在現今，零知識證明扮演了一個重要的角色，像是在區塊鏈中的驗證機制。 當擁有一些難題的知識時，證明者可以去通過驗證者的驗證。這個系統提供了一 個完美的模式，達到即使不洩漏個人資訊，證明者依舊能通過驗證。然而，我們 希望在驗證者驗證完證明者的資訊後，是沒有辦法將手中的訊息透漏給其他人， 讓其他人也知道證明者知道某項知識。在我們的研究中，我們提出了一個新的零 知識證明系統去達到不可傳遞性。由於不可傳遞性，無論證明是否合法，它可以 永遠通過驗證條件。

Zero-Knowledge Proof plays an important role in today, such as the authentication in blockchain. With knowing the knowledge of some hard problems, a prover can generate a proof and pass the verification by a verifier. It gives a perfect scenario to avoid the parties to have other’s knowledge. However, we hope that the proof is non-transferable and the verifier cannot transfer the information. In our studies, we create a new Zero-Knowledge Proof scheme to achieve the non-transferability, called non-transferable Zero-Knowledge Proof. Due to the non-transferability, the proof will be always passed the verification whether it is valid or not.

[1] G. Ateniese and B. de Medeiros. Identity-based chameleon hash and applications. IACR Cryptol. ePrint Arch., page 167, 2003.
[2] G.AtenieseandB.deMedeiros.Onthekeyexposureprobleminchameleonhashes. In C. Blundo and S. Cimato, editors, Security in Communication Networks, 4th International Conference, SCN 2004, Amalfi, Italy, September 8-10, 2004, Revised Selected Papers, volume 3352 of Lecture Notes in Computer Science, pages 165– 179. Springer, 2004.
[3] T. Attema and R. Cramer. Compressed ς-protocol theory and practical applica- tion to plug & play secure algorithmics. In D. Micciancio and T. Ristenpart, editors, Advances in Cryptology - CRYPTO 2020 - 40th Annual International Cryptology Conference, CRYPTO 2020, Santa Barbara, CA, USA, August 17-21, 2020, Proceedings, Part III, volume 12172 of Lecture Notes in Computer Science, pages 513–543. Springer, 2020.
[4] T. Attema, R. Cramer, and L. Kohl. A compressed ς-protocol theory for lattices. In T. Malkin and C. Peikert, editors, Advances in Cryptology - CRYPTO 2021 - 41st Annual International Cryptology Conference, CRYPTO 2021, Virtual Event, August 16-20, 2021, Proceedings, Part II, volume 12826 of Lecture Notes in Computer Science, pages 549–579. Springer, 2021.
[5] Y. Aumann and M. O. Rabin. Authentication, enhanced security and error correct- ing codes (extended abstract). In H. Krawczyk, editor, Advances in Cryptology - CRYPTO ’98, 18th Annual International Cryptology Conference, Santa Barbara, California, USA, August 23-27, 1998, Proceedings, volume 1462 of Lecture Notes in Computer Science, pages 299–303. Springer, 1998.
[6] C. Baum, I. Damgård, V. Lyubashevsky, S. Oechsner, and C. Peikert. More efficient commitments from structured lattice assumptions. In D. Catalano and R. D. Prisco, editors, Security and Cryptography for Networks - 11th International Conference, SCN 2018, Amalfi, Italy, September 5-7, 2018, Proceedings, volume 11035 of Lecture Notes in Computer Science, pages 368–385. Springer, 2018.
[7] D. Cabarcas, D. Demirel, F. Göpfert, J. Lancrenon, and T. Wunderer. An uncon- ditionally hiding and long-term binding post-quantum commitment scheme. Cryp- tology ePrint Archive, Paper 2015/628, 2015. https://eprint.iacr.org/2015/ 628.
[8] M. Campanelli and H. Khoshakhlagh. Succinct publicly-certifiable proofs (or: Can a blockchain verify a designated-verifier proof?). Cryptology ePrint Archive, Paper 2021/1618, 2021. https://eprint.iacr.org/2021/1618.
