Abstract
We propose a general technique that allows improving the complexity of zero-knowledge protocols for a large class of problems where previously the best known solution was a simple cut-and-choose style protocol, i.e., where the size of a proof for problem instance x and error probability 2 -n was O(|x| n) bits. By using our technique to prove n instances simultaneously, we can bring down the proof size per instance to O(|x| + n) bits for the same error probability while using no computational assumptions. Examples where our technique applies include proofs for quadratic residuosity, proofs of subgroup membership and knowledge of discrete logarithms in groups of unknown order, and proofs of plaintext knowledge for various types of homomorphic encryptions schemes. The generality of our method stems from a somewhat surprising application of black-box secret sharing schemes. © 2009 Springer.
Cite
CITATION STYLE
Cramer, R., & Damgård, I. (2009). On the amortized complexity of zero-knowledge protocols. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 5677 LNCS, pp. 177–191). https://doi.org/10.1007/978-3-642-03356-8_11
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
