Advertisement

Journal of Cryptology

, Volume 25, Issue 1, pp 41–56 | Cite as

Which Languages Have 4-Round Zero-Knowledge Proofs?

  • Jonathan Katz
Article

Abstract

We show that if a language L has a 4-round, black-box, computational zero-knowledge proof system with negligible soundness error, then \(\bar{L}\in \mathsf{MA}\). Assuming the polynomial hierarchy does not collapse, this means in particular that NP-complete languages do not have 4-round zero-knowledge proofs with black-box simulation.

Key words

Zero-knowledge proofs Lower bounds 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [1]
    W. Aiello, J. Håstad, Statistical zero-knowledge languages can be recognized in two rounds. J. Comput. Syst. Sci. 42(3), 327–345 (1991) CrossRefMATHGoogle Scholar
  2. [2]
    L. Babai, S. Moran, Arthur-Merlin games: A randomized proof system and a hierarchy of complexity classes. J. Comput. Syst. Sci. 36(2), 254–276 (1988) CrossRefMATHMathSciNetGoogle Scholar
  3. [3]
    B. Barak, How to go beyond the black-box simulation barrier, in Proc. 42nd Annual Symposium on Foundations of Computer Science (FOCS) (IEEE, New York, 2001), pp. 106–115 Google Scholar
  4. [4]
    B. Barak, Y. Lindell, Strict polynomial-time in simulation and extraction. SIAM J. Comput. 33(4), 738–818 (2004) CrossRefMathSciNetGoogle Scholar
  5. [5]
    B. Barak, Y. Lindell, S. Vadhan, Lower bounds for non-black-box zero knowledge. J. Comput. Syst. Sci. 72(2), 321–391 (2006) CrossRefMATHMathSciNetGoogle Scholar
  6. [6]
    B. Barak, S.J. Ong, S.P. Vadhan, Derandomization in cryptography. SIAM J. Comput. 37(2), 380–400 (2007) CrossRefMATHMathSciNetGoogle Scholar
  7. [7]
    M. Bellare, M. Jakobsson, M. Yung, Round-optimal zero-knowledge arguments based on any one-way function, in Advances in Cryptology—Eurocrypt ’97. Lecture Notes in Computer Science, vol. 1233 (Springer, Berlin, 1997), pp. 280–305 Google Scholar
  8. [8]
    M. Bellare, S. Micali, R. Ostrovsky, Perfect zero knowledge in constant rounds, in Proc. 22nd Annual ACM Symposium on Theory of Computing (STOC) (ACM, New York, 1990), pp. 482–493 Google Scholar
  9. [9]
    M. Bellare, S. Micali, R. Ostrovsky, The (true) complexity of statistical zero knowledge, in Proc. 22nd Annual ACM Symposium on Theory of Computing (STOC) (ACM, New York, 1990), pp. 494–502 Google Scholar
  10. [10]
    M. Bellare, A. Palacio, The knowledge-of-exponent assumptions and 3-round zero-knowledge protocols, in Advances in Cryptology—Crypto 2004. Lecture Notes in Computer Science, vol. 3152 (Springer, Berlin, 2004), pp. 273–289 CrossRefGoogle Scholar
  11. [11]
    M. Ben-Or, O. Goldreich, S. Goldwasser, J. Håstad, J. Kilian, S. Micali, P. Rogaway, Everything provable is provable in zero knowledge, in Advances in Cryptology—Crypto ’88. Lecture Notes in Computer Science, vol. 403 (Springer, Berlin, 1990), pp. 37–56 Google Scholar
  12. [12]
    R. Boppana, J. Håstad, S. Zachos, Does coNP have short interactive proofs? Inf. Process. Lett. 25(2), 127–132 (1987) CrossRefMATHGoogle Scholar
  13. [13]
    J. Boyar, S. Kurtz, M. Krentel, Discrete logarithm implementation of perfect zero-knowledge blobs. J. Cryptol. 2(2), 63–76 (1990) CrossRefMATHMathSciNetGoogle Scholar
  14. [14]
    G. Brassard, D. Chaum, C. Crépeau, Minimum disclosure proofs of knowledge. J. Comput. Syst. Sci. 37(2), 156–189 (1988) CrossRefMATHGoogle Scholar
  15. [15]
    R. Cramer, I. Damgård, P. MacKenzie, Efficient zero-knowledge proofs of knowledge without intractability assumptions, in Public-Key Cryptography (PKC) 2000. Lecture Notes in Computer Science, vol. 1751 (Springer, Berlin, 2000), pp. 354–372 Google Scholar
  16. [16]
    G. Di Crescenzo, G. Persiano, Round-optimal perfect zero-knowledge proofs. Inf. Process. Lett. 50(2), 93–99 (1994) CrossRefMATHGoogle Scholar
  17. [17]
    I. Damgård, M. Pedersen, B. Pfitzmann, On the existence of statistically-hiding bit commitment schemes and fail-stop signatures. J. Cryptol. 10(3), 163–194 (1997) CrossRefMATHGoogle Scholar
  18. [18]
    U. Feige, A. Shamir, Zero knowledge proofs of knowledge in two rounds, in Advances in Cryptology—Crypto ’89. Lecture Notes in Computer Science, vol. 435 (Springer, Berlin, 1990), pp. 526–544 Google Scholar
  19. [19]
    L. Fortnow, The complexity of perfect zero knowledge, in Advances in Computing Research, ed. by S. Micali, vol. 5 (JAC Press, Inc., Stanford, 1989), pp. 327–343 Google Scholar
