On the Concrete Complexity of Zero-Knowledge Proofs

The fact that there are zero-knowledge proofs for all languages in NP has, potentially, enormous implications to cryptography. For cryptographers, the issue is no longer \which languages in NP have zero-knowledge proofs" but rather \which languages in NP have practical zero-knowledge proofs". Thus, the concrete complexity of zero-knowledge proofs for diierent languages must be established. In this paper, we study the concrete complexity of the known general methods for constructing zero-knowledge proofs. We establish that circuit-based methods have the potential of producing proofs which can be used in practice. Then we introduce several techniques which greatly reduce the concrete complexity of circuit-based proofs. In order to show that our protocols yield proofs of knowledge, we show how to extend the Feige-Fiat-Shamir deenition for proofs of knowledge to the model of Brassard-Chaum-Cr epeau. Finally, we present techniques for improving the eeciency of protocols which involve arithmetic computations, such as modular addition, subtraction, and multiplication, and greatest common divisor.