Multi-prover interactive proofs: how to remove intractability assumptions

Quite complex cryptographic machinery has been developed based on the assumption that one-way functions exist, yet we know of only a few possible such candidates. It is important at this time to find alternative foundations to the design of secure cryptography. We introduce a new model of generalized interactive proofs as a step in this direction. We prove that all NP languages have perfect zero-knowledge proof-systems in this model, without making any intractability assumptions. The generalized interactive-proof model consists of two computationally unbounded and untrusted provers, rather than one, who jointly agree on a strategy to convince the verifier of the truth of an assertion and then engage in a polynomial number of message exchanges with the verifier in their attempt to do so. To believe the validity of the assertion, the verifier must make sure that the two provers can not communicate with each other during the course of the proof process. Thus, the complexity assumptions made in previous work, have been traded for a physical separation between the two provers. We call this new model the multi-prover interactive-proof model, and examine its properties and applicability to cryptography.

[1]  Clemens Lautemann,et al.  BPP and the Polynomial Hierarchy , 1983, Inf. Process. Lett..

[2]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[3]  Moshe Tennenholtz,et al.  The Noisy Oracle Problem , 1988, CRYPTO.

[4]  Andrew Chi-Chih Yao,et al.  How to Generate and Exchange Secrets (Extended Abstract) , 1986, FOCS.

[5]  Stathis Zachos,et al.  Does co-NP Have Short Interactive Proofs? , 1987, Inf. Process. Lett..

[6]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[7]  Oded Goldreich,et al.  How to Solve any Protocol Problem - An Efficiency Improvement , 1987, CRYPTO.

[8]  David A. Mix Barrington,et al.  Bounded-width polynomial-size branching programs recognize exactly those languages in NC1 , 1986, STOC '86.

[9]  Oded Goldreich,et al.  Unbiased bits from sources of weak randomness and probabilistic communication complexity , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[10]  A. Yao How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[11]  Moti Yung,et al.  A private interactive test of a boolean predicate a minimum-knowledge public-key cryptosystems , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[12]  Andrew Chi-Chih Yao,et al.  Theory and Applications of Trapdoor Functions (Extended Abstract) , 1982, FOCS.

[13]  Gilles Brassard,et al.  Zero-Knowledge Simulation of Boolean Circuits , 1986, CRYPTO.

[14]  Lance Fortnow,et al.  The Complexity of Perfect Zero-Knowledge , 1987, Proceeding Structure in Complexity Theory.

[15]  David A. Mix Barrington,et al.  Bounded-Width Polynomial-Size Branching Programs Recognize Exactly Those Languages in NC¹ , 1989, J. Comput. Syst. Sci..

[16]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[17]  Oded Goldreich,et al.  Interactive proof systems: Provers that never fail and random selection , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[18]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[19]  Larry Carter,et al.  Universal Classes of Hash Functions , 1979, J. Comput. Syst. Sci..