[Cryptography] Is Non-interactive Zero Knowledge Proof an oxymoron?

Charlie Kaufman charliekaufman at outlook.com
Sat Mar 12 00:23:14 EST 2016


This is really a question about terminology. I've been trying to come up with a definition of a Zero Knowledge Proof. Most that I have seen in the literature say that a Zero Knowledge Proof is an interaction between - say - Alice and Bob, where Alice proves knowledge of some secret but Bob gains no information other than that he is interacting with someone who knows the secret. In particular, he could generate the entire conversation himself and so cannot prove to a third party that he has interacted with Alice.


What Zero Knowledge Proofs are most often used for are to derive digital signature schemes, where the Zero Knowledge Proof is used as evidence that the digital signature scheme is secure. Often these digital signature schemes are called "Non-interactive Zero Knowledge Proofs", which seems to me very wrong. If Bob receives a Non-interactive Zero Knowledge Proof from Alice, he *can* prove to a third party that the message came from Alice, and he could not have generated the entire conversation himself.


Is this a horrible abuse of language (where a Non-interactive Zero Knowledge Proof is not a kind of Zero Knowledge Proof, but rather a related thing that doesn't meet the definition). Or is there some way I can hold my head such that I can come up with a definition the encompasses both things?


Any suggestions appreciated!


--Charlie
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160312/acc7c0e8/attachment.html>


More information about the cryptography mailing list