Results 1  10
of
12
HonestVerifier Statistical ZeroKnowledge Equals General Statistical ZeroKnowledge
 In Proceedings of the 30th Annual ACM Symposium on Theory of Computing
, 1998
"... We show how to transform any interactive proof system which is statistical zeroknowledge with respect to the honestverifier, into a proof system which is statistical zeroknowledge with respect to any verifier. This is done by limiting the behavior of potentially cheating verifiers, without using ..."
Abstract

Cited by 48 (16 self)
 Add to MetaCart
We show how to transform any interactive proof system which is statistical zeroknowledge with respect to the honestverifier, into a proof system which is statistical zeroknowledge with respect to any verifier. This is done by limiting the behavior of potentially cheating verifiers, without using computational assumptions or even referring to the complexity of such verifier strategies. (Previous transformations have either relied on computational assumptions or were applicable only to constantround publiccoin proof systems.) Our transformation also applies to publiccoin (aka ArthurMerlin) computational zeroknowledge proofs: We transform any ArthurMerlin proof system which is computational zeroknowledge with respect to the honestverifier, into an ArthurMerlin proof systemwhich is computational zeroknowledgewith respect to any probabilistic polynomialtime verifier. A crucial ingredient in our analysis is a new lemma regarding 2universal hashing functions. Keywords: Complexit...
Limits on the Power of Quantum Statistical ZeroKnowledge
, 2003
"... In this paper we propose a definition for honest verifier quantum statistical zeroknowledge interactive proof systems and study the resulting complexity class, which we denote QSZK ..."
Abstract

Cited by 39 (4 self)
 Add to MetaCart
(Show Context)
In this paper we propose a definition for honest verifier quantum statistical zeroknowledge interactive proof systems and study the resulting complexity class, which we denote QSZK
The random oracle hypothesis is false
, 1990
"... The Random Oracle Hypothesis, attributed to Bennett and Gill, essentially states that the relationships between complexity classes which holdforalmost all relativized worlds must also hold in the unrelativized case. Although this paper is not the rst to provideacounterexample to the Random Oracle Hy ..."
Abstract

