Abstract:
We propose a method for compiling a class of \Sigma-protocols
(3-move public-coin protocols) into non-interactive zero-knowledge
arguments. The method is based on homomorphic encryption and does not
use random oracles. It only requires that a private/public key pair is
set up for the verifier. The method applies to all known discrete-log
based \Sigma-protocols.
As applications, we obtain non-interactive threshold RSA without
random oracles, and non-interactive zero-knowledge for NP more
efficiently than by previous methods.
Publication Info:
In the 3rd IACR Theory of Cryptography Conference (TCC '06). New
York, NY, USA, March 4-7, 2006. Springer LNCS 3876, pages 41-59.
Download: [pdf] [bibtex entry]