A Zero-Knowledge Protocol (ZKP) allows one party to convince another party of a fact without disclosing any extra knowledge except the validity of the fact. For example, it could be used to allow a customer to prove their identity to a potentially malicious bank machine without giving away private information such as a personal identification number. This way, any knowledge gained by a malicious bank machine during an interaction cannot be used later to compromise the client's banking account. An important tool in many ZKPs is bit commitment, which is essentially a digital way for a sender to put a message in a lock-box, lock it, and send it to the receiver. Later, the key is sent for the receiver to open the lock box and read the message. This way, the message is hidden from the receiver until they receive the key, and the sender is unable to change their mind after sending the lock box. In this paper, the homomorphic properties of a particular multi-party commitment scheme are exploited to allow the receiver to perform operations on commitments, resulting in polynomial time ZKPs for two NP-Complete problems: the Subset Sum Problem and 3SAT. These ZKPs are secure with no computational restrictions on the provers, even with shared quantum entanglement. In terms of efficiency, the Subset Sum ZKP is competitive with other practical quantum-secure ZKPs in the literature, with less rounds required, and fewer computations.

翻译：零知识证明（ZKP）允许一方在不泄露除事实真实性之外的任何额外知识的情况下，使另一方确信某个事实。例如，它可以用于让客户向潜在的恶意银行机器证明身份，而无需透露个人识别码等隐私信息。这样，恶意银行机器在交互过程中获取的任何知识都无法在日后用于破坏客户的银行账户。许多ZKP中的一个重要工具是比特承诺，它本质上是一种数字方式，使发送方能够将消息放入一个锁定箱中，锁定后发送给接收方。随后，发送方将密钥发送给接收方，以便接收方打开锁定箱并读取消息。这样，消息在接收方收到密钥之前对其隐藏，而发送方在发送锁定箱后也无法改变主意。本文利用特定多方承诺方案的同态性质，使接收方能够对承诺执行操作，从而为两个NP完全问题（子集和问题与3SAT问题）构建了多项式时间的ZKP。这些ZKP在证明方不受计算限制的情况下具有安全性，即使存在共享量子纠缠也是如此。在效率方面，子集和问题的ZKP与文献中其他实用的量子安全ZKP相比，所需轮次更少，计算量也更小。