A One-Round, Two-Prover, Zero-Knowledge Protocol for NP

  • Dror Lapidot
  • Adi Shamir
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 576)


The model of zero knowledge multi prover interactive proofs was introduced by Ben-Or, Goldwasser, Kilian and Wigderson. A major open problem associated with these protocols is whether they can be executed in parallel. A positive answer was claimed by Fortnow, Rompel and Sipser, but its proof was later shown to be flawed by Fortnow who demonstrated that the probability of cheating in n independent parallel rounds can be exponentially higher than the probability of cheating in n independent sequential rounds. In this paper we use refined combinatorial arguments to settle this problem by proving that the probability of cheating in a parallelized BGKW protocol is at most 1/2n/9, and thus every problem in NP has a one-round two prover protocol which is perfectly zero knowledge under no cryptographic assumptions.


Hamiltonian Cycle Proof System Interactive Proof Coin Toss Probabilistic Polynomial Time 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [BCY]
    G. Brassard, C. Crepeau, M. Yung. Everything in NP can be argued in perfect zero knowledge in a bounded number of rounds, Proceedings of 16th ICALP (1989).Google Scholar
  2. [BMO]
    M. Bellare, S. Micali and R. Ostrovsky. Perfect Zero-Knowledge in Constant Rounds, Proceedings of the 22nd annual ACM Symposium on Theory of Computing (1990), 482–493.Google Scholar
  3. [BGKW]
    M. Ben-Or, S. Goldwasser, J. Kilian, A. Wigderson. Multi-Prover Interactive Proofs: How to Remove Intractability Assumptions. Proceedings of the 20th annual ACM Symposium on Theory of Computing (1988), 113–131.Google Scholar
  4. [BHZ]
    R. Boppana, J. Hastad and S. Zachos. Does CoNP Have Short Interactive Proofs?, Information Processing Letters 252 (1987), 127–132.zbMATHCrossRefMathSciNetGoogle Scholar
  5. [F1]
    L. Fortnow. Complexity Theoretic Aspects of Interactive Proof Systems, Ph.D. Thesis, MIT/LCS/TR-447, (1989).Google Scholar
  6. [F2]
    L. Fortnow. The Complexity of Perfect Zero-Knowledge, Proceedings of the 19th annual ACM Symposium on Theory of Computing (1987), 204–209.Google Scholar
  7. [Fe]
    U. Feige. On the Success Probability of the Two Provers in One-Round Proof Systems, Proceedings of the 6th Structure in Complexity Theory Conference (1991), IEEE.Google Scholar
  8. [FFS]
    U. Feige, A. Fiat and A. Shamir. Zero Knowledge Proofs of Identity, Proceedings of the 19th annual ACM Symposium on Theory of Computing (1987), 210–217.Google Scholar
  9. [FRS]
    L. Fortnow, J. Rompel and M. Sipser. On the Power of Multi-Prover Interactive Protocols, Proceedings of the 3rd Structure in Complexity Theory Conference (1988), 156–161.Google Scholar
  10. [FS]
    U. Feige and A. Shamir. Witness Indistinguishable and Witness Hiding Protocols, Proceedings of the 22th annual ACM Symposium on Theory of Computing (1990), 416–426.Google Scholar
  11. [GK]
    O. Goldreich and A. Kahan, private communication (1990).Google Scholar
  12. [GMW]
    O. Goldreich, S. Micali and A. Wigderson. Proofs that Yield Nothing But their Validity and a Methodology of Cryptographic Protocol Design, Proceedings of the 27th Symposium on Foundations of Computer Science (1986), IEEE, 174–187.Google Scholar
  13. [GMR]
    S. Goldwasser, S. Micali, and C. Rackoff. The Knowledge Complexity of Interactive Proofs, Proceedings of the 17th annual ACM Symposium on Theory of Computing (1985), 291–304.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1992

Authors and Affiliations

  • Dror Lapidot
    • 1
  • Adi Shamir
    • 1
  1. 1.Department of Applied Math.The Weizmann Institute of ScienceRehovotIsrael

Personalised recommendations