scholarly journals Linear Zero-Knowledgde. A Note on Efficient Zero-Knowledge Proofs and Arguments

1996 ◽  
Vol 3 (7) ◽  
Author(s):  
Ivan B. Damgård ◽  
Ronald Cramer
Keyword(s):  
Error Probability ◽  
Communication Complexity ◽  
Boolean Formula ◽  
Interactive Proof ◽  
Zero Knowledge ◽  
Bit Commitment ◽  
Commitment Scheme ◽  
Commitment Schemes ◽  
Realistic Situation ◽  
Language L

We present a zero-knowledge proof system [19] for any NP language L, which<br />allows showing that x in L with error probability less than 2^−k using communication<br />corresponding to O(|x|^c) + k bit commitments, where c is a constant depending only<br />on L. The proof can be based on any bit commitment scheme with a particular set<br />of properties. We suggest an efficient implementation based on factoring.<br />We also present a 4-move perfect zero-knowledge interactive argument for any NP-language<br />L. On input x in L, the communication complexity is O(|x|^c) max(k; l)<br />bits, where l is the security parameter for the prover. Again, the protocol can be<br />based on any bit commitment scheme with a particular set of properties. We suggest<br />efficient implementations based on discrete logarithms or factoring.<br />We present an application of our techniques to multiparty computations, allowing<br />for example t committed oblivious transfers with error probability 2^−k to be done<br />simultaneously using O(t+k) commitments. Results for general computations follow<br />from this.<br />As a function of the security parameters, our protocols have the smallest known<br />asymptotic communication complexity among general proofs or arguments for NP.<br />Moreover, the constants involved are small enough for the protocols to be practical in<br />a realistic situation: both protocols are based on a Boolean formula Phi containing and-<br />, or- and not-operators which verifies an NP-witness of membership in L. Let n be<br />the number of times this formula reads an input variable. Then the communication<br />complexity of the protocols when using our concrete commitment schemes can be<br />more precisely stated as at most 4n + k + 1 commitments for the interactive proof<br />and at most 5nl +5l bits for the argument (assuming k <= l). Thus, if we use k = n,<br />the number of commitments required for the proof is linear in n.<br />Both protocols are also proofs of knowledge of an NP-witness of membership in<br />the language involved.

scholarly journals Zero-Knowledge Proofs for Finite Field Arithmetic or: Can Zero-Knowledge be for Free?

1997 ◽  
Vol 4 (27) ◽  
Author(s):  
Ronald Cramer ◽  
Ivan B. Damgård
Keyword(s):  
Finite Field ◽  
Prime Order ◽  
Error Probability ◽  
Communication Complexity ◽  
Boolean Circuit ◽  
Interactive Proof ◽  
Zero Knowledge ◽  
Order Group ◽  
Prime Fields ◽  
Interactive Proof System

We present zero-knowledge proofs and arguments for arithmetic circuits over finite prime fields, namely given a circuit, show in zero-knowledge that inputs can be selected leading to a given output. For a field GF(q), where q is an n-bit prime, a<br />circuit of size O(n), and error probability 2^−n, our protocols require communication of O(n^2) bits. This is the same worst-cast complexity as the trivial (non zero-knowledge)<br />interactive proof where the prover just reveals the input values. If the circuit involves n multiplications, the best previously known methods would in general require communication<br />of  Omega(n^3 log n) bits.<br />Variations of the technique behind these protocols lead to other interesting applications.<br />We first look at the Boolean Circuit Satisfiability problem and give zero-knowledge proofs and arguments for a circuit of size n and error probability 2^−n in which there is an interactive preprocessing phase requiring communication of O(n^2)<br />bits. In this phase, the statement to be proved later need not be known. Later the prover can non-interactively prove any circuit he wants, i.e. by sending only one message, of size O(n) bits.<br />As a second application, we show that Shamirs (Shens) interactive proof system for the (IP-complete) QBF problem can be transformed to a zero-knowledge proof<br />system with the same asymptotic communication complexity and number of rounds. The security of our protocols can be based on any one-way group homomorphism with a particular set of properties. We give examples of special assumptions sufficient for this, including: the RSA assumption, hardness of discrete log in a prime order group, and polynomial security of Die-Hellman encryption. We note that the constants involved in our asymptotic complexities are small enough for our protocols to be practical with realistic choices of parameters.

scholarly journals A discrete logarithm blob for noninteractive XOR gates

1990 ◽  
Vol 19 (327) ◽  
Author(s):  
Joan Boyar ◽  
Ivan Bjerre Damgård
Keyword(s):  
Building Block ◽  
Discrete Logarithm ◽  
Zero Knowledge ◽  
Discrete Logarithms ◽  
Bit Commitment ◽  
Commitment Scheme

We present a bit commitment scheme based on discrete logarithms. Unlike earlier discrete log based schemes, our system allows non-interactive XORing and negation of bits contained in commitments. When used as a building block in zero-knowledge protocols, our scheme leads to protocols that are statistical (almost perfect) zero-knowledge, and where the prover is unable to break the system, unless he can find a secret discrete logarithm.

