# On the Composition of Zero-Knowledge Proof Systems

@inproceedings{Goldreich1990OnTC, title={On the Composition of Zero-Knowledge Proof Systems}, author={Oded Goldreich and Hugo Krawczyk}, booktitle={International Colloquium on Automata, Languages and Programming}, year={1990} }

The wide applicability of zero-knowledge interactive proofs comes from the possibility of using these proofs as subroutines in cryptographic protocols. [] Key Result Other consequences are a proof of optimality for the round complexity of various known zero-knowledge protocols and the necessity of using secret coins in the design of "parallelizable" constant-round zero-knowledge proofs.

## 490 Citations

### Composition of Zero-Knowledge Proofs with Efficient Provers

- Mathematics, Computer ScienceIACR Cryptol. ePrint Arch.
- 2009

It is shown that auxiliary-input zero knowledge with efficient provers is not closed under parallel composition of 2 copies under the assumption that there is a secure key agreement protocol (in which it is easy to recognize valid transcripts).

### Composition of Zero-Knowledge Proofs with Efficient

- Mathematics, Computer Science
- 2009

It is shown that auxiliary-input zero knowledge with efficient provers is not closed under parallel composition of 2 copies under the assumption that there is a secure key agreement protocol (in which it is easy to recognize valid transcripts).

### On Concurrent and Resettable Zero-Knowledge Proofs for NP

- Computer Science, MathematicsArXiv
- 2001

The proof system presented is the only known proof system that retains the zero-knowledge property when copies of the proof are allowed to run in an asynchronous environment and has $\tilde{O}(\log^2 k)$ rounds.

### On the Existence of 3-Round Zero-Knowledge Proofs

- Computer Science, Mathematics
- 2002

A nonblack-box simulatable 3-round zero-knowledge proof system for NP is presented, which is secure even when the prover has unbounded computational resources, and a proof of knowledge framework is provided in which to view this type of non-standard assumption.

### A Note on the Round-Complexity of Concurrent Zero-Knowledge

- Computer Science, MathematicsCRYPTO
- 2000

It is shown that in the context of Concurrent Zero-Knowledge, at least eight rounds of interaction are essential for black-box simulation of non-trivial proof systems (i.e., systems for languages that are not in BPP).

### Concurrent Zero-Knowledge in Poly-logarithmic Rounds

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2000

This paper presents a concurrent zero-knowledge proof for all languages in NP with a drastically improved complexity: the proof requires only a poly-logarithmic, specifically, Ď‰(log2 k) number of rounds.

### The Round-Complexity of Black-Box Concurrent Zero-Knowledge

- Computer Science
- 2003

This thesis closes the gap between these upper and lower bounds of any cZK proof system for a language outside BPP, whosecZK property is proved using black-box simulation, requires (log n= log log n) rounds of interaction.

### Zero-knowledge proofs of decision power: new protocols and optimal round-complexity

- Computer Science, MathematicsICICS
- 1997

A protocol for all known random self-reducible languages is presented, and a well-known lower bound for the number of rounds of zero-knowledge proofs of membership is extended to the â€śdecision power modelâ€ť.

### Definitions and properties of zero-knowledge proof systems

- Computer Science, MathematicsJournal of Cryptology
- 2004

It is shown that randomness of both the verifier and the prover, and nontriviality of the interaction are essential properties of (nontrivial) auxiliary-input zero-knowledge proofs.

### Impossibility and Feasibility Results for Zero Knowledge with Public Keys

- Mathematics, Computer ScienceCRYPTO
- 2005

The impossibility of 3-round concurrent (and thus resettable) black-box zero-knowledge argument systems with sequential soundness for non-trivial languages is shown.

## References

SHOWING 1-10 OF 39 REFERENCES

### On the cunning power of cheating verifiers: Some observations about zero knowledge proofs

- Computer Science, Mathematics28th Annual Symposium on Foundations of Computer Science (sfcs 1987)
- 1987

It is shown that randomness of both the verifier and the prover, and nontriviality of the interaction are essential properties of non-trivial auxiliary-input zero-knowledge proofs.

### Perfect zero-knowledge in constant rounds

- Computer Science, MathematicsSTOC '90
- 1990

This paper shows that any random self-reducible language has a 5 round perfect zero knowledge interactive proof, and shows that a language outside BPP requires more than 3 rounds from any perfect ZK proof.

### Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems

- Computer Science, MathematicsJACM
- 1991

In this paper the generality and wide applicability of Zero-knowledge proofs, a notion introduced by Goldwasser, Micali, and Rackoff is demonstrated. These are probabilistic and interactive proofsâ€¦

### The knowledge complexity of interactive proof-systems

- Mathematics, Computer ScienceSTOC '85
- 1985

A computational complexity theory of the â€śknowledgeâ€ť contained in a proof is developed and examples of zero-knowledge proof systems are given for the languages of quadratic residuosity and 'quadratic nonresiduosity.

### Everything in NP can be Argued in Perfect Zero-Knowledge in a Bounded Number of Rounds (Extended Abstract)

- Computer Science, MathematicsEUROCRYPT
- 1989

The first perfect zero-knowledge protocol that offers arbitrarily high security for any statement in NP with a constant number of rounds is given (under a suitable cryptographic assumption).

### Random self-reducibility and zero knowledge interactive proofs of possession of information

- Mathematics, Computer Science28th Annual Symposium on Foundations of Computer Science (sfcs 1987)
- 1987

It is shown that any "random self-reducible" problem has a zero knowledge interactive proof of this sort, and new zeroknowledge interactive proofs are exhibited for "knowledge" of the factorization of an integer, nonmembership in cyclic subgroups of Zp*, and determining whether an element generates Zp*.

### Zero-Knowledge Simulation of Boolean Circuits

- Computer Science, MathematicsCRYPTO
- 1986

A zero-knowledge interactive proof is a protocol by which Alice can convince a polynomially-bounded Bob of the truth of some theorem without giving him any hint as to how the proof might proceed.â€¦

### Proofs that yield nothing but their validity and a methodology of cryptographic protocol design

- Computer Science, Mathematics27th Annual Symposium on Foundations of Computer Science (sfcs 1986)
- 1986

This paper demonstrates the generality and wide applicability of zero-knowledge proofs, a notion introduced by Goldwasser, Micali and Rackoff that efficiently demonstrate membership in the language without conveying any additional knowledge.

### Non-transitive transfer of confidence: A perfect zero-knowledge interactive protocol for SAT and beyond

- Computer Science, Mathematics27th Annual Symposium on Foundations of Computer Science (sfcs 1986)
- 1986

A perfect zero-knowledge interactive proof is a protocol by which Alice can convince Bob of the truth of some theorem in a way that yields no information as to how the proof might proceed (in theâ€¦

### Private coins versus public coins in interactive proof systems

- Computer ScienceSTOC '86
- 1986

The probabilistic, nondeterministic, polynomial time Turing machine is defined and shown to be equivalent in power to the interactive proof system and to BPP much as BPP is the Probabilistic analog to P.