The knowledge complexity of interactive proof-systems
STOC '85 Proceedings of the seventeenth annual ACM symposium on Theory of computing
Zero knowledge proofs of identity
STOC '87 Proceedings of the nineteenth annual ACM symposium on Theory of computing
RSA and Rabin functions: certain parts are as hard as the whole
SIAM Journal on Computing - Special issue on cryptography
Minimum disclosure proofs of knowledge
Journal of Computer and System Sciences - 27th IEEE Conference on Foundations of Computer Science October 27-29, 1986
Modern cryptology
A hard-core predicate for all one-way functions
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
Primality and Cryptography
Multiparty Computations Ensuring Privacy of Each Party's Input and Correctness of the Result
CRYPTO '87 A Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology
On Generating Solved Instances of Computational Problems
CRYPTO '88 Proceedings of the 8th Annual International Cryptology Conference on Advances in Cryptology
A discrete logarithm implementation of zero-knowledge blobs
A discrete logarithm implementation of zero-knowledge blobs
Proofs that yield nothing but their validity and a methodology of cryptographic protocol design
SFCS '86 Proceedings of the 27th Annual Symposium on Foundations of Computer Science
Random self-reducibility and zero knowledge interactive proofs of possession of information
SFCS '87 Proceedings of the 28th Annual Symposium on Foundations of Computer Science
An improved protocol for demonstrating possession of discrete logarithms and some generalizations
EUROCRYPT'87 Proceedings of the 6th annual international conference on Theory and application of cryptographic techniques
Hi-index | 0.00 |
It has been proved earlier that the existence of bit commitment schemes (blobs) implies the existence of zero-knowledge proofs of information possession, which are MA-protocols (i.e. the verifier sends only independent random bits) [BrChCr], [GoMiWi].In this paper we prove the converse result in a slightly modified form: We define a concept called weakly zero-knowledge, which is like ordinary zero-knowledge, except that we only require that an honest verifier learns nothing from the protocol. We then show that if, using an MA-protocol, P can prove to V in weakly zero-knowledge, that he possesses a solution to some hard problem, then this implies the existence of a bit commitment scheme. If the original protocol is (almost) perfect zero-knowledge, then the resulting commitments are secure against an infinitely powerful receiver.Finally, we also show a similar result for a restricted class of non-MA protocols.