The knowledge complexity of interactive proof-systems

  title={The knowledge complexity of interactive proof-systems},
  author={Shafi Goldwasser and Silvio Micali and Charles Rackoff},
  booktitle={STOC '85},
Usually, a proof of a theorem contains more knowledge than the mere fact that the theorem is true. For instance, to prove that a graph is Hamiltonian it suffices to exhibit a Hamiltonian tour in it; however, this seems to contain more knowledge than the single bit Hamiltonian/non-Hamiltonian.In this paper a computational complexity theory of the “knowledge” contained in a proof is developed. Zero-knowledge proofs are defined as those proofs that convey no additional knowledge other than the… 

Figures from this paper

Minimum-Knowledge Interactive Proofs for Decision Problems
It is proved that protocols transferring the result of any fixed computation to be minimum-knowledge if it communicates no additional knowledge to the recipient besides the intended computational result and that such protocols may be combined in a natural way so as to build more complex protocols.
Algebraic methods for interactive proof systems
This technique is used to prove that every language in the polynomial-time hierarchy has an interactive proof system and played a pivotal role in the recent proofs that IP = PSPACE and MIP = NEXP.
The power of preprocessing in zero-knowledge proofs of knowledge
We show that, after a constant-round preprocessing stage, it is possible for a prover to prove knowledge of a witness for any polynomial-time relation without any further interaction. The number of
The Complexity of Space Boundes Interactive Proof Systems
  • A. Condon
  • Computer Science, Mathematics
    Complexity Theory: Current Research
  • 1992
An early motivation for the study of interactive proof systems was to extend the notion of NP as the class of problems with efficient “proofs of membership”. Informally, a prover can convince a
Features of computer language: communication of computers and its complexity.
  • L. Lovász
  • Computer Science
    Acta neurochirurgica. Supplementum
  • 1993
In this paper, the idea of an interactive proof system and its application in computer science is illuminated on everyday examples, without giving technical details.
Demonstrating Possession without Revealing Factors and its Application
This paper presents a zero-knowledge interactive protocol that demonstrates that two factors, a and b, of a composite number n (= ab) are actually known by the prover, without revelation of the
On the complexity of space bounded interactive proofs
  • A. Condon, R. Lipton
  • Computer Science, Mathematics
    30th Annual Symposium on Foundations of Computer Science
  • 1989
The proof method for the lower bound shows that the emptiness problem for one-way probabilistic finite-state machines is undecidable and some results of independent interest on the rate of convergence of time-varying Markov chains to their halting states are obtained.
IP=PSPACE (interactive proof=polynomial space)
  • A. Shamir
  • Mathematics, Computer Science
    Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science
  • 1990
It is proved that, when both randomization and interaction are allowed, the proofs that can be verified in polynomial time are exactly those proofs that can be generated with polynomial space. The
Proofs of membership vs. proofs of knowledge
  • G. D. Crescenzo, R. Impagliazzo
  • Mathematics, Computer Science
    Proceedings. Thirteenth Annual IEEE Conference on Computational Complexity (Formerly: Structure in Complexity Theory Conference) (Cat. No.98CB36247)
  • 1998
A notion of tight relations is defined, referring to relations that capture the computational advantage communicated by a prover to a poly-time verifier in an interactive protocol.


Proofs that yield nothing but their validity and a methodology of cryptographic protocol design
This paper demonstrates the generality and wide applicability of zero-knowledge proofs, a notion introduced by Goldwasser, Micali and Rackoff that efficiently demonstrate membership in the language without conveying any additional knowledge.
Private coins versus public coins in interactive proof systems
The probabilistic, nondeterministic, polynomial time Turing machine is defined and shown to be equivalent in power to the interactive proof system and to BPP much as BPP is the Probabilistic analog to P.
Interactive proof systems: Provers that never fail and random selection
It is shown that any language having a bounded interactive proof has one with perfect completeness and only languages in NP have interactive proofs with perfect soundness, and a new protocol for proving approximately lower bounds and "random selection" is presented.
Perfect zero-knowledge languages can be recognized in two rounds
  • W. Aiello, J. Håstad
  • Computer Science, Mathematics
    28th Annual Symposium on Foundations of Computer Science (sfcs 1987)
  • 1987
It is proved that if L admits a zeroknowledge proof then L can also be recognized by a two round interactive proof, and study complexity theoretic implications of a language having this property.
The complexity of theorem-proving procedures
  • S. Cook
  • Mathematics, Computer Science
  • 1971
It is shown that any recognition problem solved by a polynomial time-bounded nondeterministic Turing machine can be “reduced” to the problem of determining whether a given propositional formula is a
Random self-reducibility and zero knowledge interactive proofs of possession of information
  • M. Tompa, H. Woll
  • Mathematics, Computer Science
    28th Annual Symposium on Foundations of Computer Science (sfcs 1987)
  • 1987
It is shown that any "random self-reducible" problem has a zero knowledge interactive proof of this sort, and new zeroknowledge interactive proofs are exhibited for "knowledge" of the factorization of an integer, nonmembership in cyclic subgroups of Zp*, and determining whether an element generates Zp*.
Does co-NP Have Short Interactive Proofs?
Non-transitive transfer of confidence: A perfect zero-knowledge interactive protocol for SAT and beyond
  • G. Brassard, C. Crépeau
  • Computer Science, Mathematics
    27th Annual Symposium on Foundations of Computer Science (sfcs 1986)
  • 1986
A perfect zero-knowledge interactive proof is a protocol by which Alice can convince Bob of the truth of some theorem in a way that yields no information as to how the proof might proceed (in the
How to play ANY mental game
We present a polynomial-time algorithm that, given as a input the description of a game with incomplete information and any number of players, produces a protocol for playing the game that leaks no
Some complexity questions related to distributive computing(Preliminary Report)
The quantity of interest, which measures the information exchange necessary for computing f, is the minimum number of bits exchanged in any algorithm.