8,766 research outputs found
Round-Optimal Zero-Knowledge Proofs of Knowledge for NP
It is well known that all the known black-box zero-knowledge proofs
of knowledge for NP are non-constant-round. Whether there exit
constant-round black-box zero-knowledge proofs of knowledge for all
NP languages under certain standard assumptions is a open problem.
This paper focuses on the problem and give a positive answer by
presenting two constructions of constant-round (black-box)
zero-knowledge proofs of knowledge for the HC (Hamiltonian Cycle) problem. By the recent result of Katz, our second construction which relies on the existence of claw-free functions has optimal round complexity (5-round) assuming the polynomial hierarchy does not collapse
Concurrent Knowledge-Extraction in the Public-Key Model
Knowledge extraction is a fundamental notion, modelling machine possession of
values (witnesses) in a computational complexity sense. The notion provides an
essential tool for cryptographic protocol design and analysis, enabling one to
argue about the internal state of protocol players without ever looking at this
supposedly secret state. However, when transactions are concurrent (e.g., over
the Internet) with players possessing public-keys (as is common in
cryptography), assuring that entities ``know'' what they claim to know, where
adversaries may be well coordinated across different transactions, turns out to
be much more subtle and in need of re-examination. Here, we investigate how to
formally treat knowledge possession by parties (with registered public-keys)
interacting over the Internet. Stated more technically, we look into the
relative power of the notion of ``concurrent knowledge-extraction'' (CKE) in
the concurrent zero-knowledge (CZK) bare public-key (BPK) model.Comment: 38 pages, 4 figure
Concurrently Non-Malleable Zero Knowledge in the Authenticated Public-Key Model
We consider a type of zero-knowledge protocols that are of interest for their
practical applications within networks like the Internet: efficient
zero-knowledge arguments of knowledge that remain secure against concurrent
man-in-the-middle attacks. In an effort to reduce the setup assumptions
required for efficient zero-knowledge arguments of knowledge that remain secure
against concurrent man-in-the-middle attacks, we consider a model, which we
call the Authenticated Public-Key (APK) model. The APK model seems to
significantly reduce the setup assumptions made by the CRS model (as no trusted
party or honest execution of a centralized algorithm are required), and can be
seen as a slightly stronger variation of the Bare Public-Key (BPK) model from
\cite{CGGM,MR}, and a weaker variation of the registered public-key model used
in \cite{BCNP}. We then define and study man-in-the-middle attacks in the APK
model. Our main result is a constant-round concurrent non-malleable
zero-knowledge argument of knowledge for any polynomial-time relation
(associated to a language in ), under the (minimal) assumption of
the existence of a one-way function family. Furthermore,We show time-efficient
instantiations of our protocol based on known number-theoretic assumptions. We
also note a negative result with respect to further reducing the setup
assumptions of our protocol to those in the (unauthenticated) BPK model, by
showing that concurrently non-malleable zero-knowledge arguments of knowledge
in the BPK model are only possible for trivial languages
Quantum Proofs
Quantum information and computation provide a fascinating twist on the notion
of proofs in computational complexity theory. For instance, one may consider a
quantum computational analogue of the complexity class \class{NP}, known as
QMA, in which a quantum state plays the role of a proof (also called a
certificate or witness), and is checked by a polynomial-time quantum
computation. For some problems, the fact that a quantum proof state could be a
superposition over exponentially many classical states appears to offer
computational advantages over classical proof strings. In the interactive proof
system setting, one may consider a verifier and one or more provers that
exchange and process quantum information rather than classical information
during an interaction for a given input string, giving rise to quantum
complexity classes such as QIP, QSZK, and QMIP* that represent natural quantum
analogues of IP, SZK, and MIP. While quantum interactive proof systems inherit
some properties from their classical counterparts, they also possess distinct
and uniquely quantum features that lead to an interesting landscape of
complexity classes based on variants of this model.
In this survey we provide an overview of many of the known results concerning
quantum proofs, computational models based on this concept, and properties of
the complexity classes they define. In particular, we discuss non-interactive
proofs and the complexity class QMA, single-prover quantum interactive proof
systems and the complexity class QIP, statistical zero-knowledge quantum
interactive proof systems and the complexity class \class{QSZK}, and
multiprover interactive proof systems and the complexity classes QMIP, QMIP*,
and MIP*.Comment: Survey published by NOW publisher
Rational Proofs with Multiple Provers
Interactive proofs (IP) model a world where a verifier delegates computation
to an untrustworthy prover, verifying the prover's claims before accepting
them. IP protocols have applications in areas such as verifiable computation
outsourcing, computation delegation, cloud computing. In these applications,
the verifier may pay the prover based on the quality of his work. Rational
interactive proofs (RIP), introduced by Azar and Micali (2012), are an
interactive-proof system with payments, in which the prover is rational rather
than untrustworthy---he may lie, but only to increase his payment. Rational
proofs leverage the provers' rationality to obtain simple and efficient
protocols. Azar and Micali show that RIP=IP(=PSAPCE). They leave the question
of whether multiple provers are more powerful than a single prover for rational
and classical proofs as an open problem.