  20. [20]
    O. Goldreich, A. Kahan, How to construct constant-round zero-knowledge proof systems for NP. J. Cryptol. 9(3), 167–190 (1996) CrossRefMATHMathSciNetGoogle Scholar
  21. [21]
    O. Goldreich, H. Krawczyk, On the composition of zero-knowledge proof systems. SIAM J. Comput. 25(1), 169–192 (1996) CrossRefMATHMathSciNetGoogle Scholar
  22. [22]
    O. Goldreich, S. Micali, A. Wigderson, Proofs that yield nothing but their validity, or all languages in NP have zero-knowledge proof systems. J. ACM 38(3), 691–729 (1991) CrossRefMATHMathSciNetGoogle Scholar
  23. [23]
    O. Goldreich, Y. Oren, Definitions and properties of zero-knowledge proof systems. J. Cryptol. 7(1), 1–32 (1994) CrossRefMATHMathSciNetGoogle Scholar
  24. [24]
    S. Goldwasser, S. Micali, C. Rackoff, The knowledge complexity of interactive proof systems. SIAM J. Comput. 18(1), 186–208 (1989) CrossRefMATHMathSciNetGoogle Scholar
  25. [25]
    S. Goldwasser, S. Micali, R. Rivest, A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17(2), 281–308 (1988) CrossRefMATHMathSciNetGoogle Scholar
  26. [26]
    S.D. Gordon, H. Wee, D. Xiao, A. Yerukhimovich, On the round complexity of zero-knowledge proofs based on one-way permutations, in Progress in Cryptology—Latincrypt 2010. Lecture Notes in Computer Science, vol. 6212 (Springer, Berlin, 2010), pp. 189–204 CrossRefGoogle Scholar
  27. [27]
    S. Hada, T. Tanaka, On the existence of 3-round zero-knowledge protocols, in Advances in Cryptology—Crypto ’98. Lecture Notes in Computer Science, vol. 1462 (Springer, Berlin, 1998), pp. 408–423. Available at http://eprint.iacr.org/1999/009 CrossRefGoogle Scholar
  28. [28]
    I. Haitner, J.J. Hoch, O. Reingold, G. Segev, Finding collisions in interactive protocols—a tight bound on the round complexity of statistically-hiding commitments, in Proc. 48th Annual Symposium on Foundations of Computer Science (FOCS) (IEEE, New York, 2007), pp. 669–679. Available at http://eprint.iacr.org/2007/145 Google Scholar
  29. [29]
    I. Haitner, M.-H. Nguyen, S.J. Ong, O. Reingold, S.P. Vadhan, Statistically hiding commitments and statistical zero-knowledge arguments from any one-way function. SIAM J. Comput. 39(3), 1153–1218 (2009) CrossRefMATHMathSciNetGoogle Scholar
  30. [30]
    S. Halevi, S. Micali, Practical and provably-secure commitment schemes from collision-free hashing, in Advances in Cryptology—Crypto ’96. Lecture Notes in Computer Science, vol. 1109 (Springer, Berlin, 1996), pp. 201–215 Google Scholar
  31. [31]
    R. Impagliazzo, M. Yung, Direct minimum-knowledge computations, in Advances in Cryptology—Crypto ’87. Lecture Notes in Computer Science, vol. 293 (Springer, Berlin, 1988), pp. 40–51 Google Scholar
  32. [32]
    T. Itoh, K. Sakurai, On the complexity of constant-round ZKIP of possession of knowledge, in Advances in Cryptology—Asiacrypt ’91. Lecture Notes in Computer Science, vol. 739 (Springer, Berlin, 1993), pp. 331–345 Google Scholar
  33. [33]
    K. Kurosawa, W. Ogata, S. Tsujii, 4-move perfect ZKIP for some promise problems. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. E78-A(1), 34–41 (1995) Google Scholar
  34. [34]
    M. Lepinski, On the existence of 3-round zero-knowledge proofs. Master’s thesis, MIT, Cambridge, MA (2002). Available at http://theory.lcs.mit.edu/~cis/cis-theses.html
  35. [35]
    S.J. Ong, S. Vadhan, An equivalence between zero knowledge and commitments, in 3rd Theory of Cryptography Conference (TCC). Lecture Notes in Computer Science, vol. 4948 (Springer, Berlin, 2008), pp. 482–500 Google Scholar
  36. [36]
    R. Pass, M. Venkitasubramaniam, Private coins versus public coins in zero-knowledge proof systems, in 5th Theory of Cryptography Conference (TCC). Lecture Notes in Computer Science, vol. 5978 (Springer, Berlin, 2010), pp. 588–605 Google Scholar
  37. [37]
    T. Saito, K. Kurosawa, K. Sakurai, 4-move perfect SKIP of knowledge with no assumption, in Advances in Cryptology—Asiacrypt ’91. Lecture Notes in Computer Science, vol. 739 (Springer, Berlin, 1993), pp. 320–331 Google Scholar
  38. [38]
    S. Vadhan, A study of statistical zero-knowledge proofs. Ph.D. thesis, MIT, Cambridge, MA (1999) Google Scholar

Copyright information

© International Association for Cryptologic Research 2010

Authors and Affiliations

  1. 1.Dept. of Computer ScienceUniversity of MarylandCollege ParkUSA

Personalised recommendations