Quasi-Linear Size Zero Knowledge from Linear-Algebraic PCPs

  • Eli Ben-Sasson
  • Alessandro Chiesa
  • Ariel Gabizon
  • Madars Virza
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9563)


The seminal result that every language having an interactive proof also has a zero-knowledge interactive proof assumes the existence of one-way functions. Ostrovsky and Wigderson [33] proved that this assumption is necessary: if one-way functions do not exist, then only languages in BPP have zero-knowledge interactive proofs.

Ben-Or et al. [9] proved that, nevertheless, every language having a multi-prover interactive proof also has a zero-knowledge multi-prover interactive proof, unconditionally. Their work led to, among many other things, a line of work studying zero knowledge without intractability assumptions. In this line of work, Kilian, Petrank, and Tardos [28] defined and constructed zero-knowledge probabilistically checkable proofs (PCPs).

While PCPs with quasilinear-size proof length, but without zero knowledge, are known, no such result is known for zero knowledge PCPs. In this work, we show how to construct “2-round” PCPs that are zero knowledge and of length \(\tilde{O}(K)\) where K is the number of queries made by a malicious polynomial time verifier. Previous solutions required PCPs of length at least \(K^6\) to maintain zero knowledge. In this model, which we call duplex PCP (DPCP), the verifier first receives an oracle string from the prover, then replies with a message, and then receives another oracle string from the prover; a malicious verifier can make up to K queries in total to both oracles.

Deviating from previous works, our constructions do not invoke the PCP Theorem as a blackbox but instead rely on certain algebraic properties of a specific family of PCPs. We show that if the PCP has a certain linear algebraic structure — which many central constructions can be shown to possess, including [2, 4, 15] — we can add the zero knowledge property at virtually no cost (up to additive lower order terms) while introducing only minor modifications in the algorithms of the prover and verifier. We believe that our linear-algebraic characterization of PCPs may be of independent interest, as it gives a simplified way to view previous well-studied PCP constructions.



We thank Yuval Ishai and Mor Weiss for helpful discussions. The research leading to these results has received funding from: the European Community’s Seventh Framework Programme (FP7/2007–2013) under grant agreement number 240258; the Israeli Science Foundation (grant 1501/14); and the Center for Science of Information (CSoI), an NSF Science and Technology Center, under grant agreement CCF-0939370.