In this paper, we introduce multi-prover rational interactive proofs (MRIP).
Here, a verifier cross-checks the provers' answers with each other and pays
them according to the messages exchanged. The provers are cooperative and
maximize their total expected payment if and only if the verifier learns the
correct answer to the problem. We further refine the model of MRIP to
incorporate utility gap, which is the loss in payment suffered by provers who
mislead the verifier to the wrong answer.
We define the class of MRIP protocols with constant, noticeable and
negligible utility gaps. We give tight characterization for all three MRIP
classes. We show that under standard complexity-theoretic assumptions, MRIP is
more powerful than both RIP and MIP ; and this is true even the utility gap is
required to be constant. Furthermore the full power of each MRIP class can be
achieved using only two provers and three rounds. (A preliminary version of
this paper appeared at ITCS 2016. This is the full version that contains new
results.)Comment: Proceedings of the 2016 ACM Conference on Innovations in Theoretical
Computer Science. ACM, 201
Resettable Zero Knowledge in the Bare Public-Key Model under Standard Assumption
In this paper we resolve an open problem regarding resettable zero knowledge
in the bare public-key (BPK for short) model: Does there exist constant round
resettable zero knowledge argument with concurrent soundness for
in BPK model without assuming \emph{sub-exponential hardness}? We give a
positive answer to this question by presenting such a protocol for any language
in in the bare public-key model assuming only
collision-resistant hash functions against \emph{polynomial-time} adversaries.Comment: 19 pag
Perfect zero knowledge for quantum multiprover interactive proofs
In this work we consider the interplay between multiprover interactive
proofs, quantum entanglement, and zero knowledge proofs - notions that are
central pillars of complexity theory, quantum information and cryptography. In
particular, we study the relationship between the complexity class MIP, the
set of languages decidable by multiprover interactive proofs with quantumly
entangled provers, and the class PZKMIP, which is the set of languages
decidable by MIP protocols that furthermore possess the perfect zero
knowledge property.
Our main result is that the two classes are equal, i.e., MIP
PZKMIP. This result provides a quantum analogue of the celebrated result of
Ben-Or, Goldwasser, Kilian, and Wigderson (STOC 1988) who show that MIP
PZKMIP (in other words, all classical multiprover interactive protocols can be
made zero knowledge). We prove our result by showing that every MIP
protocol can be efficiently transformed into an equivalent zero knowledge
MIP protocol in a manner that preserves the completeness-soundness gap.
Combining our transformation with previous results by Slofstra (Forum of
Mathematics, Pi 2019) and Fitzsimons, Ji, Vidick and Yuen (STOC 2019), we
obtain the corollary that all co-recursively enumerable languages (which
include undecidable problems as well as all decidable problems) have zero
knowledge MIP protocols with vanishing promise gap
Physical Zero-Knowledge Proofs for Akari, Takuzu, Kakuro and KenKen
Akari, Takuzu, Kakuro and KenKen are logic games similar to Sudoku. In Akari,
a labyrinth on a grid has to be lit by placing lanterns, respecting various
constraints. In Takuzu a grid has to be filled with 0's and 1's, while
respecting certain constraints. In Kakuro a grid has to be filled with numbers
such that the sums per row and column match given values; similarly in KenKen a
grid has to be filled with numbers such that in given areas the product, sum,
difference or quotient equals a given value. We give physical algorithms to
realize zero-knowledge proofs for these games which allow a player to show that
he knows a solution without revealing it. These interactive proofs can be
realized with simple office material as they only rely on cards and envelopes.
Moreover, we formalize our algorithms and prove their security.Comment: FUN with algorithms 2016, Jun 2016, La Maddalena, Ital
On the Power of Many One-Bit Provers
We study the class of languages, denoted by \MIP[k, 1-\epsilon, s], which
have -prover games where each prover just sends a \emph{single} bit, with
completeness and soundness error . For the case that
(i.e., for the case of interactive proofs), Goldreich, Vadhan and Wigderson
({\em Computational Complexity'02}) demonstrate that \SZK exactly
characterizes languages having 1-bit proof systems with"non-trivial" soundness
(i.e., ). We demonstrate that for the case that
, 1-bit -prover games exhibit a significantly richer structure:
+ (Folklore) When , \MIP[k, 1-\epsilon, s]
= \BPP;
+ When , \MIP[k,
1-\epsilon, s] = \SZK;
+ When , \AM \subseteq \MIP[k, 1-\epsilon,
s];
+ For and sufficiently large , \MIP[k, 1-\epsilon, s]
\subseteq \EXP;
+ For , \MIP[k, 1, 1-\epsilon, s] = \NEXP.
As such, 1-bit -prover games yield a natural "quantitative" approach to
relating complexity classes such as \BPP,\SZK,\AM, \EXP, and \NEXP.
We leave open the question of whether a more fine-grained hierarchy (between
\AM and \NEXP) can be established for the case when
- âŠ