Results 1 
8 of
8
On interactive proofs with a laconic prover
 COMPUTATIONAL COMPLEXITY
, 2002
"... We continue the investigation of interactive proofs with bounded communication, as initiated by Goldreich and Hastad (IPL 1998). Let L be a language that has an interactive proof in which the prover sends few (say b) bits to the verifier. We prove that the complement L has a constantround interac ..."
Abstract

Cited by 27 (9 self)
 Add to MetaCart
We continue the investigation of interactive proofs with bounded communication, as initiated by Goldreich and Hastad (IPL 1998). Let L be a language that has an interactive proof in which the prover sends few (say b) bits to the verifier. We prove that the complement L has a constantround interactive proof of complexity that depends only exponentially on b. This provides the first evidence that for NPcomplete languages, we cannot expect interactive provers to be much more "laconic" than the standard NP proof. When the proof system is further restricted (e.g., when b =1,or when we have perfect completeness), we get significantly better upper bounds on the complexity of L.
On the Knowledge Complexity of ...
 In 37th FOCS
, 1996
"... We show that if a language has an interactive proof of logarithmic statistical knowledgecomplexity, then it belongs to the class AM \ co AM. Thus, if the polynomial time hierarchy does not collapse, then NPcomplete languages do not have logarithmic knowledge complexity. Prior to this work, ther ..."
Abstract

Cited by 26 (7 self)
 Add to MetaCart
We show that if a language has an interactive proof of logarithmic statistical knowledgecomplexity, then it belongs to the class AM \ co AM. Thus, if the polynomial time hierarchy does not collapse, then NPcomplete languages do not have logarithmic knowledge complexity. Prior to this work, there was no indication that would contradict NP languages being proven with even one bit of knowledge. Our result is a common generalization of two previous results: The rst asserts that statistical zero knowledge is contained in AM \ co AM [F89, AH91], while the second asserts that the languages recognizable in logarithmic statistical knowledge complexity are in BPP NP [GOP94]. Next, we consider the relation between the error probability and the knowledge complexity of an interactive proof. Note that reducing the error probability via repetition is not free: it may increase the knowledge complexity. We show that if the negligible error probability (n) is less than 2 3k(n) (where k(n) is the knowledge complexity) then the language proven is in the third level of the polynomial time hierarchy (specically, it is in AM NP . In the standard setting of negligible error probability, there exist PSPACEcomplete languages which have sublinear knowledge complexity. However, if we insist, for example, that the error probability is less than 2 n 2 , then PSPACEcomplete languages do not have subquadratic knowledge complexity, unless PSPACE= P 3 . In order to prove our main result, we develop an AM protocol for checking that a samplable distribution D has a given entropy h. For any fractions ; , the verier runs in time polynomial in 1= and log(1=) and fails with probability at most to detect an additive error in the entropy. We believe that this ...
Uniform Generation of NPwitnesses using an NPoracle
 Information and Computation
, 1997
"... A Uniform Generation procedure for NP is an algorithm which given any input in a fixed NPlanguage, outputs a uniformly distributed NPwitness for membership of the input in the language. We present a Uniform Generation procedure for NP that runs in probabilistic polynomialtime with an NPoracle. T ..."
Abstract

Cited by 24 (1 self)
 Add to MetaCart
A Uniform Generation procedure for NP is an algorithm which given any input in a fixed NPlanguage, outputs a uniformly distributed NPwitness for membership of the input in the language. We present a Uniform Generation procedure for NP that runs in probabilistic polynomialtime with an NPoracle. This improves upon results of Jerrum, Valiant and Vazirani, which either require a \Sigma P 2 oracle or obtain only almost uniform generation. Our procedure utilizes ideas originating in the works of Sipser, Stockmeyer, and Jerrum, Valiant and Vazirani. Dept. of Computer Science & Engineering, University of California at San Diego, 9500 Gilman Drive, La Jolla, California 92093, USA. EMail: mihir@cs.ucsd.edu. URL: http://wwwcse.ucsd.edu/users/mihir. Supported in part by NSF CAREER Award CCR9624439 and a 1996 Packard Foundation Fellowship in Science and Engineering. y Department of Computer Science and Applied Mathematics, Weizmann Institute of Science, Rehovot, Israel. EMail: oded@wis...
Private Approximation of Search Problems
 ELECTRONIC COLLOQUIUM ON COMPUTATIONAL COMPLEXITY
, 2005
"... Many approximation algorithms have been presented in the last decades for hard search problems. The focus of this paper is on cryptographic applications, where it is desired to design algorithms which do not leak unnecessary information. Specifically, we are interested in private approximation algor ..."
Abstract

