Cryptology ePrint Archive: Report 2022/082

Feta: Efficient Threshold Designated-Verifier Zero-Knowledge Proofs

Carsten Baum and Robin Jadoul and Emmanuela Orsini and Peter Scholl and Nigel P. Smart

Abstract: Zero-Knowledge protocols have increasingly become both popular and practical in recent years due to their applicability in many areas such as blockchain systems. Unfortunately, public verifiability and small proof sizes of zero-knowledge protocols currently come at the price of strong assumptions, large prover time, or both, when considering statements with millions of gates. In this regime, the most prover-efficient protocols are in the designated verifier setting, where proofs are only valid to a single party that must keep a secret state.

In this work, we bridge this gap between designated-verifier proofs and public verifiability by {\em distributing the verifier}. Here, a set of verifiers can then verify a proof and, if a given threshold $t$ of the $n$ verifiers is honest and trusted, can act as guarantors for the validity of a statement. We achieve this while keeping the concrete efficiency of current designated-verifier proofs, and present constructions that have small concrete computation and communication cost. We present practical protocols in the setting of threshold verifiers with $t<n/4$ and $t<n/3$, for which we give performance figures, showcasing the efficiency of our approach.

Category / Keywords: cryptographic protocols / zero-knowledge proofs, distributed verifier

Date: received 21 Jan 2022, last revised 24 Jan 2022

Contact author: cbaum at cs au dk, peter scholl at cs au dk, robin jadoul at esat kuleuven be, emmanuela orsini at kuleuven be, nigel smart at kuleuven be

Available format(s): PDF | BibTeX Citation

Version: 20220124:145716 (All versions of this report)

Short URL: ia.cr/2022/082