Non-interactive zero-knowledge proof

Last updated

Non-interactive zero-knowledge proofs are cryptographic primitives, where information between a prover and a verifier can be authenticated by the prover, without revealing any of the specific information beyond the validity of the statement itself. This makes direct communication between the prover and verifier unnecessary, effectively removing any intermediaries.

Contents

The key advantage of non-interactive zero-knowledge proofs is that they can be used in situations where there is no possibility of interaction between the prover and verifier, such as in online transactions where the two parties are not able to communicate in real time. This makes non-interactive zero-knowledge proofs particularly useful in decentralized systems like blockchains, where transactions are verified by a network of nodes and there is no central authority to oversee the verification process. [1]

Most non-interactive zero-knowledge proofs are based on mathematical constructs like elliptic curve cryptography or pairing-based cryptography, which allow for the creation of short and easily verifiable proofs of the truth of a statement. Unlike interactive zero-knowledge proofs, which require multiple rounds of interaction between the prover and verifier, non-interactive zero-knowledge proofs are designed to be efficient and can be used to verify a large number of statements simultaneously. [1]

History

Blum, Feldman, and Micali [2] showed in 1988 that a common reference string shared between the prover and the verifier is sufficient to achieve computational zero-knowledge without requiring interaction. Goldreich and Oren [3] gave impossibility results[ clarification needed ] for one shot zero-knowledge protocols in the standard model. In 2003, Shafi Goldwasser and Yael Tauman Kalai published an instance of an identification scheme for which any hash function will yield an insecure digital signature scheme. [4]

The model influences the properties that can be obtained from a zero-knowledge protocol. Pass [5] showed that in the common reference string model non-interactive zero-knowledge protocols do not preserve all of the properties of interactive zero-knowledge protocols; e.g., they do not preserve deniability. Non-interactive zero-knowledge proofs can also be obtained in the random oracle model using the Fiat–Shamir heuristic.[ citation needed ]

Blockchain applications

A comparison of the most widely used proof systems STARK proofs diagram.jpg
A comparison of the most widely used proof systems

In 2012, Alessandro Chiesa et al developed the zk-SNARK protocol, an acronym for zero-knowledge succinct non-interactive argument of knowledge . [6] The first widespread application of zk-SNARKs was in the Zerocash blockchain protocol, where zero-knowledge cryptography provides the computational backbone, by facilitating mathematical proofs that one party has possession of certain information without revealing what that information is. [7] Zcash utilized zk-SNARKs to facilitate four distinct transaction types: private, shielding, deshielding, and public. This protocol allowed users to determine how much data was shared with the public ledger for each transaction. [8] Ethereum zk-Rollups also utilize zk-SNARKs to increase scalability. [9]

In 2017, Bulletproofs [10] was released, which enable proving that a committed value is in a range using a logarithmic (in the bit length of the range) number of field and group elements. [11] Bulletproofs was later implemented into Mimblewimble protocol (the basis for Grin and Beam, and Litecoin via extension blocks) and Monero cryptocurrency. [12]

In 2018, the zk-STARK (zero-knowledge Scalable Transparent Argument of Knowledge) [13] protocol was introduced by Eli Ben-Sasson, Iddo Bentov, Yinon Horesh, and Michael Riabzev, [14] offering transparency (no trusted setup), quasi-linear proving time, and poly-logarithmic verification time. Zero-Knowledge Succinct Transparent Arguments of Knowledge are a type of cryptographic proof system that enables one party (the prover) to prove to another party (the verifier) that a certain statement is true, without revealing any additional information beyond the truth of the statement itself. zk-STARKs are succinct, meaning that they allow for the creation of short proofs that are easy to verify, and they are transparent, meaning that anyone can verify the proof without needing any secret information. [14]

Unlike the first generation of zk-SNARKs, zk-STARKs, by default, do not require a trusted setup, which makes them particularly useful for decentralized applications like blockchains. Additionally, zk-STARKs can be used to verify many statements at once, making them scalable and efficient. [1]

In 2019, HALO recursive zk-SNARKs without a trusted setup were presented. [15] Pickles [16] zk-SNARKs, based on the former construction, power Mina, the first succinctly verifiable blockchain. [17]

A list of zero-knowledge proof protocols and libraries is provided below along with comparisons based on transparency, universality, and plausible post-quantum security. A transparent protocol is one that does not require any trusted setup and uses public randomness. A universal protocol is one that does not require a separate trusted setup for each circuit. Finally, a plausibly post-quantum protocol is one that is not susceptible to known attacks involving quantum algorithms.

