论文信息 - An unconditional study of computational zero knowledge

An unconditional study of computational zero knowledge

We prove a number of general theorems about CZK, the class of problems possessing computational zero knowledge proofs. Our results are unconditional, in contrast to most previous works on CZK which rely on the assumption that one-way functions exist. We establish several new characterizations of CZK, and use these characterizations to prove results such as: 1) Honest-verifier CZK equals general CZK. 2) Public-coin CZK equals private-coin CZK. 3) CZK is closed under union (and more generally, "monotone formula closure"). 4) CZK with imperfect completeness equals CZK with perfect completeness. 5) Any problem in CZK /spl cap/ NP can be proven in computational zero knowledge by a BPP/sup NP/ prover. 6) CZK with black-box simulators equals CZK with general, non-black-box simulators. The above equalities refer to the resulting class of problems (and do not necessarily preserve other efficiency measures such as round complexity). Our approach is to combine the conditional techniques previously used in the study of CZK with the unconditional techniques developed in the study of SZK, the class of problems possessing statistical zero knowledge proofs. To enable this combination, we prove that every problem in CZK can be decomposed into a problem in SZK together with a set of instances from which a one-way function can be constructed.

Salil P. Vadhan | S. Vadhan

[1] Amit Sahai,et al. Concurrent Zero Knowledge without Complexity Assumptions , 2006, Electron. Colloquium Comput. Complex..

[2] Oded Goldreich,et al. A Note on Computational Indistinguishability , 1990, Inf. Process. Lett..

[3] Mihir Bellare,et al. Making zero-knowledge provers efficient , 1992, STOC '92.

[4] Ivan Damgård,et al. Interactive Hashing can Simplify Zero-Knowledge Protocol Design Without Computational Assumptions (Extended Abstract) , 1993, CRYPTO.

[5] Giovanni Di Crescenzo,et al. On monotone formula closure of SZK , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[6] Oded Goldreich,et al. Modern Cryptography, Probabilistic Proofs and Pseudorandomness , 1998, Algorithms and Combinatorics.

[7] Oded Goldreich,et al. How to construct constant-round zero-knowledge proof systems for NP , 1996, Journal of Cryptology.

[8] Ivan Damgård,et al. On the Existence of Bit Commitment Schemes and Zero-Knowledge Proofs , 1989, CRYPTO.

[9] Lance Fortnow,et al. The Complexity of Perfect Zero-Knowledge , 1987, Proceeding Structure in Complexity Theory.

[10] Yacov Yacobi,et al. The Complexity of Promise Problems with Applications to Public-Key Cryptography , 1984, Inf. Control..

[11] Thomas M. Cover,et al. Elements of Information Theory (Wiley Series in Telecommunications and Signal Processing) , 2006 .

[12] Giovanni Di Crescenzo,et al. Image Density is Complete for Non-Interactive-SZK (Extended Abstract) , 1998, ICALP.

[13] László Babai,et al. Arthur-Merlin Games: A Randomized Proof System, and a Hierarchy of Complexity Classes , 1988, J. Comput. Syst. Sci..

[14] Tatsuaki Okamoto. On Relationships between Statistical Zero-Knowledge Proofs , 2000, J. Comput. Syst. Sci..

[15] Salil P. Vadhan. An Unconditional Study of Computational Zero Knowledge , 2004, FOCS.

[16] Hugo Krawczyk,et al. On the Composition of Zero-Knowledge Proof Systems , 1990, ICALP.

[17] Adi Shamir,et al. IP = PSPACE , 1992, JACM.

[18] Leonid A. Levin,et al. A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[19] Moni Naor,et al. Bit commitment using pseudorandomness , 1989, Journal of Cryptology.

[20] Richard E. Overill,et al. Foundations of Cryptography: Basic Tools , 2002, J. Log. Comput..

[21] Oded Goldreich,et al. Comparing entropies in statistical zero knowledge with applications to the structure of SZK , 1999, Proceedings. Fourteenth Annual IEEE Conference on Computational Complexity (Formerly: Structure in Complexity Theory Conference) (Cat.No.99CB36317).

[22] Oded Goldreich,et al. On Promise Problems (a survey in memory of Shimon Even [1935-2004]) , 2005, Electron. Colloquium Comput. Complex..

