Results 1  10
of
727,559
Noninteractive ZeroKnowledge
 SIAM J. COMPUTING
, 1991
"... This paper investigates the possibility of disposing of interaction between prover and verifier in a zeroknowledge proof if they share beforehand a short random string. Without any assumption, it is proven that noninteractive zeroknowledge proofs exist for some numbertheoretic languages for which ..."
Abstract

Cited by 216 (19 self)
 Add to MetaCart
This paper investigates the possibility of disposing of interaction between prover and verifier in a zeroknowledge proof if they share beforehand a short random string. Without any assumption, it is proven that noninteractive zeroknowledge proofs exist for some numbertheoretic languages
NonInteractive ZeroKnowledge Proofs of NonMembership
"... Abstract. Often, in privacysensitive cryptographic protocols, a party commits to a secret message m and later needs to prove thatm belongs to a language L or thatm does not belong to L (but does not want to reveal any further information). We present a method to prove in a noninteractive way that ..."
Abstract
 Add to MetaCart
introduced zeroknowledge proofs with witness elimination which enable to prove that a committed messagem belongs to a setL in such a way that the verifier accepts the interaction only ifm does not belong to a set determined by a public relation Q and some private input m ′ of the verifier. We show
On the Composition of ZeroKnowledge Proof Systems
 SIAM Journal on Computing
, 1990
"... : The wide applicability of zeroknowledge interactive proofs comes from the possibility of using these proofs as subroutines in cryptographic protocols. A basic question concerning this use is whether the (sequential and/or parallel) composition of zeroknowledge protocols is zeroknowledge too. We ..."
Abstract

Cited by 214 (15 self)
 Add to MetaCart
: The wide applicability of zeroknowledge interactive proofs comes from the possibility of using these proofs as subroutines in cryptographic protocols. A basic question concerning this use is whether the (sequential and/or parallel) composition of zeroknowledge protocols is zeroknowledge too
An Efficient NonInteractive ZeroKnowledge Proof System for NP with General Assumptions
 Journal of Cryptology
, 1995
"... We consider noninteractive zeroknowledge proofs in the shared random string model proposed by Blum, Feldman and Micali [BFM88]. Until recently there was a sizable polynomial gap between the most efficient noninteractive proofs for NP based on general complexity assumptions [FLS90] versus those base ..."
Abstract

Cited by 25 (1 self)
 Add to MetaCart
We consider noninteractive zeroknowledge proofs in the shared random string model proposed by Blum, Feldman and Micali [BFM88]. Until recently there was a sizable polynomial gap between the most efficient noninteractive proofs for NP based on general complexity assumptions [FLS90] versus those
Lower Bounds For Noninteractive Zeroknowledge
, 2007
"... We establish new lower bounds and impossibility results for noninteractive zeroknowledge proofs and arguments with setup assumptions. – For the common random string model, we exhibit a lower bound for the tradeoff between hardness assumptions and the length of the random string for noninteract ..."
Abstract
 Add to MetaCart
We establish new lower bounds and impossibility results for noninteractive zeroknowledge proofs and arguments with setup assumptions. – For the common random string model, we exhibit a lower bound for the tradeoff between hardness assumptions and the length of the random string for noninteractive
Noninteractive ZeroKnowledge from Homomorphic Encryption
 In TCC 2006
"... Abstract. We propose a method for compiling a class of Σprotocols (3move publiccoin protocols) into noninteractive zeroknowledge arguments. The method is based on homomorphic encryption and does not use random oracles. It only requires that a private/public key pair is set up for the verifier. ..."
Abstract

Cited by 12 (0 self)
 Add to MetaCart
Abstract. We propose a method for compiling a class of Σprotocols (3move publiccoin protocols) into noninteractive zeroknowledge arguments. The method is based on homomorphic encryption and does not use random oracles. It only requires that a private/public key pair is set up for the verifier
Concurrent ZeroKnowledge
 IN 30TH STOC
, 1999
"... Concurrent executions of a zeroknowledge protocol by a single prover (with one or more verifiers) may leak information and may not be zeroknowledge in toto. In this paper, we study the problem of maintaining zeroknowledge We introduce the notion of an (; ) timing constraint: for any two proces ..."
Abstract

Cited by 177 (18 self)
 Add to MetaCart
interactive proofs and perfect concurrent zeroknowledge arguments for every language in NP . We also address the more specific problem of Deniable Authentication, for which we propose several particularly efficient solutions. Deniable Authentication is of independent interest, even in the sequential case
New Techniques for Noninteractive ZeroKnowledge
"... Noninteractive zeroknowledge (NIZK) proof systems are fundamental primitives used in many cryptographic constructions, including CCA2secure cryptosystems, digital signatures, and various cryptographic protocols. We introduce new techniques for constructing NIZK proofs based on groups with a bilin ..."
Abstract
 Add to MetaCart
Noninteractive zeroknowledge (NIZK) proof systems are fundamental primitives used in many cryptographic constructions, including CCA2secure cryptosystems, digital signatures, and various cryptographic protocols. We introduce new techniques for constructing NIZK proofs based on groups with a
Efficient NonInteractive ZeroKnowledge Proofs of Circuit Satisfiability
 Institut for Matematik og Datalogi, Odense Universitet, Preprints 1994, Nr. 1, ISSN
, 1994
"... We show how to construct a "zeroknowledge proof" that a circuit of size m is satisfiable. The proof is a string of length O(m lg m) which is constructed (and can be verified) using a trusted random string of length O(m lg m). The probability of failure or of cheating is exponentially smal ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
of using it. Thus, these "proofs" are essentially noninteractive zeroknowledge proofs, with a couple of changes to the standard definition, though they can easily be modified to fit the standard definition. The techniques used yield more efficient "proofs" than those previously known
Efficient Cryptographic Primitives for NonInteractive ZeroKnowledge Proofs and Applications
, 2011
"... Noninteractive zeroknowledge (NIZK) proofs have enjoyed much interest in cryptography since they were introduced more than twenty years ago by Blum et al. [BFM88]. While quite useful when designing modular cryptographic schemes, until recently NIZK could be realized efficiently only using certain ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
Noninteractive zeroknowledge (NIZK) proofs have enjoyed much interest in cryptography since they were introduced more than twenty years ago by Blum et al. [BFM88]. While quite useful when designing modular cryptographic schemes, until recently NIZK could be realized efficiently only using certain
Results 1  10
of
727,559