Broadcast interactive proofs

  • Authors:
  • Mike Burmester;Yvo Desmedt

  • Affiliations:
  • Dept. of Mathematics, RHBNC - University of London, Egham, Surrey, UK;Dept. of EE&CS, Milwaukee

  • Venue:
  • EUROCRYPT'91 Proceedings of the 10th annual international conference on Theory and application of cryptographic techniques
  • Year:
  • 1991

Quantified Score

Hi-index 0.00

Visualization

Abstract

In this paper we extend the notion of (single-verifier) interactive zero-knowledge proofs to (multi-verifier) broadcast proofs. In our scheme the prover broadcasts messages to many verifiers simultaneously. We consider two cases: one for which the number of rounds of messages exchanged is unbounded (as a function of the length of the common input x), and one for which it is constant. Compared to repeated single-verifier proofs (one proof for each verifier), the saving in broadcast bits is of the order of the number of verifiers in the first case, provided there are enough verifiers. More precisely, if the number of verifiers exceeds log |x| then there is "practically" no extra cost in broadcast bits by further increasing the number of verifiers. In the second case the saving in the number of rounds is "practically" |x|/log|x|. An added feature of broadcast proofs of the second type is that they are sabotage-free. Our scheme makes use of a network which directs the messages of the verifiers to the prover. The universality of the scheme derives from the way in which the network handles collisions.