On efficient zero-knowledge PCPs

Yuval Ishai; Mohammad Mahmoody; Amit Sahai

doi:https://doi.org/10.1007/978-3-642-28914-9_9

On efficient zero-knowledge PCPs

Yuval Ishai, Mohammad Mahmoody, Amit Sahai

Computer Science

Technion - Israel Institute of Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

We revisit the question of Zero-Knowledge PCPs, studied by Kilian, Petrank, and Tardos (STOC '97). A ZK-PCP is defined similarly to a standard PCP, except that the view of any (possibly malicious) verifier can be efficiently simulated up to a small statistical distance. Kilian et al.obtained a ZK-PCP for NEXP in which the proof oracle is in EXP^NP. They also obtained a ZK-PCP for NP in which the proof oracle is computable in polynomial-time, but this ZK-PCP is only zero-knowledge against bounded-query verifiers who make at most an a priori fixed polynomial number of queries. The existence of ZK-PCPs for NP with efficient oracles and arbitrary polynomial-time malicious verifiers was left open. This question is motivated by the recent line of work on cryptography using tamper-proof hardware tokens: an efficient ZK-PCP (for any language) is equivalent to a statistical zero-knowledge proof using only a single stateless token sent to the verifier. We obtain the following results regarding efficient ZK-PCPs: Negative Result on Efficient ZK-PCPs. Assuming that the polynomial time hierarchy does not collapse, we settle the above question in the negative for ZK-PCPs in which the verifier is nonadaptive (i.e. the queries only depend on the input and secret randomness but not on the PCP answers). Simplifying Bounded-Query ZK-PCPs. The bounded-query zero-knowledge PCP of Kilian et al. starts from a weakly-sound bounded-query ZK-PCP of Dwork et al. (CRYPTO '92) and amplifies its soundness by introducing and constructing a new primitive called locking scheme - an unconditional oracle-based analogue of a commitment scheme. We simplify the ZK-PCP of Kilian et al. by presenting an elementary new construction of locking schemes. Our locking scheme is purely combinatorial. Black-Box Sublinear ZK Arguments via ZK-PCPs. Kilian used PCPs to construct sublinear-communication zero-knowledge arguments for NP which make a non-black-box use of collision-resistant hash functions (STOC '92). We show that ZK-PCPs can be used to get black-box variants of this result with improved round complexity, as well as an unconditional zero-knowledge variant of Micali's non-interactive CS Proofs (FOCS '94) in the Random Oracle Model.

Original language	English
Title of host publication	Theory of Cryptography - 9th Theory of Cryptography Conference, TCC 2012, Proceedings
Pages	151-168
Number of pages	18
DOIs	https://doi.org/10.1007/978-3-642-28914-9_9
State	Published - 2012
Event	9th Theory of Cryptography Conference, TCC 2012 - Taormina, Sicily, Italy Duration: 19 Mar 2012 → 21 Mar 2012

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	7194 LNCS

Conference

Conference	9th Theory of Cryptography Conference, TCC 2012
Country/Territory	Italy
City	Taormina, Sicily
Period	19/03/12 → 21/03/12

Keywords

Arthur Merlin Games
Probabilistically Checkable Proofs
Sublinear Arguments
Tamper-Proof Tokens
Zero-Knowledge

All Science Journal Classification (ASJC) codes

Theoretical Computer Science
Computer Science(all)

Access to Document

https://doi.org/10.1007/978-3-642-28914-9_9

Cite this

Ishai, Y., Mahmoody, M., & Sahai, A. (2012). On efficient zero-knowledge PCPs. In Theory of Cryptography - 9th Theory of Cryptography Conference, TCC 2012, Proceedings (pp. 151-168). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7194 LNCS). https://doi.org/10.1007/978-3-642-28914-9_9

