How to prove yourself: practical solutions to identification and signature problems
Proceedings on Advances in cryptology---CRYPTO '86
Lecture Notes in Computer Science on Advances in Cryptology-EUROCRYPT'88
Multi-prover interactive proofs: how to remove intractability assumptions
STOC '88 Proceedings of the twentieth annual ACM symposium on Theory of computing
The knowledge complexity of interactive proof systems
SIAM Journal on Computing
Perfect zero-knowledge in constant rounds
STOC '90 Proceedings of the twenty-second annual ACM symposium on Theory of computing
SIAM Journal on Computing
Non-Interactive Zero-Knowledge with Preprocessing
CRYPTO '88 Proceedings of the 8th Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
Multi-Language Zero Knowledge Interactive Proof Systems
CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
Hi-index | 0.00 |
In this paper we extend the notion of (single-verifier) interactive zero-knowledge proofs to (multi-verifier) broadcast proofs. In our scheme the prover broadcasts messages to many verifiers simultaneously. We consider two cases: one for which the number of rounds of messages exchanged is unbounded (as a function of the length of the common input x), and one for which it is constant. Compared to repeated single-verifier proofs (one proof for each verifier), the saving in broadcast bits is of the order of the number of verifiers in the first case, provided there are enough verifiers. More precisely, if the number of verifiers exceeds log |x| then there is "practically" no extra cost in broadcast bits by further increasing the number of verifiers. In the second case the saving in the number of rounds is "practically" |x|/log|x|. An added feature of broadcast proofs of the second type is that they are sabotage-free. Our scheme makes use of a network which directs the messages of the verifiers to the prover. The universality of the scheme derives from the way in which the network handles collisions.