Hashing Functions can Simplify Zero- Knowledge Protocol Design (too)

In Crypto93, Damg̊ard showed that any constant-round protocol in which the verifier sends only independent, random bits and which is zero-knowledge against the honest verifier can be transformed into a protocol (for the same problem) that is zero-knowledge in general. His transformation was based on the interactive hashing technique of Naor, Ostrovsky, Venkatesan and Yung, and thus the resulting protocol had very large round-complexity. We adopt Damg̊ard’s methods, using ordinary hashing functions, instead of the abovementioned interactive hashing technique. Typically, the protocols we derive have much lower round-complexity than those derived by Damg̊ard’s transformation. As in Damg̊ard’s transformation, our transformation preserves statistical/perfect zero-knowledge and does not rely on any computational assumptions. However, unlike Damg̊ard’s transformation, the new transformation is not applicable to argument systems or to proofs of knowledge. ∗Dept. of Computer Science, Aarhus Univesity, Denmark and BRICS, Basic Research In Computer Science, Centre of the Danish National Research Foundation. †Dept. of Applied Math. and Computer Science, Weizmann Institute of Science, Rehovot, Israel. Work done while visiting BRICS, Basic Research In Computer Science, Centre of the Danish National Research Foundation. Supported in part by grant No. 92-00226 from the United States – Israel Binational Reseach Foundation (BSF), Jerusalem, Israel. ‡Institute for Computer Science, Hebrew University, Jerusalem, Israel. Work done while visiting BRICS, Basic Research In Computer Science, Centre of the Danish National Research Foundation. Supported in part by grant No. xx-00yyy from the United States – Israel Binational Reseach Foundation (BSF), Jerusalem, Israel.