Non-interactive zero-knowledge proof systems
ZKP systemPublication yearProtocolTransparentUniversalPlausibly post-quantum secure
Pinocchio [18] 2013zk-SNARKNoNoNo
Geppetto [19] 2015zk-SNARKNoNoNo
TinyRAM [20] 2013zk-SNARKNoNoNo
Buffet [21] 2015zk-SNARKNoNoNo
vRAM [22] 2018zk-SNARGNoYesNo
vnTinyRAM [23] 2014zk-SNARKNoYesNo
MIRAGE [24] 2020zk-SNARKNoYesNo
Sonic [25] 2019zk-SNARKNoYesNo
Marlin [26] 2020zk-SNARKNoYesNo
PLONK [27] 2019zk-SNARKNoYesNo
SuperSonic [28] 2020zk-SNARKYesYesNo
Bulletproofs [29] 2018BulletproofsYesYesNo
Hyrax [30] 2018zk-SNARKYesYesNo
Halo [15] 2019zk-SNARKYesYesNo
Virgo [31] 2020zk-SNARKYesYesYes
Ligero [32] 2017zk-SNARKYesYesYes
Aurora [33] 2019zk-SNARKYesYesYes
zk-STARK [14] [34] 2019zk-STARKYesYesYes
Zilch [35] [36] 2021zk-STARKYesYesYes

Definition

Originally, [2] non-interactive zero-knowledge was only defined as a single theorem-proof system. In such a system each proof requires its own fresh common reference string. A common reference string in general is not a random string. It may, for instance, consist of randomly chosen group elements that all protocol parties use. Although the group elements are random, the reference string is not as it contains a certain structure (e.g., group elements) that is distinguishable from randomness. Subsequently, Feige, Lapidot, and Shamir [37] introduced multi-theorem zero-knowledge proofs as a more versatile notion for non-interactive zero-knowledge proofs.

Pairing-based non-interactive proofs

Pairing-based cryptography has led to several cryptographic advancements. One of these advancements is more powerful and more efficient non-interactive zero-knowledge proofs. The seminal idea was to hide the values for the pairing evaluation in a commitment. Using different commitment schemes, this idea was used to build zero-knowledge proof systems under the sub-group hiding [38] and under the decisional linear assumption. [39] These proof systems prove circuit satisfiability, and thus by the Cook–Levin theorem allow proving membership for every language in NP. The size of the common reference string and the proofs is relatively small; however, transforming a statement into a boolean circuit incurs considerable overhead.

Proof systems under the sub-group hiding, decisional linear assumption, and external Diffie–Hellman assumption that allow directly proving the pairing product equations that are common in pairing-based cryptography have been proposed. [40]

Under strong knowledge assumptions, it is known how to create sublinear-length computationally-sound proof systems for NP-complete languages. More precisely, the proof in such proof systems consists only of a small number of bilinear group elements. [41] [42]

Related Research Articles

Snark may refer to:

<span class="mw-page-title-main">Interactive proof system</span>

In computational complexity theory, an interactive proof system is an abstract machine that models computation as the exchange of messages between two parties: a prover and a verifier. The parties interact by exchanging messages in order to ascertain whether a given string belongs to a language or not. The prover possesses unlimited computational resources but cannot be trusted, while the verifier has bounded computation power but is assumed to be always honest. Messages are sent between the verifier and prover until the verifier has an answer to the problem and has "convinced" itself that it is correct.