Cited by 13 (2 self)
 Add to MetaCart
Many approximation algorithms have been presented in the last decades for hard search problems. The focus of this paper is on cryptographic applications, where it is desired to design algorithms which do not leak unnecessary information. Specifically, we are interested in private approximation algorithms – efficient algorithms whose output does not leak information not implied by the optimal solutions to the search problems. Privacy requirements add constraints on the approximation algorithms; in particular, known approximation algorithms usually leak a lot of information. For functions, [Feigenbaum et al., ICALP 2001] presented a natural requirement that a private algorithm should not leak information not implied by the original function. Generalizing this requirement to search problems is not straight forward as an input may have many different outputs. We present a new definition that captures a minimal privacy requirement from such algorithms – applied to an input instance, it should not leak any information that is not implied by its collection of exact solutions. Although our privacy requirement seems minimal, we show that for well studied problems, as vertex cover and maximum exact 3SAT, private approximation algorithms are unlikely to exist even for poor approximation ratios. Similar to [Halevi et al., STOC 2001], we define a relaxed notion of approximation algorithms that leak (little) information, and demonstrate the applicability of this notion by showing near optimal approximation algorithms for maximum exact 3SAT which leak little information.
Inaccessible Entropy
"... We put forth a new computational notion of entropy, which measures the (in)feasibility of sampling high entropy strings that are consistent with a given protocol. Specifically, we say that the i’th round of a protocol (A, B) has accessible entropy at most k, if no polynomialtime strategy A ∗ can ge ..."
Abstract

Cited by 10 (5 self)
 Add to MetaCart
We put forth a new computational notion of entropy, which measures the (in)feasibility of sampling high entropy strings that are consistent with a given protocol. Specifically, we say that the i’th round of a protocol (A, B) has accessible entropy at most k, if no polynomialtime strategy A ∗ can generate messages for A such that the entropy of its message in the i’th round has entropy greater than k when conditioned both on prior messages of the protocol and on prior coin tosses of A ∗. We say that the protocol has inaccessible entropy if the total accessible entropy (summed over the rounds) is noticeably smaller than the real entropy of A’s messages, conditioned only on prior messages (but not the coin tosses of A). As applications of this notion, we • Give a much simpler and more efficient construction of statistically hiding commitment schemes from arbitrary oneway functions. • Prove that constantround statistically hiding commitments are necessary for constructing constantround zeroknowledge proof systems for NP that remain secure under parallel composition (assuming the existence of oneway functions). Categories and Subject Descriptors: F.0 [Theory of Computation]: General.
Zero Knowledge and Soundness are Symmetric
 In EUROCRYPT ’07: 26th Annual Conference on the Theory and Applications of Cryptographic Techniques
, 2007
"... Abstract. We give a complexitytheoretic characterization of the class of problems in NP having zeroknowledge argument systems. This characterization is symmetric in its treatment of the zero knowledge and the soundness conditions, and thus we deduce that the class of problems in NP ∩ coNP having z ..."
Abstract

Cited by 7 (3 self)
 Add to MetaCart
Abstract. We give a complexitytheoretic characterization of the class of problems in NP having zeroknowledge argument systems. This characterization is symmetric in its treatment of the zero knowledge and the soundness conditions, and thus we deduce that the class of problems in NP ∩ coNP having zeroknowledge arguments is closed under complement. Furthermore, we show that a problem in NP has a statistical zeroknowledge argument system if and only if its complement has a computational zeroknowledge proof system. What is novel about these results is that they are unconditional, i.e., do not rely on unproven complexity assumptions such as the existence of oneway functions. Our characterization of zeroknowledge arguments also enables us to prove a variety of other unconditional results about the class of problems in NP having zeroknowledge arguments, such as equivalences between honestverifier and maliciousverifier zero knowledge, private coins and public coins, inefficient provers and efficient provers, and nonblackbox simulation and blackbox simulation. Previously, such results were only known unconditionally for zeroknowledge proof systems, or under the assumption that oneway functions exist for zeroknowledge argument systems. 1
Computational Complexity and Knowledge Complexity
 In Proc. 26th STOC
, 1996
"... We study the computational complexity of languages which have interactive proofs of logarithmic knowledgecomplexity. We show that all such languages can be recognized in BPP NP . Prior to this work, for languages with greaterthanzero knowledgecomplexity only trivial computational complexity bo ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
We study the computational complexity of languages which have interactive proofs of logarithmic knowledgecomplexity. We show that all such languages can be recognized in BPP NP . Prior to this work, for languages with greaterthanzero knowledgecomplexity only trivial computational complexity bounds were known. In the course of our proof, we relate statistical knowledgecomplexity with perfect knowledgecomplexity; specifically, we show that, for the honest verifier, these hierarchies coincide, up to a logarithmic additive term. An extended abstract of this paper appeared in the 26th ACM Symposium on Theory of Computing (STOC 94), held in Montreal, Quebec, Canada, May 2325, 1994. y Department of Computer Science and Applied Mathematics, Weizmann Institute of Science, Rehovot, Israel. Email: oded@wisdom.weizmann.ac.il. Supported by grant no. 9200226 from the United States  Israel Binational Science Foundation, Jerusalem, Israel. z Bell Communications Research, 445 South ...
Probabilistic Proof Systems  A Survey
 IN SYMPOSIUM ON THEORETICAL ASPECTS OF COMPUTER SCIENCE
, 1996
"... Various types of probabilistic proof systems have played a central role in the development of computer science in the last decade. In this exposition, we concentrate on three such proof systems  interactive proofs, zeroknowledge proofs, and probabilistic checkable proofs  stressing the essen ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
Various types of probabilistic proof systems have played a central role in the development of computer science in the last decade. In this exposition, we concentrate on three such proof systems  interactive proofs, zeroknowledge proofs, and probabilistic checkable proofs  stressing the essential role of randomness in each of them.