An Equivalence Between Zero Knowledge and Commitments

  • Shien Jin Ong
  • Salil Vadhan
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4948)


We show that a language in NP has a zero-knowledge protocol if and only if the language has an “instance-dependent” commitment scheme. An instance-dependent commitment schemes for a given language is a commitment scheme that can depend on an instance of the language, and where the hiding and binding properties are required to hold only on the yes and no instances of the language, respectively.

The novel direction is the only if direction. Thus, we confirm the widely held belief that commitments are not only sufficient for zero knowledge protocols, but necessary as well. Previous results of this type either held only for restricted types of protocols or languages, or used nonstandard relaxations of (instance-dependent) commitment schemes.


Hash Function Commitment Scheme Negligible Function Promise Problem Zero Knowledge 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [AH]
    Aiello, W., Håstad, J.: Statistical zero-knowledge languages can be recognized in two rounds. J. Comput. Syst. Sci. 42(3), 327–345 (1991)zbMATHCrossRefGoogle Scholar
  2. [BCC]
    Brassard, G., Chaum, D., Crépeau, C.: Minimum disclosure proofs of knowledge. J. Comput. Syst. Sci. 37(2), 156–189 (1988)zbMATHCrossRefGoogle Scholar
  3. [BGG+]
    Ben-Or, M., Goldreich, O., Goldwasser, S., Håstad, J., Kilian, J., Micali, S., Rogaway, P.: Everything provable is provable in zero-knowledge. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 37–56. Springer, Heidelberg (1990)Google Scholar
  4. [Blu]
    Blum, M.: How to prove a theorem so no one else can claim it. In: Proc. International Congress of Mathematicians, pp. 1444–1451 (1987)Google Scholar
  5. [BMO]
    Bellare, M., Micali, S., Ostrovsky, R.: Perfect zero-knowledge in constant rounds. In: Proc. 22nd STOC, pp. 482–493 (1990)Google Scholar
  6. [BR]
    Bellare, M., Rogaway, P.: Collision-resistant hashing: towards making UOWHFs practical. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 470–484. Springer, Heidelberg (1997)Google Scholar
  7. [CT]
    Cover, T.M., Thomas, J.A.: Elements of information theory, 2nd edn. Wiley-Interscience, New York (2006)zbMATHGoogle Scholar
  8. [Dam1]
    Damgård, I.: On the existence of bit commitment schemes and zero-knowledge proofs. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 17–27. Springer, Heidelberg (1990)Google Scholar
  9. [Dam2]
    Damgård, I.B.: Interactive hashing can simplify zero-knowledge protocol design without computational assumptions. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 100–109. Springer, Heidelberg (1994)Google Scholar
  10. [ESY]
    Even, S., Selman, A.L., Yacobi, Y.: The complexity of promise problems with applications to public-key cryptography. Inform. Control 61(2), 159–173 (1984)zbMATHCrossRefMathSciNetGoogle Scholar
  11. [GK1]
    Goldreich, O., Kahan, A.: How to construct constant-round zero-knowledge proof systems for NP. J. Cryptol. 9(3), 167–190 (1996)zbMATHCrossRefMathSciNetGoogle Scholar
  12. [GK2]
    Goldreich, O., Krawczyk, H.: On the composition of zero-knowledge proof systems. SIAM Journal on Computing 25(1), 169–192 (1996)zbMATHCrossRefMathSciNetGoogle Scholar
  13. [GMR]
    Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM Journal on Computing 18(1), 186–208 (1989)zbMATHCrossRefMathSciNetGoogle Scholar
  14. [GMW]
    Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems. J. ACM 38(1), 691–729 (1991)zbMATHMathSciNetGoogle Scholar
  15. [Gol]
    Goldreich, O.: On promise problems (a survey in memory of Shimon Even [1935-2004]). Technical Report TR05–018, Electronic Colloquium on Computational Complexity (February 2005)Google Scholar
  16. [GSV]
    Goldreich, O., Sahai, A., Vadhan, S.: Can statistical zero-knowledge be made non-interactive?, or On the relationship of SZK and NISZK. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 467–484. Springer, Heidelberg (1999)Google Scholar
  17. [GV]
    Goldreich, O., Vadhan, S.P.: Comparing entropies in statistical zero knowledge with applications to the structure of SZK. In: Proc. 14th Computational Complexity, pp. 54–73 (1999)Google Scholar
  18. [HILL]