Cited by 28 (2 self)
 Add to MetaCart
(Show Context)
The Random Oracle Hypothesis, attributed to Bennett and Gill, essentially states that the relationships between complexity classes which holdforalmost all relativized worlds must also hold in the unrelativized case. Although this paper is not the rst to provideacounterexample to the Random Oracle Hypothesis, it does provide a most compelling counterexample by showing that for almost all oracles A, IP A 6=PSPACE A. If the Random Oracle Hypothesis were true, it would contradict Shamir's result that IP = PSPACE. In fact, it is shown that for almost all oracles A, coNP A 6 IP A. These results extend to the multiprover proof systems of BenOr, Goldwasser, Kilian and Wigderson. In addition, this paper shows that the Random Oracle Hypothesis is sensitive to small changes in the de nition. A class IPP, similar to IP, is de ned. Surprisingly, the IPP = PSPACE result holds for all oracle worlds. Warning: Essentially this paper has been published in Information and Computation and is hence subject to copyright restrictions. It is for personal use only. 1
Probabilistic Proof Systems  A Survey
 IN SYMPOSIUM ON THEORETICAL ASPECTS OF COMPUTER SCIENCE
, 1996
"... Various types of probabilistic proof systems have played a central role in the development of computer science in the last decade. In this exposition, we concentrate on three such proof systems  interactive proofs, zeroknowledge proofs, and probabilistic checkable proofs  stressing the essen ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
Various types of probabilistic proof systems have played a central role in the development of computer science in the last decade. In this exposition, we concentrate on three such proof systems  interactive proofs, zeroknowledge proofs, and probabilistic checkable proofs  stressing the essential role of randomness in each of them.
On IP=PSPACE and theorems with narrow proofs
 EATCS Bulletin
"... It has been shown that the class of languages with interactive proofs, IP, is exactly the class PSPACE. This surprising result elegantly places IP in the standard classification of feasible computations. Furthermore, the IP = PSPACE result reveals some very interesting and unsuspected properties of ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
(Show Context)
It has been shown that the class of languages with interactive proofs, IP, is exactly the class PSPACE. This surprising result elegantly places IP in the standard classification of feasible computations. Furthermore, the IP = PSPACE result reveals some very interesting and unsuspected properties of mathematical proofs. In this column we define the width of a proof in a formal system F and show that it is an intuitively satisfying and robust definition. Then, using the IP = PSPACE result, it is seen that the width of a proof (as opposed to the length) determines how quickly one can give overwhelming evidence that a theorem is provable without showing the full proof. 1 On Proofs and Interactive Proofs A mathematician has the most confidence in the truth of a theorem when he/she is given a complete proof of the theorem in a trusted formal system. Let F be such a formal system in which the correctness of a proof can be checked by a verifier in polynomial time. The class NP clearly captures all the theorems which have polynomially long proofs. The NP =? P question is the question about the quantitative computational difference between finding a proof of a theorem and checking the correctness of a given proof. Some years ago, theoretical computer scientists asked whether it is possible to give convincing evidence that a theorem is provable in F without showing a complete
Zeroknowledgelike Proof of Cryptanalysis of
, 2006
"... This paper presents a protocol aiming at proving that an encryption system contains structural weaknesses without disclosing any information on those weaknesses. A verifier can check in a polynomial time that a given property of the cipher system output has been e#ectively realized. This propert ..."
Abstract
 Add to MetaCart
This paper presents a protocol aiming at proving that an encryption system contains structural weaknesses without disclosing any information on those weaknesses. A verifier can check in a polynomial time that a given property of the cipher system output has been e#ectively realized. This property has been chosen by the prover in such a way that it cannot been achieved by known attacks or exhaustive search but only if the prover indeed knows some unknown weaknesses that may e#ectively endanger the cryptosystem security. This protocol has been denoted zeroknowledgelike proof of cryptanalysis. In this paper, we apply this protocol to the Bluetooth core encryption algorithm E0, used in many mobile environments and thus we prove that its security can seriously be put into question.
Edward Epsen
"... signaling Abstract. We observe that in certain twoplayer repeated games of incomplete information, where information may be incomplete on both sides, it is possible for an informed player to signal his status as an informed player to the other without revealing any information about the choice of c ..."
Abstract
 Add to MetaCart
(Show Context)
signaling Abstract. We observe that in certain twoplayer repeated games of incomplete information, where information may be incomplete on both sides, it is possible for an informed player to signal his status as an informed player to the other without revealing any information about the choice of chance. The key to obtaining such a class of games is to relax the assumption that the players ’ moves are observable. We show that in such cases players can achieve a kind of signaling that is “zeroknowledge”, in the sense that the other player becomes convinced that her opponent is informed without ever learning the choice of chance. Moreover, such “zeroknowledge signaling ” has all of the statistical properties associated with zeroknowledge proofs in intereactive protocols. In particular, under the general assumption that moves are unobservable, such signaling leads to a class of equilibria in repeated games that are separating in regard to the status of player 1—informed or uninformed—but only for player 2; any other player in a network, being unable to observe the moves of player 2, remains uncertain as to the status of player 1.
On IP = PSPACE and Theorems with Narrow Proofs
, 1990
"... It has been shown that the class of languages with interactive proofs, IP, is exactly the class PSPACE. This surprising result elegantly places IP in the standard classification of feasible computations. Furthermore, the IP = PSPACE result reveals some very interesting and unsuspected properties of ..."
Abstract
 Add to MetaCart
It has been shown that the class of languages with interactive proofs, IP, is exactly the class PSPACE. This surprising result elegantly places IP in the standard classification of feasible computations. Furthermore, the IP = PSPACE result reveals some very interesting and unsuspected properties of mathematical proofs. In this column we define the width of a proof in a formal system F and show that it is an intuitively satisfying and robust definition. Then, using the IP = PSPACE result, it is seen that the width of a proof (as opposed to the length) determines how quickly one can give overwhelming evidence that a theorem is provable without showing the full proof. 1 On Proofs and Interactive Proofs A mathematician has the most confidence in the truth of a theorem when he/she is given a complete proof of the theorem in a trusted formal system. Let F be such a formal system in which the correctness of a proof can be checked by a verifier in polynomial time. The class NP clearly capture...
;7
, 1997
"... 1 Introduction Computational complexity theory studies the quantitative laws which govern computing. It seeks a comprehensive classification of problems by their intrinsic difficulty and an understanding of what makes these problems hard to compute. The key concept in classifying the computational c ..."
Abstract
 Add to MetaCart
(Show Context)
1 Introduction Computational complexity theory studies the quantitative laws which govern computing. It seeks a comprehensive classification of problems by their intrinsic difficulty and an understanding of what makes these problems hard to compute. The key concept in classifying the computational complexity of problems is the complexity class which consists of all the problems solvable on a given computational model and within a given resource bound.
unknown title
"... signaling Abstract. We observe that in certain twoplayer repeated games of incomplete information, where information may be incomplete on both sides, it is possible for an informed player to signal his status as an informed player to the other without revealing any information about the choice of c ..."
Abstract
 Add to MetaCart
(Show Context)
signaling Abstract. We observe that in certain twoplayer repeated games of incomplete information, where information may be incomplete on both sides, it is possible for an informed player to signal his status as an informed player to the other without revealing any information about the choice of chance. The key to obtaining such a class of games is to relax the assumption that the players ’ moves are observable. We show that in such cases players can achieve a kind of signaling that is “zeroknowledge”, in the sense that the other player becomes convinced that her opponent is informed without ever learning the choice of chance. Moreover, such “zeroknowledge signaling ” has all of the statistical properties associated with zeroknowledge proofs in intereactive protocols. In particular, under the general assumption that moves are unobservable, such signaling leads to a class of equilibria in repeated games that are separating in regard to the status of player 1—informed or uninformed—but only for player 2; any other player in a network, being unable to observe the moves of player 2, remains uncertain as to the status of player 1.