An Efficiency-Preserving Transformation from Honest-Verifier Statistical Zero-Knowledge to Statistical Zero-Knowledge

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10822)

Abstract

We present an unconditional transformation from any honest-verifier statistical zero-knowledge (HVSZK) protocol to standard SZK that preserves round complexity and efficiency of both the verifier and the prover. This improves over currently known transformations, which either rely on some computational assumptions or introduce significant computational overhead. Our main conceptual contribution is the introduction of instance-dependent SZK proofs for NP, which serve as a building block in our transformation. Instance-dependent SZK for NP can be constructed unconditionally based on instance-dependent commitment schemes of Ong and Vadhan (TCC’08).

As an additional contribution, we give a simple constant-round SZK protocol for Statistical-Difference resembling the textbook HVSZK proof of Sahai and Vadhan (J.ACM’03). This yields a conceptually simple constant-round protocol for all of SZK.

Notes

Acknowledgements

We wish to thank Salil Vadhan and the anonymous EUROCRYPT 2018 referees for their helpful advice.

References

  1. 1.
    Aiello, W., Håstad, J.: Statistical zero-knowledge languages can be recognized in two rounds. J. Comput. Syst. Sci. 42(3), 327–345 (1991)MathSciNetCrossRefMATHGoogle Scholar
  2. 2.
    Bellare, M., Micali, S., Ostrovsky, R.: Perfect zero-knowledge in constant rounds. In: Proceedings of the 22nd Annual ACM Symposium on Theory of Computing, 13–17 May 1990, Baltimore, Maryland, USA, pp. 482–493 (1990)Google Scholar
  3. 3.
    Bellare, M., Micali, S., Ostrovsky, R.: The (true) complexity of statistical zero knowledge. In: Proceedings of the 22nd Annual ACM Symposium on Theory of Computing, 13–17 May 1990, Baltimore, Maryland, USA, pp. 494–502 (1990)Google Scholar
  4. 4.
    Damgård, I.B.: Interactive hashing can simplify zero-knowledge protocol design without computational assumptions. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 100–109. Springer, Heidelberg (1994).  https://doi.org/10.1007/3-540-48329-2_9Google Scholar
  5. 5.
    Damgård, I., Goldreich, O., Wigderson, A.: Hashing functions can simplify zero-knowledge protocol design(too). Technical report RS94-39, BRICS, November 1994Google Scholar
  6. 6.
    Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: Proceedings of the 19th Annual ACM Symposium on Theory of Computing, New York, USA, pp. 218–229 (1987)Google Scholar
  7. 7.
    Goldreich, O., Sahai, A., Vadhan, S.P.: Honest-verifier statistical zero-knowledge equals general statistical zero-knowledge. In: Proceedings of the Thirtieth Annual ACM Symposium on the Theory of Computing, 23–26 May 1998, Dallas, Texas, USA, pp. 399–408 (1998)Google Scholar
  8. 8.
    Goldreich, O., Vadhan, S.P.: Comparing entropies in statistical zero knowledge with applications to the structure of SZK. In: Proceedings of the 14th Annual IEEE Conference on Computational Complexity, 4–6 May 1999, Atlanta, Georgia, USA, p. 54 (1999)Google Scholar
  9. 9.
    Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM J. Comput. 18(1), 186–208 (1989)MathSciNetCrossRefMATHGoogle Scholar
  10. 10.
    Itoh, T., Ohta, Y., Shizuya, H.: A language-dependent cryptographic primitive. J. Cryptol. 10(1), 37–50 (1997)MathSciNetCrossRefMATHGoogle Scholar
  11. 11.
    Lindell, Y.: A note on constant-round zero-knowledge proofs of knowledge. J. Cryptol. 26(4), 638–654 (2013)MathSciNetCrossRefMATHGoogle Scholar
  12. 12.
    Micciancio, D., Vadhan, S.P.: Statistical zero-knowledge proofs with efficient provers: lattice problems and more. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 282–298. Springer, Heidelberg (2003).  https://doi.org/10.1007/978-3-540-45146-4_17CrossRefGoogle Scholar
  13. 13.
    Okamoto, T.: On relationships between statistical zero-knowledge proofs. In: Proceedings of the Twenty-Eighth Annual ACM Symposium on the Theory of Computing, 22–24 May 1996, Philadelphia, Pennsylvania, USA, pp. 649–658 (1996)Google Scholar
  14. 14.
    Ong, S.J., Vadhan, S.: An equivalence between zero knowledge and commitments. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 482–500. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-78524-8_27CrossRefGoogle Scholar
  15. 15.
    Ostrovsky, R., Venkatesan, R., Yung, M.: Interactive hashing simplifies zero-knowledge protocol design. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 267–273. Springer, Heidelberg (1994).  https://doi.org/10.1007/3-540-48285-7_23Google Scholar
  16. 16.
    Sahai, A., Vadhan, S.P.: A complete problem for statistical zero knowledge. J. ACM 50(2), 196–249 (2003)MathSciNetCrossRefMATHGoogle Scholar
  17. 17.
    Vadhan, S.P.: On transformation of interactive proofs that preserve the prover’s complexity. In: Proceedings of the Thirty-Second Annual ACM Symposium on Theory of Computing, 21–23 May 2000, Portland, OR, USA, pp. 200–207 (2000)Google Scholar

Copyright information

© International Association for Cryptologic Research 2018

Authors and Affiliations

  1. 1.Computer Science InstituteCharles UniversityPragueCzech Republic
  2. 2.IDC HerzliyaHerzliyaIsrael
  3. 3.Tel Aviv UniversityTel AvivIsrael

Personalised recommendations