Subscribe

Redondo Beach, California

Nov. 12, 2000 to Nov. 14, 2000

ISBN: 0-7695-0850-2

pp: 283

C. Dwork , Compaq Syst. Res. Centre, Palo Alto, CA, USA

ABSTRACT

A zap is a two-round, witness-indistinguishable protocol in which the first round, consisting of a message from the verifier to the prover, can be fixed "once-and-for-all" and applied to any instance, and where the verifier does not use any private coins. We present a zap for every language in NP, based on the existence of non-interactive zero-knowledge proofs in the shared random string model. The zap is in the standard model, and hence requires no common guaranteed random string. We introduce and construct verifiable pseudo-random bit generators (VPRGs), and give a complete existential characterization of both noninteractive zero-knowledge proofs and zaps in terms of approximate VPRGs. We present several applications for zaps; In the timing model of C. Dwork et al. (2000) and using moderately hard functions, we obtain 3-round concurrent zero knowledge and 2-round concurrent deniable authentication (the latter protocol also operates in the resettable model of R. Canetti et al. (2000)). In the standard model we obtain 2-round oblivious transfer using public keys (3-round otherwise). We note that any zap yields resettable 2-round witness-indistinguishability and obtain a 3-round timing-based resettable zero-knowledge argument system for any language in NP.

INDEX TERMS

cryptography; computational complexity; theorem proving; zap; witness-indistinguishable protocol; verifier; NP completeness; zero-knowledge proofs; shared random string model; verifiable pseudo-random bit generators; concurrent zero knowledge; concurrent deniable authentication; public keys

CITATION

C. Dwork,
"Zaps and their applications",

*FOCS*, 2000, 2013 IEEE 54th Annual Symposium on Foundations of Computer Science, 2013 IEEE 54th Annual Symposium on Foundations of Computer Science 2000, pp. 283, doi:10.1109/SFCS.2000.892117