International Association
for Cryptologic Research

We develop a non-interactive proof-system which we call \"Metaproof\"

(mu-NIZK proof system); it provides a proof of \"the existence of a proof to a statement\". This meta-mathematical notion indeed seems redundant when we deal with proving NP statements, but in

the context of zero-knowledge theory and cryptography it has a large variety of applications.

Combined with another tool we develop which we call \"on-line simulatable NIZK proof system\", it is the key tool used to solve the open problem of the existence of a many prover non-interactive zero-knowledge system (MP-NIZK proof system). This problem was presented

by Micali when the important notion of non-interactive zero-knowledge proofs (NIZK) was rst suggested and implemented for a sole prover.

The solution immensely enlarges the domain of applications of the NIZK model. The work also provides a new connection between bounded (single-theorem) non-interactive zero-knowledge proofs and the unbounded (multi-theorem) one. This may help in reducing

the complexity assumption upon which to base NIZK systems.

Remark: This is a full version (with more details, more material, and with new proofs) of the Crypto 1990 paper on Metaproof. Over the years, the concept has been used and reinvented for specic settings beyond the original ones, by others; (which has made it more useful). Recently, we were asked about this paper and about details, so here they are! For historical reasons, except for this remark, this version is presented as it was in the above mentioned date under the above

aliations, though we did not pursue publication before!