[9] P. Chaidos and G. Couteau. Efficient designated-verifier non-interactive zero- knowledge proofs of knowledge. In J. B. Nielsen and V. Rijmen, editors, Advances in Cryptology - EUROCRYPT 2018 - 37th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Tel Aviv, Israel, April 29 - May 3, 2018 Proceedings, Part III, volume 10822 of Lecture Notes in Computer Science, pages 193–221. Springer, 2018.
[10] X.Chen,G.Chen,F.Zhang,B.Wei,andY.Mu.Identity-baseduniversaldesignated verifier signature proof system. Int. J. Netw. Secur., 8(1):52–58, 2009.
[11] J.ChoiandS.Jung.Ahandoverauthenticationusingcredentialsbasedonchameleon hashing. IEEE Communications Letters, 14(1):54–56, 2010.
[12] I. Damgard, T. Pedersen, and B. Pfitzmann. Statistical secrecy and multibit commit- ments. IEEE Transactions on Information Theory, 44(3):1143–1151, 1998.
[13] A. De Santis, S. Micali, and G. Persiano. Non-interactive zero-knowledge proof systems. In C. Pomerance, editor, Advances in Cryptology — CRYPTO ’87, pages 52–72, Berlin, Heidelberg, 1988. Springer Berlin Heidelberg.
[14] L. Fan, C. Xu, and J. Li. Deniable authentication protocol based on deffie-hellman algorithm. Electronics letters, 38(14):1, 2002.
[15] D. Gabay, K. Akkaya, and M. Cebe. A privacy framework for charging connected electric vehicles using blockchain and zero knowledge proofs. In 2019 IEEE 44th LCN Symposium on Emerging Topics in Networking (LCN Symposium), pages 66– 73, 2019.
[16] R. Gennaro, D. Micciancio, and T. Rabin. An efficient non-interactive statisti- cal zero-knowledge proof system for quasi-safe prime products. Cryptology ePrint Archive, Paper 1998/008, 1998. https://eprint.iacr.org/1998/008.
[17] O. Goldreich and E. Kushilevitz. A perfect zero-knowledge proof for a problem equivalent to discrete logarithm. In S. Goldwasser, editor, Advances in Cryptology - CRYPTO ’88, 8th Annual International Cryptology Conference, Santa Barbara, California, USA, August 21-25, 1988, Proceedings, volume 403 of Lecture Notes in Computer Science, pages 57–70. Springer, 1988.
[18] S. Goldwasser, S. Micali, and C. Rackoff. The knowledge complexity of interac- tive proof-systems. In Proceedings of the Seventeenth Annual ACM Symposium on Theory of Computing, STOC ’85, page 291–304, New York, NY, USA, 1985. Association for Computing Machinery.
[19] S. Guo, D. Zeng, and Y. Xiang. Chameleon hashing for secure and privacy-preserving vehicular communications. IEEE Transactions on Parallel and Distributed Systems, 25(11):2794–2803, 2014.
[20] S. Halevi and S. Micali. Practical and provably-secure commitment schemes from collision-free hashing. In N. Koblitz, editor, Advances in Cryptology — CRYPTO ’96, pages 201–215, Berlin, Heidelberg, 1996. Springer Berlin Heidelberg.
[21] M. Jakobsson, K. Sako, and R. Impagliazzo. Designated verifier proofs and their applications. In U. Maurer, editor, Advances in Cryptology — EUROCRYPT ’96, pages 143–154, Berlin, Heidelberg, 1996. Springer Berlin Heidelberg.
[22] H. Krawczyk and T. Rabin. Chameleon hashing and signatures. Cryptology ePrint Archive, Report 1998/010, 1998. https://ia.cr/1998/010.
[23] W.-B. Lee, C.-C. Wu, and W.-J. Tsaur. A novel deniable authentication protocol using generalized elgamal signature scheme. Information Sciences, 177(6):1376– 1381, 2007.
