Paper 2018/228

Non-interactive zaps of knowledge

Georg Fuchsbauer and Michele Orrù


While non-interactive zero-knowledge (NIZK) proofs require trusted parameters, Groth, Ostrovsky and Sahai constructed non-interactive witness-indistinguishable (NIWI) proofs without any setup; they called their scheme a non-interactive zap. More recently, Bellare, Fuchsbauer and Scafuro investigated the security of NIZK in the face of parameter subversion and observe that NI zaps provide subversion-resistant soundness and WI. Arguments of knowledge prove that not only the statement is true, but also that the prover knows a witness for it, which is essential for anonymous identification. We present the first NIWI argument of knowledge without parameters, i.e., a NI zap of knowledge. Consequently, our scheme is also the first subversion-resistant knowledge-sound proof system, a notion recently proposed by Fuchsbauer.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. ACNS 2018
Non-interactive proofsargument of knowledgesubversion resistance
Contact author(s)
michele orru @ ens fr
2018-04-01: last of 2 revisions
2018-03-01: received
See all versions
Short URL
Creative Commons Attribution


      author = {Georg Fuchsbauer and Michele Orrù},
      title = {Non-interactive zaps of knowledge},
      howpublished = {Cryptology ePrint Archive, Paper 2018/228},
      year = {2018},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.