ABSTRACT
We present a general construction of a zero-knowledge proof for an NP relation R(x,w) which only makes a black-box use of a secure protocol for a related multi-partyfunctionality f. The latter protocol is only required to be secure against a small number of "honest but curious" players. As an application, we can translate previous results on the efficiency of secure multiparty computation to the domain of zero-knowledge, improving over previous constructions of efficient zero-knowledge proofs. In particular, if verifying R on a witness of length m can be done by a circuit C of size s, and assuming one-way functions exist, we get the following types of zero-knowledge proof protocols.
Approaching the witness length. If C has constant depth over ∧,∨,⊕, - gates of unbounded fan-in, we get a zero-knowledge protocol with communication complexity m·poly(k)·polylog(s), where k is a security parameter. Such a protocol can be implemented in either the standard interactive model or, following a trusted setup, in a non-interactive model.
"Constant-rate" zero-knowledge. For an arbitrary circuit C of size s and a bounded fan-in, we geta zero-knowledge protocol with communication complexity O(s)+poly(k). Thus, for large circuits, the ratio between the communication complexity and the circuit size approaches a constant. This improves over the O(ks) complexity of the best previous protocols.
- O. Barkol and Y. Ishai. Secure Computation of Constant-Depth Circuits with Applications to Database Search Problems. In Proc. Crypto 2005, pages 395--411. Google ScholarDigital Library
- M. Bellare, S. Micali, and R. Ostrovsky. The (True) Complexity of Statistical Zero Knowledge. In Proc. of 22nd STOC, pages 494--502, 1990. Google ScholarDigital Library
- M. Ben-Or, S. Goldwasser, and A. Wigderson. Completeness theorems for non-cryptographic fault-tolerant all distributed computation. In Proc. of 20th STOC, pages 1--10, 1988. Google ScholarDigital Library
- M. Blum. Coin Flipping by Telephone - A Protocol for Solving Impossible Problems. In Proc. COMPCON 1982: 133--137.Google Scholar
- J. Boyar, G. Brassard and R. Peralta. Subquadratic zero-knowledge. J. ACM, 42(6), pages 1169--1193, 1995. Earlier version in FOCS '91. Google ScholarDigital Library
- J. Boyar, I. Damgård and R. Peralta. Short Non-interactive Cryptographic Proofs. J. Cryptology 13(4): 449--472 (2000).Google ScholarDigital Library
- R. Canetti. Security and composition of multiparty cryptographic protocols. In J. of Cryptology, 13(1), 2000.Google ScholarDigital Library
- D. Chaum, C. Crépeau, and I. Damgård. Multiparty unconditionally secure protocols (extended abstract). In Proc. of 20th STOC, pages 11--19, 1988. Google ScholarDigital Library
- H. Chen and R. Cramer. Algebraic Geometric Secret Sharing Schemes and Secure Multi-Party Computations over Small Fields. In Proc. Crypto 2006. Google ScholarDigital Library
- R. Cramer and I. Damgård. Linear Zero-Knowledge - A Note on Efficient Zero-Knowledge Proofs and Arguments. In Proc. STOC 1997, pages 436--445. Google ScholarDigital Library
- R. Cramer and I. Damgård. Zero-Knowledge Proofs for Finite Field Arithmetic; or: Can Zero-Knowledge be for Free? In Proc. CRYPTO 1998, pages 424--441. Google ScholarDigital Library
- I. Damgård and Y. Ishai. Constant-Round Multiparty Computation Using a Black-Box Pseudorandom Generator. In CRYPTO 2005, Springer-Verlag (LNCS 3621), pages 378--394, 2005. Google ScholarDigital Library
- I. Damgård and Y. Ishai. Scalable Secure Multiparty Computation. In Proc. CRYPTO 2006, pages 501--520. Google ScholarDigital Library
- S. Even, O. Goldreich and A. Lempel. A Randomized Protocol for Signing Contracts. In Communications of the ACM, 28(6):637--647, 1985. Google ScholarDigital Library
- M. K. Franklin and M. Yung. Communication Complexity of Secure Computation (Extended Abstract). STOC 1992: 699--710. Google ScholarDigital Library
- O. Goldreich. Foundations of Cryptography: Basic Tools. Cambridge University Press, 2001. Google ScholarDigital Library
- O. Goldreich. Foundations of Cryptography: Basic Applications. Cambridge University Press, 2004. Google ScholarDigital Library
- O. Goldreich and A. Kahan. How to Construct Constant-Round Zero-Knowledge Proof Systems for NP. J. Cryptology 9(3): 167--190 (1996)Google ScholarCross Ref
- S. Goldwasser, S. Micali, and C. Rackoff. The Knowledge Complexity of Interactive Proof Systems. SIAM J. Comput., Vol. 18, No. 1, pp. 186--208, 1989. Google ScholarDigital Library
- O. Goldreich and J. Håstad. On the Complexity of Interactive Proofs with Bounded Communication. Inf. Process. Lett. 67(4): 205--214, 1998. Google ScholarDigital Library
- O. Goldreich, S. Micali, and A. Wigderson. How to Prove all NP-Statements in Zero-Knowledge, and a Methodology of Cryptographic Protocol Design. In CRYPTO 1986, pages 171--185. Google ScholarDigital Library
