Private Coins versus Public Coins in Zero-Knowledge Proof Systems

  • Rafael Pass
  • Muthuramakrishnan Venkitasubramaniam
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5978)


Goldreich-Krawczyk (Siam J of Comp’96) showed that only languages in BPP have constant-round public-coin black-box zero-know-ledge protocols. We extend their lower bound to “fully black-box” private-coin protocols based on one-way functions. More precisely, we show that only languages in BPPSam—where Sam is a “collision-finding” oracle in analogy with Simon (Eurocrypt’98) and Haitner et. al (FOCS’07)—can have constant-round fully black-box zero-knowledge proofs; the same holds for constant-round fully black-box zero-knowledge arguments with sublinear verifier communication complexity. We also establish near-linear lower bounds on the round complexity of fully black-box concurrent zero-knowledge proofs (or arguments with sublinear verifier communication) for languages outside BPPSam.

The technique used to establish these results is a transformation from private-coin protocols into Sam-relativized public-coin protocols; for the case of fully black-box protocols based on one-way functions, this transformation preserves zero knowledge, round complexity and communication complexity.


  1. 1.
    Babai, L., Moran, S.: Arthur-Merlin games: A randomized proof system, and a hierarchy of complexity classes. JCSS 36, 254–276 (1988)MathSciNetMATHGoogle Scholar
  2. 2.
    Barak, B.: How to go Beyond the Black-Box Simulation Barrier. In: 42nd FOCS, pp. 106–115 (2001)Google Scholar
  3. 3.
    Damgård, I.B., Pedersen, T.P., Pfitzmann, B.: On the Existence of Statistically Hiding Bit Commitment Schemes and Fail-Stop Signatures. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 250–265. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  4. 4.
    Dwork, C., Naor, M., Sahai, A.: Concurrent Zero-Knowledge. In: 30th STOC, pp. 409–418 (1998)Google Scholar
  5. 5.
    Feige, U., Shamir, A.: Zero Knowledge Proofs of Knowledge in Two Rounds. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 526–544. Springer, Heidelberg (1990)Google Scholar
  6. 6.
    Goldreich, O.: Foundation of Cryptography – Basic Tools. Cambridge University Press, Cambridge (2001)CrossRefMATHGoogle Scholar
  7. 7.
    Goldreich, O., Kahan, A.: How to Construct Constant-Round Zero-Knowledge Proof Systems for NP. Journal of Cryptology 9(2), 167–189 (1996)MathSciNetCrossRefMATHGoogle Scholar
  8. 8.
    Goldreich, O., Krawczyk, H.: On the Composition of Zero-Knowledge Proof Systems. SIAM Jour. on Computing 25(1), 169–192 (1996)MathSciNetCrossRefMATHGoogle Scholar
  9. 9.
    Goldwasser, S., Micali, S., Rackoff, C.: The Knowledge Complexity of Interactive Proof Systems. SIAM Jour. on Computing 18(1), 186–208 (1989)MathSciNetCrossRefMATHGoogle Scholar
  10. 10.
    Goldreich, O., Micali, S., Wigderson, A.: Proofs that Yield Nothing But Their Validity or All Languages in NP Have Zero-Knowledge Proof Systems. J. ACM 38(1), 691–729 (1991)MathSciNetMATHGoogle Scholar
  11. 11.
    Goldwasser, S., Sipser, M.: Private Coins versus Public Coins in Interactive Proof Systems. In: 18th STOC, pp. 59–68 (1986)Google Scholar
  12. 12.
    Gordon, S.D., Wee, H., Xiao, D., Yerukhimovich, A.: On the Round Complexity of Zero-Knowledge Proofs Based on One-Way Permutations (2009) (manuscript)Google Scholar
  13. 13.
    Haitner, I., Hoch, J., Reingold, O., Segev, G.: Finding Collisions in Interactive Protocols - A Tight Lower Bound on the Round Complexity of Statistically-Hiding Commitments. In: 48th FOCS, pp. 669–679 (2007)Google Scholar
  14. 14.
    Haitner, I., Hoch, J., Segev, G.: A Linear Lower Bound on the Communication Complexity of Single-Server Private Information Retrieval. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 445–464. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  15. 15.
    Halevi, S., Micali, S.: Practical and Provably-Secure Commitment Schemes from Collision-Free Hashing. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 201–215. Springer, Heidelberg (1996)Google Scholar
  16. 16.
    Haitner, I., Mahmoody-Ghidary, M., Xiao, D.: A constant-round public-coin protocol for sampling with size, and applications. Technical Report TR-867-09, Princeton University (2009)Google Scholar
  17. 17.
    Kilian, J.: A Note on Efficient Zero-Knowledge Proofs and Arguments. In: 24th STOC, pp. 723–732 (1992)Google Scholar
  18. 18.
    Kilian, J., Petrank, E.: Concurrent and resettable zero-knowledge in poly-logarithmic rounds. In: 33rd STOC, pp. 560–569 (2001)Google Scholar
  19. 19.
    Ong, S.J., Vadhan, S.: An Equivalence between Zero Knowledge and Commitments. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 482–500. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  20. 20.
    Prabhakaran, M., Rosen, A., Sahai, A.: Concurrent zero-Knowledge with logarithmic round complexity. In: 43rd FOCS, pp. 366–375 (2002)Google Scholar
  21. 21.
    Pass, R., Tseng, W., Wikström, D.: On the Composition of Public-Coin Zero-Knowledge Protocols. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 160–176. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  22. 22.
    Pass, R., Wee, H.: Black-box constructions of two-party primitives from one-way functions. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 403–418. Springer, Heidelberg (2009)Google Scholar
  23. 23.
    Rosen, A.: Concurrent Zero-Knowledge. Springer, Heidelberg (2006)CrossRefMATHGoogle Scholar
  24. 24.
    Reingold, O., Trevisan, L., Vadhan, S.: Notions of reducibility between cryptographic primitives. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 1–20. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  25. 25.
    Simon, D.: Finding collisions on a one-way street: Can secure hash functions be based on general assumptions? In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 334–345. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  26. 26.
    Vadhan, S.: On Transformations of Interactive Proofs that Preserve Prover’s Complexity. In: 32nd STOC, pp. 200–207 (2000)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Rafael Pass
    • 1
  • Muthuramakrishnan Venkitasubramaniam
    • 1
  1. 1.Cornell UniversityUSA

Personalised recommendations