In this work, we bridge this gap between designated-verifier proofs and public verifiability by {\em distributing the verifier}. Here, a set of verifiers can then verify a proof and, if a given threshold $t$ of the $n$ verifiers is honest and trusted, can act as guarantors for the validity of a statement. We achieve this while keeping the concrete efficiency of current designated-verifier proofs, and present constructions that have small concrete computation and communication cost. We present practical protocols in the setting of threshold verifiers with $t<n/4$ and $t<n/3$, for which we give performance figures, showcasing the efficiency of our approach.
Category / Keywords: cryptographic protocols / zero-knowledge proofs, distributed verifier Date: received 21 Jan 2022, last revised 24 Jan 2022 Contact author: cbaum at cs au dk, peter scholl at cs au dk, robin jadoul at esat kuleuven be, emmanuela orsini at kuleuven be, nigel smart at kuleuven be Available format(s): PDF | BibTeX Citation Version: 20220124:145716 (All versions of this report) Short URL: ia.cr/2022/082