Advertisement

Combinatorica

, Volume 15, Issue 2, pp 203–214 | Cite as

A one-round, two-prover, zero-knowledge protocol for NP

  • Dror Lapidot
  • Adi Shamir
Article

Abstract

The model of zero-knowledge multi-prover interactive proofs was introduced by Ben-Or, Goldwasser, Kilian and Wigderson in [4]. A major open problem associated with this model is whether NP problems can be proven by one-round, two-prover, zero-knowledge protocols with exponentially small error probability (e.g. via parallel executions). A positive answer was claimed by Fortnow, Rompel and Sipser in [12], but its proof was later shown to be flawed by Fortnow who demonstrated that the probability of cheating inn independent parallel rounds can be much higher than the probability of cheating inn independent sequential rounds (with exponential ratio between them). In this paper we solve this problem: We show a new one-round two-prover interactive proof for Graph Hamiltonicity, we prove that it is complete, sound and perfect zeroknowledge, and thus every problem in NP has a one-round two-prover interactive proof which is perfectly zero knowledge under no cryptographic assumptions. The main difficulty is in proving the soundness of our parallel protocol namely, proving that the probability of cheating in this one-round protocol is upper bounded by some exponentially low threshold. We prove that this probability is at most 1/2n/9 (wheren is the number of parallel rounds), by translating the soundness problem into some extremal combinatorial problem, and then solving this new problem.

Mathematics Subject Classification (1991)

94 A 60 05 C 35 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [1]
    N. Alon: Private communication, 1990.Google Scholar
  2. [2]
    G. Brassard, C. Crepeau, M. Yung:Everything in NP can be argued in perfect zero knowledge in a bounded number of rounds, Proc. of 16th International Colloquium on Automata, Languages and Programming (ICALP) 1989.Google Scholar
  3. [3]
    M. Bellare, andO. Goldreich:On Defining Proofs of Knowledge, Proc. of Crypto, 390–420, 1992.Google Scholar
  4. [4]
    M. Ben-Or, S. Goldwasser, J. Kilian, andA. Wigderson:Multi-Prover Interactive Proofs: How to Remove Intractability Assumptions, Proc. 20th ACM Symposium on Theory of Computing, 113–131, 1988.Google Scholar
  5. [5]
    R. Boppana, J. Hastad andS. Zachos: Does co-NP Have Short Interactive Proofs?,Inform. Process. Lett.,25 (1987), 127–132.Google Scholar
  6. [6]
    M. Bellare, S. Micali andR. Ostrovsky:Perfect Zero-Knowledge in Constant rounds, Proc. of 22nd ACM Symposium on Theory of Computing, 482–493, (1990).Google Scholar
  7. [7]
    J. Cai, A. Condon, andR. Lipton:Playing Games of Incomplete Information, Proc. of 7th Symposium on Theoretical Aspects of Computer Science, 58–69, 1990.Google Scholar
  8. [8]
    L. Fortnow:Ph. D. Thesis, M.I.T./LCS/TR-447Google Scholar
  9. [9]
    L. Fortnow:The Complexity of Perfect Zero-Knowledge, Proc. of 19th ACM Symposium on Theory of Computing, 204–209, 1987.Google Scholar
  10. [10]
    U. Feige:On the Success Probability of the Two Provers in One Round Proof Systems, Proc. of Structures in Complexity Theory Conf., 1991.Google Scholar
  11. [11]
    U. Feige, A. Fiat, andA. Shamir:Zero Knowledge Proofs of Identity, Proc of 19th ACM Symposium on Theory of Computing, 210–217, 1987.Google Scholar
  12. [12]
    L. Fortnow, J. Rompel, andM. Sipser:On the power of Multi-Prover Interactive Protocols, Proc. of Structures in Complexity Theory Conf., 156–161, 1988.Google Scholar
  13. [13]
    U. Feige, andA. Shamir:Witness Indistinguishable and Witness Hiding Protocols, Proc. of 22nd ACM Symposium on Theory of Computing, 416–426, 1990.Google Scholar
  14. [14]
    O. Goldreich, andA. Kahan: Private communication, 1989.Google Scholar
  15. [15]
    S. Goldwasser, S. Micali, andC. Rackoff: The Knowledge Complexity of Interactive Proof Systems,SIAM Journal of computing,1 (1989), 186–208.Google Scholar
  16. [16]
    O. Goldreich, S. Micali, andA. Wigderson:Proofs that Yield Nothing But Their Validity and a Methodology of Cryptographic Protocol Design, Proc. of 27th Symposium on Foundations of Computer Science, 174–187, 1986.Google Scholar
  17. [17]
    D. Lapidot, andA. Shamir:Fully Parallelized Multi Prover Protocols for NEXP-time, Proc. of 32'nd Symposium on Foundations of Computer Science, 13–18 1991.Google Scholar
  18. [18]
    D. Peleg: Private communication, 1990.Google Scholar

Copyright information

© Akadémiai Kiadó 1995

Authors and Affiliations

  • Dror Lapidot
    • 1
  • Adi Shamir
    • 2
  1. 1.Department of Applied Math, and Computer ScienceThe Weizmann Institute of ScienceRehovotIsrael
  2. 2.Department of Applied Math. and Computer ScienceThe Weizmann Institute of ScienceRehovotIsrael

Personalised recommendations