Making Classical Honest Verifier Zero Knowledge Protocols Secure against Quantum Attacks

  • Sean Hallgren
  • Alexandra Kolla
  • Pranab Sen
  • Shengyu Zhang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5126)


We show that any problem that has a classical zero-knowledge protocol against the honest verifier also has, under a reasonable condition, a classical zero-knowledge protocol which is secure against all classical and quantum polynomial time verifiers, even cheating ones. Here we refer to the generalized notion of zero-knowledge with classical and quantum auxiliary inputs respectively.

Our condition on the original protocol is that, for positive instances of the problem, the simulated message transcript should be quantum computationally indistinguishable from the actual message transcript. This is a natural strengthening of the notion of honest verifier computational zero-knowledge, and includes in particular, the complexity class of honest verifier statistical zero-knowledge. Our result answers an open question of Watrous [Wat06], and generalizes classical results by Goldreich, Sahai and Vadhan [GSV98], and Vadhan [Vad06] who showed that honest verifier statistical, respectively computational, zero knowledge is equal to general statistical, respectively computational, zero knowledge.


Positive Instance Commitment Scheme Quantum Simulator Total Variation Distance Message Transcript 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [BGG+90]
    Ben-Or, M., Goldreich, O., Goldwasser, S., Håstad, J., Kilian, J., Micali, S., Rogaway, P.: Every provable is provable in zero-knowledge. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 37–56. Springer, Heidelberg (1990)Google Scholar
  2. [DGW94]
    Damgård, I., Goldreich, O., Wigderson, A.: Hashing functions can simplify zero-knowledge protocol design (too). Technical Report RS-94-39, BRICS (1994)Google Scholar
  3. [FFS88]
    Feige, U., Fiat, A., Shamir, A.: Zero-knowledge proofs of identity. Journal of Cryptology 1(2), 77–94 (1988)CrossRefMathSciNetzbMATHGoogle Scholar
  4. [GMW91]
    Goldreich, O., Micali, S., Widgerson, A.: Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems. Journal of the ACM 38(1), 691–729 (1991)zbMATHGoogle Scholar
  5. [Gol01]
    Goldreich, O.: Foundations of cryptography, vol. 1. Cambridge University Press, Cambridge (2001)zbMATHGoogle Scholar
  6. [GS89]
    Goldwasser, S., Sipser, M.: Private coins versus public coins in interactive proof systems. Advances in Computing Research, vol. 5, pp. 73–90. JAC Press, Inc. (1989)Google Scholar
  7. [GSV98]
    Goldreich, O., Sahai, A., Vadhan, S.: Honest-verifier statistical zero-knowledge equals general statistical zero-knowledge. In: Proceedings of the 30th Annual ACM Symposium on Theory of Computing, pp. 399–408 (1998)Google Scholar
  8. [GV97]
    Goldreich, O., Vadhan, S.: Comparing entropies in statistical zero knowledge with applications to the structure of SZK. In: Proceedings of the 14th Annual IEEE Symposium on Foundations of Computer Science, pp. 448–457 (1997)Google Scholar
  9. [HILL99]
    Håstad, J., Impagliazzo, R., Levin, L., Luby, M.: A pseudorandom generator from any one-way function. SIAM Journal on Computing 28(4), 1364–1396 (1999)CrossRefMathSciNetzbMATHGoogle Scholar
  10. [IY88]
    Impagliazzo, R., Yung, M.: Direct zero-knowledge computations. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 40–51. Springer, Heidelberg (1988)Google Scholar
  11. [Kob08]
    Kobayashi, H.: General properties of quantum zero-knowledge proofs. In: Proceedings of the 5th Theory of Cryptography Conference, pp. 107–124 (2008), Also quant-ph/0705.1129Google Scholar
  12. [Nao91]
    Naor, M.: Bit commitment using pseudorandom generator. Journal of Cryptology 4, 151–158 (1991)CrossRefMathSciNetzbMATHGoogle Scholar
  13. [NV06]
    Nguyen, M.-H., Vadhan, S.: Zero knowledge with efficient provers. In: Proceedings of the 38th Annual ACM Symposium on Theory of Computing, pp. 287–295 (2006)Google Scholar
  14. [OV08]
    Ong, S., Vadhan, S.: An equivalence between zero knowledge and commitments. In: Proceedings of the 5th Theory of Cryptography Conference (to appear, 2008)Google Scholar
  15. [SV03]
    Sahai, A., Vadhan, S.: A complete promise problem for statistical zero-knowledge. Journal of the ACM 50(2), 196–249 (2003)CrossRefMathSciNetGoogle Scholar
  16. [Vad06]
    Vadhan, S.: An unconditional study of computational zero knowledge. SIAM Journal on Computing 36(4), 1160–1214 (2006)CrossRefMathSciNetzbMATHGoogle Scholar
  17. [Wat02]
    Watrous, J.: Limits on the power of quantum statistical zero-knowledge. In: Proceedings of the 43rd Annual IEEE Symposium on Foundations of Computer Science, pp. 459–468 (2002)Google Scholar
  18. [Wat06]
    Watrous, J.: Zero-knowledge against quantum attacks. In: Proceedings of the 38th Annual ACM Symposium on Theory of Computing, pp. 296–305 (2006)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Sean Hallgren
    • 1
  • Alexandra Kolla
    • 2
  • Pranab Sen
    • 3
  • Shengyu Zhang
    • 4
  1. 1.Pennsylvania State UniversityUniversity ParkU.S.A.
  2. 2.U C BerkeleyBerkeleyU.S.A.
  3. 3.Tata Institute of Fundamental ResearchMumbaiIndia
  4. 4.California Institute of TechnologyPasadenaU.S.A.

Personalised recommendations