{"title":"以恒定成本实现双离散对数的零知识论证","authors":"Diya Krishnan , Xiang Fu","doi":"10.1016/j.tcs.2024.114799","DOIUrl":null,"url":null,"abstract":"<div><p>Given that the Schnorr's protocol for Discrete Logarithm (DLOG) exchanges three messages, it is an interesting problem whether a constant round zero-knowledge protocol exists for the Double Discrete Logarithm problem (DDLOG), i.e., to demonstrate the knowledge of a secret witness <em>x</em> in <span><math><msup><mrow><mi>g</mi></mrow><mrow><msup><mrow><mi>h</mi></mrow><mrow><mi>x</mi></mrow></msup></mrow></msup></math></span>. In this paper, we show that it exists for a fragment of DDLOG with two restrictions: (1) The outer group of DDLOG supports bilinear pairing, and it needs a trusted set-up for common reference string (CRS). (2) <span><math><mi>x</mi><mo><</mo><mi>t</mi></math></span> where <em>t</em> is the size of KZG commitment key in CRS. The protocol is zero knowledge and constant round, with <span><math><mi>O</mi><mo>(</mo><mn>1</mn><mo>)</mo></math></span> complexity for prover and verifier, regardless of the desired security strength. The contributions of the work are mainly theoretical due to its restrictions and concrete performance.</p></div>","PeriodicalId":49438,"journal":{"name":"Theoretical Computer Science","volume":"1018 ","pages":"Article 114799"},"PeriodicalIF":0.9000,"publicationDate":"2024-08-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Towards zero knowledge argument for double discrete logarithm with constant cost\",\"authors\":\"Diya Krishnan , Xiang Fu\",\"doi\":\"10.1016/j.tcs.2024.114799\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>Given that the Schnorr's protocol for Discrete Logarithm (DLOG) exchanges three messages, it is an interesting problem whether a constant round zero-knowledge protocol exists for the Double Discrete Logarithm problem (DDLOG), i.e., to demonstrate the knowledge of a secret witness <em>x</em> in <span><math><msup><mrow><mi>g</mi></mrow><mrow><msup><mrow><mi>h</mi></mrow><mrow><mi>x</mi></mrow></msup></mrow></msup></math></span>. In this paper, we show that it exists for a fragment of DDLOG with two restrictions: (1) The outer group of DDLOG supports bilinear pairing, and it needs a trusted set-up for common reference string (CRS). (2) <span><math><mi>x</mi><mo><</mo><mi>t</mi></math></span> where <em>t</em> is the size of KZG commitment key in CRS. The protocol is zero knowledge and constant round, with <span><math><mi>O</mi><mo>(</mo><mn>1</mn><mo>)</mo></math></span> complexity for prover and verifier, regardless of the desired security strength. The contributions of the work are mainly theoretical due to its restrictions and concrete performance.</p></div>\",\"PeriodicalId\":49438,\"journal\":{\"name\":\"Theoretical Computer Science\",\"volume\":\"1018 \",\"pages\":\"Article 114799\"},\"PeriodicalIF\":0.9000,\"publicationDate\":\"2024-08-26\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Theoretical Computer Science\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S030439752400416X\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, THEORY & METHODS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Theoretical Computer Science","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S030439752400416X","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}
Towards zero knowledge argument for double discrete logarithm with constant cost
Given that the Schnorr's protocol for Discrete Logarithm (DLOG) exchanges three messages, it is an interesting problem whether a constant round zero-knowledge protocol exists for the Double Discrete Logarithm problem (DDLOG), i.e., to demonstrate the knowledge of a secret witness x in . In this paper, we show that it exists for a fragment of DDLOG with two restrictions: (1) The outer group of DDLOG supports bilinear pairing, and it needs a trusted set-up for common reference string (CRS). (2) where t is the size of KZG commitment key in CRS. The protocol is zero knowledge and constant round, with complexity for prover and verifier, regardless of the desired security strength. The contributions of the work are mainly theoretical due to its restrictions and concrete performance.
期刊介绍:
Theoretical Computer Science is mathematical and abstract in spirit, but it derives its motivation from practical and everyday computation. Its aim is to understand the nature of computation and, as a consequence of this understanding, provide more efficient methodologies. All papers introducing or studying mathematical, logic and formal concepts and methods are welcome, provided that their motivation is clearly drawn from the field of computing.