<span class="mw-page-title-main">David Chaum</span> American computer scientist and cryptographer (born 1955)

David Lee Chaum is an American computer scientist, cryptographer, and inventor. He is known as a pioneer in cryptography and privacy-preserving technologies, and widely recognized as the inventor of digital cash. His 1982 dissertation "Computer Systems Established, Maintained, and Trusted by Mutually Suspicious Groups" is the first known proposal for a blockchain protocol. Complete with the code to implement the protocol, Chaum's dissertation proposed all but one element of the blockchain later detailed in the Bitcoin whitepaper. He has been referred to as "the father of online anonymity", and "the godfather of cryptocurrency".

In cryptography, a zero-knowledge proof or zero-knowledge protocol is a method by which one party can prove to another party that some given statement is true, while avoiding conveying to the verifier any information beyond the mere fact of that statement's truth. The intuition underlying zero-knowledge proofs is that it is trivial to prove possession of the relevant information simply by revealing it; the hard part is to prove this possession without revealing this information.

Proof of work (PoW) is a form of cryptographic proof in which one party proves to others that a certain amount of a specific computational effort has been expended. Verifiers can subsequently confirm this expenditure with minimal effort on their part. The concept was invented by Moni Naor and Cynthia Dwork in 1993 as a way to deter denial-of-service attacks and other service abuses such as spam on a network by requiring some work from a service requester, usually meaning processing time by a computer. The term "proof of work" was first coined and formalized in a 1999 paper by Markus Jakobsson and Ari Juels. The concept was adapted to digital tokens by Hal Finney in 2004 through the idea of "reusable proof of work" using the 160-bit secure hash algorithm 1 (SHA-1).

In cryptography, a zero-knowledge password proof (ZKPP) is a type of zero-knowledge proof that allows one party to prove to another party that it knows a value of a password, without revealing anything other than the fact that it knows the password to the verifier. The term is defined in IEEE P1363.2, in reference to one of the benefits of using a password-authenticated key exchange (PAKE) protocol that is secure against off-line dictionary attacks. A ZKPP prevents any party from verifying guesses for the password without interacting with a party that knows it and, in the optimal case, provides exactly one guess in each interaction.

In cryptography, a password-authenticated key agreement (PAK) method is an interactive method for two or more parties to establish cryptographic keys based on one or more party's knowledge of a password.

<span class="mw-page-title-main">Forward secrecy</span> Practice in cryptography

In cryptography, forward secrecy (FS), also known as perfect forward secrecy (PFS), is a feature of specific key-agreement protocols that gives assurances that session keys will not be compromised even if long-term secrets used in the session key exchange are compromised, limiting damage. For HTTPS, the long-term secret is typically the private key of the server. Forward secrecy protects past sessions against future compromises of keys or passwords. By generating a unique session key for every session a user initiates, the compromise of a single session key will not affect any data other than that exchanged in the specific session protected by that particular key. This by itself is not sufficient for forward secrecy which additionally requires that a long-term secret compromise does not affect the security of past session keys.

In cryptography, a verifiable random function (VRF) is a public-key pseudorandom function that provides proofs that its outputs were calculated correctly. The owner of the secret key can compute the function value as well as an associated proof for any input value. Everyone else, using the proof and the associated public key, can check that this value was indeed calculated correctly, yet this information cannot be used to find the secret key.

In cryptography the standard model is the model of computation in which the adversary is only limited by the amount of time and computational power available. Other names used are bare model and plain model.

Secure two-party computation (2PC) a.k.a. Secure function evaluation is sub-problem of secure multi-party computation (MPC) that has received special attention by researchers because of its close relation to many cryptographic tasks. The goal of 2PC is to create a generic protocol that allows two parties to jointly compute an arbitrary function on their inputs without sharing the value of their inputs with the opposing party. One of the most well known examples of 2PC is Yao's Millionaires' problem, in which two parties, Alice and Bob, are millionaires who wish to determine who is wealthier without revealing their wealth. Formally, Alice has wealth , Bob has wealth , and they wish to compute without revealing the values or .

