On the Relationship Between Statistical Zero-Knowledge and Statistical Randomized Encodings

Statistical Zero-knowledge proofs Goldwasser et al. [GMR89] allow a computationally unbounded server to convince a computationally limited client that an input x is in a language $$\varPi $$ without revealing any additional information about x that the client cannot compute by herself. Randomized encoding RE of functions Ishai and Kushilevitz [IK00] allows a computationally limited client to publish a single randomized message, $$\mathsf {Enc} x$$ , from which the server learns whether x is in $$\varPi $$ and nothing else. It is known that $$\mathcal {SRE} $$ , the class of problems that admit statistically private randomized encoding with polynomial-time client and computationally unbounded server, is contained in the class $$\mathcal {SZK} $$ of problems that have statistical zero-knowledge proof. However, the exact relation between these two classes, and, in particular, the possibility of equivalence was left as an open problem. In this paper, we explore the relationship between $$\mathcal {SRE} $$ and $$\mathcal {SZK} $$ , and derive the following results:In a non-uniform setting, statistical randomized encoding with one-side privacy $$\textit{1}\mathcal {RE} $$ is equivalent to non-interactive statistical zero-knowledge $$\mathcal {NISZK} $$ . These variants were studied in the past as natural relaxation/strengthening of the original notions. Our theorem shows that proving $$\mathcal {SRE} =\mathcal {SZK} $$ is equivalent to showing that $$\textit{1}\mathcal {RE} =\mathcal {SRE} $$ and $$\mathcal {SZK} =\mathcal {NISZK} $$ . The latter is a well-known open problem Goldreich et al. [GSV99].If $$\mathcal {SRE} $$ is non-trivial not in $$\mathcal {BPP} $$ , then infinitely-often one-way functions exist. The analog hypothesis for $$\mathcal {SZK} $$ yields only auxiliary-input one-way functions Ostrovsky [Ost91], which is believed to be a significantly weaker implication.If there exists an average-case hard language with perfect randomized encoding, then collision-resistance hash functions CRH exist. Again, a similar assumption for $$\mathcal {SZK} $$ implies only constant-round statistically-hiding commitments, a primitive which seems weaker than CRH. We believe that our results sharpen the relationship between $$\mathcal {SRE} $$ and $$\mathcal {SZK} $$ and illuminates the core differences between these two classes.

[1]  Yuval Ishai,et al.  Randomizing polynomials: A new representation with applications to round-efficient secure computation , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[2]  Benny Applebaum,et al.  Cryptography in Constant Parallel Time , 2013, Information Security and Cryptography.

[3]  Russell Impagliazzo,et al.  One-way functions are essential for complexity based cryptography , 1989, 30th Annual Symposium on Foundations of Computer Science.

[4]  Iordanis Kerenidis,et al.  Interactive and Noninteractive Zero Knowledge are Equivalent in the Help Model , 2008, TCC.

[5]  Manuel Blum,et al.  Non-interactive zero-knowledge and its applications , 1988, STOC '88.

[6]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[7]  Michael Ben-Or,et al.  Increasing the Power of the Dealer in Non-interactive Zero-Knowledge Proof Systems , 2000, ASIACRYPT.

[8]  Salil P. Vadhan,et al.  An Equivalence Between Zero Knowledge and Commitments , 2008, TCC.

[9]  Ran Canetti Theory of Cryptography, Fifth Theory of Cryptography Conference, TCC 2008, New York, USA, March 19-21, 2008 , 2008, TCC.

[10]  Oded Goldreich,et al.  Comparing entropies in statistical zero knowledge with applications to the structure of SZK , 1999, Proceedings. Fourteenth Annual IEEE Conference on Computational Complexity (Formerly: Structure in Complexity Theory Conference) (Cat.No.99CB36317).

[11]  Ivan Damgård,et al.  Efficient Concurrent Zero-Knowledge in the Auxiliary String Model , 2000, EUROCRYPT.

[12]  Oded Goldreich Foundations of Cryptography: Index , 2001 .

[13]  Toniann Pitassi,et al.  Zero-Information Protocols and Unambiguity in Arthur–Merlin Communication , 2015, Algorithmica.

[14]  Benny Applebaum,et al.  Garbled Circuits as Randomized Encodings of Functions: a Primer , 2017, Tutorials on the Foundations of Cryptography.

[15]  Tatsuaki Okamoto,et al.  On relationships between statistical zero-knowledge proofs , 1996, STOC '96.

[16]  Manuel Blum,et al.  Non-Interactive Zero-Knowledge and Its Applications (Extended Abstract) , 1988, STOC 1988.

