Results 1  10
of
10
ConstantRound Perfect ZeroKnowledge Computationally Convincing Protocols
, 1991
"... A perfect zeroknowledge interactive protocol allows a prover to convince a verifier of the validity of a statement in a way that does not give the verifier any additional information [GMR,GMW]. Such protocols take place by the exchange of messages back and forth between the prover and the verifier. ..."
Abstract

Cited by 45 (5 self)
 Add to MetaCart
A perfect zeroknowledge interactive protocol allows a prover to convince a verifier of the validity of a statement in a way that does not give the verifier any additional information [GMR,GMW]. Such protocols take place by the exchange of messages back and forth between the prover and the verifier. An important measure of efficiency for these protocols is the number of rounds in the interaction. In previously known perfect zeroknowledge protocols for statements concerning NPcomplete problems [BCC], at least k rounds were necessary in order to prevent one party from having a probability of undetected cheating greater than 2 \Gammak . In this paper, we give the first perfect zeroknowledge protocol that offers arbitrarily high security for any statement in NP with a constant number of rounds. The protocol is computationally convincing (rather than statistically convincing as would have been an interactive proofsystem in the sense of Goldwasser, Micali and Rackoff) because the ver...
Everything in NP can be argued in perfect zeroknowledge in a bounded number of rounds
, 1989
"... A perfect zeroknowledge interactive protocol allows a prover to convince a verifier of the validity of a statement in a way that does not give the verifier any additional information [GMR,GMW]. Such protocols take place by the exchange of messages back and forth between the prover and the verifier. ..."
Abstract

Cited by 34 (5 self)
 Add to MetaCart
A perfect zeroknowledge interactive protocol allows a prover to convince a verifier of the validity of a statement in a way that does not give the verifier any additional information [GMR,GMW]. Such protocols take place by the exchange of messages back and forth between the prover and the verifier. An important measure of efficiency for these protocols is the number of rounds in the interaction. In previously known perfect zeroknowledge protocols for statements concerning NPcomplete problems [BCC], at least k rounds were necessary in order to prevent one party from having a probability of undetected cheating greater than 2 k . In this paper, we give the first perfect zeroknowledge protocol that offers arbitrarily high security for any statement in NP with a constant number of rounds (under the assumption that it is possible to find a prime p with known factorization of p 1 such that it is infeasible to compute discrete logarithms modulo p even for someone who knows the factors o...
Subquadratic ZeroKnowledge
, 1995
"... We improve on the communication complexity of zeroknowledge proof systems. Let C be a boolean circuit of size n. Previous zeroknowledge proof systems for the satisfiability of C require the use of \Omega\Gamma kn) bit commitments in order to achieve a probability of undetected cheating below 2 \G ..."
Abstract

