Abstract
We revisit the composability of different forms of zero- knowledge proofs when the honest prover strategy is restricted to be polynomial time (given an appropriate auxiliary input). Our results are:
-
1
When restricted to efficient provers, the original Goldwasser–Micali–Rackoff (GMR) definition of zero knowledge (STOC ‘85), here called plain zero knowledge, is closed under a constant number of sequential compositions (on the same input). This contrasts with the case of unbounded provers, where Goldreich and Krawczyk (ICALP ‘90, SICOMP ‘96) exhibited a protocol that is zero knowledge under the GMR definition, but for which the sequential composition of 2 copies is not zero knowledge.
-
1
If we relax the GMR definition to only require that the simulation is indistinguishable from the verifier’s view by uniform polynomial-time distinguishers, with no auxiliary input beyond the statement being proven, then again zero knowledge is not closed under sequential composition of 2 copies.
-
1
We show that auxiliary-input zero knowledge with efficient provers is not closed under parallel composition of 2 copies under the assumption that there is a secure key agreement protocol (in which it is easy to recognize valid transcripts). Feige and Shamir (STOC ‘90) gave similar results under the seemingly incomparable assumptions that (a) the discrete logarithm problem is hard, or (b) \({\mathcal{UP}}\not\subseteq {\mathcal{BPP}}\) and one-way functions exist.
Keywords
- Sequential Composition
- Parallel Composition
- Interactive Proof
- Auxiliary Input
- Interactive Proof System
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
These results first appeared in the first author’s undergraduate thesis [5] and in the full version of the paper is available on the Cryptology ePrint Archive [6].
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-3-642-11799-2_36
Download conference paper PDF
References
Barak, B.: How to go beyond the Black-Box Simulation Barrier. In: 42nd IEEE Symposium on Foundations of Computer Science, pp. 106–115 (2001)
Barak, B., Lindell, Y., Vadhan, S.: Lower Bounds for Non-Black-Box Zero Knowledge. In: Proc. of the 44th IEEE Symposium on the Foundation of Computer Science, pp. 384–393 (2003)
Bellare, M., Goldreich, O.: On defining proofs of knowledge. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 390–420. Springer, Heidelberg (1993)
Ben-Or, M., Goldreich, O., Goldwasser, S., Hastad, J., Kilian, J., Micali, S., Rogaway, P.: Everything provable is provable in zero-knowledge. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 37–56. Springer, Heidelberg (1990)
Birrell, E.: Composition of Zero-Knowledge Proofs. Undergraduate Thesis. Harvard University (2009)
Birrell, E., Vadhan, S.: Composition of Zero Knowledge Proofs with Efficient Provers. Cryptology eprint archive (2009)
Blum, M.: How to prove a theorem so no one else can claim it. In: Proceedings of the International Congress of Mathematicians, pp. 1444–1451 (1987)
Diffie, W., Hellman, M.: New Directions in Cryptography. IEEE Trans. on Info. Theory IT-22, 644–654 (1976)
Feige, U., Shamir, A.: Witness Indistinguishability and Witness Hiding Protocols. In: 22nd ACM Symposium on the Theory of Computing, pp. 416–426 (1990)
Feige, U., Shamir, A.: Zero-Knowledge Proofs of Knowledge in Two Rounds. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 526–544. Springer, Heidelberg (1990)
Goldreich, O.: Foundations of Cryptography - Basic Tools. Cambridge University Press, Cambridge (2001)
Goldreich, O.: A Uniform Complexity Treatment of Encryption and Zero Knowledge. Journal of Cryptology 6(1), 21–53 (1993)
Goldreich, O.: Zero-Knowledge twenty years after its invention. Cryptology ePrint Archive, Report 2002/186 (2002), http://eprint.iacr.org/
Goldreich, O., Goldwasser, S., Micali, S.: How to Construct Random Functions. Journal of the Association for Computing Machinery 33(4), 792–807 (1986)
Goldreich, O., Kahan, A.: How to Construct Constant-Round Zero-Knowledge Proof Systems for NP. Journal of Cryptology 9(2), 167–189 (1996)
Goldreich, O., Krawczyk, H.: On the Composition of Zero-Knowledge Proof Systems. SIAM Journal on Computing 25(1), 169–192 (1996); Preliminary version in ICALP 1990
Goldreich, O., Krawczyk, H.: Sparse Pseudorandom Distributions. Random Structures & Algorithms 3(2), 163–174 (1992)
Goldreich, O., Micali, S., Wigderson, A.: Proofs that Yield Nothing but their Validity or All Languages in NP have Zero-Knowledge Proof Systems. Journal of the ACM 38(1), 691–729 (1991)
Goldreich, O., Oren, Y.: Definitions and Properties of Zero-Knowledge Proof Systems. Journal of Cryptology 7(1), 1–32 (1994)
Goldwasser, S., Micali, S., Rackoff, C.: Knowledge Complexity of Interactive Proofs. In: Proc. 17th STOC, pp. 291–304 (1985)
Goldwasser, S., Micali, S., Rackoff, C.: The Knowledge Complexity of Interactive Proof Systems. SIAM Journal on Computing 18, 186–208 (1989)
Haitner, I., Rosen, A., Shaltiel, R.: On the (Im)possibility of Arthur-Merlin Witness Hiding Protocols. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 220–237. Springer, Heidelberg (2009)
Vadhan, S.: Pseudorandomness. Foundations and Trends in Theoretical Computer Science (to appear, 2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Birrell, E., Vadhan, S. (2010). Composition of Zero-Knowledge Proofs with Efficient Provers. In: Micciancio, D. (eds) Theory of Cryptography. TCC 2010. Lecture Notes in Computer Science, vol 5978. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11799-2_34
Download citation
DOI: https://doi.org/10.1007/978-3-642-11799-2_34
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-11798-5
Online ISBN: 978-3-642-11799-2
eBook Packages: Computer ScienceComputer Science (R0)