[17]  Ivan Damgård,et al.  Zero-Knowledge Authentication Scheme with Secret Key Exchange (Extended Abstract) , 1988, CRYPTO.

[18]  Abhi Shelat,et al.  Unconditional Characterizations of Non-interactive Zero-Knowledge , 2005, CRYPTO.

[19]  Oded Goldreich,et al.  The Foundations of Cryptography - Volume 1: Basic Techniques , 2001 .

[20]  Benny Applebaum,et al.  From Private Simultaneous Messages to Zero-Information Arthur–Merlin Protocols and Back , 2016, Journal of Cryptology.

[21]  Oded Goldreich,et al.  Foundations of Cryptography: Basic Tools , 2000 .

[22]  Alexander Russell Necessary and Sufficient Conditions For Collision-Free Hashing , 1992, CRYPTO.

[23]  Ivan Damgård,et al.  Collision Free Hash Functions and Public Key Signature Schemes , 1987, EUROCRYPT.

[24]  Leonid A. Levin,et al.  Pseudo-random Generation from one-way functions (Extended Abstracts) , 1989, STOC 1989.

[25]  Oded Goldreich,et al.  Foundations of Cryptography: List of Figures , 2001 .

[26]  Johan Håstad,et al.  Perfect zero-knowledge languages can be recognized in two rounds , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[27]  Anat Paskin-Cherniavsky,et al.  Statistical Randomized Encodings: A Complexity Theoretic View , 2015, ICALP.

[28]  Benny Applebaum Randomly Encoding Functions: A New Cryptographic Paradigm - (Invited Talk) , 2011, ICITS.

[29]  Yuval Ishai,et al.  Minimizing Locality of One-Way Functions via Semi-private Randomized Encodings , 2016, Journal of Cryptology.

[30]  E. Kushilevitz,et al.  Cryptography in NC/sup 0/ , 2004, 45th Annual IEEE Symposium on Foundations of Computer Science.

[31]  Yacov Yacobi,et al.  The Complexity of Promise Problems with Applications to Public-Key Cryptography , 1984, Inf. Control..

[32]  Moni Naor,et al.  A minimal model for secure computation (extended abstract) , 1994, STOC '94.

[33]  Amit Sahai,et al.  Can Statistical Zero Knowledge Be Made Non-interactive? or On the Relationship of SZK and NISZK , 1998, CRYPTO.

[34]  Omer Reingold,et al.  Finding Collisions in Interactive Protocols - Tight Lower Bounds on the Round and Communication Complexities of Statistically Hiding Commitments , 2015, SIAM J. Comput..

[35]  Leonid A. Levin,et al.  Pseudo-random generation from one-way functions , 1989, STOC '89.

[36]  Rafail Ostrovsky,et al.  One-way functions, hard on average problems, and statistical zero-knowledge proofs , 1991, [1991] Proceedings of the Sixth Annual Structure in Complexity Theory Conference.

[37]  Oded Goldreich,et al.  On Promise Problems: A Survey , 2006, Essays in Memory of Shimon Even.

[38]  ApplebaumBenny,et al.  Cryptography in $NC^0$ , 2006 .

[39]  Yuval Ishai,et al.  Computationally Private Randomizing Polynomials and Their Applications , 2005, Computational Complexity Conference.

[40]  Manuel Blum,et al.  Noninteractive Zero-Knowledge , 1991, SIAM J. Comput..

[41]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[42]  Larry Carter,et al.  Universal Classes of Hash Functions , 1979, J. Comput. Syst. Sci..

[43]  Oded Goldreich,et al.  The Random Oracle Hypothesis Is False , 1994, J. Comput. Syst. Sci..

[44]  Benny Applebaum,et al.  From Private Simultaneous Messages to Zero-Information Arthur-Merlin Protocols and Back , 2016, TCC.

[45]  SahaiAmit,et al.  A complete problem for statistical zero knowledge , 2003 .

[46]  Silvio Micali,et al.  Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.

[47]  Giovanni Di Crescenzo,et al.  Image Density is Complete for Non-Interactive-SZK (Extended Abstract) , 1998, ICALP.

[48]  Bill Wilson,et al.  In a relationship , 2013 .

[49]  Tatsuaki Okamoto On Relationships between Statistical Zero-Knowledge Proofs , 2000, J. Comput. Syst. Sci..

[50]  Yuval Ishai,et al.  Cryptography in NC0 , 2004, FOCS.

[51]  Yuval Ishai,et al.  Randomization Techniques for Secure Computation , 2013, Secure Multi-Party Computation.