Cited by 13 (3 self)
 Add to MetaCart
We improve on the communication complexity of zeroknowledge proof systems. Let C be a boolean circuit of size n. Previous zeroknowledge proof systems for the satisfiability of C require the use of \Omega\Gamma kn) bit commitments in order to achieve a probability of undetected cheating below 2 \Gammak . In the case k = n, the communication complexity of these protocols is therefore\Omega\Gamma n 2 ) bit commitments. In this paper, we present a zeroknowledge proof system for achieving the same goal with only O(n 1+"n + k p n 1+"n ) bit commitments, where " n goes to zero as n goes to infinity. In the case k = n, this is O(n p n 1+"n ). Moreover, only O(k) commitments need ever be opened, which is interesting if it is substantially less expensive to commit to a bit than to open a commitment. A preliminary version of this paper appeared in the Proceedings of the 32nd Annual IEEE Symposium on Foundations of Computer Science, October 1991. y Supported in part by NSA Gr...
Computationally convincing proofs of knowledge (Extended Abstract)
 Proc. of the 8th STACS
, 1991
"... this paper, we give a more general definition, which is capable of taking into account very adversarial behaviour from the prover. We also prove that constantround arguments for NP ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
this paper, we give a more general definition, which is capable of taking into account very adversarial behaviour from the prover. We also prove that constantround arguments for NP
Some facets of complexity theory and cryptography: A fivelecture tutorial
 CRC Press Series on Discrete Mathematics and Its Applications
, 1997
"... In this tutorial, selected topics of cryptology and of computational complexity theory are presented. We give a brief overview of the history and the foundations of classical cryptography, and then move on to modern publickey cryptography. Particular attention is paid to cryptographic protocols and ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
In this tutorial, selected topics of cryptology and of computational complexity theory are presented. We give a brief overview of the history and the foundations of classical cryptography, and then move on to modern publickey cryptography. Particular attention is paid to cryptographic protocols and the problem of constructing key components of protocols such as oneway functions. A function is oneway if it is easy to compute, but hard to invert. We discuss the notion of oneway functions both in a cryptographic and in a complexitytheoretic setting. We also consider interactive proof systems and present some interesting zeroknowledge protocols. In a zeroknowledge protocol, one party can convince the other party of knowing some secret information without disclosing any bit of this information. Motivated by these protocols, we survey some complexitytheoretic results on interactive proof systems and related complexity classes.
Computational and Statistical Indistinguishabilities
, 1994
"... We prove that a pair of polynomially samplable distributions are statistically indistinguishable if and only if no polynomial size circuits relative to NP sets (P NP nu distinguishers) can tell them apart. As one application of this observation, we classify "zeroknowledge" notions that are used f ..."
Abstract
 Add to MetaCart
We prove that a pair of polynomially samplable distributions are statistically indistinguishable if and only if no polynomial size circuits relative to NP sets (P NP nu distinguishers) can tell them apart. As one application of this observation, we classify "zeroknowledge" notions that are used for interactive protocols. 1. Introduction For any pair of probability distributions, we say that they are computationally indistinguishable [GM84, Yao82] if no polynomial size circuits (which are called P nu distinguishers) can tell them apart, and we say that they are statistically indistinguishable [GMR89] if no distinguishers (that could be infinitely powerful) can tell them apart. (See Section 2.1 for the precise definition.) Intuitively, a pair of statistically indistinguishable distributions are "statistically" so close to each other that no one can find their difference, while a pair of computationally indistinguishable distributions may be statistically different, but such a dif...
Do You Know What I Know?
, 1999
"... Contents 1 Spin Up 2 1.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.2 Interactive Proof . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.2.1 Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.3 Zero Knowledge . . . . . . . . . . . . . . . ..."
Abstract
 Add to MetaCart
Contents 1 Spin Up 2 1.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.2 Interactive Proof . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.2.1 Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.3 Zero Knowledge . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.3.1 Back to the Tunnels . . . . . . . . . . . . . . . . . . . . . 5 1.3.2 0 6= 0? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2 Examples and Applications 8 2.1 Graph Isomorphism . . . . . . . . . . . . . . . . . . . . . . . . . 8 2.1.1 Auto Club . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 2.2 Quadratic Residues . . . . . . . . . . . . . . . . . . . . . . . . . . 11 3 Welcome to the next level 13 3.1 Simple Complexity . . . . . . . . . . . . . . . . . . . . . . . . . . 13 3.2 Bitstrings are Forever . . . . . . . . . . . . . . . . . . . . . . . . 14 3.2.1 Symmetriccryptog
unknown title
"... The literature of cryptography has a curious history. Secrecy, of course, has always played a central role, but until the First World War, important developments appeared in print in a more or less timely fashion and the field moved forward in much the same way as other specialized disciplines. As l ..."
Abstract
 Add to MetaCart
The literature of cryptography has a curious history. Secrecy, of course, has always played a central role, but until the First World War, important developments appeared in print in a more or less timely fashion and the field moved forward in much the same way as other specialized disciplines. As late as 1918, one of the most influential cryptanalytic papers of the twentieth century, William F. Friedman’s monograph The Index of Coincidence and Its Applications in Cryptography, appeared as a research report of the private Riverbank Laboratories [577]. And this, despite the fact that the work had been done as part of the war effort. In the same year Edward H. Hebern of Oakland, California filed the first patent for a rotor machine [710], the device destined to be a mainstay of military cryptography for nearly 50 years. After the First World War, however, things began to change. U.S. Army and Navy organizations, working entirely in secret, began to make fundamental advances in cryptography. During the thirties and forties a few basic papers did appear in the open literature and several treatises on the subject were published, but the latter were farther and farther behind the state of the art. By the end of the war the transition was complete. With one notable exception, the public literature had died. That exception was Claude Shannon’s paper “The Communication Theory of Secrecy Systems, ” which