Cryptology ePrint Archive: Report 1996/004

Linear Zero-Knowledge - A note on Efficient Zero-Knowledge Proofs and Arguments

Ronald Cramer and Ivan Damgaard

Abstract: We present a zero-knowledge proof system for any NP language L, which allows showing that x is in L using communication corresponding to $O(|x| sup c)+k$ bit commitments, with error probability $2 sup -k$, and where c is a constant depending only on L. The proof can be based on any bit commitment scheme with a particular set of properties. We suggest an efficient implementation based on factoring. The protocol allows showing that a Boolean formula of size n is satisfiable, with error probability $2 sup -n$, using O(n) commitments. This is the first protocol for SAT that is linear in this sense.<br> [The rest of the abstract was truncated and appears below -- the library.]

Category / Keywords:

Publication Info: Appeared in the THEORY OF CRYPTOGRAPHY LIBRARY and has been included in the ePrint Archive.

Date: received May 14th, 1996.

Contact author: ivan at daimi aau dk

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | BibTeX Citation

Short URL: ia.cr/1996/004

Discussion forum: Show discussion | Start new discussion