We show how to transform any interactive proof system which is statistical zero-knowledge with respect to the honest-verifier, into a proof system which is statistical zero-knowledge with respect to any verifier. This is done by limiting the behavior of potentially cheating verifiers, without using computational assumptions or even referring to the complexity of such verifier strategies. (Previous transformations have either relied on computational assumptions or were applicable only to constant-round public-coin proof systems.) Our transformation also applies to public-coin (aka Arthur-Merlin) computational zero-knowledge proofs: We transform any Arthur-Merlin proof system which is computational zero-knowledge with respect to the honest-verifier, into an Arthur-Merlin proof systemwhich is computational zero-knowledgewith respect to any probabilistic polynomialtime verifier. A crucial ingredient in our analysis is a new lemma regarding 2-universal hashing functions. Keywords: Complexit...

The Random Oracle Hypothesis, attributed to Bennett and Gill, essentially states that the relationships between complexity classes which hold for almost all relativized worlds must also hold in the unrelativized case. Although this paper is not the first to provide a counterexample to the Random Oracle Hypothesis, it does provide a most compelling counterexample by showing that for almost all oracles A, IP A 6= PSPACE A . If the Random Oracle Hypothesis were true, it would contradict Shamir's result that IP = PSPACE. In fact, it is shown that for almost all oracles A, co-NP A 6` IP A . These results extend to the multi-prover proof systems of Ben-Or, Goldwasser, Kilian and Wigderson. In addition, this paper shows that the Random Oracle Hypothesis is sensitive to small changes in the definition. A class IPP, similar to IP, is defined. Surprisingly, the IPP = PSPACE result holds for all oracle worlds. 1 Department of Computer Science, Cornell University, Ithaca, NY 14853, U.S.A...

In this paper we propose a definition for honest verifier quantum statistical zero-knowledge interactive proof systems and study the resulting complexity class, which we denote QSZK

Various types of probabilistic proof systems have played a central role in the development of computer science in the last decade. In this exposition, we concentrate on three such proof systems -- interactive proofs, zero-knowledge proofs, and probabilistic checkable proofs -- stressing the essential role of randomness in each of them.

It has been shown that the class of languages with interactive proofs, IP, is exactly the class PSPACE. This surprising result elegantly places IP in the standard classification of feasible computations. Furthermore, the IP = PSPACE result reveals some very interesting and unsuspected properties of mathematical proofs. In this column we define the width of a proof in a formal system F and show that it is an intuitively satisfying and robust definition. Then, using the IP = PSPACE result, it is seen that the width of a proof (as opposed to the length) determines how quickly one can give overwhelming evidence that a theorem is provable without showing the full proof. 1 On Proofs and Interactive Proofs A mathematician has the most confidence in the truth of a theorem when he/she is given a complete proof of the theorem in a trusted formal system. Let F be such a formal system in which the correctness of a proof can be checked by a verifier in polynomial time. The class NP clearly captures all the theorems which have polynomially long proofs. The NP =? P question is the question about the quantitative computational difference between finding a proof of a theorem and checking the correctness of a given proof. Some years ago, theoretical computer scientists asked whether it is possible to give convincing evidence that a theorem is provable in F without showing a complete

It has been shown that the class of languages with interactive proofs, IP, is exactly the class PSPACE. This surprising result elegantly places IP in the standard classification of feasible computations. Furthermore, the IP = PSPACE result reveals some very interesting and unsuspected properties of mathematical proofs. In this column we define the width of a proof in a formal system F and show that it is an intuitively satisfying and robust definition. Then, using the IP = PSPACE result, it is seen that the width of a proof (as opposed to the length) determines how quickly one can give overwhelming evidence that a theorem is provable without showing the full proof. 1 On Proofs and Interactive Proofs A mathematician has the most confidence in the truth of a theorem when he/she is given a complete proof of the theorem in a trusted formal system. Let F be such a formal system in which the correctness of a proof can be checked by a verifier in polynomial time. The class NP clearly capture...

This paper presents a protocol aiming at proving that an encryption system contains structural weaknesses without disclosing any information on those weaknesses. A verifier can check in a polynomial time that a given property of the cipher system output has been e#ectively realized. This property has been chosen by the prover in such a way that it cannot been achieved by known attacks or exhaustive search but only if the prover indeed knows some unknown weaknesses that may e#ectively endanger the cryptosystem security. This protocol has been denoted zero-knowledge-like proof of cryptanalysis. In this paper, we apply this protocol to the Bluetooth core encryption algorithm E0, used in many mobile environments and thus we prove that its security can seriously be put into question.