Which Languages Have 4-Round Zero-Knowledge Proofs?

  • Jonathan Katz
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4948)


We show that if a language L has a 4-round, black-box, computational zero-knowledge proof system with negligible soundness error, then \(\bar L \in {\sf MA}\). Assuming the polynomial hierarchy does not collapse, this means in particular that NP-complete languages do not have 4-round zero-knowledge proofs (at least with respect to black-box simulation).


  1. 1.
    Aiello, W., Håstad, J.: Statistical zero-knowledge languages can be recognized in two rounds. J. Computer and System Sciences 42(3), 327–345 (1991)zbMATHCrossRefGoogle Scholar
  2. 2.
    Babai, L., Moran, S.: Arthur-Merlin games: A randomized proof system and a hierarchy of complexity classes. J. Computer and System Sciences 36(2), 254–276 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  3. 3.
    Barak, B.: How to go beyond the black-box simulation barrier. In: Proc. 42nd Annual Symposium on Foundations of Computer Science (FOCS), pp. 106–115. IEEE Computer Society Press, Los Alamitos (2001)Google Scholar
  4. 4.
    Barak, B., Lindell, Y.: Strict polynomial-time in simulation and extraction. SIAM J. Computing 33(4), 738–818 (2004)CrossRefMathSciNetGoogle Scholar
  5. 5.
    Barak, B., Lindell, Y., Vadhan, S.: Lower bounds for non-black-box zero knowledge. J. Computer and System Sciences 72(2), 321–391 (2006)zbMATHCrossRefMathSciNetGoogle Scholar
  6. 6.
    Bellare, M., Jakobsson, M., Yung, M.: Round-optimal zero-knowledge arguments based on any one-way function. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 280–305. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  7. 7.
    Bellare, M., Micali, S., Ostrovsky, R.: Perfect zero knowledge in constant rounds. In: Proc. 22nd Annual ACM Symposium on Theory of Computing (STOC), pp. 482–493. ACM, New York (1990)Google Scholar
  8. 8.
    Bellare, M., Micali, S., Ostrovsky, R.: The (true) complexity of statistical zero knowledge. In: Proc. 22nd Annual ACM Symposium on Theory of Computing (STOC), pp. 494–502. ACM, New York (1990)Google Scholar
  9. 9.
    Bellare, M., Palacio, A.: The knowledge-of-exponent assumptions and 3-round zero-knowledge protocols. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 273–289. Springer, Heidelberg (2004)Google Scholar
  10. 10.
    Ben-Or, M., Goldreich, O., Goldwasser, S., Håstad, J., Kilian, J., Micali, S., Rogaway, P.: Everyting provable is provable in zero knowledge. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 37–56. Springer, Heidelberg (1990)Google Scholar
  11. 11.
    Boppana, R., Håstad, J., Zachos, S.: Does coNP have short interactive proofs? Information Proc. Letters 25(2), 127–132 (1987)zbMATHCrossRefGoogle Scholar
  12. 12.
    Boyar, J., Kurtz, S., Krentel, M.: Discrete logarithm implementation of perfect zero-knowledge blobs. J. Cryptology 2(2), 63–76 (1990)zbMATHCrossRefMathSciNetGoogle Scholar
  13. 13.
    Brassard, G., Chaum, D., Crépeau, C.: Minimum disclosure proofs of knowledge. J. Computer and Systems Sciences 37(2), 156–189 (1988)zbMATHCrossRefGoogle Scholar
  14. 14.
    Cramer, R., Damgård, I., MacKenzie, P.: Efficient zero-knowledge proofs of knowledge without intractability assumptions. In: Imai, H., Zheng, Y. (eds.) PKC 2000. LNCS, vol. 1751, pp. 354–372. Springer, Heidelberg (2000)Google Scholar
  15. 15.
    Di Crescenzo, G., Persiano, G.: Round-optimal perfect zero-knowledge proofs. Information Proc. Letters 50(2), 93–99 (1994)zbMATHCrossRefGoogle Scholar
  16. 16.
    Damgård, I., Pedersen, M., Pfitzmann, B.: On the existence of statistically-hiding bit commitment schemes and fail-stop signatures. J. Cryptology 10(3), 163–194 (1997)zbMATHCrossRefMathSciNetGoogle Scholar
  17. 17.