Study on Quantum Bit Commitment

2012 ◽  
Vol 263-266 ◽  
pp. 3076-3078
Author(s):  
Xiao Qiang Guo ◽  
Li Hong Li ◽  
Cui Ling Luo ◽  
Yi Shuo Shi
Keyword(s):  
Information Security ◽  
Secret Sharing ◽  
Oblivious Transfer ◽  
Zero Knowledge ◽  
Quantum Bit ◽  
Bit Commitment ◽  
Commitment Scheme ◽  
Zero Knowledge Proof ◽  
Turing Award

The Bit Commitment (BC) is an important basic agreement in cryptography . The concept was first proposed by the winner of the Turing Award in 1995 ManuelBlum. Bit commitment scheme can be used to build up zero knowledge proof, verified secret sharing, throwing coins etc agreement.Simultaneously and Oblivious Transfer together constitute the basis of secure multi-party computations. Both of them are hotspots in the field of information security. We investigated unconditional secure Quantum Bit Commitment (QBC) existence. And we constructed a new bit commitment model – double prover bit commitment. The Quantum Bit Commitment Protocol can be resistant to errors caused by noise.

scholarly journals Statistical Secrecy and Multi-Bit Commitments

1996 ◽  
Vol 3 (45) ◽  
Author(s):  
Ivan B. Damgård ◽  
Torben P. Pedersen ◽  
Birgit Pfitzmann
Keyword(s):  
Communication Complexity ◽  
Probability Distributions ◽  
The Other ◽  
L1 Norm ◽  
Shannon Theory ◽  
Bit Commitment ◽  
Commitment Schemes ◽  
Total Communication ◽  
Index Terms ◽  
Bit Commitments

<p>We present and compare definitions of the notion of "statistically<br />hiding" protocols, and we propose a novel statistically hiding commitment<br />scheme. Informally, a protocol statistically hides a secret if a<br />computationally unlimited adversary who conducts the protocol with<br />the owner of the secret learns almost nothing about it. One definition<br />is based on the L1-norm distance between probability distributions,<br />the other on information theory. We prove that the two definitions are<br />essentially equivalent. For completeness, we also show that statistical<br />counterparts of definitions of computational secrecy are essentially<br />equivalent to our main definitions. Commitment schemes are an important<br /> cryptologic primitive. Their purpose is to commit one party to a certain value,<br /> while hiding this value from the other party until some later time.<br /> We present a statistically<br />hiding commitment scheme allowing commitment to many<br />bits. The commitment and reveal protocols of this scheme are constant<br />round, and the size of a commitment is independent of the number of<br />bits committed to. This also holds for the total communication complexity,<br />except of course for the bits needed to send the secret when it<br />is revealed. The proof of the hiding property exploits the equivalence<br />of the two definitions.</p><p>Index terms -- Cryptology, Shannon theory, unconditional security,<br />statistically hiding, multi-bit commitment, similarity of ensembles<br />of distributions, zero-knowledge, protocols.</p><p> </p>

REMARKS ON A QUERY-BASED VARIANT OF THE PARALLEL REPETITION THEOREM

2001 ◽  
Vol 12 (04) ◽  
pp. 517-531
Author(s):  
OLEG VERBITSKY
Keyword(s):  
Strong Correlation ◽  
Error Probability ◽  
Cryptographic Protocols ◽  
Parallel Execution ◽  
Proof System ◽  
Interactive Proof ◽  
Parallel Repetition ◽  
Interactive Proof System

The Parallel Repetition Theorem says that n-fold parallel execution of a two-prover one-round interactive proof system reduces the error probability exponentially in n. The bound on the error probability of the parallelized system depends on the error probability and the answer size of the single proof system. It is still unknown whether the theorem holds true with a bound depending only on the query size. This kind of a bound may be preferable whenever the query size is considerably smaller than the answer size, what really happens in some cryptographic protocols. Such a bound is only known in the case that queries to the provers are independent. The present paper extends this result to some cases of strong correlation between queries. In particular, a query-based variant of the Parallel Repetition Theorem is proven when the graph of dependence between queries to the provers is a tree and, in a bit weaker form, when this graph is a cycle.

