**Single-to-Multi-Theorem Transformations for Non-Interactive Statistical Zero-Knowledge**

*Marc Fischlin and Felix Rohrbach*

**Abstract: **Non-interactive zero-knowledge proofs or arguments allow a prover to show validity of a statement without further interaction. For non-trivial statements such protocols require a setup assumption in form of a common random or reference string (CRS). Generally, the CRS can only be used for one statement (single-theorem zero-knowledge) such that a fresh CRS would need to be generated for each proof. Fortunately, Feige, Lapidot and Shamir (FOCS 1990) presented a transformation for any non-interactive zero-knowledge proof system that allows the CRS to be reused any polynomial number of times (multi-theorem zero-knowledge). This FLS transformation, however, is only known to work for either computational zero-knowledge or requires a structured, non-uniform common reference string.

In this paper we present FLS-like transformations that work for non-interactive statistical zero-knowledge arguments in the common random string model. They allow to go from single-theorem to multi-theorem zero-knowledge and also preserve soundness, for both properties in the adaptive and non-adaptive case. Our first transformation is based on the general assumption that one-way permutations exist, while our second transformation uses lattice-based assumptions. Additionally, we define different possible soundness notions for non-interactive arguments and discuss their relationships.

**Category / Keywords: **cryptographic protocols / Non-interactive arguments, statistical zero-knowledge, soundness, transformation, one-way permutation, lattices, dual-mode commitments

**Date: **received 1 Oct 2020

**Contact author: **marc fischlin at cryptoplexity de, felix rohrbach@cryptoplexity de

**Available format(s): **PDF | BibTeX Citation

**Version: **20201006:093705 (All versions of this report)

**Short URL: **ia.cr/2020/1204

[ Cryptology ePrint archive ]