One-way functions are essential for non-trivial zero-knowledge

If one-way functions exist, then there are zero-knowledge proofs for every language in PSPACE. The authors prove that unless very weak one-way functions exist, zero-knowledge proofs can be given only for languages in BPP. For average-case definitions of BPP they prove an analogous result under the assumption that uniform one-way functions do not exist. Thus, very loosely speaking, zero-knowledge is either useless (exists only for 'easy' languages), or universal (exists for every provable language).<<ETX>>

[1]  Shafi Goldwasser,et al.  Private coins versus public coins in interactive proof systems , 1986, STOC '86.

[2]  Hugo Krawczyk,et al.  Sparse Pseudorandom Distributions , 1989, CRYPTO.

[3]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[4]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[5]  Leonid A. Levin,et al.  Average Case Complete Problems , 1986, SIAM J. Comput..

[6]  Ivan Damgård,et al.  On the Existence of Bit Commitment Schemes and Zero-Knowledge Proofs , 1989, CRYPTO.

[7]  Rafail Ostrovsky,et al.  One-way functions, hard on average problems, and statistical zero-knowledge proofs , 1991, [1991] Proceedings of the Sixth Annual Structure in Complexity Theory Conference.

[8]  László Babai,et al.  Arthur-Merlin Games: A Randomized Proof System, and a Hierarchy of Complexity Classes , 1988, J. Comput. Syst. Sci..

[9]  Johan Håstad,et al.  Pseudo-random generators under uniform assumptions , 1990, STOC '90.

[10]  László Babai,et al.  Trading group theory for randomness , 1985, STOC '85.

[11]  Moti Yung,et al.  Direct Minimum-Knowledge Computations , 1987, CRYPTO.

[12]  Leslie G. Valiant,et al.  Random Generation of Combinatorial Structures from a Uniform Distribution , 1986, Theor. Comput. Sci..

[13]  Russell Impagliazzo,et al.  One-way functions are essential for complexity based cryptography , 1989, 30th Annual Symposium on Foundations of Computer Science.

[14]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[15]  Silvio Micali,et al.  Non-Interactive Zero-Knowledge Proof Systems , 1987, CRYPTO.

[16]  Carsten Lund,et al.  Algebraic methods for interactive proof systems , 1990, Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science.

[17]  Leonid A. Levin,et al.  Pseudo-random generation from one-way functions , 1989, STOC '89.

[18]  Oded Goldreich,et al.  A Note on Computational Indistinguishability , 1990, Inf. Process. Lett..

[19]  Leonid A. Levin,et al.  A hard-core predicate for all one-way functions , 1989, STOC '89.

[20]  Oded Goldreich,et al.  On Completeness and Soundness in Interactive Proof Systems , 1989, Adv. Comput. Res..

[21]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[22]  Carsten Lund,et al.  Algebraic methods for interactive proof systems , 1992, JACM.

[23]  Silvio Micali,et al.  Everything Provable is Provable in Zero-Knowledge , 1990, CRYPTO.

[24]  Leonid A. Levin,et al.  No better ways to generate hard NP instances than picking uniformly at random , 1990, Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science.

[25]  Adi Shamir,et al.  Zero Knowledge Proofs of Knowledge in Two Rounds , 1989, CRYPTO.

[26]  Mihir Bellare,et al.  Making zero-knowledge provers efficient , 1992, STOC '92.

[27]  Manuel Blum,et al.  How to Generate Cryptographically Strong Sequences of Pseudo Random Bits , 1982, FOCS.

[28]  Lance Fortnow,et al.  The Complexity of Perfect Zero-Knowledge , 1987, Proceeding Structure in Complexity Theory.

[29]  Russell Impagliazzo,et al.  How to recycle random bits , 1989, 30th Annual Symposium on Foundations of Computer Science.

[30]  Moni Naor,et al.  Bit Commitment Using Pseudo-Randomness , 1989, CRYPTO.

[31]  Oded Goldreich,et al.  Interactive proof systems: Provers that never fail and random selection , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[32]  Johan Håstad,et al.  Perfect zero-knowledge languages can be recognized in two rounds , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[33]  Manuel Blum,et al.  How to generate cryptographically strong sequences of pseudo random bits , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[34]  Andrew Chi-Chih Yao,et al.  How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[35]  Andrew Chi-Chih Yao,et al.  Theory and application of trapdoor functions , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[36]  Moni Naor,et al.  Universal one-way hash functions and their cryptographic applications , 1989, STOC '89.

[37]  Adi Shamir,et al.  IP = PSPACE , 1992, JACM.

[38]  John Rompel,et al.  One-way functions are necessary and sufficient for secure signatures , 1990, STOC '90.

[39]  Lenore Cowen,et al.  On the Structure of Secret Key Exchange Protocols , 1989, Distributed Computing And Cryptography.

[40]  Silvio Micali,et al.  The Knowledge Complexity of Interactive Proof Systems , 1989, SIAM J. Comput..