    Feige, U., Shamir, A.: Zero knowledge proofs of knowledge in two rounds. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 526–544. Springer, Heidelberg (1990)Google Scholar
  18. 18.
    Fortnow, L.: The complexity of perfect zero knowledge. In: Micali, S. (ed.) Advances in Computing Research, vol. 5, pp. 327–343. JAC Press, Inc. (1989)Google Scholar
  19. 19.
    Goldreich, O., Kahan, A.: How to construct constant-round zero-knowledge proof systems for NP. J. Cryptology 9(3), 167–190 (1996)zbMATHCrossRefMathSciNetGoogle Scholar
  20. 20.
    Goldreich, O., Krawczyk, H.: On the composition of zero-knowledge proof systems. SIAM J. Computing 25(1), 169–192 (1996)zbMATHCrossRefMathSciNetGoogle Scholar
  21. 21.
    Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity, or all languages in NP have zero-knowledge proof systems. J. ACM 38(3), 691–729 (1991)zbMATHCrossRefMathSciNetGoogle Scholar
  22. 22.
    Goldreich, O., Oren, Y.: Definitions and properties of zero-knowledge proof systems. J. Cryptology 7(1), 1–32 (1994)zbMATHCrossRefMathSciNetGoogle Scholar
  23. 23.
    Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM J. Computing 18(1), 186–208 (1989)zbMATHCrossRefMathSciNetGoogle Scholar
  24. 24.
    Goldwasser, S., Micali, S., Rivest, R.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Computing 17(2), 281–308 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  25. 25.
    Hada, S., Tanaka, T.: On the existence of 3-round zero-knowledge protocols. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 408–423. Springer, Heidelberg (1998) (See also Scholar
  26. 26.
    Haitner, I., Hoch, J.J., Reingold, O., Segev, G.: Finding collisions in interactive protocols — a tight bound on the round complexity of statistically-hiding commitments. In: Proc. 48th Annual Symposium on Foundations of Computer Science (FOCS), pp. 669–679. IEEE, Los Alamitos (2007), CrossRefGoogle Scholar
  27. 27.
    Haitner, I., Reingold, O.: Statistically-hiding commitment from any one-way function. In: Proc. 39th Annual ACM Symposium on Theory of Computing (STOC), pp. 1–10. ACM Press, New York (2007)Google Scholar
  28. 28.
    Halevi, S., Micali, S.: Practical and provably-secure commitment schemes from collision-free hashing. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 201–215. Springer, Heidelberg (1996)Google Scholar
  29. 29.
    Impagliazzo, R., Yung, M.: Direct minimum-knowledge computations (extended abstract). In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 40–51. Springer, Heidelberg (1988)Google Scholar
  30. 30.
    Itoh, T., Sakurai, K.: On the complexity of constant round ZKIP of possession of knowledge. In: Matsumoto, T., Imai, H., Rivest, R.L. (eds.) ASIACRYPT 1991. LNCS, vol. 739, pp. 331–345. Springer, Heidelberg (1993)Google Scholar
  31. 31.
    Kurosawa, K., Ogata, W., Tsujii, S.: 4-move perfect ZKIP for some promise problems. IEICE Trans. on Fundamentals of Electronics, Communications, and Computer Sciences E78-A(1), 34–41 (1995)Google Scholar
  32. 32.
    Lepinski, M.: On the existence of 3-round zero-knowledge proofs. Master’s thesis, MIT (2002), Available at
  33. 33.
    Pass, R.: On Arthur-Merlin games and the possibility of basing cryptography on NP-hardness. In: 21st Annual IEEE Conference on Computational Complexity, pp. 88–95. IEEE Computer Society Press, Los Alamitos (2006)Google Scholar
  34. 34.
    Saito, T., Kurosawa, K., Sakurai, K.: 4-move perfect SKIP of knowledge with no assumption. In: Matsumoto, T., Imai, H., Rivest, R.L. (eds.) ASIACRYPT 1991. LNCS, vol. 739, pp. 320–331. Springer, Heidelberg (1993)Google Scholar
  35. 35.
    Vadhan, S.: A Study of Statistical Zero-Knowledge Proofs. PhD thesis, MIT (1999)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Jonathan Katz
    • 1
  1. 1.Department of Computer ScienceUniversity of Maryland 

Personalised recommendations