A one-round, two-prover, zero-knowledge protocol for NP

The model of zero-knowledge multi-prover interactive proofs was introduced by Ben-Or, Goldwasser, Kilian and Wigderson in [4]. A major open problem associated with this model is whether NP problems can be proven by one-round, two-prover, zero-knowledge protocols with exponentially small error probability (e.g. via parallel executions). A positive answer was claimed by Fortnow, Rompel and Sipser in [12], but its proof was later shown to be flawed by Fortnow who demonstrated that the probability of cheating inn independent parallel rounds can be much higher than the probability of cheating inn independent sequential rounds (with exponential ratio between them). In this paper we solve this problem: We show a new one-round two-prover interactive proof for Graph Hamiltonicity, we prove that it is complete, sound and perfect zeroknowledge, and thus every problem in NP has a one-round two-prover interactive proof which is perfectly zero knowledge under no cryptographic assumptions. The main difficulty is in proving the soundness of our parallel protocol namely, proving that the probability of cheating in this one-round protocol is upper bounded by some exponentially low threshold. We prove that this probability is at most 1/2n/9 (wheren is the number of parallel rounds), by translating the soundness problem into some extremal combinatorial problem, and then solving this new problem.

[1]  Mihir Bellare,et al.  On Defining Proofs of Knowledge , 1992, CRYPTO.

[2]  Adi Shamir,et al.  Witness indistinguishable and witness hiding protocols , 1990, STOC '90.

[3]  Amos Fiat,et al.  Zero Knowledge Proofs of Identity , 1987, STOC.

[4]  Lance Fortnow,et al.  The Complexity of Perfect Zero-Knowledge , 1987, Proceeding Structure in Complexity Theory.

[5]  Uriel Feige On the success probability of the two provers in one-round proof systems , 1991, [1991] Proceedings of the Sixth Annual Structure in Complexity Theory Conference.

[6]  Richard J. Lipton,et al.  Playing Games of Incomplete Information , 1990, Symposium on Theoretical Aspects of Computer Science.

[7]  Silvio Micali,et al.  The Knowledge Complexity of Interactive Proof Systems , 1989, SIAM J. Comput..

[8]  Avi Wigderson,et al.  Multi-prover interactive proofs: how to remove intractability assumptions , 2019, STOC '88.

[9]  Stathis Zachos,et al.  Does co-NP Have Short Interactive Proofs? , 1987, Inf. Process. Lett..

[10]  Moti Yung,et al.  Everything in NP can be Argued in Perfect Zero-Knowledge in a Bounded Number of Rounds , 1989, ICALP.

[11]  Amos Fiat,et al.  Zero-knowledge proofs of identity , 1987, Journal of Cryptology.

[12]  Silvio Micali,et al.  Proofs that yield nothing but their validity and a methodology of cryptographic protocol design , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[13]  L. Fortnow,et al.  On the power of multi-power interactive protocols , 1988, [1988] Proceedings. Structure in Complexity Theory Third Annual Conference.

[14]  Rafail Ostrovsky,et al.  Perfect zero-knowledge in constant rounds , 1990, STOC '90.

[15]  Adi Shamir,et al.  Fully parallelized multi prover protocols for NEXP-time , 1991, [1991] Proceedings 32nd Annual Symposium of Foundations of Computer Science.