@inproceedings{25fe630bd1b74eeb9b0a9e8f49a587b1,

title = "On efficient zero-knowledge PCPs",

abstract = "We revisit the question of Zero-Knowledge PCPs, studied by Kilian, Petrank, and Tardos (STOC '97). A ZK-PCP is defined similarly to a standard PCP, except that the view of any (possibly malicious) verifier can be efficiently simulated up to a small statistical distance. Kilian et al.obtained a ZK-PCP for NEXP in which the proof oracle is in EXPNP. They also obtained a ZK-PCP for NP in which the proof oracle is computable in polynomial-time, but this ZK-PCP is only zero-knowledge against bounded-query verifiers who make at most an a priori fixed polynomial number of queries. The existence of ZK-PCPs for NP with efficient oracles and arbitrary polynomial-time malicious verifiers was left open. This question is motivated by the recent line of work on cryptography using tamper-proof hardware tokens: an efficient ZK-PCP (for any language) is equivalent to a statistical zero-knowledge proof using only a single stateless token sent to the verifier. We obtain the following results regarding efficient ZK-PCPs: Negative Result on Efficient ZK-PCPs. Assuming that the polynomial time hierarchy does not collapse, we settle the above question in the negative for ZK-PCPs in which the verifier is nonadaptive (i.e. the queries only depend on the input and secret randomness but not on the PCP answers). Simplifying Bounded-Query ZK-PCPs. The bounded-query zero-knowledge PCP of Kilian et al. starts from a weakly-sound bounded-query ZK-PCP of Dwork et al. (CRYPTO '92) and amplifies its soundness by introducing and constructing a new primitive called locking scheme - an unconditional oracle-based analogue of a commitment scheme. We simplify the ZK-PCP of Kilian et al. by presenting an elementary new construction of locking schemes. Our locking scheme is purely combinatorial. Black-Box Sublinear ZK Arguments via ZK-PCPs. Kilian used PCPs to construct sublinear-communication zero-knowledge arguments for NP which make a non-black-box use of collision-resistant hash functions (STOC '92). We show that ZK-PCPs can be used to get black-box variants of this result with improved round complexity, as well as an unconditional zero-knowledge variant of Micali's non-interactive CS Proofs (FOCS '94) in the Random Oracle Model.",

keywords = "Arthur Merlin Games, Probabilistically Checkable Proofs, Sublinear Arguments, Tamper-Proof Tokens, Zero-Knowledge",

author = "Yuval Ishai and Mohammad Mahmoody and Amit Sahai",

year = "2012",

doi = "https://doi.org/10.1007/978-3-642-28914-9_9",

language = "الإنجليزيّة",

isbn = "9783642289132",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "151--168",

booktitle = "Theory of Cryptography - 9th Theory of Cryptography Conference, TCC 2012, Proceedings",

note = "9th Theory of Cryptography Conference, TCC 2012 ; Conference date: 19-03-2012 Through 21-03-2012",

}

Ishai, Y, Mahmoody, M & Sahai, A 2012, On efficient zero-knowledge PCPs. in Theory of Cryptography - 9th Theory of Cryptography Conference, TCC 2012, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 7194 LNCS, pp. 151-168, 9th Theory of Cryptography Conference, TCC 2012, Taormina, Sicily, Italy, 19/03/12. https://doi.org/10.1007/978-3-642-28914-9_9

On efficient zero-knowledge PCPs. / Ishai, Yuval; Mahmoody, Mohammad; Sahai, Amit.
Theory of Cryptography - 9th Theory of Cryptography Conference, TCC 2012, Proceedings. 2012. p. 151-168 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7194 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - On efficient zero-knowledge PCPs

