Results 11  20
of
752
Noninteractive statistical zeroknowledge proofs for . . .
, 2008
"... We construct noninteractive statistical zeroknowledge (NISZK) proof systems for a variety of standard approximation problems on lattices, such as the shortest independent vectors problem and the complement of the shortest vector problem. Prior proof systems for lattice problems were either interact ..."
Abstract

Cited by 13 (6 self)
 Add to MetaCart
We construct noninteractive statistical zeroknowledge (NISZK) proof systems for a variety of standard approximation problems on lattices, such as the shortest independent vectors problem and the complement of the shortest vector problem. Prior proof systems for lattice problems were either
ZeroKnowledge Sets
, 2003
"... We show how a polynomialtime prover can commit to an arbitrary finite set S of strings so that, later on, he can, for any string x, reveal with a proof whetherÜËorÜ�Ë, without revealing any knowledge beyond the verity of these membership assertions. Our method is non interactive. Given a public ran ..."
Abstract

Cited by 58 (0 self)
 Add to MetaCart
We show how a polynomialtime prover can commit to an arbitrary finite set S of strings so that, later on, he can, for any string x, reveal with a proof whetherÜËorÜ�Ë, without revealing any knowledge beyond the verity of these membership assertions. Our method is non interactive. Given a public
Efficient NonInteractive ZeroKnowledge Watermark Detector Robust to Sensitivity Attacks
"... Zeroknowledge watermark detectors presented to date are based on a linear correlation between the asset features and a given secret sequence. This detection function is susceptible of being attacked by sensitivity attacks, for which zeroknowledge does not provide protection. In this paper, an effi ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
, an efficient zeroknowledge version of the Generalized Gaussian Maximum Likelihood (ML) detector is introduced. The inherent robustness that this detector presents against sensitivity attacks, together with the security provided by the zeroknowledge protocol that conceals the keys that could be used to remove
Concurrent ZeroKnowledge
 IN 30TH STOC
, 1999
"... Concurrent executions of a zeroknowledge protocol by a single prover (with one or more verifiers) may leak information and may not be zeroknowledge in toto. In this paper, we study the problem of maintaining zeroknowledge We introduce the notion of an (; ) timing constraint: for any two proces ..."
Abstract

Cited by 173 (18 self)
 Add to MetaCart
interactive proofs and perfect concurrent zeroknowledge arguments for every language in NP . We also address the more specific problem of Deniable Authentication, for which we propose several particularly efficient solutions. Deniable Authentication is of independent interest, even in the sequential case
Threshold Decryption and ZeroKnowledge Proofs for
"... Abstract. We present a variant of Regev’s cryptosystem first presented in [Reg05], but with a new choice of parameters. By a recent classical reduction by Peikert we prove the scheme semantically secure based on the worstcase lattice problem GapSVP. From this we construct a threshold cryptosystem w ..."
Abstract

Cited by 9 (1 self)
 Add to MetaCart
which has a very efficient and noninteractive decryption protocol. We prove the threshold cryptosystem secure against passive adversaries corrupting all but one of the players, and againts active adversaries corrupting less than one third of the players. We also describe how one can build a distributed
Random Oracles are Practical: A Paradigm for Designing Efficient Protocols
, 1995
"... We argue that the random oracle model  where all parties have access to a public random oracle  provides a bridge between cryptographic theory and cryptographic practice. In the paradigm we suggest, a practical protocol P is produced by first devising and proving correct a protocol P R for the ..."
Abstract

Cited by 1646 (70 self)
 Add to MetaCart
encryption, signatures, and zeroknowledge proofs.
ZeroKnowledge Proofs with Witness Elimination
"... Abstract. Zeroknowledge proofs with witness elimination are protocols that enable a prover to demonstrate knowledge of a witness to the verifier that accepts the interaction provided that the witness is valid for a given statement and additionally the witness does not belong to a set of eliminated ..."
Abstract
 Add to MetaCart
Abstract. Zeroknowledge proofs with witness elimination are protocols that enable a prover to demonstrate knowledge of a witness to the verifier that accepts the interaction provided that the witness is valid for a given statement and additionally the witness does not belong to a set
On the Concurrent Composition of ZeroKnowledge Proofs
 In EuroCrypt99, Springer LNCS 1592
, 1999
"... Abstract. We examine the concurrent composition of zeroknowledge proofs. By concurrent composition, we indicate a single prover that is involved in multiple, simultaneous zeroknowledge proofs with one or multiple verifiers. Under this type of composition it is believed that standard zeroknowledge ..."
Abstract

Cited by 110 (3 self)
 Add to MetaCart
Abstract. We examine the concurrent composition of zeroknowledge proofs. By concurrent composition, we indicate a single prover that is involved in multiple, simultaneous zeroknowledge proofs with one or multiple verifiers. Under this type of composition it is believed that standard zeroknowledge
An Efficient NonInteractive Statistical ZeroKnowledge Proof System for QuasiSafe Prime Products
"... We present efficient zeroknowledge proof systems for quasisafe prime products and other related languages. Quasisafe primes are a relaxation of safe primes, a class of prime numbers useful in many cryptographic applications. More specifically we present the first simple and efficient zeroknowled ..."
Abstract

Cited by 27 (4 self)
 Add to MetaCart
efficient because they do not use general reductions to NPcomplete problems, can be easily parallelized preserving zeroknowledge, and are noninteractive for computationally unbounded provers. The prover can also be efficiently implemented given some trapdoor information and using very little interaction
On the complexity of BoundedInteraction and Noninteractive ZeroKnowledge Proofs
"... Abstract We consider the basic cryptographic primitive known as zeroknowledge proofs on committed bits. In this primitive, a prover P commits to a set of bits, and then at a later time convinces a verifier V that some property P holds for a subset of these bits. It is known how to implement this pr ..."
Abstract
 Add to MetaCart
Abstract We consider the basic cryptographic primitive known as zeroknowledge proofs on committed bits. In this primitive, a prover P commits to a set of bits, and then at a later time convinces a verifier V that some property P holds for a subset of these bits. It is known how to implement
Results 11  20
of
752