Advertisement

Reduction Zero-Knowledge

  • Xiaotie Deng
  • C. H. Lee
  • Yunlei Zhao
  • Hong Zhu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2576)

Abstract

In this paper we re-examine the nature of zero-knowledge. We show evidences that the classic simulation based definitions of zeroknowledge (simulation zero-knowledge) may be somewhat too strong to include some “nice” protocols in which the malicious verifier seems to learn nothing but we do not know how to construct a zero-knowledge simulator for it. We overcome this problem by introducing reduction zero-knowledge. We show that reduction zero-knowledge lies between simulation zero-knowledge and witness indistinguishability. That is, any simulation zero-knowledge protocol is also reduction zero-knowledge and reduction zero-knowledge implies witness indistinguishability but the opposite direction is not guaranteed to be true.

There are two major contributions of reduction zero-knowledge. One is that it introduces reduction between different protocols and extends the approaches to characterize the nature of zero-knowledge. Note that reduction is a widely used paradigm in the field of computer science. Another is that in contrast to normal simulation zero-knowledge reduction zero-knowledge can be made more efficient (especially for the verifier) and can be constructed under weaker assumption while losing little security than a corresponding simulation zero-knowledge protocol.

In this paper a 4-round public-coin reduction zero-knowledge proof system for NP is presented and in practice this protocol works in 3 rounds since the first verifier’s message can be fixed once and for all.

Keywords

zero-knowledge non-interactive zero-knowledge witness indistinguishability zap bit commitment 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    M. Blum. Coin Flipping by Telephone. In Proc. IEEE Spring COMPCOM, pp. 133–137. IEEE, 1982.Google Scholar
  2. 2.
    B. Barak. How to Go Beyond the Black-Box Simulation Barrier. In FOCS 2001.Google Scholar
  3. 3.
    G. Brassard, D. Chaum and C. C repeau. Minimum Disclosure Proofs of Knowledge. JCSS, Vol 37, No. 2, pp. 156–189, 1988.zbMATHGoogle Scholar
  4. 4.
    M. Blum, A. D. Santis, S. Micali and G. Persiano. Non-interactive Zero-Knowledge. SIAM Journal on Computing, 20(6): 1084–1118, 1991.zbMATHCrossRefMathSciNetGoogle Scholar
  5. 5.
    M. Blum, P. Feldman and S. Micali. Non-interactive Zero-Knowledge and Its Applications. In STOC 1988, pp. 103–112.Google Scholar
  6. 6.
    B. Barak, O. Goldreich, S. Goldwasser and Y. Lindell. Resettably-Sound Zero-Knowledge and Its Applications. In FOCS’01.Google Scholar
  7. 7.
    R. Canetti, O. Goldreich, S. Goldwasser and S. Micali. Resettable Zero-Knowledge. In STOC 2000.Google Scholar
  8. 8.
    A. D. Santis, G. D. Crescenzo, R. Ostrovsky, G. Persiano and A. Sahai. Robust Non-Interactive Zero-Knowledge. In Crypto 2001, pp.566–598.Google Scholar
  9. 9.
    C. Dwork and M. Naor. Zaps and Their Applications. In FOCS 2000.Google Scholar
  10. 10.
    C. Dwork, M. Naor and A. Sahai. Concurrent Zero-Knowledge. In STOC 1998.Google Scholar
  11. 11.
    I. B. Damgard, T. P. Pedersen and B. Pfitzmann. On the Existence of Statistically Hiding Bit Commitment Schemes and Fail-Stop Signatures. Journal of Cryptology, 10(3): 163–194, 1997.zbMATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    U. Feige, A. Fiat and A. Shamir. Zero-knowledge Proof of Identity. Journal of Cryptology, Vol. 1, pp. 77–94, 1988.zbMATHCrossRefMathSciNetGoogle Scholar
  13. 13.
    Feige, Lapidot and Shamir. Multiple Non-Interactive Zero-Knowledge Proofs Under General Assumptions. SIAM Journal on Computing, 29, 1999.Google Scholar
  14. 14.
    U. Feige and A. Shamir. Witness Indistinguishability and Witness Hiding Protocols. In STOC’90, pp. 77–94.Google Scholar
  15. 15.
    O. Goldreich. Foundation of Cryptography-Basic Tools. Cambridge Press, 2001.Google Scholar
  16. 16.
    O. Goldreich and H. Krawczky. On the Composition of Zero-Knowledge Proof Systems. SIAM Journal on Computing, Vol., 25, No. 1, pp. 1–32, 1994.Google Scholar
  17. 17.
    O. Goldreich and A. Kahan. How to Construct Constant-Round Zero-Knowledge Proof Systems for NP. Journal of Cryptology, Vol. 9, No.2, pp.167–189, 1996.zbMATHCrossRefMathSciNetGoogle Scholar
  18. 18.
    S. Goldwasser, S. Micali and C. Racko.. The Knowledge Complexity of Interactive Proof System. SIAM J. Comput., Vol.18, NO.1, pp 186–208, 1989.zbMATHCrossRefMathSciNetGoogle Scholar
  19. 19.
    O. Goldreich, S. Micali and A. Wigderson. Proofs that Yield Nothing But Their Validity or All language in NP Have Zero-Knowledge Proof Systems. JACM, Vol. 38, No. 1, pp. 691–729, 1991.zbMATHMathSciNetGoogle Scholar
  20. 20.
    O. Goldreich and Y. Oren. Definitions and Properties of Zero-Knowledge Proof Systems. Journal of Cryptology, 7(1):1–32, 1994.zbMATHCrossRefMathSciNetGoogle Scholar
  21. 21.
    S. Halevi and S. Micali. Practical and Provably-Secure Commitment Schemes From Collision-Free Hashing. In Crypto’96.Google Scholar
  22. 22.
    J. Kilian, E. Petrank. An Efficient Non-Interactive Zero-Knowledge Proof System for NP with General Assumptions. Journal of Cryptology, 11(2): 24, 1998.MathSciNetGoogle Scholar
  23. 23.
    J. Kilian, E. Petrank, R. Richardson. Concurrent and Resettable Zero-Knowledge in Poly-logarithmic Rounds. In STOC 2001.Google Scholar
  24. 24.
    S. Micali and L. Reyzin. Soundness in the Public-Key Model. In Crypto 2001.Google Scholar
  25. 25.
    S. Micali and L. Reyzin. Min-Round Resettable Zero-Knowledge in the Public-Key Model. In EuroCrypt 2001.Google Scholar
  26. 26.
    R. Richardson and J. Killian. On the Concurrent Composition of Zero-Knowledge Proofs. In EuroCrypt 1999.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Xiaotie Deng
    • 1
  • C. H. Lee
    • 1
  • Yunlei Zhao
    • 2
  • Hong Zhu
    • 2
  1. 1.Department of Computer ScienceCity University of Hong KongHong Kong
  2. 2.Department of Computer ScienceFudan UniversityShanghaiChina

Personalised recommendations