Non-interactive zero-knowledge and its applications
STOC '88 Proceedings of the twentieth annual ACM symposium on Theory of computing
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Non-Interactive Zero-Knowledge: A Low-Randomness Characterization of NP
ICAL '99 Proceedings of the 26th International Colloquium on Automata, Languages and Programming
Zero-Knowledge Proofs of Possession of Digital Signatures and Its Applications
ICICS '99 Proceedings of the Second International Conference on Information and Communication Security
Provably Secure and Practical Identification Schemes and Corresponding Signature Schemes
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
Efficient Group Signature Schemes for Large Groups (Extended Abstract)
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Zero-Knowledge Proofs for Finite Field Arithmetic; or: Can Zero-Knowledge be for Free?
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Randomness-Optimal Characterization of Two NP Proof Systems
RANDOM '02 Proceedings of the 6th International Workshop on Randomization and Approximation Techniques
Multiple non-interactive zero knowledge proofs based on a single random string
SFCS '90 Proceedings of the 31st Annual Symposium on Foundations of Computer Science
Batch Verification of Short Signatures
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
Discrete Applied Mathematics
Fast exponentiation with precomputation
EUROCRYPT'92 Proceedings of the 11th annual international conference on Theory and application of cryptographic techniques
Non-interactive circuit based proofs and non-interactive perfect zero-knowledge with preprocessing
EUROCRYPT'92 Proceedings of the 11th annual international conference on Theory and application of cryptographic techniques
Efficient non-interactive proof systems for bilinear groups
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Risk assurance for hedge funds using zero knowledge proofs
FC'05 Proceedings of the 9th international conference on Financial Cryptography and Data Security
Evaluating 2-DNF formulas on ciphertexts
TCC'05 Proceedings of the Second international conference on Theory of Cryptography
Non-interactive zaps and new techniques for NIZK
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
Perfect non-interactive zero knowledge for NP
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
Pairing-Friendly elliptic curves of prime order
SAC'05 Proceedings of the 12th international conference on Selected Areas in Cryptography
IEEE Transactions on Information Theory
| Hi-index | 0.00 |
Showing that a circuit is satisfiable without revealing information is a key problem in modern cryptography. The related (and more general) problem of showing that a circuit evaluates to a particular value if executed on the input contained in a public commitment has potentially multiple practical applications. Although numerous solutions for the problem had been proposed, their practical applicability is poorly understood. In this paper, we take an important step towards moving existent solutions to practice. We implement and evaluate four solutions for the problem. We investigate solutions both in the common reference string model and the random oracle model. In particular, in the CRS model we use the recent techniques of Groth---Sahai for proofs that use bilinear groups in the asymmetric pairings environment. We provide various optimizations to the different solutions we investigate. We present timing results for two circuits the larger of which is an implementation of AES that uses about 30000 gates.