On the Composition of Public-Coin Zero-Knowledge Protocols

We show that only languages in BPP have public-coin, black-box zero-knowledge protocols that are secure under an unbounded (polynomial) number of parallel repetitions. This result holds both in the plain model (without any set-up) and in the Bare Public-Key Model (where the prover and the verifier have registered public keys). We complement this result by showing the existence of a public-coin black-box zero-knowledge proof that remains secure under any a-priori bounded number of concurrent executions.

[1]  Ran Raz,et al.  A parallel repetition theorem , 1995, STOC '95.

[2]  Moni Naor,et al.  Does parallel repetition lower the error in computationally sound protocols? , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[3]  Thomas Holenstein,et al.  Parallel repetition: simplifications and the no-signaling case , 2007, STOC '07.

[4]  Rafael Pass,et al.  An efficient parallel repetition theorem for Arthur-Merlin games , 2007, STOC '07.

[5]  Ronen Shaltiel,et al.  On the (Im)Possibility of Arthur-Merlin Witness Hiding Protocols , 2009, TCC.

[6]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[7]  Russell Impagliazzo,et al.  Chernoff-Type Direct Product Theorems , 2007, Journal of Cryptology.

[8]  GoldreichOded,et al.  Definitions and properties of zero-knowledge proof systems , 1994 .

[9]  Oded Goldreich,et al.  Foundations of Cryptography: Basic Tools , 2000 .

[10]  Moni Naor,et al.  Bit commitment using pseudorandomness , 1989, Journal of Cryptology.

[11]  Joe Kilian,et al.  Lower bounds for zero knowledge on the Internet , 1998, Proceedings 39th Annual Symposium on Foundations of Computer Science (Cat. No.98CB36280).

[12]  J. Kilian,et al.  Concurrent and Resettable Zero-Knowledge in Poly-logarithmic Rounds [ Extended Abstract ] , 2001 .

[13]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[14]  Oded Goldreich,et al.  Concurrent zero-knowledge with timing, revisited , 2002, STOC '02.

[15]  Silvio Micali,et al.  Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.

[16]  Yehuda Lindell,et al.  Resettably-sound zero-knowledge and its applications , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[17]  Thomas Holenstein Parallel Repetition: Simplification and the No-Signaling Case , 2009, Theory Comput..

[18]  Mihir Bellare,et al.  On Defining Proofs of Knowledge , 1992, CRYPTO.

[19]  Hugo Krawczyk,et al.  On the Composition of Zero-Knowledge Proof Systems , 1990, ICALP.

[20]  Adi Shamir,et al.  Witness indistinguishable and witness hiding protocols , 1990, STOC '90.

[21]  Alon Rosen,et al.  A Note on the Round-Complexity of Concurrent Zero-Knowledge , 2000, CRYPTO.

[22]  Manuel Blum,et al.  How to Prove a Theorem So No One Else Can Claim It , 2010 .

[23]  Joe Kilian,et al.  Concurrent and resettable zero-knowledge in poly-loalgorithm rounds , 2001, STOC '01.

[24]  Boaz Barak,et al.  How to go beyond the black-box simulation barrier , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[25]  Amit Sahai,et al.  Concurrent zero knowledge with logarithmic round-complexity , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[26]  László Babai,et al.  Arthur-Merlin Games: A Randomized Proof System, and a Hierarchy of Complexity Classes , 1988, J. Comput. Syst. Sci..

[27]  Moni Naor,et al.  Concurrent zero-knowledge , 2004, JACM.

[28]  Ran Canetti,et al.  Black-box concurrent zero-knowledge requires \tilde {Ω} (logn) rounds , 2001, STOC '01.

[29]  Adi Shamir,et al.  Multiple non-interactive zero knowledge proofs based on a single random string , 1990, Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science.

[30]  Ivan Damgård,et al.  Efficient Concurrent Zero-Knowledge in the Auxiliary String Model , 2000, EUROCRYPT.

[31]  Oded Goldreich,et al.  How to construct constant-round zero-knowledge proof systems for NP , 1996, Journal of Cryptology.

[32]  Joe Kilian,et al.  On the Concurrent Composition of Zero-Knowledge Proofs , 1999, EUROCRYPT.

[33]  Oded Goldreich,et al.  Definitions and properties of zero-knowledge proof systems , 1994, Journal of Cryptology.

[34]  Jonathan Katz Which Languages Have 4-Round Zero-Knowledge Proofs? , 2008, TCC.

[35]  Oded Goldreich,et al.  On the power of two-point based sampling , 1989, J. Complex..

[36]  Silvio Micali,et al.  The Knowledge Complexity of Interactive Proof Systems , 1989, SIAM J. Comput..

[37]  Yehuda Lindell,et al.  Strict Polynomial-Time in Simulation and Extraction , 2004, SIAM J. Comput..

[38]  Rafael Pass,et al.  An Efficient Parallel Repetition Theorem , 2010, TCC.

[39]  Ran Canetti,et al.  Resettable zero-knowledge (extended abstract) , 2000, STOC '00.

[40]  Yehuda Lindell,et al.  Bounded-concurrent secure two-party computation without setup assumptions , 2003, STOC '03.

[41]  Avi Wigderson,et al.  P = BPP if E requires exponential circuits: derandomizing the XOR lemma , 1997, STOC '97.

[42]  Oded Goldreich,et al.  Universal arguments and their applications , 2002, Proceedings 17th IEEE Annual Conference on Computational Complexity.