Distributed key generation (DKG) is a cryptographic process in which multiple parties contribute to the calculation of a shared public and private key set. Unlike most public key encryption models, distributed key generation does not rely on Trusted Third Parties. Instead, the participation of a threshold of honest parties determines whether a key pair can be computed successfully. Distributed key generation prevents single parties from having access to a private key. The involvement of many parties requires Distributed key generation to ensure secrecy in the presence of malicious contributions to the key calculation.

A Sybil attack is a type of attack on a computer network service in which an attacker subverts the service's reputation system by creating a large number of pseudonymous identities and uses them to gain a disproportionately large influence. It is named after the subject of the book Sybil, a case study of a woman diagnosed with dissociative identity disorder. The name was suggested in or before 2002 by Brian Zill at Microsoft Research. The term pseudospoofing had previously been coined by L. Detweiler on the Cypherpunks mailing list and used in the literature on peer-to-peer systems for the same class of attacks prior to 2002, but this term did not gain as much influence as "Sybil attack".

In cryptography, the Fiat–Shamir heuristic is a technique for taking an interactive proof of knowledge and creating a digital signature based on it. This way, some fact can be publicly proven without revealing underlying information. The technique is due to Amos Fiat and Adi Shamir (1986). For the method to work, the original interactive proof must have the property of being public-coin, i.e. verifier's random coins are made public throughout the proof protocol.

ProVerif is a software tool for automated reasoning about the security properties of cryptographic protocols. The tool has been developed by Bruno Blanchet and others.

Zerocoin is a privacy protocol proposed in 2013 by Johns Hopkins University professor Matthew D. Green and his graduate students, Ian Miers and Christina Garman. It was designed as an extension to the Bitcoin protocol that would improve Bitcoin transactions' anonymity by having coin-mixing capabilities natively built into the protocol. Zerocoin is not currently compatible with Bitcoin.

<span class="mw-page-title-main">Amit Sahai</span> American cryptographer (born 1974)

Amit Sahai is an Indian-American computer scientist. He is a professor of computer science at UCLA and the director of the Center for Encrypted Functionalities.

Garbled circuit is a cryptographic protocol that enables two-party secure computation in which two mistrusting parties can jointly evaluate a function over their private inputs without the presence of a trusted third party. In the garbled circuit protocol, the function has to be described as a Boolean circuit.

<span class="mw-page-title-main">Firo (cryptocurrency)</span> Cryptocurrency

Firo, formerly known as Zcoin, is a cryptocurrency aimed at using cryptography to provide better privacy for its users compared to other cryptocurrencies such as Bitcoin.

In cryptography, indistinguishability obfuscation is a type of software obfuscation with the defining property that obfuscating any two programs that compute the same mathematical function results in programs that cannot be distinguished from each other. Informally, such obfuscation hides the implementation of a program while still allowing users to run it. Formally, iO satisfies the property that obfuscations of two circuits of the same size which implement the same function are computationally indistinguishable.

