A complete problem for statistical zero knowledge

@article{Sahai2003ACP,
  title={A complete problem for statistical zero knowledge},
  author={Amit Sahai and Salil P. Vadhan},
  journal={Electron. Colloquium Comput. Complex.},
  year={2003},
  volume={7}
}
  • A. Sahai, S. Vadhan
  • Published 1 March 2003
  • Computer Science, Mathematics
  • Electron. Colloquium Comput. Complex.
We present the first complete problem for SZK, the class of promise problems possessing statistical zero-knowledge proofs (against an honest verifier). The problem, called Statistical Difference, is to decide whether two efficiently samplable distributions are either statistically close or far apart. This gives a new characterization of SZK that makes no reference to interaction or zero knowledge.We propose the use of complete problems to unify and extend the study of statistical zero knowledge… 

Figures and Tables from this paper

Batch Verification for Statistical Zero Knowledge Proofs
TLDR
It is shown that, for every problem Π, there exists an honest-verifier SZK protocol for batch verification of k instances, with communication complexity poly(n)+k ·poly(log n, log k), where poly refers to a fixed polynomial that depends only on Π (and not on k).
Public-Coin Statistical Zero-Knowledge Batch Verification against Malicious Verifiers
TLDR
This work constructs a public-coin maliciousverifier SZK protocol for batch verification of NISZK, and the communication complexity of this protocol is ( k + poly(m) ) · polylog(k,m).
A study of perfect zero-knowledge proofs
TLDR
It is proved that all the known problems admitting perfect zero-knowledge (PZK) proofs can be characterized as non-interactive instance-dependent commitment schemes, and this result is used to generalize and strengthen previous results, as well as to prove new results about PZK problems.
Making Classical Honest Verifier Zero Knowledge Protocols Secure against Quantum Attacks
We show that any problem that has a classical zero-knowledge protocol against the honest verifier also has, under a reasonable condition, a classical zero-knowledge protocol which is secure against
Zero-knowledge against quantum attacks
  • J. Watrous
  • Mathematics, Computer Science
    STOC '06
  • 2006
TLDR
This paper proves that several interactive proof systems are zero-knowledge against general quantum attacks and establishes for the first time that true zero- knowledge is indeed possible in the presence of quantum information and computation.
Noninteractive Statistical Zero-Knowledge Proofs for Lattice Problems
TLDR
These systems are the first known NISZK proofs for any cryptographically useful problems that are not related to integer factorization and generally admit efficient prover algorithms (given appropriate auxiliary input).
Secret Sharing and Statistical Zero Knowledge
TLDR
This work shows a general connection between various types of statistical zero-knowledge (SZK) proof systems and (unconditionally secure) secret sharing schemes, and shows that universally-efficient secret-sharing schemes cannot exist for all (monotone languages in) \(\mathbf {P}\), unless there is a polynomial q such that \({\mathbf{P}} \subseteq {\ mathbf {DSPACE}}(q(n))\).
Instance-Dependent Commitment Schemes and the Round Complexity of Perfect Zero-Knowledge Proofs
  • Lior Malka
  • Mathematics, Computer Science
    Electron. Colloquium Comput. Complex.
  • 2008
TLDR
It is shown that the rounds in public-coin PZK proofs can be collapsed if the prover is not choosing its randomness from a small set, and this condition is formalized using a preamble, which is then applied to some simple cases.
The Complexity of Deciding Statistical Properties of Samplable Distributions
  • T. Watson
  • Mathematics, Computer Science
    Theory Comput.
  • 2015
TLDR
A proof that simultaneously shows all the problems of deciding whether the joint distribution sampled by a given circuit satisfies certain statistical properties are C_{=P}-complete is given, by showing that the following promise problem is C-complete.
A Black-Box Approach to Post-Quantum Zero-Knowledge in Constant Round
TLDR
A new quantum rewinding technique is introduced that enables a simulator to extract a committed message of a malicious verifier while simulating verifier's internal state in an appropriate sense.
...
...

References

SHOWING 1-10 OF 76 REFERENCES
The (true) complexity of statistical zero knowledge
TLDR
It is shown that given a complexity assumption a much weaker condition suffices to attain statistical zeroknowledge and is able to simplify statistical zero-knowledge and to better characterize, on many counts, the class of languages that possess statisticalzero-knowledge proofs.
Frontiers in zero knowledge
  • A. Sahai
  • Computer Science, Mathematics
  • 2000
TLDR
This thesis defines and considers the notion of concurrent zero knowledge, where zero knowledge is guaranteed even when faced with a coordinated attack by many verifiers all acting concurrently, and shows how to build concurrent zero-knowledge protocols in which honest parties need only act locally.
A complete promise problem for statistical zero-knowledge
  • A. Sahai, S. Vadhan
  • Mathematics, Computer Science
    Proceedings 38th Annual Symposium on Foundations of Computer Science
  • 1997
We present a complete promise problem for SZK, the class of languages possessing statistical zero-knowledge proofs (against an honest verifier). The problem is to decide whether two efficiently
Comparing entropies in statistical zero knowledge with applications to the structure of SZK
  • Oded Goldreich, S. Vadhan
  • Mathematics, Computer Science
    Proceedings. Fourteenth Annual IEEE Conference on Computational Complexity (Formerly: Structure in Complexity Theory Conference) (Cat.No.99CB36317)
  • 1999
TLDR
An alternative proof of Okamoto's result by which HVSZK: (i.e., honest-verifier statistical zero knowledge) equals public-coin HVSzK is obtained, and an equivalence of a weak notion of statisticalzero knowledge to the standard one is obtained.
Honest-verifier statistical zero-knowledge equals general statistical zero-knowledge
We show how to transform any interactive proof system which is statistical zero-knowledge with respect to the honest-verifier, into a proof system which is statistical zero-knowledgewith respect to
Keeping the SZK-Verifier Honest Unconditionally
TLDR
This paper shows that using direct properties of a zero-knowledge protocol itself, one may impose a honest behavior on the verifier (without additional cryptographic tools) when using a non-uniform simulation model of SZK.
Can Statistical Zero Knowledge Be Made Non-interactive? or On the Relationship of SZK and NISZK
TLDR
The main tools in the analysis are two promise problems that are natural restrictions of promise problems known to be complete for SZK that are in fact complete for NISZK, and using this relationship the results comparing the two classes are derived.
Knowledge on the average—perfect, statistical and logarithmic
TLDR
It is shown that the oracle entropy of a language is always within an additive constant of its average knowledge complexity, thereby relating the new measure in a strong way to the older one, and that the class of languages having proofs of logarithmic knowledge complexity is in BPP.
Interactive Hashing can Simplify Zero-Knowledge Protocol Design Without Computational Assumptions (Extended Abstract)
We show that any 3-round protocol (in general, any bounded round protocol) in which the verifier sends only random bits, and which is zero-knowledge against an honest verifier can be transformed into
Statistical Zero-Knowledge Languages can be Recognized in Two Rounds
...
...