Fair Zero Knowledge
Matt Lepinski and Silvio Micali and abhi shelat
Theory of Cryptography (TCC'05), Cambridge, MA, Feb 2005, p.245-263.
Theory of Cryptography (TCC'05), Cambridge, MA, Feb 2005, p.245-263.
We introduce Fair Zero-Knowledge, a multi-verifier ZK system where every proof is guaranteed to be ``zero-knowledge for all verifiers." That is, if an honest verifier accepts a fair zero-knowledge proof, then he is assured that all other verifiers also learn nothing more than the verity of the statement in question, even if they maliciously collude with a cheating prover.
We construct Fair Zero-Knowledge systems based on standard complexity assumptions (specifically, the quadratic residuosity assumption) and an initial, one-time use of a physically secure communication channel (specifically, each verifier sends the prover a private message in an envelope). All other communication occurs (and must occur) on a broadcast channel.
The main technical challenge of our construction consists of provably removing any possibility of using steganography in a ZK proof. To overcome this technical difficulty, we introduce tools---such as Unique Zero Knowledge--- that may be of independent interest.
[PDF]
We construct Fair Zero-Knowledge systems based on standard complexity assumptions (specifically, the quadratic residuosity assumption) and an initial, one-time use of a physically secure communication channel (specifically, each verifier sends the prover a private message in an envelope). All other communication occurs (and must occur) on a broadcast channel.
The main technical challenge of our construction consists of provably removing any possibility of using steganography in a ZK proof. To overcome this technical difficulty, we introduce tools---such as Unique Zero Knowledge--- that may be of independent interest.
[PDF]
0 TrackBacks
Listed below are links to blogs that reference this entry: Fair Zero Knowledge.
TrackBack URL for this entry: http://www.cs.virginia.edu/~shelat/mt/mt-tb.cgi/9
Leave a comment