A Protocol for Generating Random Elements with Their Probabilities

  • Thomas Holenstein
  • Robin Künzler
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8591)


We give an AM protocol that allows the verifier to sample elements x from a probability distribution P, which is held by the prover. If the prover is honest, the verifier outputs (x,P(x)) with probability close to P(x).

In case the prover is dishonest, one may hope for the following guarantee: if the verifier outputs (x,p), then the probability that the verifier outputs x is close to p. Simple examples show that this cannot be achieved. Instead, we show that the following weaker condition holds (in a well defined sense) on average: If (x,p) is output, then p is an upper bound on the probability that x is output.

Our protocol yields a new transformation to turn interactive proofs where the verifier uses private random coins into proofs with public coins. The verifier has better running time compared to the well-known Goldwasser-Sipser transformation (STOC, 1986). For constant-round protocols, we only lose an arbitrarily small constant in soundness and completeness, while our public-coin verifier calls the private-coin verifier only once.


Sampling Protocol Full Version Interactive Protocol Interactive Proof Soundness Condition 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [AB09]
    Arora, S., Barak, B.: Computational Complexity - A Modern Approach. Cambridge University Press (2009)Google Scholar
  2. [AGGM06]
    Akavia, A., Goldreich, O., Goldwasser, S., Moshkovitz, D.: On basing one-way functions on NP-hardness. In: Kleinberg, J.M. (ed.) STOC, pp. 701–710. ACM (2006), See also errata on author’s webpage,
  3. [AH91]
    Aiello, W., Håstad, J.: Statistical zero-knowledge languages can be recognized in two rounds. J. Comput. Syst. Sci. 42(3), 327–345 (1991)CrossRefzbMATHGoogle Scholar
  4. [Bab85]
    Babai, L.: Trading group theory for randomness. In: Sedgewick, R. (ed.) STOC, pp. 421–429. ACM (1985)Google Scholar
  5. [Bab90]
    Babai, L.: E-mail and the unexpected power of interaction. In: Structure in Complexity Theory Conference, pp. 30–44. IEEE Computer Society (1990)Google Scholar
  6. [BM88]
    Babai, L., Moran, S.: Arthur-merlin games: A randomized proof system, and a hierarchy of complexity classes. J. Comput. Syst. Sci. 36(2), 254–276 (1988)CrossRefzbMATHMathSciNetGoogle Scholar
  7. [BT06]
    Bogdanov, A., Trevisan, L.: On worst-case to average-case reductions for NP problems. SIAM J. Comput. 36(4), 1119–1159 (2006)CrossRefzbMATHMathSciNetGoogle Scholar
  8. [FF93]
    Feigenbaum, J., Fortnow, L.: Random-self-reducibility of complete sets. SIAM J. Comput. 22(5), 994–1005 (1993)CrossRefzbMATHMathSciNetGoogle Scholar
  9. [For87]
    Fortnow, L.: The complexity of perfect zero-knowledge. In: Structure in Complexity Theory Conference. IEEE Computer Society (1987)Google Scholar
  10. [GMR89]
    Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM J. Comput. 18(1), 186–208 (1989)CrossRefzbMATHMathSciNetGoogle Scholar
  11. [GMS87]
    Goldreich, O., Mansour, Y., Sipser, M.: Interactive proof systems: Provers that never fail and random selection (extended abstract). In: FOCS, pp. 449–461. IEEE Computer Society (1987)Google Scholar
  12. [Gol08]
    Goldreich, O.: Computational complexity - a conceptual perspective. Cambridge University Press (2008)Google Scholar
  13. [GS86]
    Goldwasser, S., Sipser, M.: Private coins versus public coins in interactive proof systems. In: Hartmanis, J. (ed.) STOC, pp. 59–68. ACM (1986)Google Scholar
  14. [GVW02]
    Goldreich, O., Vadhan, S.P., Wigderson, A.: On interactive proofs with a laconic prover. Computational Complexity 11(1-2), 1–53 (2002)CrossRefzbMATHMathSciNetGoogle Scholar
  15. [HMX10]
    Haitner, I., Mahmoody, M., Xiao, D.: A new sampling protocol and applications to basing cryptographic primitives on the hardness of NP. In: IEEE Conference on Computational Complexity, pp. 76–87. IEEE Computer Society (2010)Google Scholar
  16. [LFKN92]
    Lund, C., Fortnow, L., Karloff, H.J., Nisan, N.: Algebraic methods for interactive proof systems. J. ACM 39(4), 859–868 (1992)CrossRefzbMATHMathSciNetGoogle Scholar
  17. [Sha92]
    Shamir, A.: IP = PSPACE. J. ACM 39(4), 869–877 (1992)CrossRefzbMATHMathSciNetGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Thomas Holenstein
    • 1
  • Robin Künzler
    • 1
  1. 1.Department of Computer ScienceETH ZurichZurichSwitzerland

Personalised recommendations