Results 1  10
of
11
Multiauthority secretballot elections with linear work
, 1996
"... Abstract. We present new cryptographic protocols for multiauthority secret ballot elections that guarantee privacy, robustness, and universal verifiability. Application of some novel techniques, in particular the construction of witness hiding/indistinguishable protocols from Cramer, Damg˚ard and S ..."
Abstract

Cited by 93 (5 self)
 Add to MetaCart
Abstract. We present new cryptographic protocols for multiauthority secret ballot elections that guarantee privacy, robustness, and universal verifiability. Application of some novel techniques, in particular the construction of witness hiding/indistinguishable protocols from Cramer, Damg˚ard and Schoenmakers, and the verifiable secret sharing scheme of Pedersen, reduce the work required by the voter or an authority to a linear number of cryptographic operations in the population size (compared to quadratic in previous schemes). Thus we get significantly closer to a practical election scheme. 1
NonTransitive Transfer of Confidence: A Perfect ZeroKnowledge Interactive Protocol for SAT and Beyond
, 1986
"... A perfect zeroknowledge interactive proof is a protocol by which Alice can convince Bob of the truth of some theorem in a way that yields no information as to how the proof might proceed (in the sense of Shannon's information theory). We give a general technique for achieving this goal for any prob ..."
Abstract

Cited by 57 (5 self)
 Add to MetaCart
A perfect zeroknowledge interactive proof is a protocol by which Alice can convince Bob of the truth of some theorem in a way that yields no information as to how the proof might proceed (in the sense of Shannon's information theory). We give a general technique for achieving this goal for any problem in NP (and beyond). The fact that our protocol is perfect zeroknowledge does not depend on unproved cryptographic assumptions. Furthermore, our protocol is powerful enough to allow Alice to convince Bob of theorems for which she does not even have a proof. Whenever Alice can convince herself probabilistically of a theorem, perhaps thanks to her knowledge of some trapdoor information, she can convince Bob as well, without compromising the trapdoor in any way. This results in a nontransitive transfer of confidence from Alice to Bob, because Bob will not be able to convince anyone else afterwards. Our protocol is dual to those of [GrMiWi86a, BrCr86]. 1. INTRODUCTION Assume that Alice h...
ConstantRound Perfect ZeroKnowledge Computationally Convincing Protocols
, 1991
"... A perfect zeroknowledge interactive protocol allows a prover to convince a verifier of the validity of a statement in a way that does not give the verifier any additional information [GMR,GMW]. Such protocols take place by the exchange of messages back and forth between the prover and the verifier. ..."
Abstract

Cited by 45 (5 self)
 Add to MetaCart
A perfect zeroknowledge interactive protocol allows a prover to convince a verifier of the validity of a statement in a way that does not give the verifier any additional information [GMR,GMW]. Such protocols take place by the exchange of messages back and forth between the prover and the verifier. An important measure of efficiency for these protocols is the number of rounds in the interaction. In previously known perfect zeroknowledge protocols for statements concerning NPcomplete problems [BCC], at least k rounds were necessary in order to prevent one party from having a probability of undetected cheating greater than 2 \Gammak . In this paper, we give the first perfect zeroknowledge protocol that offers arbitrarily high security for any statement in NP with a constant number of rounds. The protocol is computationally convincing (rather than statistically convincing as would have been an interactive proofsystem in the sense of Goldwasser, Micali and Rackoff) because the ver...
Everything in NP can be argued in perfect zeroknowledge in a bounded number of rounds
, 1989
"... A perfect zeroknowledge interactive protocol allows a prover to convince a verifier of the validity of a statement in a way that does not give the verifier any additional information [GMR,GMW]. Such protocols take place by the exchange of messages back and forth between the prover and the verifier. ..."
Abstract

Cited by 35 (5 self)
 Add to MetaCart
A perfect zeroknowledge interactive protocol allows a prover to convince a verifier of the validity of a statement in a way that does not give the verifier any additional information [GMR,GMW]. Such protocols take place by the exchange of messages back and forth between the prover and the verifier. An important measure of efficiency for these protocols is the number of rounds in the interaction. In previously known perfect zeroknowledge protocols for statements concerning NPcomplete problems [BCC], at least k rounds were necessary in order to prevent one party from having a probability of undetected cheating greater than 2 k . In this paper, we give the first perfect zeroknowledge protocol that offers arbitrarily high security for any statement in NP with a constant number of rounds (under the assumption that it is possible to find a prime p with known factorization of p 1 such that it is infeasible to compute discrete logarithms modulo p even for someone who knows the factors o...
Practical ZeroKnowledge Proofs: Giving Hints and Using Deficiencies
 JOURNAL OF CRYPTOLOGY
, 1994
"... New zeroknowledge proofs are given for some numbertheoretic problems. All of the problems are in NP, but the proofs given here are much more efficient than the previously known proofs. In addition, these proofs do not require the prover to be superpolynomial in power. A probabilistic polynomial t ..."
Abstract