Zero Knowledge Proofs

2018 ◽  
pp. 111-123 ◽  
Author(s):  
Kannan Balasubramanian ◽  
Mala K.
Keyword(s):  
Real World ◽  
The Other ◽  
Interactive Proof ◽  
Zero Knowledge ◽  
Practical Applications ◽  
Proof Of Knowledge ◽  
Real World Applications ◽  
Special Case ◽  
Zero Knowledge Proof

Zero knowledge protocols provide a way of proving that a statement is true without revealing anything other than the correctness of the claim. Zero knowledge protocols have practical applications in cryptography and are used in many applications. While some applications only exist on a specification level, a direction of research has produced real-world applications. Zero knowledge protocols, also referred to as zero knowledge proofs, are a type of protocol in which one party, called the prover, tries to convince the other party, called the verifier, that a given statement is true. Sometimes the statement is that the prover possesses a particular piece of information. This is a special case of zero knowledge protocol called a zero-knowledge proof of knowledge. Formally, a zero-knowledge proof is a type of interactive proof.

An efficient bit commitment scheme based on factoring assumption

2001 ◽  
Vol 18 (2) ◽  
pp. 155-159
Author(s):  
Ming Zhong ◽  
Yixian Yang
Keyword(s):  
Bit Commitment ◽  
Commitment Scheme

scholarly journals An Approach to the Construction of a Recursive Argument of Polynomial Evaluation in the Discrete Log Setting

Electronics ◽  
2022 ◽  
Vol 11 (1) ◽  
pp. 131
Author(s):  
Sungwook Kim
Keyword(s):  
Class Group ◽  
Building Blocks ◽  
Security Requirements ◽  
Ideal Class ◽  
Ideal Class Group ◽  
Imaginary Quadratic Fields ◽  
Polynomial Evaluation ◽  
Commitment Scheme ◽  
Commitment Schemes ◽  
Cryptographic Assumptions

Succinct Non-interactive Arguments of Knowledge (SNARks) are receiving a lot of attention as a core privacy-enhancing technology for blockchain applications. Polynomial commitment schemes are important building blocks for the construction of SNARks. Polynomial commitment schemes enable the prover to commit to a secret polynomial of the prover and convince the verifier that the evaluation of the committed polynomial is correct at a public point later. Bünz et al. recently presented a novel polynomial commitment scheme with no trusted setup in Eurocrypt’20. To provide a transparent setup, their scheme is built over an ideal class group of imaginary quadratic fields (or briefly, class group). However, cryptographic assumptions on a class group are relatively new and have, thus far, not been well-analyzed. In this paper, we study an approach to transpose Bünz et al.’s techniques in the discrete log setting because the discrete log setting brings a significant improvement in efficiency and security compared to class groups. We show that the transposition to the discrete log setting can be obtained by employing a proof system for the equality of discrete logarithms over multiple bases. Theoretical analysis shows that the transposition preserves security requirements for a polynomial commitment scheme.

scholarly journals Fast Mutual Authentication Using RSA Moduli

2021 ◽  
Author(s):  
Anatoly Anisimov ◽  
Andrey Novokshonov
Keyword(s):  
Hash Function ◽  
Mutual Authentication ◽  
Authentication Protocol ◽  
Third Party ◽  
Interactive Proof ◽  
Zero Knowledge ◽  
Trusted Third Party ◽  
Secret Information ◽  
Mutual Authentication Protocol

We describe a fast three-round mutual authentication protocol for parties A and B belonging to the same coalition group. Parties A and B keep their own independent long-term private keys that are used in the process of authentication and can be used for other purposes. The scheme assumes an initial setup with a trusted third party T. This party initiates another secret information that includes factors of a large RSA modulus. For authentication, both parties must demonstrate each other the knowledge of their private keys without revealing them and the ability to factorize a large RSA modulus. Thus, the protocol based on the suggested scheme provides reciprocal authentication. The scheme possesses all desirable properties of an interactive proof, i.e., completeness, soundness, and zero-knowledge. The security of the protocol relies on assumptions of difficulty of the RSA factorization and existence of a cryptographic hash function.

Sign in / Sign up

Export Citation Format

Share Document