References

  1. 1 2 3 Gong, Yinjie; Jin, Yifei; Li, Yuchan; Liu, Ziyi; Zhu, Zhiyi (January 2022). "Analysis and comparison of the main zero-knowledge proof scheme". 2022 International Conference on Big Data, Information and Computer Network (BDICN). pp. 366–372. doi:10.1109/BDICN55575.2022.00074. ISBN   978-1-6654-8476-3. S2CID   248267862.
  2. 1 2 Manuel Blum, Paul Feldman, and Silvio Micali. Non-Interactive Zero-Knowledge and Its Applications. Proceedings of the twentieth annual ACM symposium on Theory of computing (STOC 1988). 103–112. 1988
  3. Oded Goldreich and Yair Oren. Definitions and Properties of Zero-Knowledge Proof Systems. Journal of Cryptology. Vol 7(1). 1–32. 1994 (PS)
  4. Shafi Goldwasser and Yael Kalai. On the (In)security of the Fiat–Shamir Paradigm. Proceedings of the 44th Annual IEEE Symposium on Foundations of Computer Science (FOCS'03). 2003
  5. Rafael Pass. On Deniability in the Common Reference String and Random Oracle Model. Advances in Cryptology – CRYPTO 2003. 316–337. 2003 (PS)
  6. Bitansky, Nir; Canetti, Ran; Chiesa, Alessandro; Tromer, Eran (January 2012). "From extractable collision resistance to succinct non-interactive arguments of knowledge, and back again". Proceedings of the 3rd Innovations in Theoretical Computer Science Conference on - ITCS '12. ACM. pp. 326–349. doi:10.1145/2090236.2090263. ISBN   978-1-4503-1115-1. S2CID   2576177.
  7. Ben-Sasson, Eli; Chiesa, Alessandro; Garman, Christina; Green, Matthew; Miers, Ian; Tromer, Eran; Virza, Madars (18 May 2014). "Zerocash: Decentralized Anonymous Payments from Bitcoin" (PDF). IEEE. Retrieved 26 January 2016.
  8. Ben-Sasson, Eli; Chiesa, Alessandro. "What are zk-SNARKs?". z.cash. Retrieved 3 November 2022.
  9. "Zero-Knowledge rollups". ethereum.org. Retrieved 2023-02-25.
  10. Bünz, Benedikt; Bootle, Jonathan; Boneh, Dan; Poelstra, Andrew; Wuille, Pieter; Maxwell, Greg (May 2018). "Bulletproofs: Short Proofs for Confidential Transactions and More". 2018 IEEE Symposium on Security and Privacy (SP). pp. 315–334. doi:10.1109/SP.2018.00020. ISBN   978-1-5386-4353-2. S2CID   3337741.
  11. Bünz, Benedikt; Bootle, Jonathan; Boneh, Dan; Poelstra, Andrew; Wuille, Pieter; Maxwell, Greg (May 2018). "Bulletproofs: Short Proofs for Confidential Transactions and More" (PDF). 2018 IEEE Symposium on Security and Privacy (SP). pp. 315–334. doi:10.1109/SP.2018.00020. ISBN   978-1-5386-4353-2. S2CID   3337741 . Retrieved 2 December 2022.
  12. Odendaal, Hansie; Sharrock, Cayle; Heerden, SW. "Bulletproofs and Mimblewimble". Tari Labs University. Archived from the original on 29 September 2020. Retrieved 3 December 2020.
  13. http://www.cs.technion.ac.il/RESEARCH_DAY_17/POSTERS/michael_riabzev.pdf
  14. 1 2 3 Eli Ben-Sasson; Iddo Bentov; Yinon Horesh; Michael Riabzev (March 6, 2018). "Scalable, transparent, and post-quantum secure computational integrity" (PDF). International Association for Cryptologic Research . Retrieved October 24, 2021.
  15. 1 2 Bowe, Sean; Grigg, Jack; Hopwood, Daira (2019). "Recursive Proof Composition without a Trusted Setup". Cryptology ePrint Archive.
  16. "Meet Pickles SNARK: Enabling Smart Contracts on Coda Protocol". Mina Protocol. Retrieved 2023-02-25.
