Communication efficient zero-knowledge proofs of knowledge (With applications to electronic cash)

Abstract

We show that, after a constant-round preprocessing stage, it is possible to give any polynomial number of Non-Interactive Zero-Knowledge Proofs of Knowledge for any NP language. Our proof-system is based on the sole assumption that one-way functions and Non-Interactive Zero-Knowledge Proof Systems of Language Membership exist. The new tool has applications to multi-party protocols. We present the first protocol for Electronic Cash with the following properties. It is provably secure under general complexity assumptions. Its security is based on the existence of one-way functions and Non-Interactive Zero-Knowledge Proof Systems. It does not require the presence of a trusted center; not even the Bank is required to be trusted by the users. Each transaction requires only constant rounds of interaction. Actually, most of the transactions requires just one round of interaction. Each transaction can be performed by only the users that are interested; that is, it is not necessary for all the users to take part in each single transaction to guarantee privacy and security. Moreover, the transcript of each transaction can be used to prove that the transaction has actually taken place and to prove eventual frauds committed.