Broadcast interactive proofs

Authors:
Mike Burmester;Yvo Desmedt
Affiliations:
Dept. of Mathematics, RHBNC - University of London, Egham, Surrey, UK;Dept. of EE&CS, Milwaukee
Venue:
EUROCRYPT'91 Proceedings of the 10th annual international conference on Theory and application of cryptographic techniques
Year:
1991

Citing 9
Cited 0

How to prove yourself: practical solutions to identification and signature problems

Proceedings on Advances in cryptology---CRYPTO '86
A practical zero-knowledge protocol fitted to security microprocessor minimizing both transmission and memory

Lecture Notes in Computer Science on Advances in Cryptology-EUROCRYPT'88
Multi-prover interactive proofs: how to remove intractability assumptions

STOC '88 Proceedings of the twentieth annual ACM symposium on Theory of computing
The knowledge complexity of interactive proof systems

SIAM Journal on Computing
Perfect zero-knowledge in constant rounds

STOC '90 Proceedings of the twenty-second annual ACM symposium on Theory of computing
Noninteractive zero-knowledge

SIAM Journal on Computing
Non-Interactive Zero-Knowledge with Preprocessing

CRYPTO '88 Proceedings of the 8th Annual International Cryptology Conference on Advances in Cryptology
Abritrated Unconditionally Secure Authentication Can Be Unconditionally Protected Against Arbiter's Attacks (Extended Abstract)

CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
Multi-Language Zero Knowledge Interactive Proof Systems

CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper we extend the notion of (single-verifier) interactive zero-knowledge proofs to (multi-verifier) broadcast proofs. In our scheme the prover broadcasts messages to many verifiers simultaneously. We consider two cases: one for which the number of rounds of messages exchanged is unbounded (as a function of the length of the common input x), and one for which it is constant. Compared to repeated single-verifier proofs (one proof for each verifier), the saving in broadcast bits is of the order of the number of verifiers in the first case, provided there are enough verifiers. More precisely, if the number of verifiers exceeds log |x| then there is "practically" no extra cost in broadcast bits by further increasing the number of verifiers. In the second case the saving in the number of rounds is "practically" |x|/log|x|. An added feature of broadcast proofs of the second type is that they are sabotage-free. Our scheme makes use of a network which directs the messages of the verifiers to the prover. The universality of the scheme derives from the way in which the network handles collisions.