Quite a rich scenario is needed for implementing zero-knowledge proofs. Can one achieve the same results "with lesser ingredients__ __" Properly answering this question is the goal of this thesis. Any such answer not only is important from a purely theoretical point of view, but from a practical one as well: ability of implementing zero-knowledge proofs in a "poorer" setting would greatly enhance the applicability of these ideas.
Unfortunately, all of the ingredients seem to be necessary for zero-knowledge. In fact, we have that one-round zero-knowledge proofs (i.e., proofs where the prover sends one message and the verifier is convinced without getting any additional information) exist only for trivial BPP languages. Finally, results show that if NP-complete language have perfect zero-knowledge proofs then the polynomial hierarchy collapses to its second level. Thus, also computational difficulty seems to be necessary for non trivial zero-knowledge proofs.
In sum, any attempt to get rid of one of the three ingredients listed is doomed to failure. At least as far as we stay in the original model. The challenge is thus to propose new (but still meaningful!) models for zero-knowledge in which zero-knowledge can be achieved without using any of the three resources mentioned above. In this thesis we study the "shared-string" model. We prove that, under a specific complexity assumption, in this system is possible to obtain zero-knowledge proofs of membership for all NP languages (and also a little more) which non-interactive and in which the verifier is deterministic.
We also show how to obtain zero-knowledge proofs of knowledge in the shared-string model. Proofs of knowledge are different from proofs of membership as here the prover wants to convince the verifier that he knows a proof to the theorem at hand (not just that such a proof exists!). We provide formalization for this subtle concept and show a general procedure that, under a complexity assumption, "compiles" a zero-knowledge proof of membership into a zero-knowledge proof of knowledge. We show that wide applicability of this concept by constructing publi-key cryptosystem secure against dynamic attacks. Finally, we show that proving that one-way permutations are sufficient for the existence of zero-knowledge proofs of knowledge in the shared string model is as difficult as separating P from NP (remember that for the interactive case one-way functions are sufficient for zero-knowledge proofs of knowledge). (Abstract shortened by UMI.)
Index Terms
- Interaction in zero-knowledge proof systems
Recommendations
On the Composition of Zero-Knowledge Proof Systems
The wide applicability of zero-knowledge interactive proofs comes from the possibility of using these proofs as subroutines in cryptographic protocols. A basic question concerning this use is whether the (sequential and/or parallel) composition of zero-...
Definitions and properties of zero-knowledge proof systems
In this paper we investigate some properties of zero-knowledge proofs, a notion introduced by Goldwasser, Micali, and Rackoff. We introduce and classify two definitions of zero-knowledge: auxiliary-input zero-knowledge and blackbox-simulation zero-...
On efficient zero-knowledge PCPs
TCC'12: Proceedings of the 9th international conference on Theory of CryptographyWe revisit the question of Zero-Knowledge PCPs, studied by Kilian, Petrank, and Tardos (STOC '97). A ZK-PCP is defined similarly to a standard PCP, except that the view of any (possibly malicious) verifier can be efficiently simulated up to a small ...