A One-Round, Two-Prover, Zero-Knowledge Protocol for NP

The model of zero knowledge multi prover interactive proofs was introduced by Ben-Or, Goldwasser, Kilian and Wigderson. A major open problem associated with these protocols is whether they can be executed in parallel. A positive answer was claimed by Fortnow, Rompel and Sipser, but its proof was later shown to be flawed by Fortnow who demonstrated that the probability of cheating in n independent parallel rounds can be exponentially higher than the probability of cheating in n independent sequential rounds. In this paper we use refined combinatorial arguments to settle this problem by proving that the probability of cheating in a parallelized BGKW protocol is at most 1/2n/9, and thus every problem in NP has a one-round two prover protocol which is perfectly zero knowledge under no cryptographic assumptions.

[1]  Amos Fiat,et al.  Zero Knowledge Proofs of Identity , 1987, STOC.

[2]  Adi Shamir,et al.  Fully parallelized multi prover protocols for NEXP-time , 1991, [1991] Proceedings 32nd Annual Symposium of Foundations of Computer Science.

[3]  Rafail Ostrovsky,et al.  Perfect zero-knowledge in constant rounds , 1990, STOC '90.

[4]  Silvio Micali,et al.  The Knowledge Complexity of Interactive Proof Systems , 1989, SIAM J. Comput..

[5]  L. Fortnow Complexity-Theoretic Aspects of Interactive Proof Systems , 1989 .

[6]  Amos Fiat,et al.  Zero-knowledge proofs of identity , 1988, Journal of Cryptology.

[7]  Stathis Zachos,et al.  Does co-NP Have Short Interactive Proofs? , 1987, Inf. Process. Lett..

[8]  Avi Wigderson,et al.  Multi-prover interactive proofs: how to remove intractability assumptions , 2019, STOC '88.

[9]  Moti Yung,et al.  Everything in NP can be Argued in Perfect Zero-Knowledge in a Bounded Number of Rounds , 1989, ICALP.

[10]  L. Fortnow,et al.  On the power of multi-power interactive protocols , 1988, [1988] Proceedings. Structure in Complexity Theory Third Annual Conference.

[11]  Richard J. Lipton,et al.  Playing Games of Incomplete Information , 1990, Symposium on Theoretical Aspects of Computer Science.

[12]  Lance Fortnow,et al.  The Complexity of Perfect Zero-Knowledge , 1987, Proceeding Structure in Complexity Theory.

[13]  Mihir Bellare,et al.  On Defining Proofs of Knowledge , 1992, CRYPTO.

[14]  Adi Shamir,et al.  Witness indistinguishable and witness hiding protocols , 1990, STOC '90.

[15]  Moti Yung,et al.  Everything in NP can be Argued in Perfect Zero-Knowledge in a Bounded Number of Rounds (Extended Abstract) , 1989, EUROCRYPT.

[16]  Silvio Micali,et al.  Proofs that yield nothing but their validity and a methodology of cryptographic protocol design , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[17]  Uriel Feige On the success probability of the two provers in one-round proof systems , 1991, [1991] Proceedings of the Sixth Annual Structure in Complexity Theory Conference.