- O. Goldreich, S. Micali, and A. Wigderson. How to play any mental game (extended abstract). In Proc. of 19th STOC, pages 218--229, 1987. Google ScholarDigital Library
- J. Groth, R. Ostrovsky, and A. Sahai. Perfect Non-interactive Zero Knowledge for NP. In Proc. EUROCRYPT 2006, pages 339--358. Google ScholarDigital Library
- I. Haitner and O. Reingold. Statistically-Hiding Commitment from Any One-Way Function. These proceedings.Google Scholar
- J. Håstad, R. Impagliazzo, L.A. Levin, and M. Luby. A Pseudorandom Generator from any One-way Function. SIAM J. Comput. 28(4): 1364--1396 (1999). Google ScholarDigital Library
- R. Impagliazzo and S. Rudich. Limits on the Provable Consequences of One-way Permutations. In CRYPTO'88, Springer-Verlag (LNCS 403), pages 8--26, 1988. Google ScholarDigital Library
- Y. Ishai, E. Kushilevitz, Y. Lindell, and E. Petrank. Black-box constructions for secure computation. In Proc. STOC 2006, pages 99--108. Google ScholarDigital Library
- Y.T. Kalai and R. Raz. Succinct Non-Interactive Zero-Knowledge Proofs with Preprocessing for LOGSNP. In Proc. of 47th FOCS, pages 355--366, 2006. Google ScholarDigital Library
- Y.T. Kalai and R. Raz. Interactive PCP. Manuscript, 2007.Google Scholar
- J. Kilian. Founding Cryptograph on Oblivious Transfer. In 20th STOC, pages 20--31, 1988. Google ScholarDigital Library
- J. Kilian. A Note on Efficient Zero-Knowledge Proofs and Arguments (Extended Abstract). STOC 1992, pages 723--732. Google ScholarDigital Library
- J. Kilian and E. Petrank. An Efficient Noninteractive Zero-Knowledge Proof System for NP with General Assumptions. J. Cryptology 11(1), pages 1--27, 1998.Google Scholar
- S. Micali. Computationally Sound Proofs. SIAM Journal on Computing, 30(4):1253--1298, 2000. Google ScholarDigital Library
- M. Naor. Bit commitment using pseudorandomness. J. of Cryptology, 4:151--158, 1991.Google ScholarDigital Library
- J. Naor and M. Naor. Small-bias probability spaces: Efficient constructions and all applications. SIAM J. Comput., 22(4):838--856, 1993. Preliminary version in Proc. STOC '90. Google ScholarDigital Library
- M. Naor and K. Nissim. Communication preserving protocols for secure function evaluation. In Proc. 33rd STOC, pages 590--599, 2001. Google ScholarDigital Library
- M. Prabhakaran, A. Rosen, and A. Sahai. Concurrent Zero-Knowledge with Logarithmic Round Complexity. In Proc. of FOCS 2002. Google ScholarDigital Library
- M. Rabin. How to Exchange Secrets by Oblivious Transfer. Tech. Memo TR-81, Aiken Computation Laboratory, Harvard U., 1981.Google Scholar
- T. Rabin and M. Ben-Or. Verifiable secret sharing and multiparty protocols with honest all majority. In Proc. of 21st STOC, pages 73--85, 1989. Google ScholarDigital Library
- A. Razborov. Lower bounds for the size of circuits of bounded depth with basis all(AND, XOR). Math. Notes of the Academy of Science of the USSR, all 41(4):333--338, 1987.Google Scholar
- O. Reingold, L. Trevisan, and S. P. Vadhan. Notions of Reducibility between Cryptographic Primitives. TCC 2004: 1--20.Google Scholar
- A. Rosen. A Note on Constant Round Zero Knowledge Proofs for NP. In Proc. 1st TCC, 2004.Google ScholarCross Ref
- A. Shamir. How to share a secret. Commun. ACM, 22(6):612--613, June 1979. Google ScholarDigital Library
- R. Smolensky. Algebric methods in the theory of lower bound for boolean circuit all complexity. In Proc. of the 19h Annual ACM Symposium on the Theory of all Computing (STOC), pages 77--82, 1987. Google ScholarDigital Library
- A.C. Yao. How to generate and exchange secrets. In Proc. 27th FOCS, pp. 162--167, 1986.Google ScholarDigital Library
- Zero-knowledge from secure multiparty computation
Recommendations
Global-Scale Secure Multiparty Computation
CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications SecurityWe propose a new, constant-round protocol for multi-party computation of boolean circuits that is secure against an arbitrary number of malicious corruptions. At a high level, we extend and generalize recent work of Wang et al. in the two-party setting. ...
Zero-Knowledge Proofs from Secure Multiparty Computation
A zero-knowledge proof allows a prover to convince a verifier of an assertion without revealing any further information beyond the fact that the assertion is true. Secure multiparty computation allows $n$ mutually suspicious players to jointly compute a ...
Black-Box Constructions of Protocols for Secure Computation
In this paper, we study the question of whether or not it is possible to construct protocols for general secure computation in the setting of malicious adversaries and no honest majority that use the underlying primitive (e.g., enhanced trapdoor ...
Comments