Results 1  10
of
48
Proofs that Yield Nothing but Their Validity or All Languages in NP Have ZeroKnowledge Proof Systems
 Journal of the ACM
, 1991
"... Abstract. In this paper the generality and wide applicability of Zeroknowledge proofs, a notion introduced by Goldwasser, Micali, and Rackoff is demonstrated. These are probabilistic and interactive proofs that, for the members of a language, efficiently demonstrate membership in the language witho ..."
Abstract

Cited by 377 (47 self)
 Add to MetaCart
Abstract. In this paper the generality and wide applicability of Zeroknowledge proofs, a notion introduced by Goldwasser, Micali, and Rackoff is demonstrated. These are probabilistic and interactive proofs that, for the members of a language, efficiently demonstrate membership in the language without conveying any additional knowledge. All previously known zeroknowledge proofs were only for numbertheoretic languages in NP fl CONP. Under the assumption that secure encryption functions exist or by using “physical means for hiding information, ‘ ‘ it is shown that all languages in NP have zeroknowledge proofs. Loosely speaking, it is possible to demonstrate that a CNF formula is satisfiable without revealing any other property of the formula, in particular, without yielding neither a
The Complexity of Perfect ZeroKnowledge
, 1987
"... A Perfect ZeroKnowledge interactive proof system convinces a verifier that a string is in a language without revealing any additional knowledge in an informationtheoretic sense. We show that for any language that has a perfect zeroknowledge proof system, its complement has a short interactive pro ..."
Abstract

Cited by 86 (3 self)
 Add to MetaCart
A Perfect ZeroKnowledge interactive proof system convinces a verifier that a string is in a language without revealing any additional knowledge in an informationtheoretic sense. We show that for any language that has a perfect zeroknowledge proof system, its complement has a short interactive protocol. This result implies that there are not any perfect zeroknowledge protocols for NPcomplete languages unless the polynomial time hierarchy collapses. This paper demonstrates that knowledge complexity can be used to show that a language is easy to prove. 1 Introduction Interactive protocols and zeroknowledge, as described by Goldwasser, Micali and Rackoff [GMR], have in recent years proven themselves to be important models of computation in both complexity and cryptography. Interactive proof systems are a randomized extension to NP which give us a greater understanding of what an infinitely powerful machine can prove to a probabilistic polynomial one. Recent results about interactive...
On WorstCase to AverageCase Reductions for NP Problems
 IN PROCEEDINGS OF THE 44TH IEEE SYMPOSIUM ON FOUNDATIONS OF COMPUTER SCIENCE
, 2003
"... We show that if an NPcomplete problem has a nonadaptive selfcorrector with respect to a samplable distribution then coNP is contained in AM/poly and the polynomial hierarchy collapses to the third level. Feigenbaum and Fortnow show the same conclusion under the stronger assumption that an NPcompl ..."
Abstract

Cited by 51 (5 self)
 Add to MetaCart
We show that if an NPcomplete problem has a nonadaptive selfcorrector with respect to a samplable distribution then coNP is contained in AM/poly and the polynomial hierarchy collapses to the third level. Feigenbaum and Fortnow show the same conclusion under the stronger assumption that an NPcomplete problem has a nonadaptive random selfreduction. Our result
Statistical zeroknowledge proofs with efficient provers: Lattice problems and more
 In CRYPTO
, 2003
"... Abstract. We construct several new statistical zeroknowledge proofs with efficient provers, i.e. ones where the prover strategy runs in probabilistic polynomial time given an NP witness for the input string. Our first proof systems are for approximate versions of the Shortest Vector Problem (SVP) a ..."
Abstract

Cited by 39 (8 self)
 Add to MetaCart
Abstract. We construct several new statistical zeroknowledge proofs with efficient provers, i.e. ones where the prover strategy runs in probabilistic polynomial time given an NP witness for the input string. Our first proof systems are for approximate versions of the Shortest Vector Problem (SVP) and Closest Vector Problem (CVP), where the witness is simply a short vector in the lattice or a lattice vector close to the target, respectively. Our proof systems are in fact proofs of knowledge, and as a result, we immediately obtain efficient latticebased identification schemes which can be implemented with arbitrary families of lattices in which the approximate SVP or CVP are hard. We then turn to the general question of whether all problems in SZK ∩ NP admit statistical zeroknowledge proofs with efficient provers. Towards this end, we give a statistical zeroknowledge proof system with an efficient prover for a natural restriction of Statistical Difference, a complete problem for SZK. We also suggest a plausible approach to resolving the general question in the positive. 1
A Complete Problem for Statistical Zero Knowledge
, 2002
"... We present the rst complete problem for SZK, the class of promise problems possessing statistical zeroknowledge proofs (against an honest veri er). The problem, called Statistical Difference, is to decide whether two eciently samplable distributions are either statistically close or far apart. Th ..."
Abstract

