Languages with Efficient Zero-Knowledge PCP's are in SZK

A Zero-Knowledge PCP (ZK-PCP) is a randomized PCP such that the view of any (perhaps cheating) efficient verifier can be efficiently simulated up to small statistical distance. Kilian, Petrank, and Tardos (STOC '97) constructed ZK-PCPs for all languages in NEXP. Ishai, Mahmoody, and Sahai (TCC '12), motivated by cryptographic applications, revisited the possibility of efficient ZK-PCPs for all of NP where the PCP is encoded as a polynomial-size circuit that given a query i returns the ith symbol of the PCP. Ishai et al showed that there is no efficient ZK-PCP for NP with a non-adaptive verifier, that prepares all of its PCP queries before seeing any answers, unless NP⊆coAM and the polynomial-time hierarchy collapses. The question of whether adaptive verification can lead to efficient ZK-PCPs for NP remained open. In this work, we resolve this question and show that any language or promise problem with efficient ZK-PCPs must be in SZK (the class of promise problems with a statistical zero-knowledge single prover proof system). Therefore, no NP-complete problem can have an efficient ZK-PCP unless NP⊆SZK (which also implies NP⊆coAM and the polynomial-time hierarchy collapses). We prove our result by reducing any promise problem with an efficient ZK-PCP to two instances of the Conditional Entropy Approximation problem defined and studied by Vadhan (FOCS'04) which is known to be complete for the class SZK.

[1]  Daniele Micciancio,et al.  Statistical Zero-Knowledge Proofs with Efficient Provers: Lattice Problems and More , 2003, CRYPTO.

[2]  Johan Håstad,et al.  Statistical Zero-Knowledge Languages can be Recognized in Two Rounds , 1991, J. Comput. Syst. Sci..

[3]  Jonathan Katz,et al.  Universally Composable Multi-party Computation Using Tamper-Proof Hardware , 2007, EUROCRYPT.

[4]  Avi Wigderson,et al.  Multi-prover interactive proofs: how to remove intractability assumptions , 2019, STOC '88.

[5]  Amit Sahai,et al.  New Constructions for UC Secure Computation Using Tamper-Proof Hardware , 2008, EUROCRYPT.

[6]  Iftach Haitner,et al.  A New Sampling Protocol and Applications to Basing Cryptographic Primitives on the Hardness of NP , 2010, 2010 IEEE 25th Annual Conference on Computational Complexity.

[7]  Joe Kilian,et al.  A note on efficient zero-knowledge proofs and arguments (extended abstract) , 1992, STOC '92.

[8]  Carsten Lund,et al.  Non-deterministic exponential time has two-prover interactive protocols , 2005, computational complexity.

[9]  Silvio Micali,et al.  Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.

[10]  Vladimir Kolesnikov,et al.  Truly Efficient String Oblivious Transfer Using Resettable Tamper-Proof Tokens , 2010, TCC.

[11]  Salil P. Vadhan,et al.  An unconditional study of computational zero knowledge , 2004, 45th Annual IEEE Symposium on Foundations of Computer Science.

[12]  Lance Fortnow,et al.  The Complexity of Perfect Zero-Knowledge , 1987, Proceeding Structure in Complexity Theory.

[13]  Sanjeev Arora,et al.  Probabilistic checking of proofs: a new characterization of NP , 1998, JACM.

[14]  Luca Trevisan Average-case Complexity , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[15]  Joan Feigenbaum,et al.  On the random-self-reducibility of complete sets , 1991, [1991] Proceedings of the Sixth Annual Structure in Complexity Theory Conference.

[16]  Yael Tauman Kalai,et al.  One-Time Programs , 2008, CRYPTO.

[17]  Yuval Ishai,et al.  Interactive Locking, Zero-Knowledge PCPs, and Unconditional Cryptography , 2010, Electron. Colloquium Comput. Complex..

[18]  Yuval Ishai,et al.  Founding Cryptography on Tamper-Proof Hardware Tokens , 2010, IACR Cryptol. ePrint Arch..

[19]  Shafi Goldwasser,et al.  Private coins versus public coins in interactive proof systems , 1986, STOC '86.

[20]  Gil Segev,et al.  David and Goliath Commitments: UC Computation for Asymmetric Parties Using Tamper-Proof Hardware , 2008, EUROCRYPT.

[21]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[22]  Stathis Zachos,et al.  Does co-NP Have Short Interactive Proofs? , 1987, Inf. Process. Lett..

[23]  Carsten Lund,et al.  Nondeterministic exponential time has two-prover interactive protocols , 1990, Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science.

[24]  Oded Goldreich,et al.  Definitions and properties of zero-knowledge proof systems , 1994, Journal of Cryptology.

[25]  Oded Goldreich,et al.  On basing one-way functions on NP-hardness , 2006, STOC '06.

[26]  László Babai,et al.  Arthur-Merlin Games: A Randomized Proof System, and a Hierarchy of Complexity Classes , 1988, J. Comput. Syst. Sci..

[27]  Rafail Ostrovsky,et al.  Resettable Statistical Zero Knowledge , 2012, IACR Cryptol. ePrint Arch..

[28]  Joan Feigenbaum,et al.  Random-Self-Reducibility of Complete Sets , 1993, SIAM J. Comput..

[29]  Salil P. Vadhan,et al.  An Equivalence Between Zero Knowledge and Commitments , 2008, TCC.

[30]  Lance Fortnow,et al.  On the Power of Multi-Prover Interactive Protocols , 1994, Theor. Comput. Sci..

[31]  Rafail Ostrovsky,et al.  Concurrent Statistical Zero-Knowledge Arguments for NP from One Way Functions , 2007, ASIACRYPT.

[32]  Carsten Lund,et al.  Proof verification and hardness of approximation problems , 1992, Proceedings., 33rd Annual Symposium on Foundations of Computer Science.

[33]  Moni Naor,et al.  Low Communication 2-Prover Zero-Knowledge Proofs for NP , 1992, CRYPTO.

[34]  Joe Kilian,et al.  Probabilistically checkable proofs with zero knowledge , 1997, STOC '97.

[35]  Yuval Ishai,et al.  On Efficient Zero-Knowledge PCPs , 2012, TCC.

[36]  Avi Wigderson,et al.  On interactive proofs with a laconic prover , 2001, computational complexity.

[37]  Kathleen M. Hannafin,et al.  The Effect of Computerized Tests on the Performance and Attitudes of College Students , 1989 .

[38]  Ran Canetti,et al.  Resettable zero-knowledge (extended abstract) , 2000, STOC '00.

[39]  Tatsuaki Okamoto,et al.  On relationships between statistical zero-knowledge proofs , 1996, STOC '96.