Theory of Cryptography

Volume 6597 of the series Lecture Notes in Computer Science pp 559-578

Limits on the Power of Zero-Knowledge Proofs in Cryptographic Constructions

  • Zvika BrakerskiAffiliated withWeizmann Institute of Science
  • , Jonathan KatzAffiliated withUniversity of Maryland
  • , Gil SegevAffiliated withMicrosoft Research
  • , Arkady YerukhimovichAffiliated withUniversity of Maryland


For over 20 years, black-box impossibility results have been used to argue the infeasibility of constructing certain cryptographic primitives (e.g., key agreement) from others (e.g., one-way functions). A widely recognized limitation of such impossibility results, however, is that they say nothing about the usefulness of (known) nonblack-box techniques. This is unsatisfying, as we would at least like to rule out constructions using the set of techniques we have at our disposal.

With this motivation in mind, we suggest a new framework for black-box constructions that encompasses constructions with a nonblack-box flavor: specifically, those that rely on zero-knowledge proofs relative to some oracle. We show that our framework is powerful enough to capture the Naor-Yung/Sahai paradigm for building a (shielding) CCA-secure public-key encryption scheme from a CPA-secure one, something ruled out by prior black-box separation results. On the other hand, we show that several black-box impossibility results still hold even in a setting that allows for zero-knowledge proofs.