Cited by 36 (13 self)
 Add to MetaCart
We present the rst complete problem for SZK, the class of promise problems possessing statistical zeroknowledge proofs (against an honest veri er). The problem, called Statistical Difference, is to decide whether two eciently samplable distributions are either statistically close or far apart. This gives a new characterization of SZK that makes no reference to interaction or zero knowledge. We propose the use of complete problems to unify and extend the study of statistical zero knowledge. To this end, we examine several consequences of our Completeness Theorem and its proof, such as: A way to make every (honestveri er) statistical zeroknowledge proof very communication ecient, with the prover sending only one bit to the veri er (to achieve soundness error 1=2). Simpler proofs of many of the previously known results about statistical zero knowledge, such as the Fortnow and Aiello{Hastad upper bounds on the complexity of SZK and Okamoto's result that SZK is closed under complement.
Comparing Entropies in Statistical Zero Knowledge with Applications to the Structure of SZK
 In Proceedings of the Fourteenth Annual IEEE Conference on Computational Complexity
, 1998
"... We consider the following (promise) problem, denoted ED (for Entropy Difference): The input is a pairs of circuits, and yes instances (resp., no instances) are such pairs in which the first (resp., second) circuit generates a distribution with noticeably higher entropy. On one hand we show that a ..."
Abstract

Cited by 31 (11 self)
 Add to MetaCart
We consider the following (promise) problem, denoted ED (for Entropy Difference): The input is a pairs of circuits, and yes instances (resp., no instances) are such pairs in which the first (resp., second) circuit generates a distribution with noticeably higher entropy. On one hand we show that any language having a (honestverifier) statistical zeroknowledge proof is Karpreducible to ED. On the other hand, we present a publiccoin (honestverifier) statistical zeroknowledge proof for ED. Thus, we obtain an alternative proof of Okamoto's result by which HVSZK (i.e., HonestVerifier Statistical ZeroKnowledge) equals publiccoin HVSZK. The new proof is much simpler than the original one. The above also yields a trivial proof that HVSZK is closed under complementation (since ED easily reduces to its complement). Among the new results obtained is an equivalence of a weak notion of statistical zeroknowledge to the standard one. Keywords: Complexity and Cryptography, Universa...
Limits on the Power of Quantum Statistical ZeroKnowledge
, 2003
"... In this paper we propose a definition for honest verifier quantum statistical zeroknowledge interactive proof systems and study the resulting complexity class, which we denote QSZK ..."
Abstract

Cited by 30 (4 self)
 Add to MetaCart
In this paper we propose a definition for honest verifier quantum statistical zeroknowledge interactive proof systems and study the resulting complexity class, which we denote QSZK
ZeroKnowledge twenty years after its invention
 Electronic Colloquium on Computational Complexity (http://www.eccc.unitrier.de/eccc/), Report No
, 2002
"... Zeroknowledge proofs are proofs that are both convincing and yet yield nothing beyond the validity of the assertion being proven. Since their introduction about twenty years ago, zeroknowledge proofs have attracted a lot of attention and have, in turn, contributed to the development of other ar ..."
Abstract

Cited by 29 (0 self)
 Add to MetaCart
Zeroknowledge proofs are proofs that are both convincing and yet yield nothing beyond the validity of the assertion being proven. Since their introduction about twenty years ago, zeroknowledge proofs have attracted a lot of attention and have, in turn, contributed to the development of other areas of cryptography and complexity theory.
On interactive proofs with a laconic prover
 COMPUTATIONAL COMPLEXITY
, 2002
"... We continue the investigation of interactive proofs with bounded communication, as initiated by Goldreich and Hastad (IPL 1998). Let L be a language that has an interactive proof in which the prover sends few (say b) bits to the verifier. We prove that the complement L has a constantround interac ..."
Abstract

Cited by 27 (9 self)
 Add to MetaCart
We continue the investigation of interactive proofs with bounded communication, as initiated by Goldreich and Hastad (IPL 1998). Let L be a language that has an interactive proof in which the prover sends few (say b) bits to the verifier. We prove that the complement L has a constantround interactive proof of complexity that depends only exponentially on b. This provides the first evidence that for NPcomplete languages, we cannot expect interactive provers to be much more "laconic" than the standard NP proof. When the proof system is further restricted (e.g., when b =1,or when we have perfect completeness), we get significantly better upper bounds on the complexity of L.
An unconditional study of computational zero knowledge
 SIAM Journal on Computing
, 2004
"... We prove a number of general theorems about ZK, the class of problems possessing (computational) zeroknowledge proofs. Our results are unconditional, in contrast to most previous works on ZK, which rely on the assumption that oneway functions exist. We establish several new characterizations of ZK ..."
Abstract

Cited by 27 (7 self)
 Add to MetaCart
We prove a number of general theorems about ZK, the class of problems possessing (computational) zeroknowledge proofs. Our results are unconditional, in contrast to most previous works on ZK, which rely on the assumption that oneway functions exist. We establish several new characterizations of ZK, and use these characterizations to prove results such as: 1. Honestverifier ZK equals general ZK. 2. Publiccoin ZK equals privatecoin ZK. 3. ZK is closed under union. 4. ZK with imperfect completeness equals ZK with perfect completeness. 5. Any problem in ZK ∩ NP can be proven in computational zero knowledge by a BPP NP prover. 6. ZK with blackbox simulators equals ZK with general, nonblackbox simulators. The above equalities refer to the resulting class of problems (and do not necessarily preserve other efficiency measures such as round complexity). Our approach is to combine the conditional techniques previously used in the study of ZK with the unconditional techniques developed in the study of SZK, the class of problems possessing statistical zeroknowledge proofs. To enable this combination, we prove that every problem in ZK can be decomposed into a problem in SZK together with a set of instances from which a oneway function can be constructed.