Statistical Zero-Knowledge Proofs with Efficient Provers: Lattice Problems and More

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2729)


We construct several new statistical zero-knowledge proofs with efficient provers, i.e. ones where the prover strategy runs in probabilistic polynomial time given an NP witness for the input string.

Our first proof systems are for approximate versions of the Shorttest Vector Problem (SVP) and Closest Vector Problem (CVP), where the witness is simply a short vector in the lattice or a lattice vector close to the target, respectively. Our proof systems are in fact proofs of knowledge, and as a result, we immediately obtain efficient lattice-based identification schemes which can be implemented with arbitrary families of lattices in which the approximate SVP or CVP are hard.

We then turn to the general question of whether all problems in SZKNP admit statistical zero-knowledge proofs with efficient provers. Towards this end, we give a statistical zero-knowledge proof system with an efficient prover for a natural restriction of Statistical Difference, a complete problem for SZK. We also suggest a plausible approach to resolving the general question in the positive.


Proof System Commitment Scheme Vector Problem Short Vector Probabilistic Polynomial Time 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM J. Comput. 18, 186–208 (1989)zbMATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    Bellare, M., Petrank, E.: Making zero-knowledge provers efficient. In: 24th STOC, pp. 711–722 (1992)Google Scholar
  3. 3.
    Boyar, J., Friedl, K., Lund, C.: Practical Zero-Knowledge Proofs: Giving Hints and Using Deficiencies. J. Cryptology 4, 185–206 (1991)zbMATHCrossRefMathSciNetGoogle Scholar
  4. 4.
    Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems. J. ACM 38, 691–729 (1991)zbMATHCrossRefMathSciNetGoogle Scholar
  5. 5.
    Fortnow, L.: The complexity of perfect zero-knowledge. In: Advances in Computing Research, vol. 5, pp. 327–343. JAC Press (1989)Google Scholar
  6. 6.
    Aiello, W., Håstad, J.: Statistical zero-knowledge languages can be recognized in two rounds. J. Comput. System Sci. 42, 327–345 (1991)zbMATHCrossRefMathSciNetGoogle Scholar
  7. 7.
    Okamoto, T.: On relationships between statistical zero-knowledge proofs. J. Comput. System Sci. 60, 47–108 (2000)zbMATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    Sahai, A., Vadhan, S.: A complete problem for statistical zero knowledge. J. ACM 50, 196–249 (2003)CrossRefMathSciNetGoogle Scholar
  9. 9.
    Goldreich, O., Vadhan, S.: Comparing entropies in statistical zero-knowledge with applications to the structure of SZK. In: 14th CCC, pp. 54–73 (1999)Google Scholar
  10. 10.
    Goldreich, O., Sahai, A., Vadhan, S.: Honest verifier statistical zero-knowledge equals general statistical zero-knowledge. In: 30th STOC, pp. 399–408 (1998)Google Scholar
  11. 11.
    Vadhan, S.P.: On transformations of interactive proofs that preserve the prover’s complexity. In: 32nd STOC, pp. 200–207 (2000)Google Scholar
  12. 12.
    Arvind, V., Köbler, J.: On pseudorandomness and resource-bounded measure. Theoret. Comput. Sci. 255, 205–221 (2001)zbMATHCrossRefMathSciNetGoogle Scholar
  13. 13.
    Klivans, A.R., van Melkebeek, D.: Graph nonisomorphism has subexponential size proofs unless the polynomial-time hierarchy collapses. SIAM J. Comput. 31, 1501–1526 (2002)zbMATHCrossRefMathSciNetGoogle Scholar
  14. 14.
    Miltersen, P.B., Vinodchandran, N.V.: Derandomizing Arthur-Merlin games using hitting sets. In: 40th FOCS, pp. 71–80 (1999)Google Scholar
  15. 15.
    Arora, S., Babai, L., Stern, J., Sweedyk, Z.: The hardness of approximate optima in lattices, codes, and systems of linear equations. J. Comput. System Sci. 54, 317–331 (1997)zbMATHCrossRefMathSciNetGoogle Scholar
  16. 16.
    Ajtai, M.: The shortest vector problem in L_2 is NP-hard for randomized reductions (extended abstract). In: 30th STOC, pp. 10–19 (1998)Google Scholar
  17. 17.
    Micciancio, D.: The shortest vector problem is NP-hard to approximate to within some constant. SIAM J. Comput. 30, 2008–2035 (2001)zbMATHCrossRefMathSciNetGoogle Scholar
  18. 18.
    Dinur, I., Kindler, G., Raz, R., Safra, S.: An improved lower bound for approximating CVP. Combinatorica (To appear) Preliminary version in FOCS 1998Google Scholar
  19. 19.
    Ajtai, M.: Generating hard instances of lattice problems (extended abstract). In: 28th STOC, pp. 99–108 (1996)Google Scholar