  1. 1.
    Alon, N.: Combinatorial Nullstellensatz. Comb. Probab. Comput. 8, 7–29 (1999)MathSciNetCrossRefzbMATHGoogle Scholar
  2. 2.
    Arora, S., Lund, C., Motwani, R., Sudan, M., Szegedy, M.: Proof verification and the hardness of approximation problems. JACM 45, 501–555 (1998)MathSciNetCrossRefzbMATHGoogle Scholar
  3. 3.
    Arora, S., Safra, S.: Probabilistic checking of proofs: a new characterization of NP. JACM 45, 70–122 (1998)MathSciNetCrossRefzbMATHGoogle Scholar
  4. 4.
    Babai, L., Fortnow, L., Levin, L.A., Szegedy, M.: Checking computations in polylogarithmic time. In: STOC 1991 (1991)Google Scholar
  5. 5.
    Babai, L., Fortnow, L., Lund, C.: Non-deterministic exponential time has two-prover interactive protocols. Comput. Complex. 1, 3–40 (1991)CrossRefzbMATHGoogle Scholar
  6. 6.
    Babai, L., Moran, S.: Arthur-Merlin games: a randomized proof system, and a hierarchy of complexity class. J. Comput. Syst. Sci. 36, 254–276 (1988)CrossRefzbMATHGoogle Scholar
  7. 7.
    Bellare, M., Goldreich, O.: On defining proofs of knowledge. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 390–420. Springer, Heidelberg (1993) Google Scholar
  8. 8.
    Ben-Or, M., Goldreich, O., Goldwasser, S., Håstad, J., Kilian, J., Micali, S., Rogaway, P.: Everything provable is provable in zero-knowledge. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 37–56. Springer, Heidelberg (1990) Google Scholar
  9. 9.
    Ben-Or, M., Goldwasser, S., Kilian, J., Wigderson, A.: Multi-prover interactive proofs: how to remove intractability assumptions. In: STOC 1988 (1988)Google Scholar
  10. 10.
    Ben-Sasson, E., Chiesa, A., Genkin, D., Tromer, E.: Fast reductions from RAMs to delegatable succinct constraint satisfaction problems. In: ITCS 2013 (2013)Google Scholar
  11. 11.
    Ben-Sasson, E., Chiesa, A., Genkin, D., Tromer, E.: On the concrete efficiency of probabilistically-checkable proofs. In: STOC 2013 (2013)Google Scholar
  12. 12.
    Ben-Sasson, E., Goldreich, O., Harsha, P., Sudan, M., Vadhan, S.: Robust PCPs of proximity, shorter PCPs and applications to coding. In: STOC 2004 (2004)Google Scholar
  13. 13.
    Ben-Sasson, E., Goldreich, O., Harsha, P., Sudan, M., Vadhan, S.: Short PCPs verifiable in polylogarithmic time. In: CCC 2005 (2005)Google Scholar
  14. 14.
    Ben-Sasson, E., Goldreich, O., Harsha, P., Sudan, M., Vadhan, S.: Robust PCPs of proximity, shorter PCPs, and applications to coding. SIAM J. Comput. 36, 889–974 (2006)MathSciNetCrossRefzbMATHGoogle Scholar
  15. 15.
    Ben-Sasson, E., Sudan, M.: Short PCPs with polylog query complexity. SIAM J. Comput. 38, 551–607 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  16. 16.
    Ben-Sasson, E., Viola, E.: Short PCPs with projection queries. In: Esparza, J., Fraigniaud, P., Husfeldt, T., Koutsoupias, E. (eds.) ICALP 2014. LNCS, vol. 8572, pp. 163–173. Springer, Heidelberg (2014) Google Scholar
  17. 17.
    Dinur, I.: The PCP theorem by gap amplification. JACM 54, 12:1–12:44 (2007)MathSciNetCrossRefzbMATHGoogle Scholar
  18. 18.
    Dinur, I., Reingold, O.: Assignment testers: towards a combinatorial proof of the PCP theorem. In: FOCS 2004 (2004)Google Scholar
  19. 19.
    Dwork, C., Feige, U., Kilian, J., Naor, M., Safra, M.: Low communication 2-prover zero-knowledge proofs for NP. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 215–227. Springer, Heidelberg (1993) Google Scholar
  20. 20.
    Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof-systems. In: STOC 1985 (1985)Google Scholar
  21. 21.
    Goyal, V., Ishai, Y., Mahmoody, M., Sahai, A.: Interactive locking, zero-knowledge PCPs, and unconditional cryptography. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 173–190. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  22. 22.
    Harsha, P., Sudan, M.: Small PCPs with low query complexity. Comput. Complex. 9, 157–201 (2000)MathSciNetCrossRefzbMATHGoogle Scholar
  23. 23.
    Impagliazzo, R., Yung, M.: Direct minimum knowledge computations. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 40–51. Springer, Heidelberg (1988) Google Scholar
  24. 24.
    Ishai, Y., Kushilevitz, E., Ostrovsky, R., Sahai, A.: Zero-knowledge proofs from secure multiparty computation. SIAM J. Comput. 39, 1121–1152 (2009)MathSciNetCrossRefzbMATHGoogle Scholar
  25. 25.
    Ishai, Y., Mahmoody, M., Sahai, A.: On efficient zero-knowledge PCPs. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 151–168. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  26. 26.
    Ishai, Y., Mahmoody, M., Sahai, A., Xiao, D.: On zero-knowledge PCPs: limitations, simplifications, and applications (2015).
  27. 27.
    Kalai, Y.T., Raz, R.: Interactive PCP. In: Aceto, L., Damgård, I., Goldberg, L.A., Halldórsson, M.M., Ingólfsdóttir, A., Walukiewicz, I. (eds.) ICALP 2008, Part II. LNCS, vol. 5126, pp. 536–547. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  28. 28.
    Kilian, J., Petrank, E., Tardos, G.: Probabilistically checkable proofs with zero knowledge. In: STOC 1997 (1997)Google Scholar
  29. 29.
    Lapidot, D., Shamir, A.: A one-round, two-prover, zero-knowledge protocol for NP. Combinatorica 15, 204–214 (1995)MathSciNetCrossRefzbMATHGoogle Scholar
  30. 30.
    Lund, C., Fortnow, L., Karloff, H., Noam, N.: Algebraic methods for interactive proof systems. JACM 39, 859–868 (1992)CrossRefzbMATHGoogle Scholar
  31. 31.
    Mahmoody, M., Xiao, D.: Languages with efficient zero-knowledge PCPs are in SZK. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 297–314. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  32. 32.
    Mie, T.: Polylogarithmic two-round argument systems. J. Math. Cryptol. 2, 343–363 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  33. 33.
    Ostrovsky, R., Wigderson, A.: One-way functions are essential for non-trivial zero-knowledge. In: ISTCS 1993 (1993)Google Scholar
  34. 34.
    Polishchuk, A., Spielman, D.A.: Nearly-linear size holographic proofs. In: STOC 1994 (1994)Google Scholar
  35. 35.
    Shamir, A.: IP = PSPACE. JACM 39, 869–877 (1992)MathSciNetCrossRefGoogle Scholar
  36. 36.
    Spielman, D.: Computationally efficient error-correcting codes and holographic proofs. Ph.D. thesis, Massachusetts Institute of Technology (1995)Google Scholar
  37. 37.
    Szegedy, M.: Many-valued logics and holographic proofs. In: Wiedermann, J., Van Emde Boas, P., Nielsen, M. (eds.) ICALP 1999. LNCS, vol. 1644, pp. 676–686. Springer, Heidelberg (1999) CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  • Eli Ben-Sasson
    • 2
  • Alessandro Chiesa
    • 3
  • Ariel Gabizon
    • 2
  • Madars Virza
    • 1
  1. 1.MITCambridgeUSA
  2. 2.TechnionHaifaIsrael
  3. 3.UC BerkeleyBerkeleyUSA

Personalised recommendations