Browse Theses

Quite a rich scenario is needed for implementing zero-knowledge proofs. Can one achieve the same results "with lesser ingredients__ __" Properly answering this question is the goal of this thesis. Any such answer not only is important from a purely theoretical point of view, but from a practical one as well: ability of implementing zero-knowledge proofs in a "poorer" setting would greatly enhance the applicability of these ideas.

Unfortunately, all of the ingredients seem to be necessary for zero-knowledge. In fact, we have that one-round zero-knowledge proofs (i.e., proofs where the prover sends one message and the verifier is convinced without getting any additional information) exist only for trivial BPP languages. Finally, results show that if NP-complete language have perfect zero-knowledge proofs then the polynomial hierarchy collapses to its second level. Thus, also computational difficulty seems to be necessary for non trivial zero-knowledge proofs.

In sum, any attempt to get rid of one of the three ingredients listed is doomed to failure. At least as far as we stay in the original model. The challenge is thus to propose new (but still meaningful!) models for zero-knowledge in which zero-knowledge can be achieved without using any of the three resources mentioned above. In this thesis we study the "shared-string" model. We prove that, under a specific complexity assumption, in this system is possible to obtain zero-knowledge proofs of membership for all NP languages (and also a little more) which non-interactive and in which the verifier is deterministic.

We also show how to obtain zero-knowledge proofs of knowledge in the shared-string model. Proofs of knowledge are different from proofs of membership as here the prover wants to convince the verifier that he knows a proof to the theorem at hand (not just that such a proof exists!). We provide formalization for this subtle concept and show a general procedure that, under a complexity assumption, "compiles" a zero-knowledge proof of membership into a zero-knowledge proof of knowledge. We show that wide applicability of this concept by constructing publi-key cryptosystem secure against dynamic attacks. Finally, we show that proving that one-way permutations are sufficient for the existence of zero-knowledge proofs of knowledge in the shared string model is as difficult as separating P from NP (remember that for the interactive case one-way functions are sufficient for zero-knowledge proofs of knowledge). (Abstract shortened by UMI.)