We propose a method for compiling a class of \Sigma-protocols (3-move public-coin protocols) into non-interactive zero-knowledge arguments. The method is based on homomorphic encryption and does not use random oracles. It only requires that a private/public key pair is set up for the verifier. The method applies to all known discrete-log based \Sigma-protocols. As applications, we obtain non-interactive threshold RSA without random oracles, and non-interactive zero-knowledge for NP more efficiently than by previous methods.
In the 3rd IACR Theory of Cryptography Conference (TCC '06). New York, NY, USA, March 4-7, 2006. Springer LNCS 3876, pages 41-59.
Download: [pdf] [bibtex entry]