Abstract
The fact that there axe zero-knowledge proofs for all languages in NP has, potentially, enormous implications to cryptography. For cryptographers, the issue is no longer “which languages in NP have zero-knowledge proofs” but rather “which languages in NP have practical zero-knowledge proofs”. Thus, the concrete complexity of zero-knowledge proofs for different languages must be established.
In this paper, we study the concrete complexity of the known general meth- ods for constructing zero-knowledge proofs. We establish that circuit-based methods have the potential of producing proofs which can be used in prac- tice. Then we introduce several techniques which greatly reduce the concrete complexity of circuit-based proofs. In order to show that our protocols yield proofs of knowledge, we show how to extend the Feige-Fiat-Shamir definition for proofs of knowledge to the model of Brassard-Chaum-Crépeau. Finally, we present techniques for improving the efficiency of protocols which involve arith- metic computations, such as modular addition, subtraction, and multiplication, and greatest common divisor.
Supported in part by NSA Grant Number MDA904-88-H-2006.
Supported in part by NSF Grant Number CCR-8909657.
Chapter PDF
Similar content being viewed by others
References
J. C. Benaloh. Cryptographic capsules: A disjunctive primitive for interactive protocols. In Advances in Cryptology-proceedings of CRYPTO 86, Lecture Notes in Computer Science, pages 213–222 Springer-Verlag, 1987.
M. Blum and S. Kannan. Designing programs that check their work. Proceedings of the 21th Annual ACM Symposium on the Theory of Computing, pages 86–97, 1989.
J. Boyar, M. Krentel, and S. Kurtz. A discrete logarithm implementation of zero-knowledge blobs. Technical Report 87-002, University of Chicago, 1987. To appear in Journal of Cryptology.
G. Brassard, D. Chaum, and C. Crépeau. Minimum disclosure proofs of knowledge. Journal of Computer and System Sciences, 37:156–189, 1988.
G. Brassard and C. Crépeau. Nontransitive transfer of confidence: a perfect zero-knowledge interactive protocol for Sat and beyond. In Proceedings of the 27th IEEE Symposium on the Foundations of Computer Science, pages 188–195, 1986.
G. Brassard and C. Crépeau. Zero-knowledge simulation of boolean circuits. In Advances in Cryptology-proceedings of CRYPTO 86, Lecture Notes in Computer Science, pages 223–233. Springer-Verlag, 1987.
D. Chaum. Demonstrating that a public predicate can be satisfied without revealing any information about how. In Advances in Cryptology-proceedings of CRYPTO 86, Lecture Notes in Computer Science, pages 195–199. Springer-Verlag, 1987.
D. Chaum, I. Damgård, and J. van de Graaf. Multiparty computations ensuring privacy of each party’s input and correctness of the result. In Advances in Cryptology-proceedings of CRYPTO 87, Lecture Notes in Computer Science, pages 87–119. Springer-Verlag, 1988.
P.L. Chebyshev. Mémoire sur les nombres premiers. J. Math. Pures et Appl, (I)(17):366–390, 1852.
S. A. Cook. The complexity of theorem-proving procedures. In Proceedings of the 3rd Annual ACM Symposium on the Theory of Computing, pages 151–158, 1971.
B. den Boer. An efficiency improvement to prove satisfiability with zero knowledge with public key. In Advances in Cryptology-proceedings of EUROCRYPT 89, Lecture Notes in Computer Science, 1989. To appear.
U. Feige, A. Fiat, and A. Shamir. Zero-knowledge proofs of identity. Journal of Cryptology, 1(2):77–94,1988.
M.R. Garey, D.S. Johnson, and L. Stockmeyer. Some simplified np-complete graph problems. Theoretical Computer Science, 1:237–267, 1976.
O. Goldreich, S. Micali, and A. Wigderson. Proofs that yield nothing but their validity and a methodology of cryptographic protocol design. In 27th. IEEE Symposium on Foundations of Computer Science, pages 174–187, 1986.
S. Goldwasser and S. Micali. Probabilistic encryption. Journal of Computer and System Sciences, 28:270–299, 1984.
S. Goldwasser, S. Micali, and C. Rackoff. The knowledge complexity of interactive proof-systems. SIAM Journal of Computation, 18(l):186–208, 1989.
R. Impagliazzo and M. Yung. Direct minimum-knowledge computations. In Advances in Cryptology-proceedings of CRYPTO 87, Lecture Notes in Computer Science, pages 40–51. Springer-Verlag, 1988.
J. Kilian, S. Micali, and R. Ostrovsky. Efficient zero-knowledge proofs with bounded interaction. In Advances in Cryptology-proceedings of CRYPTO 89, Lecture Notes in Computer Science. Springer-Verlag, 1990. To appear.
W. LeVeque. Fundamentals of Number Theory. Addison-Wesley, 1977.
N. Pippenger and M. Fischer. Relations among complexity measures. Journal of the Association for Computing Machinery, 23:361–381, 1979.
J. Rosser and L. Schoenfeld. Approximate formulas for some functions of prime numbers. Illinois Journal of Mathematics, 6:64–94, 1962.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1990 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Boyar, J., Peralta, R. (1990). On the concrete complexity of zero-knowledge proofs. In: Brassard, G. (eds) Advances in Cryptology — CRYPTO’ 89 Proceedings. CRYPTO 1989. Lecture Notes in Computer Science, vol 435. Springer, New York, NY. https://doi.org/10.1007/0-387-34805-0_45
Download citation
DOI: https://doi.org/10.1007/0-387-34805-0_45
Published:
Publisher Name: Springer, New York, NY
Print ISBN: 978-0-387-97317-3
Online ISBN: 978-0-387-34805-6
eBook Packages: Springer Book Archive