  17. Bonneau, Joseph; Meckler, Izaak; Rao, V.; Evan; Shapiro (2021). "Mina: Decentralized Cryptocurrency at Scale" (PDF). S2CID   226280610.
  18. Parno, Bryan; Howell, Jon; Gentry, Craig; Raykova, Mariana (May 2013). "Pinocchio: Nearly Practical Verifiable Computation". 2013 IEEE Symposium on Security and Privacy. pp. 238–252. doi:10.1109/SP.2013.47. ISBN   978-0-7695-4977-4. S2CID   1155080.
  19. Costello, Craig; Fournet, Cédric; Howell, Jon; Kohlweiss, Markulf; Kreuter, Benjamin; Naehrig, Michael; Parno, Bryan; Zahur, Samee (May 2015). "Geppetto: Versatile Verifiable Computation". 2015 IEEE Symposium on Security and Privacy. pp. 253–270. doi:10.1109/SP.2015.23. ISBN   978-1-4673-6949-7. S2CID   3343426.
  20. Ben-Sasson, Eli; Chiesa, Alessandro; Genkin, Daniel; Tromer, Eran; Virza, Madars (2013). "SNARKs for C: Verifying Program Executions Succinctly and in Zero Knowledge". In Canetti, Ran; Garay, Juan A. (eds.). Advances in Cryptology – CRYPTO 2013. Lecture Notes in Computer Science. Vol. 8043. Berlin, Heidelberg: Springer. pp. 90–108. doi:10.1007/978-3-642-40084-1_6. ISBN   978-3-642-40084-1.
  21. Wahby, Riad S.; Setty, Srinath; Ren, Zuocheng; Blumberg, Andrew J.; Walfish, Michael (2015). Efficient RAM and Control Flow in Verifiable Outsourced Computation. doi:10.14722/ndss.2015.23097. ISBN   978-1-891562-38-9 . Retrieved 2023-02-25.
  22. Zhang, Yupeng; Genkin, Daniel; Katz, Jonathan; Papadopoulos, Dimitrios; Papamanthou, Charalampos (May 2018). "VRAM: Faster Verifiable RAM with Program-Independent Preprocessing". 2018 IEEE Symposium on Security and Privacy (SP). pp. 908–925. doi:10.1109/SP.2018.00013. ISBN   978-1-5386-4353-2. S2CID   41548742.
  23. Ben-Sasson, Eli; Chiesa, Alessandro; Tromer, Eran; Virza, Madars (2014). Succinct {Non-Interactive} Zero Knowledge for a von Neumann Architecture. pp. 781–796. ISBN   978-1-931971-15-7.
  24. Kosba, Ahmed; Papadopoulos, Dimitrios; Papamanthou, Charalampos; Song, Dawn (2020). "MIRAGE: Succinct Arguments for Randomized Algorithms with Applications to Universal zk-SNARKs". Cryptology ePrint Archive.
  25. Maller, Mary; Bowe, Sean; Kohlweiss, Markulf; Meiklejohn, Sarah (2019-11-06). "Sonic". Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. CCS '19. New York, NY, USA: Association for Computing Machinery. pp. 2111–2128. doi:10.1145/3319535.3339817. ISBN   978-1-4503-6747-9. S2CID   60442921.
  26. Chiesa, Alessandro; Hu, Yuncong; Maller, Mary; Mishra, Pratyush; Vesely, Noah; Ward, Nicholas (2020). "Marlin: Preprocessing zkSNARKs with Universal and Updatable SRS". In Canteaut, Anne; Ishai, Yuval (eds.). Advances in Cryptology – EUROCRYPT 2020. Lecture Notes in Computer Science. Vol. 12105. Cham: Springer International Publishing. pp. 738–768. doi:10.1007/978-3-030-45721-1_26. ISBN   978-3-030-45721-1. S2CID   204772154.
  27. Gabizon, Ariel; Williamson, Zachary J.; Ciobotaru, Oana (2019). "PLONK: Permutations over Lagrange-bases for Oecumenical Noninteractive arguments of Knowledge". Cryptology ePrint Archive.
  28. Bünz, Benedikt; Fisch, Ben; Szepieniec, Alan (2020). "Transparent SNARKs from DARK Compilers". In Canteaut, Anne; Ishai, Yuval (eds.). Advances in Cryptology – EUROCRYPT 2020. Lecture Notes in Computer Science. Vol. 12105. Cham: Springer International Publishing. pp. 677–706. doi:10.1007/978-3-030-45721-1_24. ISBN   978-3-030-45721-1. S2CID   204892714.
