Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack
C. Rackoff, and D. Simon. Advances in Cryptology --- CRYPTO '91, page 433--444. Berlin, Heidelberg, Springer Berlin Heidelberg, (1992)
The zero-knowledge proof of knowledge, first defined by Fiat, Fiege and Shamir, was used by Galil, Haber and Yung as a means of constructing (out of a trapdoor function) an interactive public-key cryptosystem provably secure against chosen ciphertext attack. We introduce a revised setting which permits the definition of a non-interactive analogue, the non-interactive zero-knowledge proof of knowledge, and show how it may be constructed in that setting from a non-interactive zero-knowledge proof system for N P (of the type introduced by Blum, Feldman and Micali). We give a formalization of chosen ciphertext attack in our model which is stronger than the ``lunchtime attack'' considered by Naor and Yung, and prove a non-interactive public-key cryptosystem based on non-interactive zero-knowledge proof of knowledge to be secure against it.
Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack | SpringerLink