[24] V. Lyubashevsky. Lattice signatures without trapdoors. In D. Pointcheval and T. Jo- hansson, editors, Advances in Cryptology – EUROCRYPT 2012, pages 738–755, Berlin, Heidelberg, 2012. Springer Berlin Heidelberg.
[25] V. Lyubashevsky, N. K. Nguyen, and M. Plançon. Lattice-based zero-knowledge proofs and applications: Shorter, simpler, and more general. IACR Cryptol. ePrint Arch., page 284, 2022.
[26] F. Martín-Fernández, P. Caballero-Gil, and C. Caballero-Gil. Authentication based on non-interactive zero-knowledge proofs for the internet of things. Sensors, 16(1):75, 2016.
[27] D. Micciancio and S. Goldwasser. Complexity of Lattice Problems: a cryptographic perspective, volume 671 of The Kluwer International Series in Engineering and Computer Science. Kluwer Academic Publishers, Boston, Massachusetts, Mar. 2002.
[28] P. Mohassel. One-time signatures and chameleon hash functions. In A. Biryukov, G. Gong, and D. R. Stinson, editors, Selected Areas in Cryptography, pages 302– 319, Berlin, Heidelberg, 2011. Springer Berlin Heidelberg.
[29] S. Panja and B. K. Roy. A secure end-to-end verifiable e-voting system using zero knowledge based blockchain. Cryptology ePrint Archive, Paper 2018/466, 2018. https://eprint.iacr.org/2018/466.
[30] C. Peikert and V. Vaikuntanathan. Noninteractive statistical zero-knowledge proofs for lattice problems. In D. Wagner, editor, Advances in Cryptology – CRYPTO 2008, pages 536–553, Berlin, Heidelberg, 2008. Springer Berlin Heidelberg.
[31] G. Persiano and I. Visconti. On non-interactive zero-knowledge proofs of knowl- edge in the shared random string model. In R. Královič and P. Urzyczyn, editors, Mathematical Foundations of Computer Science 2006, pages 753–764, Berlin, Hei- delberg, 2006. Springer Berlin Heidelberg.
[32] C. P. Schnorr. Efficient identification and signatures for smart cards. In G. Brassard, editor, Advances in Cryptology — CRYPTO’ 89 Proceedings, pages 239–252, New York, NY, 1990. Springer New York.
[33] P. W. Shor. Polynomial-time algorithms for prime factorization and discrete loga- rithms on a quantum computer. SIAM Review, 41(2):303–332, 1999.
[34] H. Tian, X. Chen, and Z. Jiang. Non-interactive deniable authentication protocols. In C. Wu, M. Yung, and D. Lin, editors, Information Security and Cryptology - 7th International Conference, Inscrypt 2011, Beijing, China, November 30 - December 3, 2011. Revised Selected Papers, volume 7537 of Lecture Notes in Computer Science, pages 142–159. Springer, 2011.
[35] B. Wang. A non-interactive deniable authentication scheme based on designated verifier proofs. IACR Cryptol. ePrint Arch., page 159, 2008.
[36] C. Wu, L. Ke, and Y. Du. Quantum resistant key-exposure free chameleon hash and applications in redactable blockchain. Inf. Sci., 548:438–449, 2021.
[37] K. Xagawa and K. Tanaka. Zero-knowledge protocols for ntru: Application to iden- tification and proof of plaintext knowledge. In J. Pieprzyk and F. Zhang, editors, Provable Security, pages 198–213, Berlin, Heidelberg, 2009. Springer Berlin Hei- delberg.
[38] X.Xie,R.Xue,andM.Wang.Zeroknowledgeproofsfromring-lwe.InM.Abdalla, C. Nita-Rotaru, and R. Dahab, editors, Cryptology and Network Security, pages 57– 73, Cham, 2013. Springer International Publishing.
[39] H. Zhu. A simplified deniable authentication scheme in cloud-based pay-tv system with privacy protection. Int. J. Commun. Syst., 32(11), 2019.