: “Proof that Yield Nothing but the Validity of the Assertion, and the Methodology of Cryptographic Protocol Design”, Proc. of FOCS 86.Google Scholar
- [GoMiWi2]Goldreich, Micali and Wigderson: “How to Play any Mental Game”, Proc. of FOCS 87.Google Scholar
- [Kr]Kranakis: Primality and Cryptography, Wiley-Teubner Series in Computer Science, 1986.Google Scholar
- [Na]Naor: “Bit Commitment using Pseudo-Randomness”, these proceedings.Google Scholar
- [ToWo]Tompa, Woll: “Random Self-Reducibility and Zero-Knowledge Proofs of Information Possession”, Proc. of FOCS 87.Google Scholar