TY - GEN
T1 - Doubly-Efficient Batch Verification in Statistical Zero-Knowledge
AU - Keret, Or
AU - Rothblum, Ron D.
AU - Vasudevan, Prashant Nalini
N1 - Publisher Copyright: © International Association for Cryptologic Research 2025.
PY - 2025
Y1 - 2025
N2 - A sequence of recent works, concluding with Mu et al. (Eurocrypt, 2024) has shown that every problem Π admitting a non-interactive statistical zero-knowledge proof (NISZK) has an efficient zero-knowledge batch verification protocol. Namely, an NISZK protocol for proving that x1,⋯,xk∈Π with communication that only scales poly-logarithmically with k. A caveat of this line of work is that the prover runs in exponential-time, whereas for NP problems it is natural to hope to obtain a doubly-efficient proof – that is, a prover that runs in polynomial-time given the kNP witnesses. In this work we show that every problem in NISZK∩UP has a doubly-efficient interactive statistical zero-knowledge proof with communication poly(n,log(k)) and poly(log(k),log(n)) rounds. The prover runs in time poly(n,k) given access to the kUP witnesses. Here n denotes the length of each individual input, and UP is the subclass of NP relations in which YES instances have unique witnesses. This result yields doubly-efficient statistical zero-knowledge batch verification protocols for a variety of concrete and central cryptographic problems from the literature.
AB - A sequence of recent works, concluding with Mu et al. (Eurocrypt, 2024) has shown that every problem Π admitting a non-interactive statistical zero-knowledge proof (NISZK) has an efficient zero-knowledge batch verification protocol. Namely, an NISZK protocol for proving that x1,⋯,xk∈Π with communication that only scales poly-logarithmically with k. A caveat of this line of work is that the prover runs in exponential-time, whereas for NP problems it is natural to hope to obtain a doubly-efficient proof – that is, a prover that runs in polynomial-time given the kNP witnesses. In this work we show that every problem in NISZK∩UP has a doubly-efficient interactive statistical zero-knowledge proof with communication poly(n,log(k)) and poly(log(k),log(n)) rounds. The prover runs in time poly(n,k) given access to the kUP witnesses. Here n denotes the length of each individual input, and UP is the subclass of NP relations in which YES instances have unique witnesses. This result yields doubly-efficient statistical zero-knowledge batch verification protocols for a variety of concrete and central cryptographic problems from the literature.
UR - http://www.scopus.com/inward/record.url?scp=85211491227&partnerID=8YFLogxK
U2 - 10.1007/978-3-031-78017-2_13
DO - 10.1007/978-3-031-78017-2_13
M3 - منشور من مؤتمر
SN - 9783031780165
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 371
EP - 398
BT - Theory of Cryptography - 22nd International Conference, TCC 2024, Proceedings
A2 - Boyle, Elette
A2 - Mahmoody, Mohammad
PB - Springer Science and Business Media Deutschland GmbH
T2 - 22nd Theory of Cryptography Conference, TCC 2024
Y2 - 2 December 2024 through 6 December 2024
ER -