We introduce Fair Zero-Knowledge, a multi-verifier ZK system where every proof is guaranteed to be “zero-knowledge for all verifiers.” That is, if an honest verifier accepts a fair zero-knowledge proof, then he is assured that all other verifiers also learn nothing more than the verity of the statement in question, even if they maliciously collude with a cheating prover.
We construct Fair Zero-Knowledge systems based on standard complexity assumptions (specifically, the quadratic residuosity assumption) and an initial, one-time use of a physically secure communication channel (specifically, each verifier sends the prover a private message in an envelope). All other communication occurs (and must occur) on a broadcast channel.
The main technical challenge of our construction consists of provably removing any possibility of using steganography in a ZK proof. To overcome this technical difficulty, we introduce tools —such as Unique Zero Knowledge— that may be of independent interest.
KeywordsProof System Honest Party Reference String Jacobi Symbol Zero Knowledge
- [BFM88]Blum, M., Feldman, P., Micali, S.: Non-interactive zero-knowledge and its applications (extended abstract). In: STOC 1988, pp. 103–112 (1988)Google Scholar
- [DGB87]Desmedt, Y., Goutier, C., Bengio, S.: Special uses and abuses of the Fiat-Shamir passport protocol. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 21–39. Springer, Heidelberg (1988)Google Scholar
- [DMP91]De Santis, A., Micali, S., Persiano, G.: Non-interactive zero-knowledge with preprocessing. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 269–282. Springer, Heidelberg (1990)Google Scholar
- [FLS90]Feige, U., Lapidot, D., Shamir, A.: Multiple non-interactive zero knowledge proofs based on a single random string. In: Proc. 31th FOCS, pp. 308–317 (1990)Google Scholar
- [GMW87]Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game. In: Proc of STOC 1987, pp. 218–229. ACM, New York (1987)Google Scholar
- [GM84]Goldwasser, S., Micali, S.: Probabilistic encryption. Journal of Computer and System Science 28(2) (1984)Google Scholar