amit sahai::Gave impossibility results for one shot zeroknowledge protocols in the.These two results are not contradictory, as the impossibility result of goldreich and oren does not hold in the or the.
The model influences the properties that can be obtained from a zeroknowledge protocol.
Pass showed that in the common reference string model noninteractive zeroknowledge protocols do not preserve all of the properties of interactive zeroknowledge protocols, e.
They do not preserve deniability.
Noninteractive zeroknowledge proofs can also be obtained in the using the.
In such a system each proof requires its own fresh common reference string.
A common reference string in general is not a random string.
It may, for instance, consist of randomly chosen group elements that all protocol parties use.
Subsequently, feige, lapidot, and introduced multitheorem zeroknowledge proofs as a more versatile notion for noninteractive zero knowledge proofs.
In this model the prover and the verifier are in possession of a reference string sampled from a distribution d.
To prove statement with witness w , the prover runs to the verifier.
To account for the fact that may influence the statements that are being proven, the witness relation can be generalized to.
More formally, for all k , all , and all except with some small probability.
The upper bound of this probability is referred to as the soundness error of a proof system.
More formally, for every malicious prover , there exists a the above definition requires the soundness error to be negligible in the security parameter k.
By increasing k the soundness error can be made arbitrary small.
If the soundness error is 0 for all k , we speak of perfect soundness.
Has led to several cryptographic advancements.
One of this advancements are more powerful and more efficient noninteractive zeroknowledge proofs.
The seminal idea was to hide the values for the evaluation of the pairing in a.
Using different commitment schemes, this idea was used to build zeroknowledge proof systems under the and under the.
These proof systems prove , and thus by the allow to prove membership for every language in np.
The size of the common reference string and the proofs is relatively small, however transforming a statement into a boolean circuit causes a considerable overhead.
Proof systems under the , , and that allow to directly proof the pairing product equations that are common in have been proposed.
Noninteractive zeroknowledge and its applications.
Definitions and properties of zeroknowledge proof systems.
On deniability in the common reference string and random oracle model.
Advances in cryptology crypto 2003.
Eurocrypt 2006: 339358 jens groth, rafail ostrovsky, amit sahai: noninteractive zaps and new techniques for nizk.
Crypto 2006: 97111 jens groth, amit sahai: efficient noninteractive proof systems for bilinear groups.
No comments:
Post a Comment