Cited by 32 (0 self)
 Add to MetaCart
New zeroknowledge proofs are given for some numbertheoretic problems. All of the problems are in NP, but the proofs given here are much more efficient than the previously known proofs. In addition, these proofs do not require the prover to be superpolynomial in power. A probabilistic polynomial time prover with the appropriate trapdoor knowledge is sufficient. The proofs are perfect or statistical zeroknowledge in all cases except one.
On the Concrete Complexity of ZeroKnowledge Proofs
 Journal of Cryptology
, 1990
"... The fact that there are zeroknowledge proofs for all languages in NP has, potentially, enormous implications to cryptography. For cryptographers, the issue is no longer "which languages in NP have zeroknowledge proofs" but rather "which languages in NP have practical zeroknowledge proofs". Thus, ..."
Abstract

Cited by 13 (4 self)
 Add to MetaCart
The fact that there are zeroknowledge proofs for all languages in NP has, potentially, enormous implications to cryptography. For cryptographers, the issue is no longer "which languages in NP have zeroknowledge proofs" but rather "which languages in NP have practical zeroknowledge proofs". Thus, the concrete complexity of zeroknowledge proofs for different languages must be established. In this paper, we study the concrete complexity of the known general methods for constructing zeroknowledge proofs. We establish that circuitbased methods have the potential of producing proofs which can be used in practice. Then we introduce several techniques which greatly reduce the concrete complexity of circuitbased proofs. In order to show that our protocols yield proofs of knowledge, we show how to extend the FeigeFiatShamir definition for proofs of knowledge to the model of BrassardChaumCr'epeau. Finally, we present techniques for improving the efficiency of protocols which involve ar...
On ConstantRound Concurrent ZeroKnowledge
"... Abstract. Loosely speaking, an interactive proof is said to be zeroknowledge if the view of every “efficient ” verifier can be “efficiently” simulated. An outstanding open question regarding zeroknowledge is whether constantround concurrent zeroknowledge proofs exists for nontrivial languages. We ..."
Abstract

Cited by 10 (6 self)
 Add to MetaCart
Abstract. Loosely speaking, an interactive proof is said to be zeroknowledge if the view of every “efficient ” verifier can be “efficiently” simulated. An outstanding open question regarding zeroknowledge is whether constantround concurrent zeroknowledge proofs exists for nontrivial languages. We answer this question to the affirmative when modeling “efficient adversaries ” as probabilistic quasipolynomial time machines (instead of the traditional notion of probabilistic polynomialtime machines). 1
Precise Zero Knowledge
, 2007
"... We put forward the notion of Precise Zero Knowledge and provide its first implementations in a variety of settings under standard complexity assumptions. Whereas the classical notion of Zero Knowledge bounds the knowledge of a player in terms of his potential computational power (technically defined ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
We put forward the notion of Precise Zero Knowledge and provide its first implementations in a variety of settings under standard complexity assumptions. Whereas the classical notion of Zero Knowledge bounds the knowledge of a player in terms of his potential computational power (technically defined as polynomialtime computation), Precise Zero Knowledge bounds the knowledge gained by a player in terms of its actual computation (which can be considerably less than any arbitrary polynomialtime computation). Consequently, our approach not only remains valid even if P = NP, but is most meaningful when modeling knowledge of computationally easy properties.
OPTIMALLY EFFICIENT MULTI AUTHORITY SECRET BALLOT EELECTION SCHEME 1
"... An electronic voting scheme is a set of protocols that allow a collection of voters to cost their votes, while enabling a collection of authorities to collect votes, compute the final tally, and communicate the final tally that is checked by talliers. This scheme is based on the RSA and factoring as ..."
Abstract
 Add to MetaCart
An electronic voting scheme is a set of protocols that allow a collection of voters to cost their votes, while enabling a collection of authorities to collect votes, compute the final tally, and communicate the final tally that is checked by talliers. This scheme is based on the RSA and factoring assumptions. We apply the protocols of [CDS – 88] to Guillon – Quisqnater’s identification protocol [GQ –88] to constant proofs of validity for ballots. An electronic scheme is a set of protocols that allow a collection of voters to cost their votes, while enabling a collection of authorities to collect votes, compute the final