  20. 20.
    Micciancio, D.: Generalized compact knapsaks, cyclic lattices, and efficient oneway functions from worst-case complexity assumptions (extended abstract). In: 43rd FOCS, pp. 356–365 (2002)Google Scholar
  21. 21.
    Goldreich, O., Goldwasser, S., Halevi, S.: Collision-free hashing from lattice problems. Technical Report TR96-056, ECCC (1996)Google Scholar
  22. 22.
    Micciancio, D.: Improved cryptographic hash functions with worst-case/averagecase connection (extended abstract). In: 34th STOC, pp. 609–618 (2002)Google Scholar
  23. 23.
    Goldreich, O., Goldwasser, S., Halevi, S.: Public-key cryptosystems from lattice reduction problems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 112–131. Springer, Heidelberg (1997)Google Scholar
  24. 24.
    Ajtai, M., Dwork, C.: A public-key cryptosystem with worst-case/average-case equivalence. In: 29th STOC, pp. 284–293 (1997)Google Scholar
  25. 25.
    Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: a ring based public key cryptosystem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 267–288. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  26. 26.
    Goldreich, O., Goldwasser, S.: On the limits of nonapproximability of lattice problems. J. Comput. System Sci. 60, 540–563 (2000)zbMATHCrossRefMathSciNetGoogle Scholar
  27. 27.
    Vadhan, S.P.: A Study of Statistical Zero-Knowledge Proofs. PhD thesis. MIT, Cambridge (1999)Google Scholar
  28. 28.
    Feige, U., Fiat, A., Shamir, A.: Zero-knowledge proofs of identity. J. Cryptology 1, 77–94 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  29. 29.
    Itoh, T., Ohta, Y., Shizuya, H.: A language-dependent cryptographic primitive. J. Cryptology 10, 37–49 (1997)zbMATHCrossRefMathSciNetGoogle Scholar
  30. 30.
    Gennaro, R., Micciancio, D., Rabin, T.: An efficient non-interactive statistical zero-knowledge proof system for quasi-safe prime products. In: 5th ACM CCS, pp. 67–72 (1998)Google Scholar
  31. 31.
    Tompa, M., Woll, H.: Random self-reducibility and zero knowledge interactive proofs of possession of information. In: 28th FOCS, pp. 472–482 (1987)Google Scholar
  32. 32.
    De Santis, A., Di Crescenzo, G., Persiano, G., Yung, M.: On monotone formula closure of SZK. In: 35th FOCS, pp. 454–465 (1994)Google Scholar
  33. 33.
    Bellare, M., Goldwasser, S.: The complexity of decision versus search. SIAM J. Comput. 23, 97–119 (1994)zbMATHCrossRefMathSciNetGoogle Scholar
  34. 34.
    Goldreich, O.: Foundations of Cryptography: Basic Tools. Cambridge U. Press, New York (2001)zbMATHCrossRefGoogle Scholar
  35. 35.
    Micciancio, D., Goldwasser, S.: Complexity of lattice problems: a cryptographic perspective. Engineering and Computer Science, vol. 671. Kluwer, Dordrecht (2002)zbMATHGoogle Scholar
  36. 36.
    Micciancio, D.: Improving lattice based cryptosystems using the Hermite normal form. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, pp. 126–145. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  37. 37.
    Goldreich, O., Micciancio, D., Safra, S., Seifert, J.P.: Approximating shortest lattice vectors is not harder than approximating closest lattice vectors. Inf. In: Proc. Lett., vol. 71, pp. 55–61 (1999)Google Scholar
  38. 38.
    Goldreich, O., Levin, L.: A hard predicate for all one-way functions. In: 21st STOC (1989)Google Scholar
  39. 39.
    Feige, U., Shamir, A.: Witness indistinguishable and witness hiding protocols. In: 22nd STOC, pp. 416–426 (1990)Google Scholar
  40. 40.
    Micciancio, D.: The hardness of the closest vector problem with preprocessing. IEEE Trans. Inform. Theory 47, 1212–1215 (2001)zbMATHCrossRefMathSciNetGoogle Scholar
  41. 41.
    Feige, U., Micciancio, D.: The inapproximability of lattice and coding problems with preprocessing. J. Comput. System Sci. (To appear) Preliminary version in CCC (2002)Google Scholar
  42. 42.
    Regev, O.: Improved Inapproximability of Lattice and Coding Problems with Preprocessing. In: 18th CCC (2003)Google Scholar
  43. 43.
    Goldreich, O., Sahai, A., Vadhan, S.: Can statistical zero-knowledge be made noninteractive?, or On the relationship of SZK and NISZK. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, p. 467. Springer, Heidelberg (1999)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  1. 1.University of CaliforniaSan Diego, La JollaUSA
  2. 2.Harvard UniversityCambridgeUSA

Personalised recommendations