AU - Ishai, Yuval

AU - Mahmoody, Mohammad

AU - Sahai, Amit

PY - 2012

Y1 - 2012

N2 - We revisit the question of Zero-Knowledge PCPs, studied by Kilian, Petrank, and Tardos (STOC '97). A ZK-PCP is defined similarly to a standard PCP, except that the view of any (possibly malicious) verifier can be efficiently simulated up to a small statistical distance. Kilian et al.obtained a ZK-PCP for NEXP in which the proof oracle is in EXPNP. They also obtained a ZK-PCP for NP in which the proof oracle is computable in polynomial-time, but this ZK-PCP is only zero-knowledge against bounded-query verifiers who make at most an a priori fixed polynomial number of queries. The existence of ZK-PCPs for NP with efficient oracles and arbitrary polynomial-time malicious verifiers was left open. This question is motivated by the recent line of work on cryptography using tamper-proof hardware tokens: an efficient ZK-PCP (for any language) is equivalent to a statistical zero-knowledge proof using only a single stateless token sent to the verifier. We obtain the following results regarding efficient ZK-PCPs: Negative Result on Efficient ZK-PCPs. Assuming that the polynomial time hierarchy does not collapse, we settle the above question in the negative for ZK-PCPs in which the verifier is nonadaptive (i.e. the queries only depend on the input and secret randomness but not on the PCP answers). Simplifying Bounded-Query ZK-PCPs. The bounded-query zero-knowledge PCP of Kilian et al. starts from a weakly-sound bounded-query ZK-PCP of Dwork et al. (CRYPTO '92) and amplifies its soundness by introducing and constructing a new primitive called locking scheme - an unconditional oracle-based analogue of a commitment scheme. We simplify the ZK-PCP of Kilian et al. by presenting an elementary new construction of locking schemes. Our locking scheme is purely combinatorial. Black-Box Sublinear ZK Arguments via ZK-PCPs. Kilian used PCPs to construct sublinear-communication zero-knowledge arguments for NP which make a non-black-box use of collision-resistant hash functions (STOC '92). We show that ZK-PCPs can be used to get black-box variants of this result with improved round complexity, as well as an unconditional zero-knowledge variant of Micali's non-interactive CS Proofs (FOCS '94) in the Random Oracle Model.

AB - We revisit the question of Zero-Knowledge PCPs, studied by Kilian, Petrank, and Tardos (STOC '97). A ZK-PCP is defined similarly to a standard PCP, except that the view of any (possibly malicious) verifier can be efficiently simulated up to a small statistical distance. Kilian et al.obtained a ZK-PCP for NEXP in which the proof oracle is in EXPNP. They also obtained a ZK-PCP for NP in which the proof oracle is computable in polynomial-time, but this ZK-PCP is only zero-knowledge against bounded-query verifiers who make at most an a priori fixed polynomial number of queries. The existence of ZK-PCPs for NP with efficient oracles and arbitrary polynomial-time malicious verifiers was left open. This question is motivated by the recent line of work on cryptography using tamper-proof hardware tokens: an efficient ZK-PCP (for any language) is equivalent to a statistical zero-knowledge proof using only a single stateless token sent to the verifier. We obtain the following results regarding efficient ZK-PCPs: Negative Result on Efficient ZK-PCPs. Assuming that the polynomial time hierarchy does not collapse, we settle the above question in the negative for ZK-PCPs in which the verifier is nonadaptive (i.e. the queries only depend on the input and secret randomness but not on the PCP answers). Simplifying Bounded-Query ZK-PCPs. The bounded-query zero-knowledge PCP of Kilian et al. starts from a weakly-sound bounded-query ZK-PCP of Dwork et al. (CRYPTO '92) and amplifies its soundness by introducing and constructing a new primitive called locking scheme - an unconditional oracle-based analogue of a commitment scheme. We simplify the ZK-PCP of Kilian et al. by presenting an elementary new construction of locking schemes. Our locking scheme is purely combinatorial. Black-Box Sublinear ZK Arguments via ZK-PCPs. Kilian used PCPs to construct sublinear-communication zero-knowledge arguments for NP which make a non-black-box use of collision-resistant hash functions (STOC '92). We show that ZK-PCPs can be used to get black-box variants of this result with improved round complexity, as well as an unconditional zero-knowledge variant of Micali's non-interactive CS Proofs (FOCS '94) in the Random Oracle Model.

KW - Arthur Merlin Games

KW - Probabilistically Checkable Proofs

KW - Sublinear Arguments

KW - Tamper-Proof Tokens

KW - Zero-Knowledge

UR - http://www.scopus.com/inward/record.url?scp=84858315983&partnerID=8YFLogxK

U2 - https://doi.org/10.1007/978-3-642-28914-9_9

DO - https://doi.org/10.1007/978-3-642-28914-9_9

M3 - منشور من مؤتمر

SN - 9783642289132

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 151

EP - 168

BT - Theory of Cryptography - 9th Theory of Cryptography Conference, TCC 2012, Proceedings

T2 - 9th Theory of Cryptography Conference, TCC 2012

Y2 - 19 March 2012 through 21 March 2012

ER -

On efficient zero-knowledge PCPs

Abstract

Publication series

Conference

Keywords

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this