Results 1  10
of
857,279
Lower Bounds For Noninteractive Zeroknowledge
, 2007
"... We establish new lower bounds and impossibility results for noninteractive zeroknowledge proofs and arguments with setup assumptions. – For the common random string model, we exhibit a lower bound for the tradeoff between hardness assumptions and the length of the random string for noninteract ..."
Abstract
 Add to MetaCart
We establish new lower bounds and impossibility results for noninteractive zeroknowledge proofs and arguments with setup assumptions. – For the common random string model, we exhibit a lower bound for the tradeoff between hardness assumptions and the length of the random string for noninteractive
Noninteractive ZeroKnowledge
 SIAM J. COMPUTING
, 1991
"... This paper investigates the possibility of disposing of interaction between prover and verifier in a zeroknowledge proof if they share beforehand a short random string. Without any assumption, it is proven that noninteractive zeroknowledge proofs exist for some numbertheoretic languages for which ..."
Abstract

Cited by 216 (19 self)
 Add to MetaCart
This paper investigates the possibility of disposing of interaction between prover and verifier in a zeroknowledge proof if they share beforehand a short random string. Without any assumption, it is proven that noninteractive zeroknowledge proofs exist for some numbertheoretic languages
Concurrent ZeroKnowledge
 IN 30TH STOC
, 1999
"... Concurrent executions of a zeroknowledge protocol by a single prover (with one or more verifiers) may leak information and may not be zeroknowledge in toto. In this paper, we study the problem of maintaining zeroknowledge We introduce the notion of an (; ) timing constraint: for any two proces ..."
Abstract

Cited by 177 (18 self)
 Add to MetaCart
interactive proofs and perfect concurrent zeroknowledge arguments for every language in NP . We also address the more specific problem of Deniable Authentication, for which we propose several particularly efficient solutions. Deniable Authentication is of independent interest, even in the sequential case
Noninteractive zeroknowledge arguments for voting
 In proceedings of ACNS ’05, LNCS series
, 2005
"... Abstract. In voting based on homomorphic threshold encryption, the voter encrypts his vote and sends it in to the authorities that tally the votes. If voters can send in arbitrary plaintexts then they can cheat. It is therefore important that they attach an argument of knowledge of the plaintext bei ..."
Abstract

Cited by 26 (1 self)
 Add to MetaCart
being a correctly formed vote. Typically, these arguments are honest verifier zeroknowledge arguments that are made noninteractive using the FiatShamir heuristic. Security is argued in the random oracle model. The simplest case is where each voter has a single vote to cast. Practical solutions have
Succinct noninteractive zeroknowledge for a von Neumann architecture
, 2014
"... We build a system that provides succinct noninteractive zeroknowledge proofs (zkSNARKs) for program executions on a von Neumann RISC architecture. The system has two components: a cryptographic proof system for verifying satisfiability of arithmetic circuits, and a circuit generator to translate ..."
Abstract

Cited by 11 (0 self)
 Add to MetaCart
We build a system that provides succinct noninteractive zeroknowledge proofs (zkSNARKs) for program executions on a von Neumann RISC architecture. The system has two components: a cryptographic proof system for verifying satisfiability of arithmetic circuits, and a circuit generator to translate
An Efficient NonInteractive ZeroKnowledge Proof System for NP with General Assumptions
 Journal of Cryptology
, 1995
"... We consider noninteractive zeroknowledge proofs in the shared random string model proposed by Blum, Feldman and Micali [BFM88]. Until recently there was a sizable polynomial gap between the most efficient noninteractive proofs for NP based on general complexity assumptions [FLS90] versus those base ..."
Abstract

Cited by 25 (1 self)
 Add to MetaCart
We consider noninteractive zeroknowledge proofs in the shared random string model proposed by Blum, Feldman and Micali [BFM88]. Until recently there was a sizable polynomial gap between the most efficient noninteractive proofs for NP based on general complexity assumptions [FLS90] versus those
Perfect noninteractive zero knowledge for NP
 Proceedings of Eurocrypt 2006, volume 4004 of LNCS
, 2006
"... Abstract. Noninteractive zeroknowledge (NIZK) proof systems are fundamental cryptographic primitives used in many constructions, including CCA2secure cryptosystems, digital signatures, and various cryptographic protocols. What makes them especially attractive, is that they work equally well in a ..."
Abstract

Cited by 53 (3 self)
 Add to MetaCart
Abstract. Noninteractive zeroknowledge (NIZK) proof systems are fundamental cryptographic primitives used in many constructions, including CCA2secure cryptosystems, digital signatures, and various cryptographic protocols. What makes them especially attractive, is that they work equally well in a
The knowledge complexity of interactive proof systems
 in Proc. 27th Annual Symposium on Foundations of Computer Science
, 1985
"... Abstract. Usually, a proof of a theorem contains more knowledge than the mere fact that the theorem is true. For instance, to prove that a graph is Hamiltonian it suffices to exhibit a Hamiltonian tour in it; however, this seems to contain more knowledge than the single bit Hamiltonian/nonHamiltoni ..."
Abstract

Cited by 1267 (42 self)
 Add to MetaCart
for the languages of quadratic residuosity and quadratic nonresiduosity. These are the first examples of zeroknowledge proofs for languages not known to be efficiently recognizable. Key words, cryptography, zero knowledge, interactive proofs, quadratic residues AMS(MOS) subject classifications. 68Q15, 94A60 1
On the complexity of BoundedInteraction and Noninteractive ZeroKnowledge Proofs
"... Abstract We consider the basic cryptographic primitive known as zeroknowledge proofs on committed bits. In this primitive, a prover P commits to a set of bits, and then at a later time convinces a verifier V that some property P holds for a subset of these bits. It is known how to implement this pr ..."
Abstract
 Add to MetaCart
Abstract We consider the basic cryptographic primitive known as zeroknowledge proofs on committed bits. In this primitive, a prover P commits to a set of bits, and then at a later time convinces a verifier V that some property P holds for a subset of these bits. It is known how to implement
Resettable zeroknowledge
, 2000
"... We introduce the notion of Resettable ZeroKnowledge (rZK), a new security measure for cryptographic protocols which strengthens the classical notion of zeroknowledge. In essence, an rZK protocol is one that remains zero knowledge even if an adversary can interact with the prover many times, each ..."
Abstract

Cited by 80 (6 self)
 Add to MetaCart
We introduce the notion of Resettable ZeroKnowledge (rZK), a new security measure for cryptographic protocols which strengthens the classical notion of zeroknowledge. In essence, an rZK protocol is one that remains zero knowledge even if an adversary can interact with the prover many times
Results 1  10
of
857,279