    Håstad, J., Impagliazzo, R., Levin, L.A., Luby, M.: A pseudorandom generator from any one-way function. SIAM J. Comput. 28(4), 1364–1396 (1999)zbMATHCrossRefMathSciNetGoogle Scholar
  19. [HNO+]
    Haitner, I., Nguyen, M.-H., Ong, S.J., Reingold, O., Vadhan, S.: Statistically hiding commitments and statistical zero-knowledge arguments from any one-way function. Preliminary versions appeared as [NOV] and [HR], (in submission, 2007),
  20. [HR]
    Haitner, I., Reingold, O.: Statistically-hiding commitment from any one-way function. In: Proc. 39th STOC, pp. 1–10 (2007)Google Scholar
  21. [IL]
    Impagliazzo, R., Luby, M.: One-way functions are essential for complexity based cryptography. In: Proc. 30th FOCS, pp. 230–235 (1989)Google Scholar
  22. [IOS]
    Itoh, T., Ohta, Y., Shizuya, H.: A language-dependent cryptographic primitive. J. Cryptol. 10(1), 37–49 (1997)zbMATHCrossRefMathSciNetGoogle Scholar
  23. [IY]
    Impagliazzo, R., Yung, M.: Direct minimum-knowledge computations (extended abstract). In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 40–51. Springer, Heidelberg (1988)Google Scholar
  24. [KK]
    Katz, J., Koo, C.-Y.: On constructing universal one-way hash functions from arbitrary one-way functions. Technical Report 2005/328, Cryptology ePrint Archive (2005)Google Scholar
  25. [KMS]
    Kapron, B., Malka, L., Srinivasan, V.: A characterization of non-interactive instance-dependent commitment-schemes (NIC). In: Arge, L., Cachin, C., Jurdziński, T., Tarlecki, A. (eds.) ICALP 2007. LNCS, vol. 4596, pp. 328–339. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  26. [MOSV]
    Micciancio, D., Ong, S.J., Sahai, A., Vadhan, S.: Concurrent zero knowledge without complexity assumptions. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 1–20. Springer, Heidelberg (2004)Google Scholar
  27. [MV]
    Micciancio, D., Vadhan, S.: Statistical zero-knowledge proofs with efficient provers: lattice problems and more. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 282–298. Springer, Heidelberg (2003)Google Scholar
  28. [Nao]
    Naor, M.: Bit commitment using pseudorandomness. J. Cryptol. 4(2), 151–158 (1991)zbMATHCrossRefGoogle Scholar
  29. [NOV]
    Nguyen, M.-H., Ong, S.J., Vadhan, S.: Statistical zero-knowledge arguments for NP from any one-way function. In: Proc. 47th FOCS, pp. 3–14 (2006)Google Scholar
  30. [NV]
    Nguyen, M.-H., Vadhan, S.: Zero knowledge with efficient provers. In: Proc. 38th STOC, pp. 287–295 (2006)Google Scholar
  31. [NY]
    Naor, M., Yung, M.: Universal one-way hash functions and their cryptographic applications. In: Proc. 21st STOC, pp. 33–43 (1989)Google Scholar
  32. [Oka]
    Okamoto, T.: On relationships between statistical zero-knowledge proofs. J. Comput. Syst. Sci. 60(1), 47–108 (2000)zbMATHCrossRefMathSciNetGoogle Scholar
  33. [Ong]
    Ong, S.J.: Unconditional Relationships within Zero Knowledge. PhD thesis, Harvard University, Cambridge (May 2007)Google Scholar
  34. [OV]
    Ong, S.J., Vadhan, S.: Zero knowledge and soundness are symmetric. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 187–209. Springer, Heidelberg (2007) Earlier version appeared as TR06-139 in the Electronic Colloquium on Computational ComplexityCrossRefGoogle Scholar
  35. [OW]
    Ostrovsky, R., Wigderson, A.: One-way functions are essential for non-trivial zero-knowledge. In: Proceedings of the 2nd Israel Symposium on Theory of Computing Systems, pp. 3–17. IEEE Computer Society, Los Alamitos (1993)CrossRefGoogle Scholar
  36. [Rom]
    Rompel, J.: One-way functions are necessary and sufficient for secure signatures. In: Proc. 22nd STOC, pp. 387–394 (1990)Google Scholar
  37. [Ros]
    Rosen, A.: A note on constant-round zero-knowledge proofs for NP. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 191–202. Springer, Heidelberg (2004)Google Scholar
  38. [SV]
    Sahai, A., Vadhan, S.: A complete problem for statistical zero knowledge. J. ACM 50(2), 196–249 (2003)CrossRefMathSciNetGoogle Scholar
  39. [Vad]
    Vadhan, S.P.: An unconditional study of computational zero knowledge. SIAM J. Comput. 36(4), 1160–1214 (2006)zbMATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Shien Jin Ong
    • 1
  • Salil Vadhan
    • 1
  1. 1.School of Engineering & Applied SciencesHarvard UniversityCambridgeUSA

Personalised recommendations