Journal of Cryptology

, Volume 7, Issue 1, pp 1–32

Definitions and properties of zero-knowledge proof systems

Authors

  • Oded Goldreich
    • Department of Computer ScienceTechnion
  • Yair Oren
    • Department of Computer ScienceTechnion
Article

DOI: 10.1007/BF00195207

Cite this article as:
Goldreich, O. & Oren, Y. J. Cryptology (1994) 7: 1. doi:10.1007/BF00195207

Abstract

In this paper we investigate some properties of zero-knowledge proofs, a notion introduced by Goldwasser, Micali, and Rackoff. We introduce and classify two definitions of zero-knowledge: auxiliary-input zero-knowledge and blackbox-simulation zero-knowledge. We explain why auxiliary-input zero-knowledge is a definition more suitable for cryptographic applications than the original [GMR1] definition. In particular, we show that any protocol solely composed of subprotocols which are auxiliary-input zero-knowledge is itself auxiliary-input zero-knowledge. We show that blackbox-simulation zero-knowledge implies auxiliary-input zero-knowledge (which in turn implies the [GMR1] definition). We argue that all known zero-knowledge proofs are in fact blackbox-simulation zero-knowledge (i.e., we proved zero-knowledge using blackbox-simulation of the verifier). As a result, all known zero-knowledge proof systems are shown to be auxiliary-input zero-knowledge and can be used for cryptographic applications such as those in [GMW2].

We demonstrate the triviality of certain classes of zero-knowledge proof systems, in the sense that only languages in BPP have zero-knowledge proofs of these classes. In particular, we show that any language having a Las Vegas zero-knowledge proof system necessarily belongs to RP. We show that randomness of both the verifier and the prover, and nontriviality of the interaction are essential properties of (nontrivial) auxiliary-input zero-knowledge proofs.

Key words

Zero-knowledgeComputational complexityComputational indistinguishabilityCryptographic composition of protocols
Download to read the full article text

Copyright information

© International Association for Cryptologic Research 1994