Divertible Zero Knowledge Interactive Proofs and Commutative Random Self-Reducibility

In this paper, a new class of zero knowledge interactive proofs, a divertible zero knowledge interactive proof, is presented. Informally speaking, we call (A,B,C), a triplet of Turing machines, a divertible zero knowledge interactive proof, if (A,B) and (B,C) are zero knowledge interactive proofs and B converts (A,B) into (B,C) such that any evidence regarding the relationship between (A,B) and (B,C) is concealed. It is shown that any commuiaaive random self-reducible problem, which is a variant of the random self-reducible problem introduced by Angluin et al., has a divertible perfect zero knowledge interactive proof. We also show that a specific class of the commutative random self-reducible problems have more pracfical divertible perfect zero knowledge interactive proofs. This clans of zero knowledge interactive proofs has two sides; one positive, the other negative. On the positive side, divertible zero knowledge interactive proofs can be used to protect privacy in networked and computerized environments. Electronic checking and secret electronic balloting are described in this paper to illustrate this side. On the negative side, identification systems based on these zero knowledge interactive proofs are vulnerable to an abuse, which is, however, for the most part common to all logical idenification schemes. This abuse and some measures to overcome it are also presented. J.J. Quisquater and J. Vandewalle (Eds.): Advances in Cryptology EUROCRYPT ‘89, LNCS 434, pp. 134-149, 1990. 0 Springer-Verlag Berlin Heidelberg 1990