More on Proofs of Knowledge
Abstract:
The notion of proofs of knowledge is central to cryptographic protocols, and many definitions for it have been proposed. In this work we explore a different facet of this notion, not addressed by prior definitions. Specifically, prior definitions concentrate on capturing the properties of the verifier, and do not pay much attention to the properties of the prover. Our new definition is strictly stronger than previous ones, and captures new and desirable properties. In particular, it guarantees prover feasibility, that is, it guarantees that the time spent by the prover in a proof of knowledge is comparable to that it spends in an "extraction" of this knowledge. Our definition also enables one to consider meaningfully the case of a single, specific prover.
Citations
| 693 | The Knowledge Complexity of Interactive Proof-Systems (Extended Abstract – Goldwasser, Micali, et al. - 1985 |
| 480 | How to construct random functions – Goldreich, Goldwasser, et al. - 1986 |
| 263 | Zero Knowledge Proofs of Identity – Fiege, Fiat, et al. - 1987 |
| 241 | Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems – Goldreich, Micali, et al. - 1991 |
| 132 | Witness indistinguishable and witness hiding protocols – Feige, Shamir |
| 102 | On defining proofs of knowledge – Bellare, Goldreich |
| 67 | Random self-reducibility and zero knowledge interactive proofs of possession of information – Tompa, Woll - 1987 |
| 3 | A Secure Protocol for Oblivious Transfer (Extended Abstract – Fischer, Micali, et al. - 1996 |
