Private Coins versus Public Coins in Zero-Knowledge Proof Systems
نویسندگان
چکیده
Goldreich-Krawczyk (Siam J of Comp’96) showed that only languages in BPP have constant-round public-coin black-box zero-knowledge protocols. We extend their lower bound to “fully black-box” privatecoin protocols based on one-way functions. More precisely, we show that only languages in BPP—where Sam is a “collision-finding” oracle in analogy with Simon (Eurocrypt’98) and Haitner et. al (FOCS’07)—can have constant-round fully black-box zero-knowledge proofs; the same holds for constant-round fully black-box zero-knowledge arguments with sublinear verifier communication complexity. We also establish nearlinear lower bounds on the round complexity of fully black-box concurrent zero-knowledge proofs (or arguments with sublinear verifier communication) for languages outside BPP. The technique used to establish these results is a transformation from private-coin protocols into Sam-relativized public-coin protocols; for the case of fully black-box protocols based on one-way functions, this transformation preserves zero knowledge, round complexity and communica-
منابع مشابه
Zero Knowledge and Soundness Are Symmetric
We give a complexity-theoretic characterization of the class of problems in NP having zeroknowledge argument systems. This characterization is symmetric in its treatment of the zero knowledge and the soundness conditions, and thus we deduce that the class of problems in NP ∩ coNP having zero-knowledge arguments is closed under complement. Furthermore, we show that a problem in NP has a statisti...
متن کاملCS 710 : Complexity Theory 4 / 20 / 2010 Lecture 25 : Interactive Proofs
Last time we introduced the notion of interactive proof systems which models computation as a result of interaction between two parties. We defined public/private coin protocols, and showed that the graph non-isomorphism problem admits an interactive proof using private coins, as well as one using public coins. Today we will continue our discussion of interactive proof systems. We will study th...
متن کاملIncreasing the power of the verifier in Quantum Zero Knowledge
In quantum zero knowledge, the assumption was made that the verifier is only using unitary operations. Under this assumption, many nice properties have been shown about quantum zero knowledge, including the fact that Honest-Verifier Quantum Statistical Zero Knowledge (HVQSZK) is equal to Cheating-Verifier Quantum Statistical Zero Knowledge (QSZK) (see [Wat02, Wat06]). In this paper, we study wh...
متن کاملOn the linkability of Zcash transactions
Zcash is a fork of Bitcoin with optional anonymity features. While transparent transactions are fully linkable, shielded transactions use zero-knowledge proofs to obscure the parties and amounts of the transactions. First, we observe various metrics regarding the usage of shielded addresses. Moreover, we show that most coins sent to shielded addresses are later sent back to transparent addresse...
متن کاملGeneralized Quantum Arthur-Merlin Games
This paper investigates the role of interaction and coins in public-coin quantum interactive proof systems (also called quantum Arthur-Merlin games). While prior works focused on classical public coins even in the quantum setting, the present work introduces a generalized version of quantum Arthur-Merlin games where the public coins can be quantum as well: the verifier can send not only random ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2010