[23] Shafi Goldwasser,et al. Private coins versus public coins in interactive proof systems , 1986, STOC '86.

[24] Rafail Ostrovsky,et al. One-way functions, hard on average problems, and statistical zero-knowledge proofs , 1991, [1991] Proceedings of the Sixth Annual Structure in Complexity Theory Conference.

[25] Thomas M. Cover,et al. Elements of Information Theory , 2005 .

[26] Andrew Chi-Chih Yao,et al. Theory and Applications of Trapdoor Functions (Extended Abstract) , 1982, FOCS.

[27] Michael Sipser,et al. A complexity theoretic approach to randomness , 1983, STOC.

[28] Oded Goldreich,et al. On Completeness and Soundness in Interactive Proof Systems , 1989, Adv. Comput. Res..

[29] Dan Suciu,et al. Journal of the ACM , 2006 .

[30] SahaiAmit,et al. A complete problem for statistical zero knowledge , 2003 .

[31] Amit Sahai,et al. Honest-verifier statistical zero-knowledge equals general statistical zero-knowledge , 1998, STOC '98.

[32] Yehuda Lindell,et al. Lower bounds for non-black-box zero knowledge , 2003, 44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings..

[33] Salil P. Vadhan,et al. Zero knowledge with efficient provers , 2006, STOC '06.

[34] Giovanni Di Crescenzo,et al. Keeping the SZK-Verifier Honest Unconditionally , 1997, CRYPTO.

[35] Larry J. Stockmeyer,et al. On Approximation Algorithms for #P , 1985, SIAM J. Comput..

[36] Gilles Brassard,et al. Privacy Amplification by Public Discussion , 1988, SIAM J. Comput..

[37] Rafail Ostrovsky,et al. Perfect zero-knowledge in constant rounds , 1990, STOC '90.

[38] Noam Nisan,et al. Extracting Randomness: A Survey and New Constructions , 1999, J. Comput. Syst. Sci..

[39] Daniele Micciancio,et al. Statistical Zero-Knowledge Proofs with Efficient Provers: Lattice Problems and More , 2003, CRYPTO.

[40] Johan Håstad,et al. Statistical Zero-Knowledge Languages can be Recognized in Two Rounds , 1991, J. Comput. Syst. Sci..

[41] Leslie G. Valiant,et al. Random Generation of Combinatorial Structures from a Uniform Distribution , 1986, Theor. Comput. Sci..

[42] Boaz Barak,et al. How to go beyond the black-box simulation barrier , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[43] Carsten Lund,et al. Algebraic methods for interactive proof systems , 1990, Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science.

[44] David Chaum,et al. Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[45] Mihir Bellare,et al. Uniform Generation of NP-Witnesses Using an NP-Oracle , 2000, Inf. Comput..

[46] Silvio Micali,et al. Everything Provable is Provable in Zero-Knowledge , 1990, CRYPTO.

[47] Rafail Ostrovsky,et al. One-way functions are essential for non-trivial zero-knowledge , 1993, [1993] The 2nd Israel Symposium on Theory and Computing Systems.

[48] Silvio Micali,et al. Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.

[49] Nancy A. Lynch,et al. Comparison of polynomial-time reducibilities , 1974, STOC '74.

[50] Noam Nisan,et al. Randomness is Linear in Space , 1996, J. Comput. Syst. Sci..

[51] Oded Goldreich,et al. Definitions and properties of zero-knowledge proof systems , 1994, Journal of Cryptology.

[52] Leonid A. Levin,et al. Pseudo-random Generation from one-way functions (Extended Abstracts) , 1989, STOC 1989.

[53] Gábor Tardos,et al. On the Knowledge Complexity of NP , 1996, IEEE Annual Symposium on Foundations of Computer Science.

[54] Amit Sahai,et al. Can Statistical Zero Knowledge Be Made Non-interactive? or On the Relationship of SZK and NISZK , 1998, CRYPTO.

[55] Hugo Krawczyk,et al. Sparse Pseudorandom Distributions , 1989, CRYPTO.

[56] Moni Naor,et al. Concurrent zero-knowledge , 1998, STOC '98.

[57] Silvio Micali,et al. The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[58] Oded Goldreich,et al. Quantifying knowledge complexity , 1999, computational complexity.