Non-interactive Proofs for Integer Multiplication
نویسندگان
چکیده
We present two universally composable and practical protocols by which a dealer can, verifiably and non-interactively, secret-share an integer among a set of players. Moreover, at small extra cost and using a distributed verifier proof, it can be shown in zero-knowledge that three shared integers a, b, c satisfy ab = c. This implies by known reductions non-interactive zero-knowledge proofs that a shared integer is in a given interval, or that one secret integer is larger than another. Such primitives are useful, e.g., for supplying inputs to a multiparty computation protocol, such as an auction or an election. The protocols use various set-up assumptions, but do not require the random oracle model.
منابع مشابه
Short Non-interactive Zero-Knowledge Proofs
We show that probabilistically checkable proofs can be used to shorten non-interactive zero-knowledge proofs. We obtain publicly verifiable non-interactive zero-knowledge proofs for circuit satisfiability with adaptive and unconditional soundness where the size grows quasi-linearly in the number of gates. The zero-knowledge property relies on the existence of trapdoor permutations, or it can be...
متن کاملShort Proofs of Knowledge for Factoring
The aim of this paper is to design a proof of knowledge for the factorization of an integer n. We propose a statistical zero-knowledge protocol similar to proofs of knowledge of discrete logarithm a la Schnorr. The eeciency improvement in comparison with the previously known schemes can be compared with the diierence between the Fiat-Shamir scheme and the Schnorr one. Furthermore, the proof can...
متن کاملEfficient Arithmetic Modulo Minimal Redundancy Cyclotomic Primes
We introduce a family of prime numbers that we refer to as Minimal Redundancy Cyclotomic Primes (MRCPs). The form of MRCPs is such that when using the field representation and multiplication algorithm we present, multiplication modulo these primes can be up to twice as efficient as multiplication of integer residues. This article provides a comprehensive theoretical framework for the use of MRC...
متن کاملOn the Hardness of Approximating Shortest Integer Relations among Rational Numbers
Given x 2 R n an integer relation for x is a non-trivial vector m 2 Z n with inner product hm; xi = 0. In this paper we prove the following: Unless every NP language is recognizable in deterministic quasi-polynomial time, i.e., in time O(n poly(log n)), thè 1-shortest integer relation for a given vector x 2 Q n cannot be approximated in polynomial time within a factor of 2 log 0:5? n , where is...
متن کاملTowards Verifying Nonlinear Integer Arithmetic
We eliminate a key roadblock to efficient verification of nonlinear integer arithmetic using CDCL SAT solvers, by showing how to construct short resolution proofs for many properties of the most widely used multiplier circuits. Such short proofs were conjectured not to exist. More precisely, we give n size regular resolution proofs for arbitrary degree 2 identities on array, diagonal, and Booth...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2007 شماره
صفحات -
تاریخ انتشار 2007