Certifying permutations: noninteractive zero-knowledge based on any trapdoor permutation

In cryptographic protocols it is often necessary to verify/certify the "tools" in use. This work demonstrates certain subtleties in treating a family of trapdoor permutations in this context, noting the necessity to "check" certain properties of these functions. The particular case we illustrate is that of noninteractive zero-knowledge. We point out that the elegant recent protocol of Feige, Lapidot, and Shamir for proving NP statements in noninteractive zero-knowledge requires an additional certification of the underlying trapdoor permutation, and suggest a method for certifying permutations which fills this gap. © 1996 International Association for Cryptologic Research.