TY - GEN
T1 - Succinct non-interactive zero-knowledge proofs with preprocessing for LOGSNP
AU - Kalai, Yael Tauman
AU - Razt, Ran
PY - 2006
Y1 - 2006
N2 - Let Λ : {0, 1}n × {0, 1}m → {0, 1} be a Boolean formula of size d, or more generally, an arithmetic circuit of degree d, known to both Alice and Bob, and let y ∈ {0, 1}m be an input known only to Alice. Assume that Alice and Bob interacted in the past in a preamble phase (that is, applied a preamble protocol that depends only on the parameters, and not on Λ, y). We show that Alice can (non-interactively) commit to y, by a message of size poly(m, log d), and later on prove to Bob any N statements of the form Λ(x1, y) = Z1,..., Λ(xN, y) = zN by a (computationally sound) non-interactive zero-knowledge proof of size poly (d, log N). (Note the logarithmic dependence on N). We give many applications and motivations for this result. In particular, assuming that Alice and Bob applied in the past the (poly-logarithmic size) preamble protocol: 1. Given a CNF formula Ψ(w 1,..., wm) of size N, Alice can prove the satisfiability of Ψ by a (computationally sound) non-interactive zero-knowledge proof of size poly(m). That is, the size of the proof depends only on the size of the witness and not on the size of the formula. 2. Given a language L in the class LOGSNP and an input x ∈ {0, 1}n, Alice can prove the membership x ∈ L by a (computationally sound) non-interactive zero-knowledge proof of size polylogn. 3. Alice can commit to a Boolean formula y of size m, by a message of size poly(m), and later on prove to Bob any N statements of the form y{x1) = z1,...,y(xN) = zN by a (computationally sound) non-interactive zero-knowledge proof of size poly(m, log m). Our cryptographic assumptions include the existence of a poly-logarithmic Symmetric-Private-Information-Retrieval (SPIR) scheme, as defined in [4], and the existence of commitment schemes, secure against circuits of size exponential in the security parameter.
AB - Let Λ : {0, 1}n × {0, 1}m → {0, 1} be a Boolean formula of size d, or more generally, an arithmetic circuit of degree d, known to both Alice and Bob, and let y ∈ {0, 1}m be an input known only to Alice. Assume that Alice and Bob interacted in the past in a preamble phase (that is, applied a preamble protocol that depends only on the parameters, and not on Λ, y). We show that Alice can (non-interactively) commit to y, by a message of size poly(m, log d), and later on prove to Bob any N statements of the form Λ(x1, y) = Z1,..., Λ(xN, y) = zN by a (computationally sound) non-interactive zero-knowledge proof of size poly (d, log N). (Note the logarithmic dependence on N). We give many applications and motivations for this result. In particular, assuming that Alice and Bob applied in the past the (poly-logarithmic size) preamble protocol: 1. Given a CNF formula Ψ(w 1,..., wm) of size N, Alice can prove the satisfiability of Ψ by a (computationally sound) non-interactive zero-knowledge proof of size poly(m). That is, the size of the proof depends only on the size of the witness and not on the size of the formula. 2. Given a language L in the class LOGSNP and an input x ∈ {0, 1}n, Alice can prove the membership x ∈ L by a (computationally sound) non-interactive zero-knowledge proof of size polylogn. 3. Alice can commit to a Boolean formula y of size m, by a message of size poly(m), and later on prove to Bob any N statements of the form y{x1) = z1,...,y(xN) = zN by a (computationally sound) non-interactive zero-knowledge proof of size poly(m, log m). Our cryptographic assumptions include the existence of a poly-logarithmic Symmetric-Private-Information-Retrieval (SPIR) scheme, as defined in [4], and the existence of commitment schemes, secure against circuits of size exponential in the security parameter.
UR - http://www.scopus.com/inward/record.url?scp=35448941247&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=35448941247&partnerID=8YFLogxK
U2 - 10.1109/FOCS.2006.74
DO - 10.1109/FOCS.2006.74
M3 - Conference contribution
AN - SCOPUS:35448941247
SN - 0769527205
SN - 9780769527208
T3 - Proceedings - Annual IEEE Symposium on Foundations of Computer Science, FOCS
SP - 355
EP - 366
BT - 47th Annual IEEE Symposium on Foundations of Computer Science, FOCS 2006
T2 - 47th Annual IEEE Symposium on Foundations of Computer Science, FOCS 2006
Y2 - 21 October 2006 through 24 October 2006
ER -