  29. Bünz, Benedikt; Bootle, Jonathan; Boneh, Dan; Poelstra, Andrew; Wuille, Pieter; Maxwell, Greg (May 2018). "Bulletproofs: Short Proofs for Confidential Transactions and More". 2018 IEEE Symposium on Security and Privacy (SP). pp. 315–334. doi:10.1109/SP.2018.00020. ISBN   978-1-5386-4353-2. S2CID   3337741.
  30. Wahby, Riad S.; Tzialla, Ioanna; Shelat, Abhi; Thaler, Justin; Walfish, Michael (May 2018). "Doubly-Efficient zkSNARKs Without Trusted Setup". 2018 IEEE Symposium on Security and Privacy (SP). pp. 926–943. doi:10.1109/SP.2018.00060. ISBN   978-1-5386-4353-2. S2CID   549873.
  31. Zhang, Jiaheng; Xie, Tiancheng; Zhang, Yupeng; Song, Dawn (May 2020). "Transparent Polynomial Delegation and Its Applications to Zero Knowledge Proof". 2020 IEEE Symposium on Security and Privacy (SP). pp. 859–876. doi:10.1109/SP40000.2020.00052. ISBN   978-1-7281-3497-0. S2CID   209467198.
  32. Ames, Scott; Hazay, Carmit; Ishai, Yuval; Venkitasubramaniam, Muthuramakrishnan (2017-10-30). "Ligero". Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. CCS '17. New York, NY, USA: Association for Computing Machinery. pp. 2087–2104. doi:10.1145/3133956.3134104. ISBN   978-1-4503-4946-8. S2CID   5348527.
  33. Ben-Sasson, Eli; Chiesa, Alessandro; Riabzev, Michael; Spooner, Nicholas; Virza, Madars; Ward, Nicholas P. (2019). "Aurora: Transparent Succinct Arguments for R1CS". In Ishai, Yuval; Rijmen, Vincent (eds.). Advances in Cryptology – EUROCRYPT 2019. Lecture Notes in Computer Science. Vol. 11476. Cham: Springer International Publishing. pp. 103–128. doi:10.1007/978-3-030-17653-2_4. ISBN   978-3-030-17653-2. S2CID   52832327.
  34. Ben-Sasson, Eli; Bentov, Iddo; Horesh, Yinon; Riabzev, Michael (2019). "Scalable Zero Knowledge with No Trusted Setup". In Boldyreva, Alexandra; Micciancio, Daniele (eds.). Advances in Cryptology – CRYPTO 2019. Lecture Notes in Computer Science. Vol. 11694. Cham: Springer International Publishing. pp. 701–732. doi:10.1007/978-3-030-26954-8_23. ISBN   978-3-030-26954-8. S2CID   199501907.
  35. Computing, Trustworthy (2021-08-30). "Transparent Zero-Knowledge Proofs With Zilch". Medium. Retrieved 2023-02-25.
  36. Mouris, Dimitris; Tsoutsos, Nektarios Georgios (2021). "Zilch: A Framework for Deploying Transparent Zero-Knowledge Proofs". IEEE Transactions on Information Forensics and Security. 16: 3269–3284. doi:10.1109/TIFS.2021.3074869. ISSN   1556-6021. S2CID   222069813.
  37. Uriel Feige, Dror Lapidot, Adi Shamir: Multiple Non-Interactive Zero-Knowledge Proofs Under General Assumptions. SIAM J. Comput. 29(1): 1–28 (1999)
  38. Jens Groth, Rafail Ostrovsky, Amit Sahai: Perfect Non-interactive Zero Knowledge for NP. EUROCRYPT 2006: 339–358
  39. Jens Groth, Rafail Ostrovsky, Amit Sahai: Non-interactive Zaps and New Techniques for NIZK. CRYPTO 2006: 97–111
  40. Jens Groth, Amit Sahai: Efficient Non-interactive Proof Systems for Bilinear Groups. EUROCRYPT 2008: 415–432
  41. Jens Groth. Short Pairing-Based Non-interactive Zero-Knowledge Arguments. ASIACRYPT 2010: 321–340
  42. Helger Lipmaa. Progression-Free Sets and Sublinear Pairing-Based Non-Interactive Zero-Knowledge Arguments. TCC 2012: 169–189
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.