Non-Interactive Zero-Knowledge: A Low-Randomness Characterization of NP
ICAL '99 Proceedings of the 26th International Colloquium on Automata, Languages and Programming
Committed Oblivious Transfer and Private Multi-Party Computation
CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
Black-Box Constructions of Two-Party Protocols from One-Way Functions
TCC '09 Proceedings of the 6th Theory of Cryptography Conference on Theory of Cryptography
| Hi-index | 0.00 |
We consider the basic cryptographic primitive known as zero-knowledge proofs on committed bits. In this primitive, a prover P commits to a set of bits, and then at a later time convinces a verifier V that some property /spl Pscr/ holds for a subset of these bits. It is known how to implement this primitive based on an ordinary bit-committal primitive, but the standard implementations involve a great deal of interaction between the prover and the verifier. We introduce new implementations that require markedly less interaction. We implement bounded-interaction proofs on committed bits, generalizing a model of A. De Micali et al. (1988). For all security parameters, our implementations require only a lg/sup 2/ (n) overhead over the best known circuit-based interactive implementations; for sufficiently large security parameters this gap drops to a lg(n) factor.