Non-Interactive Zero-Knowledge: A Low-Randomness Characterization of NP

We show that any language L in NP has a noninteractive zero-knowledge proof system which uses Θ(log(1/s) + nƐ) random bits, where s is the soundness error, n the length of the input and Ɛ can be any constant > 0. In order to achieve this result, we formulate and investigate the problem of randomness-efficient error reduction for noninteractive zero-knowledge proofs, which generalizes the analogue and well-studied problem for BPP computation.

[1]  Amit Sahai,et al.  Can Statistical Zero Knowledge Be Made Non-interactive? or On the Relationship of SZK and NISZK , 1998, CRYPTO.

[2]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[3]  David S. Johnson,et al.  Computers and Intractability: A Guide to the Theory of NP-Completeness , 1978 .

[4]  Rafail Ostrovsky,et al.  One-way functions, hard on average problems, and statistical zero-knowledge proofs , 1991, [1991] Proceedings of the Sixth Annual Structure in Complexity Theory Conference.

[5]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[6]  Avi Wigderson,et al.  Multi-prover interactive proofs: how to remove intractability assumptions , 2019, STOC '88.

[7]  Manuel Blum,et al.  Non-interactive zero-knowledge and its applications , 1988, STOC '88.

[8]  Manuel Blum,et al.  How to generate cryptographically strong sequences of pseudo random bits , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[9]  Adi Shamir,et al.  Multiple non-interactive zero knowledge proofs based on a single random string , 1990, Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science.

[10]  Giovanni Di Crescenzo,et al.  The Knowledge Complexity of Quadratic Residuosity Languages , 1994, Theor. Comput. Sci..

[11]  Moti Yung,et al.  Crptograpic Applications of the Non-Interactive Metaproof and Many-Prover Systems , 1990, CRYPTO.

[12]  Rafail Ostrovsky,et al.  Robust Non-interactive Zero Knowledge , 2001, CRYPTO.

[13]  Lance Fortnow,et al.  The Complexity of Perfect Zero-Knowledge , 1987, Proceeding Structure in Complexity Theory.

[14]  Rafail Ostrovsky,et al.  Non-interactive and non-malleable commitment , 1998, STOC '98.

[15]  Adi Shamir,et al.  Multiple NonInteractive Zero Knowledge Proofs Under General Assumptions , 1999, SIAM J. Comput..

[16]  Moni Naor,et al.  Non-malleable cryptography , 1991, STOC '91.

[17]  Manuel Blum,et al.  Noninteractive Zero-Knowledge , 1991, SIAM J. Comput..

[18]  Joan Boyar,et al.  Short Discrete Proofs , 1996, EUROCRYPT.

[19]  Giovanni Di Crescenzo,et al.  Image Density is Complete for Non-Interactive-SZK (Extended Abstract) , 1998, ICALP.

[20]  Rafail Ostrovsky,et al.  Efficient and Non-interactive Non-malleable Commitment , 2001, EUROCRYPT.

[21]  Joe Kilian,et al.  On the complexity of bounded-interaction and noninteractive zero-knowledge proofs , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[22]  János Komlós,et al.  Deterministic simulation in LOGSPACE , 1987, STOC.

[23]  Ivan Damgård,et al.  Non-Interactive Circuit Based Proofs and Non-Interactive Perfect Zero-knowledge with Proprocessing , 1992, EUROCRYPT.

[24]  Avi Wigderson,et al.  Dispersers, deterministic amplification, and weak random sources , 1989, 30th Annual Symposium on Foundations of Computer Science.

[25]  László Lovász,et al.  Approximating clique is almost NP-complete , 1991, [1991] Proceedings 32nd Annual Symposium of Foundations of Computer Science.

[26]  Russell Impagliazzo,et al.  How to recycle random bits , 1989, 30th Annual Symposium on Foundations of Computer Science.

[27]  S. Micali,et al.  Noninteractive Zero-Knowledge , 1990, SIAM J. Comput..

[28]  Johan Håstad,et al.  Perfect zero-knowledge languages can be recognized in two rounds , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[29]  Giovanni Di Crescenzo,et al.  Recycling Random Bits in Composed Perfect Zero-Knowledge , 1995, EUROCRYPT.

[30]  Silvio Micali,et al.  The Knowledge Complexity of Interactive Proof Systems , 1989, SIAM J. Comput..

[31]  Amit Sahai,et al.  Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[32]  Gilles Brassard,et al.  Non-transitive transfer of confidence: A perfect zero-knowledge interactive protocol for SAT and beyond , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[33]  Giovanni Di Crescenzo,et al.  Randomness-Efficient Non-Interactive Zero-Knowledge (Extended Abstract) , 1997, ICALP.

[34]  Leonid A. Levin,et al.  A hard-core predicate for all one-way functions , 1989, STOC '89.

[35]  Silvio Micali,et al.  Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.

[36]  Rafail Ostrovsky,et al.  Computational Complexity and Knowledge Complexity , 1994, Electron. Colloquium Comput. Complex..

[37]  Joe Kilian,et al.  An Efficient Noninteractive Zero-Knowledge Proof System for NP with General Assumptions , 1998, Journal of Cryptology.