Keeping the SZK-verifier honest unconditionally

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1294)


This paper shows that using direct properties of a zero-knowledge protocol itself, one may impose a honest behavior on the verifier (without additional cryptographic tools). The main technical contribution is showing that if a language L has an Arthur-Merlin (i.e. public coins) honest-verifier statistical SZK proof system then L has an (any-verifier) SZK proof system when we use a non-uniform simulation model of SZK (where the simulation view and protocol view can be made statistically closer than any given polynomial given as a parameter). Three basic questions regarding statistical zero-knowledge (SZK) are solved in this model:
  • If L has a honest-verifier SZK proof then L has an any-verifier nonuniform simulation SZK proof.

  • If L has an SZK proof then L has an non-uniform simulation SZK proof.

  • If L has a private-coin SZK proof then L has a public-coin nonuniform simulation SZK proof.


Proof System Random String Commitment Scheme Common Input Cheat Behavior 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    W. Aiello and J. Håstad. Statistical Zero Knowledge Can Be Recognized in Two Rounds, Journal of Computer and System Sciences, vol. 42, 1991, pp. 327–345.zbMATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    M. Bellare, S. Micali, and R. Ostrovsky, The (True) Complexity of Statistical Zero-Knowledge Proofs, in STOC 90.Google Scholar
  3. 3.
    M. Bellare, and E. Petrank, Making Zero-Knowledge Provers Efficient, STOC 92.Google Scholar
  4. 4.
    M. Ben-Or, O. Goldreich, S. Goldwasser, J. Håstad, J. Kilian, S. Micali, and P. Rogaway, Everything Provable is Provable in Zero Knowledge, in CRYPTO 88.Google Scholar
  5. 5.
    I. Damgård, Interactive Hashing can Simplify Zero-Knowledge Design without Complexity assumptions, in CRYPTO 92.Google Scholar
  6. 6.
    I. Damgård, O. Goldreich, T. Okamoto, and A. Wigderson, Honest-Verifier vs. Dishonest-Verifier in Public-Coin Zero-Knowledge Proofs, in CRYPTO 95.Google Scholar
  7. 7.
    A. De Santis, G. Di Crescenzo, P. Persiano, and M. Yung, On Monotone Formula Closure of SZK, in FOCS 94.Google Scholar
  8. 8.
    U. Feige, A. Fiat, and A. Shamir, Zero-Knowledge Proofs of Identity, Journal of Cryptology, vol. 1, 1988, pp. 77–94.zbMATHCrossRefMathSciNetGoogle Scholar
  9. 9.
    L. Fortnow, The Complexity of Perfect Zero Knowledge, in STOC 87.Google Scholar
  10. 10.
    O. Goldreich and H. Krawczyk, On the Composition of Zero-Knowledge Proof Systems, SIAM Journal on Computing, 1996.Google Scholar
  11. 11.
    O. Goldreich, S. Micali, and A. Wigderson, Proofs that Yield Nothing but their Validity or All Languages in NP Have Zero-Knowledge Proof Systems, Journal of the ACM, vol. 38, n. 1, 1991, pp. 691–729.zbMATHMathSciNetGoogle Scholar
  12. 12.
    O. Goldreich and Y. Oren, Definitions and Properties of Zero-Knowledge Proof Systems, Journal of Cryptology, v. 7, n. 1, 1994.Google Scholar
  13. 13.
    S. Goldwasser, S. Micali, and C. Rackoff, The Knowledge Complexity of Interactive Proof-Systems, SIAM Journal on Computing, vol. 18, n. 1, February 1989.Google Scholar
  14. 14.
    S. Goldwasser and M. Sipser, Private Coins versus Public Coins in Interactive Proof-Systems, in STOC 1986.Google Scholar
  15. 15.
    J. Håstad, R. Impagliazzo, L. Levin, and M. Luby, Construction of a Pseudo-Random Generator from One-Way Function, to appear in SIAM Journal on Computing, previous versions: FOCS 89 and STOC 90.Google Scholar
  16. 16.
    R. Impagliazzo and M. Luby, One-Way Functions are Necessary for Complexity-Based Cryptography, in FOCS 90.Google Scholar
  17. 17.
    R. Impagliazzo and M. Yung, Direct Minimum Knowledge Computations, in CRYPTO 87.Google Scholar
  18. 18.
    M. Naor, Bit-Commitment Using Pseudo-Randomness, in CRYPTO 89.Google Scholar
  19. 19.
    M. Naor, R. Ostrovsky, R. Venkatesan, and M. Yung, Perfectly-Secure Zero-Knowledge Arguments Can be Based on General Complexity Assumptions, in CRYPTO 92.Google Scholar
  20. 20.
    T. Okamoto, On Relations Between Statistical Zero-Knowledge Proofs, STOC 96.Google Scholar
  21. 21.
    R. Ostrovsky, One-Way Functions, Hard on Average Problems and Statistical Zero-Knowledge Proofs, in Structures 91.Google Scholar
  22. 22.
    R. Ostrovsky, R. Venkatesan, and M. Yung, Interactive Hashing Simplifies Zero-Knowledge Protocol Design, in EUROCRYPT '93.Google Scholar
  23. 23.
    R. Ostrovsky, and A. Wigderson, One-way Functions are Essential for Non-Trivial Zero-Knowledge, in ISTCS 93.Google Scholar
  24. 24.
    A. Yao, Theory and Applications of Trapdoor Functions, in FOCS 81.Google Scholar

Copyright information

© Springer-Verlag 1997

Authors and Affiliations

  1. 1.Computer Science and Engineering Dep.University of California San DiegoLa Jolla
  2. 2.NTT LaboratoriesNippon Telegraph and Telephone CorporationKanagawa-kenJapan
  3. 3.CertCoNew York

Personalised recommendations