A Generic Transform from Multi-Round Interactive Proof to NIZK.

We present a new generic transform that takes a multi-round interactive proof for the membership of a language L and outputs a non-interactive zero-knowledge proof (not of knowledge) in the common reference string model. Similar to the Fiat-Shamir transform, it requires a hash function H . However, in our transform the zero-knowledge property is in the standard model, and the adaptive soundness is in the non-programmable random oracle model ( NPROM ). Behind this new generic transform, we build a new generic OR-composition of two multi-round interactive proofs. Note that the two common techniques for building OR-proofs (parallel OR-proof and sequential OR-proof) cannot be naturally extended to the multi-round setting. We also give a proof of security for our OR-proof in the quantum oracle model ( QROM ), surprisingly the security loss in QROM is independent from the number of rounds.