Zero-Knowledge for Finite Field Arithmetic or: Can Zero-Knowledge be for Free?

Ronald Cramer and Ivan Damgård

Advances in Cryptology — CRYPTO '98, Lecture Notes in Computer Science, Springer-Verlag, vol. 1462, pp. 424–441, Aug 1998.

We present a general method for constructing commitment schemes based on existence of $q$ -one way group homomorphisms, in which elements in a finite prime field $G F (q)$ can be committed to. A receiver of commitments can non-interactively check whether committed values satisfy linear equations. Multiplicative relations can be verified interactively with exponentially small error, while communicating only a constant number of commitments. Particular assumptions sufficient for our commitment schemes include: the RSA assumption, hardness of discrete log in a prime order group, and polynomial security of Diffie-Hellman encryption. Based on these commitments, we give efficient zero-knowledge proofs and arguments for arithmetic circuits over finite prime fields, namely given such a circuit, show in zero-knowledge that inputs can be selected leading to a given output. For a field $G F (q)$ , where $q$ is an $m$ -bit prime, a circuit of size $O (m)$ , and error probability $2^{- m}$ , our protocols require communication of $O (m^{2})$ bits. We then look at the Boolean Circuit Satisfiability problem and give non-interactive zero-knowledge proofs and arguments with preprocessing. In the proof stage, the prover can prove any circuit of size $n$ he wants by sending only one message of size $O (n)$ bits. As a final application, we show that Shamirs (Shens) interactive proof system for the (IP-complete) QBF problem can be transformed to a zero-knowledge proof system with the same asymptotic communication complexity and number of rounds.

BibTeX Citation

@inproceedings{CraDam98,
    author       = {Ronald Cramer and Ivan Damgård},
    title        = {Zero-Knowledge for Finite Field Arithmetic or: Can Zero-Knowledge be for Free?},
    editor       = {Hugo Krawczyk},
    booktitle    = {Advances in Cryptology --- CRYPTO~'98},
    pages        = {424--441},
    series       = {Lecture Notes in Computer Science},
    volume       = {1462},
    year         = {1998},
    month        = {8},
    publisher    = {Springer-Verlag},
}