# A One-Round, Two-Prover, Zero-Knowledge Protocol for NP

## Abstract

The model of zero knowledge multi prover interactive proofs was introduced by Ben-Or, Goldwasser, Kilian and Wigderson. A major open problem associated with these protocols is whether they can be executed in parallel. A positive answer was claimed by Fortnow, Rompel and Sipser, but its proof was later shown to be flawed by Fortnow who demonstrated that the probability of cheating in *n* independent parallel rounds can be exponentially higher than the probability of cheating in *n* independent sequential rounds. In this paper we use refined combinatorial arguments to settle this problem by proving that the probability of cheating in a parallelized BGKW protocol is at most 1/2^{n/9}, and thus every problem in NP has a one-round two prover protocol which is perfectly zero knowledge under no cryptographic assumptions.

## Keywords

Hamiltonian Cycle Proof System Interactive Proof Coin Toss Probabilistic Polynomial Time## References

- [BCY]G. Brassard, C. Crepeau, M. Yung.
*Everything in NP can be argued in perfect zero knowledge in a bounded number of rounds*, Proceedings of 16th ICALP (1989).Google Scholar - [BMO]M. Bellare, S. Micali and R. Ostrovsky.
*Perfect Zero-Knowledge in Constant Rounds*, Proceedings of the 22nd annual ACM Symposium on Theory of Computing (1990), 482–493.Google Scholar - [BGKW]M. Ben-Or, S. Goldwasser, J. Kilian, A. Wigderson.
*Multi-Prover Interactive Proofs: How to Remove Intractability Assumptions*. Proceedings of the 20th annual ACM Symposium on Theory of Computing (1988), 113–131.Google Scholar - [BHZ]R. Boppana, J. Hastad and S. Zachos.
*Does CoNP Have Short Interactive Proofs?*, Information Processing Letters**252**(1987), 127–132.zbMATHCrossRefMathSciNetGoogle Scholar - [F1]L. Fortnow.
*Complexity Theoretic Aspects of Interactive Proof Systems*,*Ph.D. Thesis*, MIT/LCS/TR-447, (1989).Google Scholar - [F2]L. Fortnow.
*The Complexity of Perfect Zero-Knowledge*, Proceedings of the 19th annual ACM Symposium on Theory of Computing (1987), 204–209.Google Scholar - [Fe]U. Feige.
*On the Success Probability of the Two Provers in One-Round Proof Systems*, Proceedings of the 6th Structure in Complexity Theory Conference (1991), IEEE.Google Scholar - [FFS]U. Feige, A. Fiat and A. Shamir.
*Zero Knowledge Proofs of Identity*, Proceedings of the 19th annual ACM Symposium on Theory of Computing (1987), 210–217.Google Scholar - [FRS]L. Fortnow, J. Rompel and M. Sipser.
*On the Power of Multi-Prover Interactive Protocols*, Proceedings of the 3rd Structure in Complexity Theory Conference (1988), 156–161.Google Scholar - [FS]U. Feige and A. Shamir.
*Witness Indistinguishable and Witness Hiding Protocols*, Proceedings of the 22th annual ACM Symposium on Theory of Computing (1990), 416–426.Google Scholar - [GK]O. Goldreich and A. Kahan, private communication (1990).Google Scholar
- [GMW]O. Goldreich, S. Micali and A. Wigderson.
*Proofs that Yield Nothing But their Validity and a Methodology of Cryptographic Protocol Design*, Proceedings of the 27th Symposium on Foundations of Computer Science (1986), IEEE, 174–187.Google Scholar - [GMR]S. Goldwasser, S. Micali, and C. Rackoff.
*The Knowledge Complexity of Interactive Proofs*, Proceedings of the 17th annual ACM Symposium on Theory of Computing (1985), 291–304.Google Scholar